From b71f147ff75b22a6aa67f13e8b9acd3bd2fc21cf Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 10 Oct 2023 17:30:38 +0800 Subject: [PATCH 001/176] chore(mysql-cluster): modify networkpolicy --- .../templates/networkpolicy.yaml | 31 ++++++++--------- .../8.0/chart/mysql-cluster/values.yaml | 33 +++++++++---------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index 45a67db3..827f8311 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -23,23 +23,24 @@ spec: ingress: # Allow inbound connections - ports: - - port: {{ .Values.primary.service.ports.mysql }} - {{- if not .Values.networkPolicy.allowExternal }} + - port: {{ .Values.router.service.portrw }} + - port: {{ .Values.router.service.portro }} + {{- if and .Values.metrics.enabled }} + - port: {{ .Values.metrics.service.port }} + {{ end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: - - podSelector: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} + kubernetes.io/metadata.name: {{ $namespace }} {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes - - ports: - - port: 9104 - {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index cdbfd0a3..ebfe4ed2 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -971,28 +971,16 @@ rbac: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: false + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening ## on. When true, MySQL will accept connections from any source ## (with the correct destination port). ## - allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## - explicitNamespacesSelector: {} + allowCurrentNamespace: true + allowNamespaces: [] + ## @section Volume Permissions parameters @@ -1035,7 +1023,7 @@ volumePermissions: metrics: ## @param metrics.enabled Start a side-car prometheus exporter ## - enabled: false + enabled: true ## @param metrics.image.registry Exporter image registry ## @param metrics.image.repository Exporter image repository ## @param metrics.image.tag Exporter image tag (immutable tags are recommended) @@ -1132,6 +1120,17 @@ metrics: ## cpu: 100m ## memory: 256Mi requests: {} + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsGroup: 0 + runAsNonRoot: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL ## Mysqld Prometheus exporter liveness probe ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param metrics.livenessProbe.enabled Enable livenessProbe From d30010a82334ad1a5d6345a43ff3b578e084e79a Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 10 Oct 2023 17:33:07 +0800 Subject: [PATCH 002/176] fix(prometheus): fix typo --- addons/prometheus/2/{plan => plans}/standard-1-2/bind.yaml | 0 .../2/{plan => plans}/standard-1-2/create-instance-schema.json | 0 addons/prometheus/2/{plan => plans}/standard-1-2/meta.yaml | 0 addons/prometheus/2/{plan => plans}/standard-1-2/values.yaml | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename addons/prometheus/2/{plan => plans}/standard-1-2/bind.yaml (100%) rename addons/prometheus/2/{plan => plans}/standard-1-2/create-instance-schema.json (100%) rename addons/prometheus/2/{plan => plans}/standard-1-2/meta.yaml (100%) rename addons/prometheus/2/{plan => plans}/standard-1-2/values.yaml (100%) diff --git a/addons/prometheus/2/plan/standard-1-2/bind.yaml b/addons/prometheus/2/plans/standard-1-2/bind.yaml similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/bind.yaml rename to addons/prometheus/2/plans/standard-1-2/bind.yaml diff --git a/addons/prometheus/2/plan/standard-1-2/create-instance-schema.json b/addons/prometheus/2/plans/standard-1-2/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/create-instance-schema.json rename to addons/prometheus/2/plans/standard-1-2/create-instance-schema.json diff --git a/addons/prometheus/2/plan/standard-1-2/meta.yaml b/addons/prometheus/2/plans/standard-1-2/meta.yaml similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/meta.yaml rename to addons/prometheus/2/plans/standard-1-2/meta.yaml diff --git a/addons/prometheus/2/plan/standard-1-2/values.yaml b/addons/prometheus/2/plans/standard-1-2/values.yaml similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/values.yaml rename to addons/prometheus/2/plans/standard-1-2/values.yaml From 842cb24e279faaf75683363681d3a1f83bb78071 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 12 Oct 2023 09:41:04 +0800 Subject: [PATCH 003/176] chore(prometheus): add plans 50 --- .../{standard-1-2 => standard-10}/bind.yaml | 0 .../create-instance-schema.json | 0 .../{standard-1-2 => standard-10}/meta.yaml | 0 .../{standard-1-2 => standard-10}/values.yaml | 0 .../prometheus/2/plans/standard-50/bind.yaml | 34 +++++++++++++++++++ .../standard-50/create-instance-schema.json | 12 +++++++ .../prometheus/2/plans/standard-50/meta.yaml | 6 ++++ .../2/plans/standard-50/values.yaml | 7 ++++ 8 files changed, 59 insertions(+) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/bind.yaml (100%) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/create-instance-schema.json (100%) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/meta.yaml (100%) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/values.yaml (100%) create mode 100644 addons/prometheus/2/plans/standard-50/bind.yaml create mode 100644 addons/prometheus/2/plans/standard-50/create-instance-schema.json create mode 100644 addons/prometheus/2/plans/standard-50/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-50/values.yaml diff --git a/addons/prometheus/2/plans/standard-1-2/bind.yaml b/addons/prometheus/2/plans/standard-10/bind.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/bind.yaml rename to addons/prometheus/2/plans/standard-10/bind.yaml diff --git a/addons/prometheus/2/plans/standard-1-2/create-instance-schema.json b/addons/prometheus/2/plans/standard-10/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/create-instance-schema.json rename to addons/prometheus/2/plans/standard-10/create-instance-schema.json diff --git a/addons/prometheus/2/plans/standard-1-2/meta.yaml b/addons/prometheus/2/plans/standard-10/meta.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/meta.yaml rename to addons/prometheus/2/plans/standard-10/meta.yaml diff --git a/addons/prometheus/2/plans/standard-1-2/values.yaml b/addons/prometheus/2/plans/standard-10/values.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/values.yaml rename to addons/prometheus/2/plans/standard-10/values.yaml diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-50/bind.yaml new file mode 100644 index 00000000..5ee819d9 --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ printf "%s-router" (include "common.names.fullname" .) }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + {{- end }} + diff --git a/addons/prometheus/2/plans/standard-50/create-instance-schema.json b/addons/prometheus/2/plans/standard-50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/meta.yaml b/addons/prometheus/2/plans/standard-50/meta.yaml new file mode 100644 index 00000000..0baaf0f9 --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-50" +id: eb7b3f73-dd94-4d05-8a48-63e7775f534d +description: "Prometheus Cluster standard-50 plan persistence size 50Gi." +displayName: "50Gi" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-50/values.yaml b/addons/prometheus/2/plans/standard-50/values.yaml new file mode 100644 index 00000000..0dc80c4f --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/values.yaml @@ -0,0 +1,7 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-50 + +server: + persistence: + size: 50Gi \ No newline at end of file From 4155cdf4f1a0cd6eb8df499fd79f57ff7ef5dd61 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 16 Oct 2023 14:16:44 +0800 Subject: [PATCH 004/176] chore(mysql-cluster): add networkpolicy --- .../chart/mysql-cluster/templates/networkpolicy.yaml | 1 + .../mysql-cluster/templates/primary/statefulset.yaml | 2 +- .../mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 10 +++++----- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index 827f8311..74013298 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -25,6 +25,7 @@ spec: - ports: - port: {{ .Values.router.service.portrw }} - port: {{ .Values.router.service.portro }} + - port: 24901 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.service.port }} {{ end }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 79694e68..56b3ec79 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -298,7 +298,7 @@ spec: if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi - MYSQLD_EXPORTER_PASSWORD=${password_aux} /bin/mysqld_exporter --mysqld.address=localhost:3306 --mysqld.username=root {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} + MYSQLD_EXPORTER_PASSWORD=${password_aux} /opt/drycc/mysqld_exporter/bin/mysqld_exporter --mysqld.address=localhost:3306 --mysqld.username=root {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} {{- end }} ports: - name: metrics diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index ebfe4ed2..9d5e4293 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -971,7 +971,7 @@ rbac: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening @@ -1023,7 +1023,7 @@ volumePermissions: metrics: ## @param metrics.enabled Start a side-car prometheus exporter ## - enabled: true + enabled: true ## @param metrics.image.registry Exporter image registry ## @param metrics.image.repository Exporter image repository ## @param metrics.image.tag Exporter image tag (immutable tags are recommended) @@ -1032,9 +1032,9 @@ metrics: ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array ## image: - registry: docker.io - repository: drycc/mysqld-exporter - tag: 0.14.0-debian-11-r45 + registry: registry.drycc.cc + repository: drycc-addons/mysqld-exporter + tag: 0 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From f333fe78dd171a94c34f4d75e93a23cd2fc52cdf Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 16 Oct 2023 15:03:23 +0800 Subject: [PATCH 005/176] chore(prometheus): add networkpolicy --- .../2/chart/prometheus/templates/bind.yaml | 34 ++++++++++++++ .../prometheus/templates/networkpolicy.yaml | 47 +++++++++++++++++++ .../prometheus/2/chart/prometheus/values.yaml | 18 ++++++- .../prometheus/2/plans/standard-10/bind.yaml | 42 +++++++---------- .../prometheus/2/plans/standard-50/bind.yaml | 4 +- 5 files changed, 117 insertions(+), 28 deletions(-) create mode 100644 addons/prometheus/2/chart/prometheus/templates/bind.yaml create mode 100644 addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml diff --git a/addons/prometheus/2/chart/prometheus/templates/bind.yaml b/addons/prometheus/2/chart/prometheus/templates/bind.yaml new file mode 100644 index 00000000..8528bf3e --- /dev/null +++ b/addons/prometheus/2/chart/prometheus/templates/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ printf "%s" (include "common.names.fullname" .) }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + {{- end }} + diff --git a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml new file mode 100644 index 00000000..1ef0125d --- /dev/null +++ b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml @@ -0,0 +1,47 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.alertmanager.service.ports.http }} + - port: {{ .Values.alertmanager.service.ports.cluster }} + - port: {{ .Values.alertmanager.containerPorts.http }} + - port: {{ .Values.alertmanager.containerPorts.cluster }} + - port: {{ .Values.server.containerPorts.http }} + - port: {{ .Values.server.service.ports.http }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 5d24a56a..206aeabe 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -360,7 +360,7 @@ alertmanager: ingress: ## @param alertmanager.ingress.enabled Enable ingress record generation for Alertmanager ## - enabled: false + enabled: true ## @param alertmanager.ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -1225,7 +1225,7 @@ server: ingress: ## @param server.ingress.enabled Enable ingress record generation for Prometheus ## - enabled: false + enabled: true ## @param server.ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -1460,6 +1460,20 @@ server: ## rules: [] +## Prometheus Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port MySQL is listening + ## on. When true, MySQL will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] ## @section Init Container Parameters ## diff --git a/addons/prometheus/2/plans/standard-10/bind.yaml b/addons/prometheus/2/plans/standard-10/bind.yaml index 5ee819d9..c6efaaba 100644 --- a/addons/prometheus/2/plans/standard-10/bind.yaml +++ b/addons/prometheus/2/plans/standard-10/bind.yaml @@ -1,34 +1,28 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} + {{- if (eq .Values.server.service.type "LoadBalancer") }} - name: host valueFrom: serviceRef: - name: {{ printf "%s-router" (include "common.names.fullname" .) }} + name: {{ printf "%s" (include "common.names.fullname" .) }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: database + - name: port valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - - name: password - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: username - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portrw + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .spec.ports.port }' + {{- end }} + +alertmanager + + {{- if (eq .Values.alertmanager.service.type "LoadBalancer") }} + - name: host valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - - name: portro + serviceRef: + name: {{ printf "%s" (include "common.names.fullname" .) }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: port valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - {{- end }} - + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .spec.ports.port }' + {{- end }} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-50/bind.yaml index 5ee819d9..3e652f1c 100644 --- a/addons/prometheus/2/plans/standard-50/bind.yaml +++ b/addons/prometheus/2/plans/standard-50/bind.yaml @@ -1,9 +1,9 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} + {{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: serviceRef: - name: {{ printf "%s-router" (include "common.names.fullname" .) }} + name: {{ printf "%s" (include "common.names.fullname" .) }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - name: database valueFrom: From 14de943df62001dd7fdfc2373671c5162c69e9de Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 18 Oct 2023 14:57:47 +0800 Subject: [PATCH 006/176] chore(promtheus): service discovery in namespace --- .../prometheus/templates/_scrape_config.tpl | 3 +- .../2/chart/prometheus/templates/bind.yaml | 34 ----------- .../prometheus/2/chart/prometheus/values.yaml | 57 +++++++++++++++++-- 3 files changed, 54 insertions(+), 40 deletions(-) delete mode 100644 addons/prometheus/2/chart/prometheus/templates/bind.yaml diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index ea669ead..7fb0e110 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -12,6 +12,7 @@ Usage: kubernetes_sd_configs: - role: endpoints namespaces: + own_namespace: true names: - {{ include "common.names.namespace" .context }} metrics_path: /metrics @@ -83,4 +84,4 @@ relabel_configs: - __tmp_hash regex: 0 action: keep -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/addons/prometheus/2/chart/prometheus/templates/bind.yaml b/addons/prometheus/2/chart/prometheus/templates/bind.yaml deleted file mode 100644 index 8528bf3e..00000000 --- a/addons/prometheus/2/chart/prometheus/templates/bind.yaml +++ /dev/null @@ -1,34 +0,0 @@ -credential: - {{- if (eq .Values.server.service.type "LoadBalancer") }} - - name: host - valueFrom: - serviceRef: - name: {{ printf "%s" (include "common.names.fullname" .) }} - jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: database - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - - name: password - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: username - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - {{- end }} - diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 206aeabe..a551fa68 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -628,6 +628,9 @@ server: {{- if .Values.server.extraScrapeConfigs}} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraScrapeConfigs "context" $) | nindent 2 }} {{- end }} + {{- if .Values.server.dsScrapeConfigs}} + {{- include "common.tplvalues.render" (dict "value" .Values.server.dsScrapeConfigs "context" $) | nindent 2 }} + {{- end }} {{- if or .Values.alertmanager.enabled .Values.server.alertingEndpoints}} alerting: alertmanagers: @@ -649,7 +652,50 @@ server: ## @param server.extraScrapeConfigs Promethus configuration, useful to declare new scrape_configs. This content will be merged with the 'server.configuration' value and stored in the the prometheus.yaml file. ## ref: ## - extraScrapeConfigs: [] + extraScrapeConfigs: [] + dsScrapeConfigs: + - job_name: 'service-endpoints' + honor_labels: true + kubernetes_sd_configs: + - role: endpoints + namespaces: + own_namespace: true + names: + - default + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node ## @param server.replicaCount Number of Prometheus replicas to deploy ## replicaCount: 1 @@ -824,7 +870,7 @@ server: ## StrategyType ## Can be set to RollingUpdate or Recreate ## - type: RollingUpdate + type: Recreate ## @param server.priorityClassName Prometheus pods' priorityClassName ## @@ -1465,7 +1511,7 @@ server: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening @@ -1473,7 +1519,8 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: [] + allowNamespaces: + - traefik ## @section Init Container Parameters ## @@ -1521,4 +1568,4 @@ volumePermissions: ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) ## containerSecurityContext: - runAsUser: 0 \ No newline at end of file + runAsUser: 0 From 58ce2cb1700478e79b045cad88a8fe1b238a2cdf Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 11:49:13 +0800 Subject: [PATCH 007/176] chore(mysql-cluster): plans 10 --- .../templates/primary/statefulset.yaml | 4 ++++ .../8.0/chart/mysql-cluster/values.yaml | 8 ++++++-- .../8.0/plans/standard-10/values.yaml | 16 +++++++++------- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 56b3ec79..49b8c703 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -156,6 +156,10 @@ spec: - name: MYSQL_DATABASE value: {{ .Values.auth.database | quote }} {{- end }} + {{- if and .Values.auth.createDatabase .Values.auth.database }} + - name: MAX_CONNECTION_LIMIT + value: {{ .Values.maxConnectionLimit | quote }} + {{- end }} {{- if or (eq .Values.architecture "replication") (eq .Values.architecture "mgr") }} - name: MYSQL_REPLICATION_MODE value: "master" diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 9d5e4293..3199eede 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -149,7 +149,7 @@ auth: ## initdbScripts: ## my_init_script.sh: | ## #!/bin/bash -## echo "Do something." +## echo "Do something." ## initdbScripts: int-mysql.sh: | @@ -181,6 +181,8 @@ initdbScripts: echo loose-group_replication_group_seeds="$svc_mgr_host-0.$svc_mgr_host:24901,$svc_mgr_host-1.$svc_mgr_host:24901,$svc_mgr_host-2.$svc_mgr_host:24901" >> $base_conf_file echo plugin_load_add='group_replication.so' >> $base_conf_file + + echo max_connections=$MAX_CONNECTION_LIMIT ## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) ## @@ -211,10 +213,12 @@ primary: ## @param primary.configuration [string] Configure MySQL Primary with a custom my.cnf file ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file ## + maxConnectionLimit: 2000 + configuration: |- [mysqld] # server - max_connections=500 + max_connections=10000 default_authentication_plugin=caching_sha2_password skip-name-resolve relay-log=relay-log diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml index baca4920..e8d14da0 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml @@ -11,13 +11,15 @@ fullnameOverride: hb-mysql-cluster-standard-10 ## @param resources.limits The resources limits for the MinIO® container ## @param resources.requests The requested resources for the MinIO® container ## -resources: - limits: - cpu: 1000m - memory: 1024Mi - requests: - cpu: 100m - memory: 512Mi +primary: + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 100m + memory: 512Mi + ## @section Persistence parameters From 7c93cee8b35b03477f674658fdd6ed9f88ddbb62 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 15:11:19 +0800 Subject: [PATCH 008/176] chore(mysql-cluster): add max_connection_limit --- .../chart/mysql-cluster/templates/primary/statefulset.yaml | 5 +++-- addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 49b8c703..24d81878 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -156,9 +156,9 @@ spec: - name: MYSQL_DATABASE value: {{ .Values.auth.database | quote }} {{- end }} - {{- if and .Values.auth.createDatabase .Values.auth.database }} + {{- if .Values.primary.maxConnectionLimit }} - name: MAX_CONNECTION_LIMIT - value: {{ .Values.maxConnectionLimit | quote }} + value: {{ .Values.primary.maxConnectionLimit | quote }} {{- end }} {{- if or (eq .Values.architecture "replication") (eq .Values.architecture "mgr") }} - name: MYSQL_REPLICATION_MODE @@ -397,3 +397,4 @@ spec: selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }} {{- end -}} {{- end }} + diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 3199eede..a33e364c 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -182,7 +182,7 @@ initdbScripts: echo plugin_load_add='group_replication.so' >> $base_conf_file - echo max_connections=$MAX_CONNECTION_LIMIT + echo max_connections=$MAX_CONNECTION_LIMIT >> $base_conf_file ## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) ## From ae4809d6a88a8f4c9949139b7fa9a169fc1d7553 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 16:06:56 +0800 Subject: [PATCH 009/176] chore(mysql-cluster): add plans --- .../8.0/plans/standard-10/bind.yaml | 9 ++- .../8.0/plans/standard-10/meta.yaml | 2 +- .../8.0/plans/standard-10/values.yaml | 7 ++- .../8.0/plans/standard-100/bind.yaml | 34 +++++++++++ .../standard-100/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-100/meta.yaml | 6 ++ .../8.0/plans/standard-100/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-20/bind.yaml | 34 +++++++++++ .../standard-20/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-20/meta.yaml | 6 ++ .../8.0/plans/standard-20/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-200/bind.yaml | 34 +++++++++++ .../standard-200/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-200/meta.yaml | 6 ++ .../8.0/plans/standard-200/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-400/bind.yaml | 34 +++++++++++ .../standard-400/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-400/meta.yaml | 6 ++ .../8.0/plans/standard-400/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-50/bind.yaml | 34 +++++++++++ .../standard-50/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-50/meta.yaml | 6 ++ .../8.0/plans/standard-50/values.yaml | 60 ++++++++++++++++++ .../8.0/plans/standard-800/bind.yaml | 34 +++++++++++ .../standard-800/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-800/meta.yaml | 6 ++ .../8.0/plans/standard-800/values.yaml | 61 +++++++++++++++++++ 27 files changed, 689 insertions(+), 6 deletions(-) create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index fa1ceb8e..e8b99314 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -20,10 +20,15 @@ credential: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: port + - name: portro valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.port }' + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' {{- end }} diff --git a/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml index 426c302e..6c738828 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml @@ -1,6 +1,6 @@ name: "standard-10" id: 2b455154-8725-482a-95b2-a193c180d9b5 -description: "Mysql Cluster standard-10 plan which limit persistence size 10Gi." +description: "Mysql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" displayName: "standard-10" bindable: true maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml index e8d14da0..f90075a8 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml @@ -12,14 +12,15 @@ fullnameOverride: hb-mysql-cluster-standard-10 ## @param resources.requests The requested resources for the MinIO® container ## primary: + maxConnectionLimit: 600 resources: limits: cpu: 1000m memory: 1024Mi requests: - cpu: 100m - memory: 512Mi - + cpu: 1000m + memory: 1024Mi + ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml new file mode 100644 index 00000000..1856a446 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-100" +id: 8205e5d3-a954-4c68-a570-efa8c607c1d7 +description: "Mysql Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 4000" +displayName: "standard-100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-100/values.yaml b/addons/mysql-cluster/8.0/plans/standard-100/values.yaml new file mode 100644 index 00000000..1c6b865b --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-100 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 4000 + resources: + limits: + cpu: 4000m + memory: 16Gi + requests: + cpu: 4000m + memory: 16Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 100Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml new file mode 100644 index 00000000..e749a7db --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-20" +id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc +description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-20/values.yaml b/addons/mysql-cluster/8.0/plans/standard-20/values.yaml new file mode 100644 index 00000000..d9422e70 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-20 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 1000 + resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 20Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml new file mode 100644 index 00000000..b857ef1e --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-200" +id: 8205e5d3-a954-4c68-a570-efa8c607c1d7 +description: "Mysql Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 8000" +displayName: "standard-200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-200/values.yaml new file mode 100644 index 00000000..baf7e8a9 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-200 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 8000 + resources: + limits: + cpu: 8000m + memory: 32Gi + requests: + cpu: 8000m + memory: 32Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 200Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml new file mode 100644 index 00000000..c802ccc6 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-400" +id: f96fb7d8-3012-4175-931e-902e26697441 +description: "Mysql Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 1600" +displayName: "standard-400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-400/values.yaml new file mode 100644 index 00000000..2cc0d06e --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-400 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 1600 + resources: + limits: + cpu: 16000m + memory: 64Gi + requests: + cpu: 16000m + memory: 64Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 400Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml new file mode 100644 index 00000000..a6d4e5bd --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-50" +id: 6f69bee2-6de2-4baf-bbe1-27844a2998b2 +description: "Mysql Cluster standard-10 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-50/values.yaml b/addons/mysql-cluster/8.0/plans/standard-50/values.yaml new file mode 100644 index 00000000..bc9fd336 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/values.yaml @@ -0,0 +1,60 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-50 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 2000 + resources: + limits: + cpu: 2000m + memory: 8Gi + requests: + cpu: 2000m + memory: 8Gi + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 50Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml new file mode 100644 index 00000000..72806d97 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-800" +id: 829768aa-f287-42ee-b98c-db40ec670d38 +description: "Mysql Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 32000" +displayName: "standard-800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-800/values.yaml new file mode 100644 index 00000000..82a515d7 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-800 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 32000 + resources: + limits: + cpu: 32000m + memory: 128Gi + requests: + cpu: 32000m + memory: 128Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 800Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} From 8a97c7ed3aaf794c1b614b3828415242f749cda5 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 17:00:36 +0800 Subject: [PATCH 010/176] chore(prometheus): support discovery addons in namespaces --- .../prometheus/templates/_scrape_config.tpl | 44 ++++++++++++++ .../prometheus/2/chart/prometheus/values.yaml | 57 ++++--------------- 2 files changed, 55 insertions(+), 46 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index 7fb0e110..316031e2 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -85,3 +85,47 @@ relabel_configs: regex: 0 action: keep {{- end -}} + +{{- define "addons.ds_scrape_config" -}} +honor_labels: true +kubernetes_sd_configs: + - role: endpoints + namespaces: + own_namespace: true + names: + - {{ include "common.names.namespace" .context }} +relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node +{{- end -}} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index a551fa68..fb195934 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -625,12 +625,16 @@ server: - job_name: alertmanager {{- include "prometheus.scrape_config" (dict "component" "alertmanager" "context" $) | nindent 4 }} {{- end }} + {{- if .Values.scrapeAddons.enabled }} + - job_name: addons + {{- include "addons.ds_scrape_config" (dict "context" $) | nindent 4 }} + {{- end }} {{- if .Values.server.extraScrapeConfigs}} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraScrapeConfigs "context" $) | nindent 2 }} {{- end }} - {{- if .Values.server.dsScrapeConfigs}} - {{- include "common.tplvalues.render" (dict "value" .Values.server.dsScrapeConfigs "context" $) | nindent 2 }} - {{- end }} + # {{- if .Values.server.dsScrapeConfigs}} + # {{- include "common.tplvalues.render" (dict "value" .Values.server.dsScrapeConfigs "context" $) | nindent 2 }} + # {{- end }} {{- if or .Values.alertmanager.enabled .Values.server.alertingEndpoints}} alerting: alertmanagers: @@ -653,49 +657,7 @@ server: ## ref: ## extraScrapeConfigs: [] - dsScrapeConfigs: - - job_name: 'service-endpoints' - honor_labels: true - kubernetes_sd_configs: - - role: endpoints - namespaces: - own_namespace: true - names: - - default - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] - action: drop - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: (.+?)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) - replacement: __param_$1 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: service - - source_labels: [__meta_kubernetes_pod_node_name] - action: replace - target_label: node + ## @param server.replicaCount Number of Prometheus replicas to deploy ## replicaCount: 1 @@ -1569,3 +1531,6 @@ volumePermissions: ## containerSecurityContext: runAsUser: 0 + +scrapeAddons: + enable: true From 187ec9991af7c2bc26e58b9f3cfb686d4ed40092 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 17:33:57 +0800 Subject: [PATCH 011/176] fix(prometheus): is enabled scrape addons metrics --- addons/prometheus/2/chart/prometheus/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index fb195934..21331135 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -1533,4 +1533,4 @@ volumePermissions: runAsUser: 0 scrapeAddons: - enable: true + enabled: true From 3a2818243cbcf7f58a6cd822db11716dc5b89545 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 2 Nov 2023 10:36:19 +0800 Subject: [PATCH 012/176] feat(drycc-addons): add postgresql-cluster --- .../15/chart/postgresql/Chart.yaml | 27 ++ .../15/chart/postgresql/README.md | 151 +++++++++++ .../15/chart/postgresql/templates/NOTES.txt | 25 ++ .../chart/postgresql/templates/_helpers.tpl | 43 +++ .../15/chart/postgresql/templates/ep.yaml | 12 + .../postgresql/templates/networkpolicy.yaml | 45 +++ .../15/chart/postgresql/templates/role.yaml | 49 ++++ .../postgresql/templates/rolebinding.yaml | 19 ++ .../15/chart/postgresql/templates/sec.yaml | 16 ++ .../postgresql/templates/serviceaccount.yaml | 12 + .../postgresql/templates/statefulset.yaml | 256 ++++++++++++++++++ .../postgresql/templates/svc-config.yaml | 11 + .../chart/postgresql/templates/svc-relp.yaml | 21 ++ .../15/chart/postgresql/templates/svc.yaml | 18 ++ .../15/chart/postgresql/values.yaml | 147 ++++++++++ addons/postgresql-cluster/15/meta.yaml | 20 ++ 16 files changed, 872 insertions(+) create mode 100644 addons/postgresql-cluster/15/chart/postgresql/Chart.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/README.md create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/values.yaml create mode 100644 addons/postgresql-cluster/15/meta.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml new file mode 100644 index 00000000..f0397f67 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml @@ -0,0 +1,27 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: "15" +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + version: ~1.1.1 +description: PostgreSQL (Postgres) is an open source object-relational database known for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, views, triggers and stored procedures. +engine: gotpl +home: https://github.com/bitnami/charts/tree/master/bitnami/postgresql +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png +keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster +maintainers: + - email: zhang.eamon@hotmail.com + name: zhangeamon +name: postgresql +sources: + - https://github.com/drycc-addons/ + - https://www.postgresql.org/ +version: 15.4.1 diff --git a/addons/postgresql-cluster/15/chart/postgresql/README.md b/addons/postgresql-cluster/15/chart/postgresql/README.md new file mode 100644 index 00000000..8d44fca1 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/README.md @@ -0,0 +1,151 @@ +# ⚠️ Repo Archive Notice + +As of Nov 13, 2020, charts in this repo will no longer be updated. +For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/). + +# Patroni Helm Chart + +This directory contains a Kubernetes chart to deploy a five node [Patroni](https://github.com/zalando/patroni/) cluster using a [Spilo](https://github.com/zalando/spilo) and a StatefulSet. + + +## Prerequisites Details +* Kubernetes 1.9+ +* PV support on the underlying infrastructure + +## StatefulSet Details +* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ + +## StatefulSet Caveats +* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations + + +## Chart Details +This chart will do the following: + +* Implement a HA scalable PostgreSQL 10 cluster using a Kubernetes StatefulSet. + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add +$ helm dependency update +$ helm install --name my-release postgresql-cluster +``` + +To install the chart with randomly generated passwords: + +```console +$ helm install --name my-release postgresql-cluster \ + --set credentials.superuser="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.admin="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.standby="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)" +``` + +## Connecting to PostgreSQL + +Your access point is a cluster IP. In order to access it spin up another pod: + +```console +$ kubectl run -i --tty --rm psql --image=postgres --restart=Never -- bash -il +``` + +Then, from inside the pod, connect to PostgreSQL: + +```console +$ psql -U admin -h my-release-patroni.default.svc.cluster.local postgres + +postgres=> +``` + +## Configuration + +The following table lists the configurable parameters of the patroni chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------|---------------------------------------------|-----------------------------------------------------| +| `nameOverride` | Override the name of the chart | `nil` | +| `fullnameOverride` | Override the fullname of the chart | `nil` | +| `replicaCount` | Amount of pods to spawn | `5` | +| `image.repository` | The image to pull | `registry.opensource.zalan.do/acid/spilo-10` | +| `image.tag` | The version of the image to pull | `1.5-p5` | +| `image.pullPolicy` | The pull policy | `IfNotPresent` | +| `credentials.superuser` | Password of the superuser | `tea` | +| `credentials.admin` | Password of the admin | `cola` | +| `credentials.standby` | Password of the replication user | `pinacolada` | +| `kubernetes.dcs.enable` | Using Kubernetes as DCS | `true` | +| `kubernetes.configmaps.enable` | Using Kubernetes configmaps instead of endpoints | `false` | +| `etcd.enable` | Using etcd as DCS | `false` | +| `etcd.deployChart` | Deploy etcd chart | `false` | +| `etcd.host` | Host name of etcd cluster | `nil` | +| `etcd.discovery` | Domain name of etcd cluster | `nil` | +| `zookeeper.enable` | Using ZooKeeper as DCS | `false` | +| `zookeeper.deployChart` | Deploy ZooKeeper chart | `false` | +| `zookeeper.hosts` | List of ZooKeeper cluster members | `host1:port1,host2:port,etc...` | +| `consul.enable` | Using Consul as DCS | `false` | +| `consul.deployChart` | Deploy Consul chart | `false` | +| `consul.host` | Host name of consul cluster | `nil` | +| `env` | Extra custom environment variables | `{}` | +| `walE.enable` | Use of Wal-E tool for base backup/restore | `false` | +| `walE.scheduleCronJob` | Schedule of Wal-E backups | `00 01 * * *` | +| `walE.retainBackups` | Number of base backups to retain | `2` | +| `walE.s3Bucket:` | Amazon S3 bucket used for wal-e backups | `nil` | +| `walE.gcsBucket` | GCS storage used for Wal-E backups | `nil` | +| `walE.kubernetesSecret` | K8s secret name for provider bucket | `nil` | +| `walE.backupThresholdMegabytes` | Maximum size of the WAL segments accumulated after the base backup to consider WAL-E restore instead of pg_basebackup | `1024` | +| `walE.backupThresholdPercentage` | Maximum ratio (in percents) of the accumulated WAL files to the base backup to consider WAL-E restore instead of pg_basebackup | `30` | +| `resources` | Any resources you wish to assign to the pod | `{}` | +| `nodeSelector` | Node label to use for scheduling | `{}` | +| `tolerations` | List of node taints to tolerate | `[]` | +| `affinityTemplate` | A template string to use to generate the affinity settings | Anti-affinity preferred on hostname | +| `affinity` | Affinity settings. Overrides `affinityTemplate` if set. | `{}` | +| `schedulerName` | Alternate scheduler name | `nil` | +| `persistentVolume.accessModes` | Persistent Volume access modes | `[ReadWriteOnce]` | +| `persistentVolume.annotations` | Annotations for Persistent Volume Claim` | `{}` | +| `persistentVolume.mountPath` | Persistent Volume mount root path | `/home/postgres/pgdata` | +| `persistentVolume.size` | Persistent Volume size | `2Gi` | +| `persistentVolume.storageClass` | Persistent Volume Storage Class | `volume.alpha.kubernetes.io/storage-class: default` | +| `persistentVolume.subPath` | Subdirectory of Persistent Volume to mount | `""` | +| `rbac.create` | Create required role and rolebindings | `true` | +| `serviceAccount.create` | If true, create a new service account | `true` | +| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `nil` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install --name my-release -f values.yaml incubator/patroni +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Cleanup + +To remove the spawned pods you can run a simple `helm delete `. + +Helm will however preserve created persistent volume claims, +to also remove them execute the commands below. + +```console +$ release= +$ helm delete $release +$ kubectl delete pvc -l release=$release +``` + +## Internals + +Patroni is responsible for electing a PostgreSQL master pod by leveraging the +DCS of your choice. After election it adds a `spilo-role=master` label to the +elected master and set the label to `spilo-role=replica` for all replicas. +Simultaneously it will update the `-patroni` endpoint to let the +service route traffic to the elected master. + +```console +$ kubectl get pods -l spilo-role -L spilo-role +NAME READY STATUS RESTARTS AGE SPILO-ROLE +my-release-patroni-0 1/1 Running 0 9m replica +my-release-patroni-1 1/1 Running 0 9m master +my-release-patroni-2 1/1 Running 0 8m replica +my-release-patroni-3 1/1 Running 0 8m replica +my-release-patroni-4 1/1 Running 0 8m replica +``` diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt b/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt new file mode 100644 index 00000000..22a4f2d2 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt @@ -0,0 +1,25 @@ +Patroni can be accessed via port 5432 on the following DNS name from within your cluster: +{{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To get your password for superuser run: + + # superuser password + PGPASSWORD_SUPERUSER=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "patroni.fullname" . }} -o jsonpath="{.data.password-superuser}" | base64 --decode) + + # admin password + PGPASSWORD_ADMIN=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "patroni.fullname" . }} -o jsonpath="{.data.password-admin}" | base64 --decode) + +To connect to your database: + +1. Run a postgres pod and connect using the psql cli: + # login as superuser + kubectl run -i --tty --rm psql --image=postgres \ + --env "PGPASSWORD=$PGPASSWORD_SUPERUSER" \ + --command -- psql -U postgres \ + -h {{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local postgres + + # login as admin + kubectl run -i -tty --rm psql --image=postgres \ + --env "PGPASSWORD=$PGPASSWORD_ADMIN" \ + --command -- psql -U admin \ + -h {{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local postgres diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl new file mode 100644 index 00000000..2b1b6d45 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "patroni.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "patroni.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "patroni.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use. +*/}} +{{- define "patroni.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "patroni.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml new file mode 100644 index 00000000..23b7b2eb --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +subsets: [] diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml new file mode 100644 index 00000000..06617f8a --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml @@ -0,0 +1,45 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + - ports: + - port: 5432 + {{- if and .Values.metrics.enabled }} + - port: {{ .Values.metrics.service.port }} + {{ end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml new file mode 100644 index 00000000..c81b39a8 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml @@ -0,0 +1,49 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete +- apiGroups: [""] + resources: ["services"] + verbs: + - create +- apiGroups: [""] + resources: ["endpoints"] + verbs: + - create + - get + - patch + - update + # the following three privileges are necessary only when using endpoints + - list + - watch + # delete is required only for for 'patronictl remove' + - delete + - deletecollection +- apiGroups: [""] + resources: ["pods"] + verbs: + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml new file mode 100644 index 00000000..d09de1c8 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ template "patroni.serviceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "patroni.fullname" . }} +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml new file mode 100644 index 00000000..40082291 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +type: Opaque +data: + password-superuser: {{ .Values.credentials.superuser | b64enc }} + password-admin: {{ .Values.credentials.admin | b64enc }} + password-replication: {{ .Values.credentials.standby | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml new file mode 100644 index 00000000..819bb983 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "patroni.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml new file mode 100644 index 00000000..ce657a5e --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -0,0 +1,256 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + serviceName: {{ template "patroni.fullname" . }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} + template: + metadata: + name: {{ template "patroni.fullname" . }} + labels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} + spec: + serviceAccountName: {{ template "patroni.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + {{- if .Values.kubernetes.dcs.enable }} + - name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' + - name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' + - name: PATRONI_KUBERNETES_LABELS + value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' + - name: PATRONI_SUPERUSER_USERNAME + value: postgres + - name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: PATRONI_REPLICATION_USERNAME + value: standby + - name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication + - name: PATRONI_SCOPE + value: {{ template "patroni.fullname" . }} + - name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: PATRONI_POSTGRESQL_DATA_DIR + value: "{{ .Values.persistentVolume.mountPath }}/data" + - name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass + - name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' + - name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' + + {{- if .Values.kubernetes.configmaps.enable }} + - name: KUBERNETES_USE_CONFIGMAPS + value: "true" + {{- end }} + {{- end }} + {{- if .Values.etcd.enable }} + {{- if .Values.etcd.deployChart }} + - name: ETCD_DISCOVERY_DOMAIN + value: {{default (printf "%s-etcd" .Release.Name | trunc 63) .Values.etcd.discovery }} + {{- else }} + - name: ETCD_HOST + value: {{ .Values.etcd.host | quote }} + {{- end }} + {{- else if .Values.zookeeper.enable }} + {{- if .Values.zookeeper.deployChart }} + - name: ZOOKEEPER_HOSTS + value: {{(printf "'%s-zookeeper-headless:2181'" .Release.Name | trunc 63)}} + {{- else }} + - name: ZOOKEEPER_HOSTS + value: {{ .Values.zookeeper.hosts | quote }} + {{- end }} + {{- else if .Values.consul.enable }} + {{- if .Values.consul.deployChart }} + - name: PATRONI_CONSUL_HOST + value: {{(printf "'%s-consul'" .Release.Name | trunc 63)}} + {{- else }} + - name: PATRONI_CONSUL_HOST + value: {{ .Values.consul.host | quote }} + {{- end }} + {{- end }} + - name: SCOPE + value: {{ template "patroni.fullname" . }} + {{- if .Values.walE.enable }} + - name: USE_WALE + value: {{ .Values.walE.enable | quote }} + {{- if .Values.walE.scheduleCronJob }} + - name: BACKUP_SCHEDULE + value: {{ .Values.walE.scheduleCronJob | quote}} + {{- end }} + {{- if .Values.walE.retainBackups }} + - name: BACKUP_NUM_TO_RETAIN + value: {{ .Values.walE.retainBackups | quote}} + {{- end }} + {{- if .Values.walE.s3Bucket }} + - name: WAL_S3_BUCKET + value: {{ .Values.walE.s3Bucket | quote }} + {{else if .Values.walE.gcsBucket }} + - name: WAL_GCS_BUCKET + value: {{ .Values.walE.gcsBucket | quote }} + {{- if .Values.walE.kubernetesSecret }} + - name: GOOGLE_APPLICATION_CREDENTIALS + value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" + {{- end }} + {{- end }} + {{- if .Values.walE.backupThresholdMegabytes }} + - name: WALE_BACKUP_THRESHOLD_MEGABYTES + value: {{ .Values.walE.backupThresholdMegabytes | quote }} + {{- end }} + {{- if .Values.walE.backupThresholdPercentage }} + - name: WALE_BACKUP_THRESHOLD_PERCENTAGE + value: {{ .Values.walE.backupThresholdPercentage | quote }} + {{- end }} + {{- else }} + - name: USE_WALE + value: "" + {{- end }} + - name: PGROOT + value: "{{ .Values.persistentVolume.mountPath }}/pgroot" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote | upper }} + value: {{ $val | quote }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + scheme: HTTP + path: /readiness + port: 8008 + initialDelaySeconds: 3 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /liveness + port: 8008 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + ports: + - containerPort: 8008 + protocol: TCP + - containerPort: 5432 + protocol: TCP + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + volumeMounts: "{{ .Values.persistentVolume.subPath }}" + # - mountPath: /etc/patroni + # name: patroni-config + # readOnly: true + {{- if .Values.walE.enable }} + {{- if .Values.walE.kubernetesSecret }} + - name: {{ .Values.walE.kubernetesSecret }} + mountPath: /etc/credentials + readOnly: true + {{- end }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ .Values.affinity | toYaml | indent 8 }} + {{- else if .Values.affinityTemplate }} + affinity: +{{ tpl .Values.affinityTemplate . | indent 8 }} + {{- end }} + volumes: + - name: patroni-config + secret: + secretName: {{ template "patroni.fullname" . }} + {{- if .Values.walE.enable }} + {{- if .Values.walE.kubernetesSecret }} + - name: {{ .Values.walE.kubernetesSecret }} + secret: + secretName: {{ .Values.walE.kubernetesSecret }} + {{- end }} + {{- end }} + {{- if not .Values.persistentVolume.enabled }} + - name: storage-volume + emptyDir: {} + {{- end }} + {{- if .Values.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: storage-volume + annotations: + {{- if .Values.persistentVolume.annotations }} +{{ toYaml .Values.persistentVolume.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + accessModes: +{{ toYaml .Values.persistentVolume.accessModes | indent 8 }} + resources: + requests: + storage: "{{ .Values.persistentVolume.size }}" + {{- if .Values.persistentVolume.storageClass }} + {{- if (eq "-" .Values.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistentVolume.storageClass }}" + {{- end }} + {{- end }} + {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml new file mode 100644 index 00000000..442be2f3 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml @@ -0,0 +1,11 @@ +# headless service to avoid deletion of patronidemo-config endpoint +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-config + labels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + clusterIP: None diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml new file mode 100644 index 00000000..cccaf8ce --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-repl + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + role: replica +spec: + type: ClusterIP + selector: + app: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: replica + ports: + - port: 5432 + targetPort: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml new file mode 100644 index 00000000..430a6a8f --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + type: ClusterIP + ports: + - name: postgresql + port: 5432 + targetPort: postgresql + protocol: TCP diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml new file mode 100644 index 00000000..1be7c5f6 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -0,0 +1,147 @@ +replicaCount: 3 + +image: + # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 + # https://github.com/zalando/spilo/tree/master/postgres-appliance + repository: registry.drycc.cc/drycc-addons/patroni + tag: 3.2 + pullPolicy: 'IfNotPresent' + +# Credentials used by Patroni +# https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql +# https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst +credentials: + superuser: tea + admin: cola + standby: reppasswd + +# Distribution Configuration stores +# Please note that only one of the following stores should be enabled. +kubernetes: + dcs: + enable: true + configmaps: + enable: false +etcd: + enable: false + deployChart: false + # If not deploying etcd chart, fill-in value for etcd service + # ..svc.cluster.local + host: + # Leave blank to use vendored etcd chart + discovery: +zookeeper: + enable: false + deployChart: false + # If not deploying etcd chart, fill-in list of ZooKeeper members in format: + # 'host1:port1','host2:port2','etc...' + hosts: +consul: + enable: false + deployChart: false + # Leave blank to use vendored consul chart + hosts: + +# Extra custom environment variables. +env: {} + +walE: + # Specifies whether Wal-E should be enabled + enable: false + # Cron schedule for doing base backups + scheduleCronJob: 00 01 * * * + # Amount of base backups to retain + retainBackups: 2 + # Path to the S3 or GCS bucket used for WAL-E base backups + s3Bucket: + gcsBucket: + # Name of the secret that holds the credentials to the bucket + kubernetesSecret: + # Maximum size of the WAL segments accumulated after the base backup to + # consider WAL-E restore instead of pg_basebackup + backupThresholdMegabytes: 1024 + # Maximum ratio (in percents) of the accumulated WAL files to the base backup + # to consider WAL-E restore instead of pg_basebackup + backupThresholdPercentage: 30 + +persistentVolume: + enabled: false + size: 10G + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + subPath: "" + mountPath: "/home/postgres/pgdata" + annotations: {} + accessModes: + - ReadWriteOnce + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 1000m + memory: 1Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 1000m + memory: 1Gi + +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +nodeSelector: {} + +# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinityTemplate: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app: {{ template "patroni.name" . }} + release: {{ .Release.Name | quote }} +affinity: {} + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + +## Postgresql Prometheus exporter parameters +## +metrics: + enabled: false +## Postgresql Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: false + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port MySQL is listening + ## on. When true, MySQL will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] \ No newline at end of file diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml new file mode 100644 index 00000000..f7e21529 --- /dev/null +++ b/addons/postgresql-cluster/15/meta.yaml @@ -0,0 +1,20 @@ +name: postgresql-cluster +version: 15.0 +id: 5cfb0abf-276c-445b-9060-9aa964ede87d +description: "postgresql-cluster" +displayName: "postgresql-cluster-15.0" +metadata: + displayName: "postgresql-cluster-15.0" + provider: + name: drycc + supportURL: https://www.postgresql.org/ + documentationURL: https://github.com/drycc-addons/drycc-docker-postgresql-cluster +tags: postgresql-cluster +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "networkPolicy.allowNamespaces" + description: "networkPolicy allowNamespaces config for values.yaml" +archive: false \ No newline at end of file From c317ad3ac5802173ffcae6cd2ffa63a3d90fed9f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 3 Nov 2023 09:13:06 +0800 Subject: [PATCH 013/176] chore(postgresql-cluster): move patroni env to helper --- .../chart/postgresql/templates/_helpers.tpl | 95 +++++++++++++ .../postgresql/templates/statefulset.yaml | 131 ++---------------- .../15/chart/postgresql/values.yaml | 24 +--- 3 files changed, 111 insertions(+), 139 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl index 2b1b6d45..f684f499 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -41,3 +41,98 @@ Create the name of the service account to use. {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} + +{{/* +Create patroni envs. +*/}} +{{- define "patroni.envs" }} +{{- if .Values.kubernetes.configmaps.enable }} +- name: KUBERNETES_USE_CONFIGMAPS + value: "true" +{{- end }} +{{- if .Values.kubernetes.endpoints.enable }} +- name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' +{{- end }} +- name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP +- name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +- name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' +- name: PATRONI_KUBERNETES_LABELS + value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' +- name: PATRONI_SUPERUSER_USERNAME + value: postgres +- name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser +- name: PATRONI_REPLICATION_USERNAME + value: standby +- name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication +- name: PATRONI_SCOPE + value: {{ template "patroni.fullname" . }} +- name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name +- name: PATRONI_POSTGRESQL_DATA_DIR + value: "{{ .Values.persistentVolume.mountPath }}/data" +- name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass +- name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' +- name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' +{{- end -}} + +{{/* +Create wale envs. +*/}} +{{- define "wale.envs" }} +{{- if .Values.walE.enable }} +- name: USE_WALE + value: {{ .Values.walE.enable | quote }} +{{- if .Values.walE.scheduleCronJob }} +- name: BACKUP_SCHEDULE + value: {{ .Values.walE.scheduleCronJob | quote}} +{{- end }} +{{- if .Values.walE.retainBackups }} +- name: BACKUP_NUM_TO_RETAIN + value: {{ .Values.walE.retainBackups | quote}} +{{- end }} +{{- if .Values.walE.s3Bucket }} +- name: WAL_S3_BUCKET + value: {{ .Values.walE.s3Bucket | quote }} +{{else if .Values.walE.gcsBucket }} +- name: WAL_GCS_BUCKET + value: {{ .Values.walE.gcsBucket | quote }} +{{- if .Values.walE.kubernetesSecret }} +- name: GOOGLE_APPLICATION_CREDENTIALS + value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" +{{- end }} + +{{- if .Values.walE.backupThresholdMegabytes }} +- name: WALE_BACKUP_THRESHOLD_MEGABYTES + value: {{ .Values.walE.backupThresholdMegabytes | quote }} +{{- end }} +{{- if .Values.walE.backupThresholdPercentage }} +- name: WALE_BACKUP_THRESHOLD_PERCENTAGE + value: {{ .Values.walE.backupThresholdPercentage | quote }} +{{- end }} +{{- else }} +- name: USE_WALE + value: "" +{{- end }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index ce657a5e..14895620 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -31,123 +31,7 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - {{- if .Values.kubernetes.dcs.enable }} - - name: PATRONI_KUBERNETES_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: PATRONI_KUBERNETES_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE - value: 'true' - - name: PATRONI_KUBERNETES_USE_ENDPOINTS - value: 'true' - - name: PATRONI_KUBERNETES_LABELS - value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' - - name: PATRONI_SUPERUSER_USERNAME - value: postgres - - name: PATRONI_SUPERUSER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: password-superuser - - name: PATRONI_REPLICATION_USERNAME - value: standby - - name: PATRONI_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: password-replication - - name: PATRONI_SCOPE - value: {{ template "patroni.fullname" . }} - - name: PATRONI_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: PATRONI_POSTGRESQL_DATA_DIR - value: "{{ .Values.persistentVolume.mountPath }}/data" - - name: PATRONI_POSTGRESQL_PGPASS - value: /tmp/pgpass - - name: PATRONI_POSTGRESQL_LISTEN - value: '0.0.0.0:5432' - - name: PATRONI_RESTAPI_LISTEN - value: '0.0.0.0:8008' - - {{- if .Values.kubernetes.configmaps.enable }} - - name: KUBERNETES_USE_CONFIGMAPS - value: "true" - {{- end }} - {{- end }} - {{- if .Values.etcd.enable }} - {{- if .Values.etcd.deployChart }} - - name: ETCD_DISCOVERY_DOMAIN - value: {{default (printf "%s-etcd" .Release.Name | trunc 63) .Values.etcd.discovery }} - {{- else }} - - name: ETCD_HOST - value: {{ .Values.etcd.host | quote }} - {{- end }} - {{- else if .Values.zookeeper.enable }} - {{- if .Values.zookeeper.deployChart }} - - name: ZOOKEEPER_HOSTS - value: {{(printf "'%s-zookeeper-headless:2181'" .Release.Name | trunc 63)}} - {{- else }} - - name: ZOOKEEPER_HOSTS - value: {{ .Values.zookeeper.hosts | quote }} - {{- end }} - {{- else if .Values.consul.enable }} - {{- if .Values.consul.deployChart }} - - name: PATRONI_CONSUL_HOST - value: {{(printf "'%s-consul'" .Release.Name | trunc 63)}} - {{- else }} - - name: PATRONI_CONSUL_HOST - value: {{ .Values.consul.host | quote }} - {{- end }} - {{- end }} - - name: SCOPE - value: {{ template "patroni.fullname" . }} - {{- if .Values.walE.enable }} - - name: USE_WALE - value: {{ .Values.walE.enable | quote }} - {{- if .Values.walE.scheduleCronJob }} - - name: BACKUP_SCHEDULE - value: {{ .Values.walE.scheduleCronJob | quote}} - {{- end }} - {{- if .Values.walE.retainBackups }} - - name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.walE.retainBackups | quote}} - {{- end }} - {{- if .Values.walE.s3Bucket }} - - name: WAL_S3_BUCKET - value: {{ .Values.walE.s3Bucket | quote }} - {{else if .Values.walE.gcsBucket }} - - name: WAL_GCS_BUCKET - value: {{ .Values.walE.gcsBucket | quote }} - {{- if .Values.walE.kubernetesSecret }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" - {{- end }} - {{- end }} - {{- if .Values.walE.backupThresholdMegabytes }} - - name: WALE_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.walE.backupThresholdMegabytes | quote }} - {{- end }} - {{- if .Values.walE.backupThresholdPercentage }} - - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.walE.backupThresholdPercentage | quote }} - {{- end }} - {{- else }} - - name: USE_WALE - value: "" - {{- end }} - - name: PGROOT - value: "{{ .Values.persistentVolume.mountPath }}/pgroot" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + {{- include "patroni.envs" . | indent 8 }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} - name: {{ $key | quote | upper }} @@ -174,6 +58,18 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 + lifecycle: + preStop: + exec: + command: + - /usr/bin/env + - bash + - -c + - | + # switch leader pod if the current pod is the leader + if curl --fail http://localhost:8008/read-write; then + init-stack patronictl switchover --force + fi ports: - containerPort: 8008 protocol: TCP @@ -182,7 +78,6 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - volumeMounts: "{{ .Values.persistentVolume.subPath }}" # - mountPath: /etc/patroni # name: patroni-config # readOnly: true diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index 1be7c5f6..f7bdc8a7 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -5,6 +5,7 @@ image: # https://github.com/zalando/spilo/tree/master/postgres-appliance repository: registry.drycc.cc/drycc-addons/patroni tag: 3.2 + # IfNotPresent , Always pullPolicy: 'IfNotPresent' # Credentials used by Patroni @@ -18,29 +19,10 @@ credentials: # Distribution Configuration stores # Please note that only one of the following stores should be enabled. kubernetes: - dcs: + endpoints: enable: true configmaps: enable: false -etcd: - enable: false - deployChart: false - # If not deploying etcd chart, fill-in value for etcd service - # ..svc.cluster.local - host: - # Leave blank to use vendored etcd chart - discovery: -zookeeper: - enable: false - deployChart: false - # If not deploying etcd chart, fill-in list of ZooKeeper members in format: - # 'host1:port1','host2:port2','etc...' - hosts: -consul: - enable: false - deployChart: false - # Leave blank to use vendored consul chart - hosts: # Extra custom environment variables. env: {} @@ -136,7 +118,7 @@ metrics: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: false + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening From 9891e1050911ce0c4e2f19453956acb2287f3d9e Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 6 Nov 2023 11:00:32 +0800 Subject: [PATCH 014/176] chore(postgresql-cluster):adjust patroni config use configmap --- .../chart/postgresql/templates/_helpers.tpl | 10 ++++ .../chart/postgresql/templates/configmap.yaml | 19 ++++++++ .../15/chart/postgresql/templates/ep.yaml | 12 ----- .../postgresql/templates/networkpolicy.yaml | 6 +-- .../postgresql/templates/statefulset.yaml | 17 +++++-- .../15/chart/postgresql/values.yaml | 46 +++++++++++++++++++ 6 files changed, 88 insertions(+), 22 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml delete mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl index f684f499..8e146ffd 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -42,6 +42,16 @@ Create the name of the service account to use. {{- end -}} {{- end -}} +{{/* +Return true if a configmap object should be created for MySQL Secondary +*/}} +{{- define "patroni.createConfigmap" -}} +{{- if and .Values.configuration }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + {{/* Create patroni envs. */}} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml new file mode 100644 index 00000000..5f26b266 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml @@ -0,0 +1,19 @@ +{{- if (include "patroni.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-cm + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + patroni.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.configuration "context" $ ) | nindent 4 }} +{{- end -}} + diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml deleted file mode 100644 index 23b7b2eb..00000000 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "patroni.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: - app: {{ template "patroni.fullname" . }} - chart: {{ template "patroni.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - cluster-name: {{ template "patroni.fullname" . }} -subsets: [] diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml index 06617f8a..a6d317e6 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml @@ -1,8 +1,3 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - {{- if .Values.networkPolicy.enabled }} kind: NetworkPolicy apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} @@ -13,6 +8,7 @@ metadata: {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} + cluster-name: {{ template "patroni.fullname" . }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 14895620..4bf6e766 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -26,10 +26,17 @@ spec: cluster-name: {{ template "patroni.fullname" . }} spec: serviceAccountName: {{ template "patroni.serviceAccountName" . }} + + # securityContext: + # runAsUser: postgres + # fsGroup: postgres containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} {{- if .Values.env }} @@ -78,9 +85,9 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - # - mountPath: /etc/patroni - # name: patroni-config - # readOnly: true + - mountPath: "/opt/drycc/scripts/patroni/" + name: patroni-config + # readOnly: true {{- if .Values.walE.enable }} {{- if .Values.walE.kubernetesSecret }} - name: {{ .Values.walE.kubernetesSecret }} @@ -110,8 +117,8 @@ spec: {{- end }} volumes: - name: patroni-config - secret: - secretName: {{ template "patroni.fullname" . }} + configMap: + name: {{ template "common.names.fullname" . }}-cm {{- if .Values.walE.enable }} {{- if .Values.walE.kubernetesSecret }} - name: {{ .Values.walE.kubernetesSecret }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index f7bdc8a7..6e159f91 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -27,6 +27,52 @@ kubernetes: # Extra custom environment variables. env: {} +# +#custom patroni.yaml used by patroni boot +# configuration: {} +configuration: | + cat > /home/postgres/patroni.yml <<__EOF__ + log: + level: DEBUG + bootstrap: + dcs: + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + parameters: + wal_level: hot_standby + hot_standby: "on" + max_connections: 1000 + max_worker_processes: 8 + wal_keep_segments: 8 + max_wal_senders: 10 + max_replication_slots: 10 + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 1800s + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + password: '${PATRONI_REPLICATION_PASSWORD}' + __EOF__ + walE: # Specifies whether Wal-E should be enabled enable: false From 4f1a35012c0b68a506175ebb649b6c66d71487a4 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 9 Nov 2023 13:35:34 +0800 Subject: [PATCH 015/176] chore(postgresql-cluster):organize code structure --- .../chart/postgresql/templates/_helpers.tpl | 28 ++++++++- .../chart/postgresql/templates/configmap.yaml | 9 +-- .../15/chart/postgresql/templates/sec.yaml | 7 ++- .../postgresql/templates/statefulset.yaml | 2 +- .../15/chart/postgresql/values.yaml | 61 +++++++++++++++---- .../15/plans/standard-10/bind.yaml | 34 +++++++++++ .../standard-10/create-instance-schema.json | 12 ++++ .../15/plans/standard-10/meta.yaml | 6 ++ .../15/plans/standard-10/values.yaml | 61 +++++++++++++++++++ .../15/plans/standard-20/bind.yaml | 34 +++++++++++ .../standard-20/create-instance-schema.json | 12 ++++ .../15/plans/standard-20/meta.yaml | 6 ++ .../15/plans/standard-20/values.yaml | 61 +++++++++++++++++++ 13 files changed, 311 insertions(+), 22 deletions(-) create mode 100644 addons/postgresql-cluster/15/plans/standard-10/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-10/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-10/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-20/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-20/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-20/values.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl index 8e146ffd..41b3a94d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -43,10 +43,10 @@ Create the name of the service account to use. {{- end -}} {{/* -Return true if a configmap object should be created for MySQL Secondary +Return true if a configmap object should be created for Postgresql HA patroni */}} {{- define "patroni.createConfigmap" -}} -{{- if and .Values.configuration }} +{{- if and .Values.preInitScript }} {{- true -}} {{- else -}} {{- end -}} @@ -90,6 +90,13 @@ Create patroni envs. secretKeyRef: name: {{ template "patroni.fullname" . }} key: password-replication +- name: PATRONI_REWIND_USERNAME + value: rewinder +- name: PATRONI_REWIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-rewind - name: PATRONI_SCOPE value: {{ template "patroni.fullname" . }} - name: PATRONI_NAME @@ -104,6 +111,23 @@ Create patroni envs. value: '0.0.0.0:5432' - name: PATRONI_RESTAPI_LISTEN value: '0.0.0.0:8008' + +- name: DATABASE_NAME + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: data-name +- name: DATABASE_USER + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: data-user +- name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: data-password + {{- end -}} {{/* diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml index 5f26b266..877d5879 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml @@ -13,7 +13,8 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} data: - patroni.sh: |- - {{- include "common.tplvalues.render" ( dict "value" .Values.configuration "context" $ ) | nindent 4 }} -{{- end -}} - + pre_init.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.preInitScript "context" $ ) | nindent 4 }} + post_init.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.postInitScript "context" $ ) | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml index 40082291..89214502 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml @@ -12,5 +12,8 @@ metadata: type: Opaque data: password-superuser: {{ .Values.credentials.superuser | b64enc }} - password-admin: {{ .Values.credentials.admin | b64enc }} - password-replication: {{ .Values.credentials.standby | b64enc }} + password-rewind: {{ .Values.credentials.rewind | b64enc }} + password-replication: {{ .Values.credentials.replication | b64enc }} + data-user: {{ .Values.dataname.username | b64enc }} + data-name: {{ .Values.dataname.dbname | b64enc }} + data-password: {{ .Values.dataname.password | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 4bf6e766..29fdbed9 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -85,7 +85,7 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - - mountPath: "/opt/drycc/scripts/patroni/" + - mountPath: "/opt/drycc/postgresql/scripts/" name: patroni-config # readOnly: true {{- if .Values.walE.enable }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index 6e159f91..679f4072 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -3,18 +3,23 @@ replicaCount: 3 image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 # https://github.com/zalando/spilo/tree/master/postgres-appliance - repository: registry.drycc.cc/drycc-addons/patroni - tag: 3.2 + repository: registry.drycc.cc/drycc-addons/postgresql-patroni + tag: 15 # IfNotPresent , Always pullPolicy: 'IfNotPresent' -# Credentials used by Patroni +# Credentials used by Patroni , passwd # https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql # https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst credentials: superuser: tea - admin: cola - standby: reppasswd + rewind: cola + replication: reppasswd + +dataname: + dbname: db1 + username: us1 + password: 111w # Distribution Configuration stores # Please note that only one of the following stores should be enabled. @@ -30,8 +35,8 @@ env: {} # #custom patroni.yaml used by patroni boot # configuration: {} -configuration: | - cat > /home/postgres/patroni.yml <<__EOF__ +preInitScript: | + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ log: level: DEBUG bootstrap: @@ -40,12 +45,13 @@ configuration: | use_pg_rewind: true use_slots: true pg_hba: + - local all all peer - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 parameters: wal_level: hot_standby hot_standby: "on" - max_connections: 1000 + max_connections: 1005 max_worker_processes: 8 wal_keep_segments: 8 max_wal_senders: 10 @@ -56,23 +62,52 @@ configuration: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 1800s + archive_command: /bin/true + # timescaledb.license: 'timescale' + shared_preload_libraries: 'auto_explain,pg_stat_statements' initdb: - - auth-host: scram-sha-256 - - auth-local: trust - - encoding: UTF8 - - locale: en_US.UTF-8 - - data-checksums + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh restapi: connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' postgresql: connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' authentication: superuser: + username: postgres password: '${PATRONI_SUPERUSER_PASSWORD}' replication: + username: standby password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_USERNAME}' + watchdog: + mode: off __EOF__ +postInitScript: | + #!/bin/bash + set -Eeu + # Create monitor user + psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" + # Create init database & user + if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then + echo "Creating user ${DATABASE_USER}" + psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" + echo "Creating database ${DATABASE_NAME} " + psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" + psql -w -d ${DATABASE_NAME} -c "create extension postgis" + psql -w -c "CHECKPOINT;CHECKPOINT;" + else + echo "Skipping user creation" + echo "Skipping database creation" + fi + walE: # Specifies whether Wal-E should be enabled enable: false diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml new file mode 100644 index 00000000..e5b14d98 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml new file mode 100644 index 00000000..6c738828 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-10" +id: 2b455154-8725-482a-95b2-a193c180d9b5 +description: "Mysql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" +displayName: "standard-10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml new file mode 100644 index 00000000..f90075a8 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 600 + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 1000m + memory: 1024Mi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 10Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml new file mode 100644 index 00000000..e749a7db --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-20" +id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc +description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml new file mode 100644 index 00000000..d9422e70 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-20 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 1000 + resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 20Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} From 324971644e32b2961fa02ca51b8f19e9a55d3540 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 9 Nov 2023 17:40:44 +0800 Subject: [PATCH 016/176] chore(postgresql-cluster): add metrics --- .../postgresql/templates/networkpolicy.yaml | 2 +- .../postgresql/templates/statefulset.yaml | 49 +++++++++++++++++++ .../15/chart/postgresql/templates/svc.yaml | 2 +- .../15/chart/postgresql/values.yaml | 41 ++++++++++++++-- 4 files changed, 87 insertions(+), 7 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml index a6d317e6..3b3baa56 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml @@ -21,7 +21,7 @@ spec: - ports: - port: 5432 {{- if and .Values.metrics.enabled }} - - port: {{ .Values.metrics.service.port }} + - port: {{ .Values.metrics.containerPort }} {{ end }} {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 29fdbed9..630fd990 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -97,6 +97,55 @@ spec: {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: "{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}" + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.customMetrics }} + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + env: + - name: DATA_SOURCE_NAME + value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/%s?sslmode=disable" $.Values.dataname.dbname }} + ports: + - name: http-metrics + containerPort: {{ .Values.metrics.containerPort }} + startupProbe: + initialDelaySeconds: 10 + tcpSocket: + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + livenessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml index 430a6a8f..301216e1 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml @@ -15,4 +15,4 @@ spec: - name: postgresql port: 5432 targetPort: postgresql - protocol: TCP + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index 679f4072..f9f86f8c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -1,4 +1,6 @@ replicaCount: 3 +diagnosticMode: + enable: false image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 @@ -46,6 +48,7 @@ preInitScript: | use_slots: true pg_hba: - local all all peer + - host all tea_mon 127.0.0.1/32 trust - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 parameters: @@ -108,6 +111,39 @@ postInitScript: | echo "Skipping database creation" fi +## Postgresql Prometheus exporter parameters +## +metrics: + enabled: true + image: + repository: registry.drycc.cc/drycc-addons/postgres-exporter + tag: "0" + # IfNotPresent , Always + pullPolicy: 'IfNotPresent' + ## @param metrics.customMetrics Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + ## customMetrics: + ## pg_database: + ## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + ## metrics: + ## - name: + ## usage: "LABEL" + ## description: "Name of the database" + ## - size_bytes: + ## usage: "GAUGE" + ## description: "Size of the database in bytes" + ## + customMetrics: {} + containerPort: 9187 + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: true + customLivenessProbe: {} + customReadinessProbe: + enabled: true + service: port + resources: {} walE: # Specifies whether Wal-E should be enabled enable: false @@ -189,11 +225,6 @@ serviceAccount: # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: - -## Postgresql Prometheus exporter parameters -## -metrics: - enabled: false ## Postgresql Nework Policy configuration ## networkPolicy: From 53f6af72ed236ad1e815870ad2ae7d69e0254741 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 10 Nov 2023 11:47:43 +0800 Subject: [PATCH 017/176] chore(postgresql-cluster): add metrics --- .../15/chart/postgresql/Chart.yaml | 3 +- .../postgresql/templates/metrics-svc.yaml | 31 +++++++++++++++++++ .../postgresql/templates/statefulset.yaml | 9 ++++-- .../15/chart/postgresql/values.yaml | 16 +++++++++- 4 files changed, 54 insertions(+), 5 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml index f0397f67..375ae4fe 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml @@ -17,6 +17,7 @@ keywords: - sql - replication - cluster + - patroni maintainers: - email: zhang.eamon@hotmail.com name: zhangeamon @@ -24,4 +25,4 @@ name: postgresql sources: - https://github.com/drycc-addons/ - https://www.postgresql.org/ -version: 15.4.1 +version: 15.3.1 diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml new file mode 100644 index 00000000..0cd24f48 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml @@ -0,0 +1,31 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "patroni.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} + {{- if .Values.metrics.service.clusterIP }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.service.ports.metrics }} + targetPort: http-metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: patroni +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 630fd990..803b9702 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -3,7 +3,8 @@ kind: StatefulSet metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni app: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} @@ -13,14 +14,16 @@ spec: serviceName: {{ template "patroni.fullname" . }} replicas: {{ .Values.replicaCount }} selector: - matchLabels: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: patroni app: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} cluster-name: {{ template "patroni.fullname" . }} template: metadata: name: {{ template "patroni.fullname" . }} - labels: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: patroni app: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index f9f86f8c..4d28d660 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -133,6 +133,21 @@ metrics: ## usage: "GAUGE" ## description: "Size of the database in bytes" ## + service: + ports: + metrics: 9187 + clusterIP: "" + ## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + customMetrics: {} containerPort: 9187 containerSecurityContext: @@ -142,7 +157,6 @@ metrics: customLivenessProbe: {} customReadinessProbe: enabled: true - service: port resources: {} walE: # Specifies whether Wal-E should be enabled From c7969725b66e4bb86481c4514ef584f0fc1ec8d8 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 10 Nov 2023 11:51:19 +0800 Subject: [PATCH 018/176] chore(postgresql-cluster): rename postgresql to postgresql-cluster --- .../15/chart/{postgresql => postgresql-cluster}/Chart.yaml | 0 .../15/chart/{postgresql => postgresql-cluster}/README.md | 0 .../chart/{postgresql => postgresql-cluster}/templates/NOTES.txt | 0 .../{postgresql => postgresql-cluster}/templates/_helpers.tpl | 0 .../{postgresql => postgresql-cluster}/templates/configmap.yaml | 0 .../{postgresql => postgresql-cluster}/templates/metrics-svc.yaml | 0 .../templates/networkpolicy.yaml | 0 .../chart/{postgresql => postgresql-cluster}/templates/role.yaml | 0 .../{postgresql => postgresql-cluster}/templates/rolebinding.yaml | 0 .../chart/{postgresql => postgresql-cluster}/templates/sec.yaml | 0 .../templates/serviceaccount.yaml | 0 .../{postgresql => postgresql-cluster}/templates/statefulset.yaml | 0 .../{postgresql => postgresql-cluster}/templates/svc-config.yaml | 0 .../{postgresql => postgresql-cluster}/templates/svc-relp.yaml | 0 .../chart/{postgresql => postgresql-cluster}/templates/svc.yaml | 0 .../15/chart/{postgresql => postgresql-cluster}/values.yaml | 0 16 files changed, 0 insertions(+), 0 deletions(-) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/Chart.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/README.md (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/NOTES.txt (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/_helpers.tpl (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/configmap.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/metrics-svc.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/networkpolicy.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/role.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/rolebinding.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/sec.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/serviceaccount.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/statefulset.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/svc-config.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/svc-relp.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/svc.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/values.yaml (100%) diff --git a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/Chart.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/README.md rename to addons/postgresql-cluster/15/chart/postgresql-cluster/README.md diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/NOTES.txt similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/NOTES.txt diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/values.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml From f57e768f3e9c9b3843a3ab17e031958279745b24 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 15 Nov 2023 15:55:53 +0800 Subject: [PATCH 019/176] chore(postgresql-cluster) add wal-g for backup --- addons/postgresql-cluster/15/chart/cj.yaml | 605 ++++++++++++++++++ .../postgresql-cluster/templates/_helpers.tpl | 68 +- .../postgresql-cluster/templates/cronjob.yaml | 58 ++ .../templates/networkpolicy.yaml | 1 + .../postgresql-cluster/templates/role.yaml | 2 +- .../templates/rolebinding.yaml | 2 +- .../postgresql-cluster/templates/sec.yaml | 2 +- .../templates/serviceaccount.yaml | 2 +- .../templates/statefulset.yaml | 26 +- .../templates/svc-config.yaml | 2 +- .../templates/svc-master.yaml | 24 + .../{metrics-svc.yaml => svc-metrics.yaml} | 1 + .../templates/svc-relp.yaml | 9 +- .../postgresql-cluster/templates/svc.yaml | 14 +- .../15/chart/postgresql-cluster/values.yaml | 42 +- .../15/plans/standard-10/bind.yaml | 2 +- .../15/plans/standard-10/meta.yaml | 4 +- .../15/plans/standard-10/values.yaml | 130 ++-- .../15/plans/standard-20/values.yaml | 2 +- 19 files changed, 865 insertions(+), 131 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/cj.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml rename addons/postgresql-cluster/15/chart/postgresql-cluster/templates/{metrics-svc.yaml => svc-metrics.yaml} (96%) diff --git a/addons/postgresql-cluster/15/chart/cj.yaml b/addons/postgresql-cluster/15/chart/cj.yaml new file mode 100644 index 00000000..48880e1c --- /dev/null +++ b/addons/postgresql-cluster/15/chart/cj.yaml @@ -0,0 +1,605 @@ +--- +# Source: postgresql/templates/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + cluster-name: release-name-postgresql +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: release-name + ingress: + # Allow inbound connections + - ports: + - port: 5432 + - port: 9187 + + from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: default +--- +# Source: postgresql/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm +--- +# Source: postgresql/templates/sec.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql +type: Opaque +data: + password-superuser: dGVh + password-rewind: Y29sYQ== + password-replication: cmVwcGFzc3dk + data-user: dXMx + data-name: ZGIx + data-password: MTExdw== +--- +# Source: postgresql/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: release-name-postgresql-cm + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + cluster-name: release-name-postgresql +data: + pre_init.sh: |- + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ + log: + level: DEBUG + bootstrap: + dcs: + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - local all all peer + - host all tea_mon 127.0.0.1/32 trust + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + parameters: + wal_level: hot_standby + hot_standby: "on" + max_connections: 1005 + max_worker_processes: 8 + wal_keep_segments: 8 + max_wal_senders: 10 + max_replication_slots: 10 + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 1800s + archive_command: /bin/true + # timescaledb.license: 'timescale' + shared_preload_libraries: 'auto_explain,pg_stat_statements' + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + username: postgres + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + username: standby + password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_USERNAME}' + watchdog: + mode: off + __EOF__ + + post_init.sh: |- + #!/bin/bash + set -Eeu + # Create monitor user + psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" + # Create init database & user + if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then + echo "Creating user ${DATABASE_USER}" + psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" + echo "Creating database ${DATABASE_NAME} " + psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" + psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" + psql -w -c "CHECKPOINT;CHECKPOINT;" + else + echo "Skipping user creation" + echo "Skipping database creation" + fi +--- +# Source: postgresql/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete +- apiGroups: [""] + resources: ["services"] + verbs: + - create +- apiGroups: [""] + resources: ["endpoints"] + verbs: + - create + - get + - patch + - update + # the following three privileges are necessary only when using endpoints + - list + - watch + # delete is required only for for 'patronictl remove' + - delete + - deletecollection +- apiGroups: [""] + resources: ["pods"] + verbs: + - get + - list + - patch + - update + - watch +--- +# Source: postgresql/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm +subjects: + - kind: ServiceAccount + name: release-name-postgresql +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: release-name-postgresql +--- +# Source: postgresql/templates/svc-config.yaml +# headless service to avoid deletion of patronidemo-config endpoint +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql-config + labels: + app: release-name-postgresql + release: release-name + cluster-name: release-name-postgresql +spec: + clusterIP: None +--- +# Source: postgresql/templates/svc-metrics.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql-metrics + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app.kubernetes.io/component: metrics + annotations: + prometheus.io/port: '9187' + prometheus.io/scrape: "true" +spec: + type: ClusterIP + sessionAffinity: None + ports: + - name: http-metrics + port: 9187 + targetPort: http-metrics + selector: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: patroni +--- +# Source: postgresql/templates/svc-relp.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql-repl + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + role: replica +spec: + type: LoadBalancer + selector: + app: release-name-postgresql + cluster-name: release-name-postgresql + role: replica + ports: + - port: 5432 + targetPort: 5432 +--- +# Source: postgresql/templates/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + role: master +spec: + type: LoadBalancer + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + protocol: TCP +--- +# Source: postgresql/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql +spec: + serviceName: release-name-postgresql + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + template: + metadata: + name: release-name-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + spec: + serviceAccountName: release-name-postgresql + + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + containers: + - name: postgresql + image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" + imagePullPolicy: IfNotPresent + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + env: + - name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' + - name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' + - name: PATRONI_KUBERNETES_LABELS + value: '{app: release-name-postgresql,release: release-name,cluster-name: release-name-postgresql}' + - name: PATRONI_SUPERUSER_USERNAME + value: postgres + - name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-superuser + - name: PATRONI_REPLICATION_USERNAME + value: standby + - name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-replication + - name: PATRONI_REWIND_USERNAME + value: rewinder + - name: PATRONI_REWIND_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-rewind + - name: PATRONI_SCOPE + value: release-name-postgresql + - name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: PATRONI_POSTGRESQL_DATA_DIR + value: "/home/postgres/pgdata/data" + - name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass + - name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' + - name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' + + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: data-name + - name: DATABASE_USER + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: data-user + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: data-password + readinessProbe: + httpGet: + scheme: HTTP + path: /readiness + port: 8008 + initialDelaySeconds: 3 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /liveness + port: 8008 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + lifecycle: + preStop: + exec: + command: + - /usr/bin/env + - bash + - -c + - | + # switch leader pod if the current pod is the leader + if curl --fail http://localhost:8008/read-write; then + init-stack patronictl switchover --force + fi + ports: + - containerPort: 8008 + protocol: TCP + - containerPort: 5432 + protocol: TCP + volumeMounts: + - name: storage-volume + mountPath: "/home/postgres/pgdata" + - mountPath: "/opt/drycc/postgresql/scripts/" + name: patroni-config + # readOnly: true + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + - name: metrics + image: "registry.drycc.cc/drycc-addons/postgres-exporter:0" + imagePullPolicy: "IfNotPresent" + env: + - name: DATA_SOURCE_NAME + value: postgresql://tea_mon:password@127.0.0.1:5432/db1?sslmode=disable + ports: + - name: http-metrics + containerPort: 9187 + startupProbe: + initialDelaySeconds: 10 + tcpSocket: + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + livenessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app: postgresql + release: "release-name" + + volumes: + - name: patroni-config + configMap: + name: release-name-postgresql-cm + - name: storage-volume + emptyDir: {} +--- +# Source: postgresql/templates/cronjob.yaml +apiVersion: batch/v1 +kind: CronJob +metadata: + name: release-name-postgresql-backup + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + cluster-name: release-name-postgresql + +spec: + schedule: "*/1 * * * *" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: postgresql-backup + image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" + imagePullPolicy: Always + #imagePullPolicy: "IfNotPresent" + command: + - /usr/bin/env + - bash + - -c + - | + echo "sleeping ...." + sleep 10000 + echo "Successfull" + init-stack /opt/drycc/wal-g/bin/wal-g backup-push + init-stack /opt/drycc/wal-g/bin/wal-g delete + env: + - name: USE_WALG + value: "true" + - name: BACKUP_SCHEDULE + value: "eee" + - name: BACKUP_NUM_TO_RETAIN + value: "2" + - name: WALG_BACKUP_THRESHOLD_MEGABYTES + value: "1024" + - name: WALE_BACKUP_THRESHOLD_PERCENTAGE + value: "30" + - name: PGHOST + value: release-name-postgresql-repl + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-replication + - name: PGUSER + value: standby + - name: PGPORT + value: "5432" diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index 41b3a94d..c75c3b29 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -42,6 +42,16 @@ Create the name of the service account to use. {{- end -}} {{- end -}} +{{/* +Return true if a cronjob object should be created for Postgresql HA patroni +*/}} +{{- define "patroni.createCronJob" -}} +{{- if and .Values.walG.enable }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + {{/* Return true if a configmap object should be created for Postgresql HA patroni */}} @@ -75,7 +85,7 @@ Create patroni envs. - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE value: 'true' - name: PATRONI_KUBERNETES_LABELS - value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' + value: '{application: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' - name: PATRONI_SUPERUSER_USERNAME value: postgres - name: PATRONI_SUPERUSER_PASSWORD @@ -131,42 +141,44 @@ Create patroni envs. {{- end -}} {{/* -Create wale envs. +Create walg envs. */}} -{{- define "wale.envs" }} -{{- if .Values.walE.enable }} -- name: USE_WALE - value: {{ .Values.walE.enable | quote }} -{{- if .Values.walE.scheduleCronJob }} +{{- define "walg.envs" }} +{{- if .Values.walG.enable }} +- name: USE_WALG + value: {{ .Values.walG.enable | quote }} +{{- if .Values.walG.scheduleCronJob }} - name: BACKUP_SCHEDULE - value: {{ .Values.walE.scheduleCronJob | quote}} + value: {{ .Values.walG.scheduleCronJob | quote}} {{- end }} -{{- if .Values.walE.retainBackups }} +{{- if .Values.walG.retainBackups }} - name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.walE.retainBackups | quote}} + value: {{ .Values.walG.retainBackups | quote}} {{- end }} -{{- if .Values.walE.s3Bucket }} -- name: WAL_S3_BUCKET - value: {{ .Values.walE.s3Bucket | quote }} -{{else if .Values.walE.gcsBucket }} -- name: WAL_GCS_BUCKET - value: {{ .Values.walE.gcsBucket | quote }} -{{- if .Values.walE.kubernetesSecret }} -- name: GOOGLE_APPLICATION_CREDENTIALS - value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" +{{- if .Values.walG.backupThresholdMegabytes }} +- name: WALG_BACKUP_THRESHOLD_MEGABYTES + value: {{ .Values.walG.backupThresholdMegabytes | quote }} {{- end }} - -{{- if .Values.walE.backupThresholdMegabytes }} -- name: WALE_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.walE.backupThresholdMegabytes | quote }} -{{- end }} -{{- if .Values.walE.backupThresholdPercentage }} +{{- if .Values.walG.backupThresholdPercentage }} - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.walE.backupThresholdPercentage | quote }} + value: {{ .Values.walG.backupThresholdPercentage | quote }} +{{- end }} +{{- if .Values.walG.s3.used }} +- name: AWS_ACCESS_KEY_ID + value: {{ .Values.walG.s3.awsAccessKeyId | quote }} +- name: AWS_SECRET_ACCESS_KEY + value: {{ .Values.walG.s3.awsSecretAccessKey | quote }} +- name: WALG_S3_PREFIX + value: {{ .Values.walG.s3.walGS3Prefix | quote }} +- name: AWS_ENDPOINT + value: {{ .Values.walG.s3.awsEndpoint | quote }} +- name: AWS_S3_FORCE_PATH_STYLE + value: {{ .Values.walG.s3.awsS3ForcePathStyle | quote }} +- name: AWS_REGION + value: {{ .Values.walG.s3.awsRegion | quote }} {{- end }} {{- else }} -- name: USE_WALE +- name: USE_WALG value: "" {{- end }} {{- end }} -{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml new file mode 100644 index 00000000..0bfb4b40 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml @@ -0,0 +1,58 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- if (include "patroni.createCronJob" .) }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "patroni.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + schedule: "*/1 * * * *" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ .Chart.Name }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: Always + #imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: + - /usr/bin/env + - bash + - -c + - | + echo "sleeping ...." + sleep 10000 + echo "Successfull" + init-stack /opt/drycc/wal-g/bin/wal-g backup-push + init-stack /opt/drycc/wal-g/bin/wal-g delete + env: + {{- include "walg.envs" . | indent 14 }} + - name: PGHOST + value: {{ include "patroni.fullname" . }}-repl + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication + - name: PGUSER + value: standby + - name: PGPORT + value: "5432" +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index 3b3baa56..dfad66c3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -8,6 +8,7 @@ metadata: {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} + app.kubernetes.io/component: patroni cluster-name: {{ template "patroni.fullname" . }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml index c81b39a8..8dec5309 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml index d09de1c8..5e15948f 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 89214502..306e93e7 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -4,7 +4,7 @@ metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml index 819bb983..e1b2ebf6 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "patroni.serviceAccountName" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 803b9702..335ea342 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -5,7 +5,7 @@ metadata: namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: patroni - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -16,16 +16,20 @@ spec: selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} app.kubernetes.io/component: patroni - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} + heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} template: metadata: name: {{ template "patroni.fullname" . }} labels: {{- include "common.labels.standard" . | nindent 8 }} app.kubernetes.io/component: patroni - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} + heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: serviceAccountName: {{ template "patroni.serviceAccountName" . }} @@ -91,13 +95,6 @@ spec: - mountPath: "/opt/drycc/postgresql/scripts/" name: patroni-config # readOnly: true - {{- if .Values.walE.enable }} - {{- if .Values.walE.kubernetesSecret }} - - name: {{ .Values.walE.kubernetesSecret }} - mountPath: /etc/credentials - readOnly: true - {{- end }} - {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} {{- if .Values.metrics.enabled }} @@ -171,13 +168,6 @@ spec: - name: patroni-config configMap: name: {{ template "common.names.fullname" . }}-cm - {{- if .Values.walE.enable }} - {{- if .Values.walE.kubernetesSecret }} - - name: {{ .Values.walE.kubernetesSecret }} - secret: - secretName: {{ .Values.walE.kubernetesSecret }} - {{- end }} - {{- end }} {{- if not .Values.persistentVolume.enabled }} - name: storage-volume emptyDir: {} @@ -191,7 +181,7 @@ spec: {{ toYaml .Values.persistentVolume.annotations | indent 8 }} {{- end }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml index 442be2f3..5f7b0f60 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml @@ -4,7 +4,7 @@ kind: Service metadata: name: {{ template "patroni.fullname" . }}-config labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} cluster-name: {{ template "patroni.fullname" . }} spec: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml new file mode 100644 index 00000000..48dba13d --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-master + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + role: master +spec: + type: LoadBalancer + selector: + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: master + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-metrics.yaml similarity index 96% rename from addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-metrics.yaml index 0cd24f48..862c6a0c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-metrics.yaml @@ -5,6 +5,7 @@ metadata: name: {{ printf "%s-metrics" (include "patroni.fullname" .) }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni app.kubernetes.io/component: metrics {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml index cccaf8ce..c5861935 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml @@ -3,17 +3,18 @@ kind: Service metadata: name: {{ template "patroni.fullname" . }}-repl namespace: {{ include "common.names.namespace" . | quote }} - labels: - app: {{ template "patroni.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} role: replica spec: - type: ClusterIP + type: LoadBalancer selector: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} role: replica ports: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index 301216e1..adc0ab69 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -3,16 +3,22 @@ kind: Service metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: - app: {{ template "patroni.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} + role: master spec: - type: ClusterIP + type: LoadBalancer + selector: + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: master ports: - name: postgresql port: 5432 - targetPort: postgresql + targetPort: 5432 protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 4d28d660..43a38eb0 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -1,7 +1,10 @@ -replicaCount: 3 +replicaCount: 1 diagnosticMode: enable: false +service: + type: LoadBalancer + image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 # https://github.com/zalando/spilo/tree/master/postgres-appliance @@ -104,7 +107,7 @@ postInitScript: | psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" echo "Creating database ${DATABASE_NAME} " psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" - psql -w -d ${DATABASE_NAME} -c "create extension postgis" + psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" psql -w -c "CHECKPOINT;CHECKPOINT;" else echo "Skipping user creation" @@ -114,7 +117,7 @@ postInitScript: | ## Postgresql Prometheus exporter parameters ## metrics: - enabled: true + enabled: false image: repository: registry.drycc.cc/drycc-addons/postgres-exporter tag: "0" @@ -157,17 +160,21 @@ metrics: customLivenessProbe: {} customReadinessProbe: enabled: true - resources: {} -walE: + resources: + limits: + cpu: 100m + memory: 512Mi + # hugepages-2Mi: 4Mi + requests: + cpu: 100m + memory: 512Mi +walG: # Specifies whether Wal-E should be enabled enable: false # Cron schedule for doing base backups scheduleCronJob: 00 01 * * * # Amount of base backups to retain retainBackups: 2 - # Path to the S3 or GCS bucket used for WAL-E base backups - s3Bucket: - gcsBucket: # Name of the secret that holds the credentials to the bucket kubernetesSecret: # Maximum size of the WAL segments accumulated after the base backup to @@ -176,6 +183,13 @@ walE: # Maximum ratio (in percents) of the accumulated WAL files to the base backup # to consider WAL-E restore instead of pg_basebackup backupThresholdPercentage: 30 + s3: + awsAccessKeyID: "xxx" + awsSecretAccessKey: "xx" + walGS3Prefix: "xxx" + awsEndpoint: "xxx" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 persistentVolume: enabled: false @@ -198,12 +212,12 @@ resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: - cpu: 1000m - memory: 1Gi + cpu: 100m + memory: 512Mi # hugepages-2Mi: 4Mi requests: - cpu: 1000m - memory: 1Gi + cpu: 100m + memory: 512Mi # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} @@ -220,7 +234,7 @@ affinityTemplate: | topologyKey: "kubernetes.io/hostname" labelSelector: matchLabels: - app: {{ template "patroni.name" . }} + application: {{ template "patroni.name" . }} release: {{ .Release.Name | quote }} affinity: {} @@ -244,7 +258,7 @@ serviceAccount: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: false ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index e5b14d98..cf57e76b 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,5 +1,5 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} + {{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml index 6c738828..f5c2257b 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml @@ -1,6 +1,6 @@ name: "standard-10" -id: 2b455154-8725-482a-95b2-a193c180d9b5 -description: "Mysql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" +id: 83c3b52e-2685-4362-9ea1-42e170060c78 +description: "Postgresql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" displayName: "standard-10" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index f90075a8..2082d76c 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -1,61 +1,83 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: hb-mysql-cluster-standard-10 +fullnameOverride: hb-postgresql-cluster-standard-10 -## MinIO® containers' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the MinIO® container -## @param resources.requests The requested resources for the MinIO® container -## -primary: - maxConnectionLimit: 600 - resources: +preInitScript: | + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ + log: + level: DEBUG + bootstrap: + dcs: + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - local all all peer + - host all tea_mon 127.0.0.1/32 trust + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + parameters: + wal_level: hot_standby + hot_standby: "on" + max_connections: 1005 + max_worker_processes: 8 + wal_keep_segments: 8 + max_wal_senders: 10 + max_replication_slots: 10 + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 1800s + archive_command: /bin/true + # timescaledb.license: 'timescale' + shared_preload_libraries: 'pg_stat_statements' + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + username: postgres + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + username: standby + password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_USERNAME}' + watchdog: + mode: off + __EOF__ + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 1000m + memory: 1Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 1000m + memory: 1Gi + +persistentVolume: + enabled: true + size: 10G + +metrics: + resources: limits: cpu: 1000m - memory: 1024Mi + memory: 1Gi requests: cpu: 1000m - memory: 1024Mi - - -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## - persistence: - ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir - ## - enabled: true - ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas - ## NOTE: When it's set the rest of persistence parameters are ignored - ## - existingClaim: "" - ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations - ## - annotations: {} - ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param primary.persistence.size MySQL primary persistent volume size - ## - size: 10Gi - ## @param primary.persistence.selector Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} + memory: 1Gi diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index d9422e70..12db2471 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -56,6 +56,6 @@ primary: ## @param primary.persistence.selector Selector to match an existing Persistent Volume ## selector: ## matchLabels: - ## app: my-app + ## application: my-app ## selector: {} From 56ce8454d8837add5343e505a9501b2384d5c2d6 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 17 Nov 2023 15:47:53 +0800 Subject: [PATCH 020/176] chore(postgresql-cluster): redirect postgresql log --- addons/postgresql-cluster/15/chart/cj.yaml | 605 ------------------ .../templates/networkpolicy.yaml | 2 +- .../templates/statefulset.yaml | 12 +- .../postgresql-cluster/templates/svc.yaml | 12 +- .../15/chart/postgresql-cluster/values.yaml | 60 +- 5 files changed, 71 insertions(+), 620 deletions(-) delete mode 100644 addons/postgresql-cluster/15/chart/cj.yaml diff --git a/addons/postgresql-cluster/15/chart/cj.yaml b/addons/postgresql-cluster/15/chart/cj.yaml deleted file mode 100644 index 48880e1c..00000000 --- a/addons/postgresql-cluster/15/chart/cj.yaml +++ /dev/null @@ -1,605 +0,0 @@ ---- -# Source: postgresql/templates/networkpolicy.yaml -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - cluster-name: release-name-postgresql -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: release-name - ingress: - # Allow inbound connections - - ports: - - port: 5432 - - port: 9187 - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: default ---- -# Source: postgresql/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm ---- -# Source: postgresql/templates/sec.yaml -apiVersion: v1 -kind: Secret -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql -type: Opaque -data: - password-superuser: dGVh - password-rewind: Y29sYQ== - password-replication: cmVwcGFzc3dk - data-user: dXMx - data-name: ZGIx - data-password: MTExdw== ---- -# Source: postgresql/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: release-name-postgresql-cm - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - cluster-name: release-name-postgresql -data: - pre_init.sh: |- - cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ - log: - level: DEBUG - bootstrap: - dcs: - postgresql: - use_pg_rewind: true - use_slots: true - pg_hba: - - local all all peer - - host all tea_mon 127.0.0.1/32 trust - - host all all 0.0.0.0/0 scram-sha-256 - - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 - parameters: - wal_level: hot_standby - hot_standby: "on" - max_connections: 1005 - max_worker_processes: 8 - wal_keep_segments: 8 - max_wal_senders: 10 - max_replication_slots: 10 - max_prepared_transactions: 0 - max_locks_per_transaction: 64 - wal_log_hints: "on" - track_commit_timestamp: "off" - archive_mode: "on" - archive_timeout: 1800s - archive_command: /bin/true - # timescaledb.license: 'timescale' - shared_preload_libraries: 'auto_explain,pg_stat_statements' - initdb: - - auth-host: scram-sha-256 - - auth-local: trust - - encoding: UTF8 - - locale: en_US.UTF-8 - - data-checksums - post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh - restapi: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' - postgresql: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' - authentication: - superuser: - username: postgres - password: '${PATRONI_SUPERUSER_PASSWORD}' - replication: - username: standby - password: '${PATRONI_REPLICATION_PASSWORD}' - rewind: # Has no effect on postgres 10 and lower - username: rewinder - password: '${PATRONI_REWIND_USERNAME}' - watchdog: - mode: off - __EOF__ - - post_init.sh: |- - #!/bin/bash - set -Eeu - # Create monitor user - psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" - # Create init database & user - if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then - echo "Creating user ${DATABASE_USER}" - psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" - echo "Creating database ${DATABASE_NAME} " - psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" - psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" - psql -w -c "CHECKPOINT;CHECKPOINT;" - else - echo "Skipping user creation" - echo "Skipping database creation" - fi ---- -# Source: postgresql/templates/role.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: - - create - - get - - list - - patch - - update - - watch - # delete is required only for 'patronictl remove' - - delete -- apiGroups: [""] - resources: ["services"] - verbs: - - create -- apiGroups: [""] - resources: ["endpoints"] - verbs: - - create - - get - - patch - - update - # the following three privileges are necessary only when using endpoints - - list - - watch - # delete is required only for for 'patronictl remove' - - delete - - deletecollection -- apiGroups: [""] - resources: ["pods"] - verbs: - - get - - list - - patch - - update - - watch ---- -# Source: postgresql/templates/rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm -subjects: - - kind: ServiceAccount - name: release-name-postgresql -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: release-name-postgresql ---- -# Source: postgresql/templates/svc-config.yaml -# headless service to avoid deletion of patronidemo-config endpoint -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql-config - labels: - app: release-name-postgresql - release: release-name - cluster-name: release-name-postgresql -spec: - clusterIP: None ---- -# Source: postgresql/templates/svc-metrics.yaml -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql-metrics - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app.kubernetes.io/component: metrics - annotations: - prometheus.io/port: '9187' - prometheus.io/scrape: "true" -spec: - type: ClusterIP - sessionAffinity: None - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: release-name - app.kubernetes.io/component: patroni ---- -# Source: postgresql/templates/svc-relp.yaml -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql-repl - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - role: replica -spec: - type: LoadBalancer - selector: - app: release-name-postgresql - cluster-name: release-name-postgresql - role: replica - ports: - - port: 5432 - targetPort: 5432 ---- -# Source: postgresql/templates/svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - role: master -spec: - type: LoadBalancer - ports: - - name: postgresql - port: 5432 - targetPort: 5432 - protocol: TCP ---- -# Source: postgresql/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql -spec: - serviceName: release-name-postgresql - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: release-name - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - template: - metadata: - name: release-name-postgresql - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - spec: - serviceAccountName: release-name-postgresql - - # securityContext: - # runAsUser: postgres - # fsGroup: postgres - containers: - - name: postgresql - image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" - imagePullPolicy: IfNotPresent - # securityContext: - # runAsUser: postgres - # fsGroup: postgres - env: - - name: PATRONI_KUBERNETES_USE_ENDPOINTS - value: 'true' - - name: PATRONI_KUBERNETES_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: PATRONI_KUBERNETES_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE - value: 'true' - - name: PATRONI_KUBERNETES_LABELS - value: '{app: release-name-postgresql,release: release-name,cluster-name: release-name-postgresql}' - - name: PATRONI_SUPERUSER_USERNAME - value: postgres - - name: PATRONI_SUPERUSER_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-superuser - - name: PATRONI_REPLICATION_USERNAME - value: standby - - name: PATRONI_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-replication - - name: PATRONI_REWIND_USERNAME - value: rewinder - - name: PATRONI_REWIND_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-rewind - - name: PATRONI_SCOPE - value: release-name-postgresql - - name: PATRONI_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: PATRONI_POSTGRESQL_DATA_DIR - value: "/home/postgres/pgdata/data" - - name: PATRONI_POSTGRESQL_PGPASS - value: /tmp/pgpass - - name: PATRONI_POSTGRESQL_LISTEN - value: '0.0.0.0:5432' - - name: PATRONI_RESTAPI_LISTEN - value: '0.0.0.0:8008' - - - name: DATABASE_NAME - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: data-name - - name: DATABASE_USER - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: data-user - - name: DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: data-password - readinessProbe: - httpGet: - scheme: HTTP - path: /readiness - port: 8008 - initialDelaySeconds: 3 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 8008 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - lifecycle: - preStop: - exec: - command: - - /usr/bin/env - - bash - - -c - - | - # switch leader pod if the current pod is the leader - if curl --fail http://localhost:8008/read-write; then - init-stack patronictl switchover --force - fi - ports: - - containerPort: 8008 - protocol: TCP - - containerPort: 5432 - protocol: TCP - volumeMounts: - - name: storage-volume - mountPath: "/home/postgres/pgdata" - - mountPath: "/opt/drycc/postgresql/scripts/" - name: patroni-config - # readOnly: true - resources: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 512Mi - - name: metrics - image: "registry.drycc.cc/drycc-addons/postgres-exporter:0" - imagePullPolicy: "IfNotPresent" - env: - - name: DATA_SOURCE_NAME - value: postgresql://tea_mon:password@127.0.0.1:5432/db1?sslmode=disable - ports: - - name: http-metrics - containerPort: 9187 - startupProbe: - initialDelaySeconds: 10 - tcpSocket: - port: http-metrics - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - livenessProbe: - initialDelaySeconds: 5 - httpGet: - path: / - port: http-metrics - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - readinessProbe: - initialDelaySeconds: 5 - httpGet: - path: / - port: http-metrics - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - resources: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 512Mi - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: "kubernetes.io/hostname" - labelSelector: - matchLabels: - app: postgresql - release: "release-name" - - volumes: - - name: patroni-config - configMap: - name: release-name-postgresql-cm - - name: storage-volume - emptyDir: {} ---- -# Source: postgresql/templates/cronjob.yaml -apiVersion: batch/v1 -kind: CronJob -metadata: - name: release-name-postgresql-backup - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - cluster-name: release-name-postgresql - -spec: - schedule: "*/1 * * * *" - failedJobsHistoryLimit: 1 - successfulJobsHistoryLimit: 1 - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - containers: - - name: postgresql-backup - image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" - imagePullPolicy: Always - #imagePullPolicy: "IfNotPresent" - command: - - /usr/bin/env - - bash - - -c - - | - echo "sleeping ...." - sleep 10000 - echo "Successfull" - init-stack /opt/drycc/wal-g/bin/wal-g backup-push - init-stack /opt/drycc/wal-g/bin/wal-g delete - env: - - name: USE_WALG - value: "true" - - name: BACKUP_SCHEDULE - value: "eee" - - name: BACKUP_NUM_TO_RETAIN - value: "2" - - name: WALG_BACKUP_THRESHOLD_MEGABYTES - value: "1024" - - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: "30" - - name: PGHOST - value: release-name-postgresql-repl - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-replication - - name: PGUSER - value: standby - - name: PGPORT - value: "5432" diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index dfad66c3..8b429517 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -23,7 +23,7 @@ spec: - port: 5432 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.containerPort }} - {{ end }} + {{ end }} `` {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 335ea342..8e436be3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -32,8 +32,18 @@ spec: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: + {{- if .Values.patroni.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.patroni.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.patroni.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.patroni.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.patroni.nodeAffinityPreset.type "key" .Values.patroni.nodeAffinityPreset.key "values" .Values.patroni.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.patroni.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.patroni.nodeSelector "context" $) | nindent 8 }} + {{- end }} serviceAccountName: {{ template "patroni.serviceAccountName" . }} - # securityContext: # runAsUser: postgres # fsGroup: postgres diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index adc0ab69..77ffd855 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -10,15 +10,9 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} - role: master spec: type: LoadBalancer - selector: - application: {{ template "patroni.fullname" . }} - cluster-name: {{ template "patroni.fullname" . }} - role: master ports: - - name: postgresql - port: 5432 - targetPort: 5432 - protocol: TCP \ No newline at end of file + - port: 5432 + targetPort: 5432 + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 43a38eb0..20d57dc3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -1,4 +1,4 @@ -replicaCount: 1 +replicaCount: 3 diagnosticMode: enable: false @@ -41,9 +41,11 @@ env: {} #custom patroni.yaml used by patroni boot # configuration: {} preInitScript: | + mkdir /home/postgres/pgdata/log + ln -sf /dev/stdout "/home/postgres/pgdata/log/postgresql.csv" cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ log: - level: DEBUG + level: INFO bootstrap: dcs: postgresql: @@ -71,6 +73,14 @@ preInitScript: | archive_command: /bin/true # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' + log_destination: 'csvlog' + log_filename: postgresql.log + logging_collector: on + log_directory: /home/postgres/pgdata/log + log_min_messages: 'info' + log_min_duration_statement: 1000 + log_lock_waits: on + log_statement: 'ddl' initdb: - auth-host: scram-sha-256 - auth-local: trust @@ -114,6 +124,48 @@ postInitScript: | echo "Skipping database creation" fi +patroni: + ## @param patroni.podAnnotations Additional pod annotations for Postgresql patroni pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param patroni.podAffinityPreset Postgresql patroni pod affinity preset. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param patroni.podAntiAffinityPreset Postgresql patroni pod anti-affinity preset. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Postgresql Primary node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param patroni.nodeAffinityPreset.type Postgresql patroni node affinity preset type. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param patroni.nodeAffinityPreset.key Postgresql patroni node label key to match Ignored if `patroni.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param patroni.nodeAffinityPreset.values Postgresql patroni node label values to match. Ignored if `patroni.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param patroni.affinity Affinity for Postgresql patroni pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param patroni.nodeSelector Node labels for Postgresql patroni pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## Postgresql Prometheus exporter parameters ## metrics: @@ -261,8 +313,8 @@ networkPolicy: enabled: false ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct - ## client label will have network access to the port MySQL is listening - ## on. When true, MySQL will accept connections from any source + ## client label will have network access to the port Postgresql is listening + ## on. When true, Postgresql will accept connections from any source ## (with the correct destination port). ## allowCurrentNamespace: true From 5c95bf455b0c9cdbbc1ba83338422d88ee3baab2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 22 Nov 2023 09:32:25 +0800 Subject: [PATCH 021/176] chore(postgresql-cluster): add pgbackup --- .../postgresql-cluster/templates/_helpers.tpl | 18 ++++---- .../postgresql-cluster/templates/cronjob.yaml | 25 +++-------- .../templates/statefulset.yaml | 41 ++++++++++++++++++- .../templates/svc-relp.yaml | 8 +++- .../15/chart/postgresql-cluster/values.yaml | 18 ++++---- 5 files changed, 68 insertions(+), 42 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index c75c3b29..1e4e50bc 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -43,10 +43,10 @@ Create the name of the service account to use. {{- end -}} {{/* -Return true if a cronjob object should be created for Postgresql HA patroni +Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature */}} {{- define "patroni.createCronJob" -}} -{{- if and .Values.walG.enable }} +{{- if and .Values.walG.enabled }} {{- true -}} {{- else -}} {{- end -}} @@ -115,13 +115,14 @@ Create patroni envs. fieldPath: metadata.name - name: PATRONI_POSTGRESQL_DATA_DIR value: "{{ .Values.persistentVolume.mountPath }}/data" +- name: PGDATA + value: "{{ .Values.persistentVolume.mountPath }}/data" - name: PATRONI_POSTGRESQL_PGPASS value: /tmp/pgpass - name: PATRONI_POSTGRESQL_LISTEN value: '0.0.0.0:5432' - name: PATRONI_RESTAPI_LISTEN value: '0.0.0.0:8008' - - name: DATABASE_NAME valueFrom: secretKeyRef: @@ -137,20 +138,15 @@ Create patroni envs. secretKeyRef: name: {{ template "patroni.fullname" . }} key: data-password - {{- end -}} {{/* Create walg envs. */}} {{- define "walg.envs" }} -{{- if .Values.walG.enable }} +{{- if .Values.walG.enabled }} - name: USE_WALG - value: {{ .Values.walG.enable | quote }} -{{- if .Values.walG.scheduleCronJob }} -- name: BACKUP_SCHEDULE - value: {{ .Values.walG.scheduleCronJob | quote}} -{{- end }} + value: {{ .Values.walG.enabled | quote }} {{- if .Values.walG.retainBackups }} - name: BACKUP_NUM_TO_RETAIN value: {{ .Values.walG.retainBackups | quote}} @@ -165,7 +161,7 @@ Create walg envs. {{- end }} {{- if .Values.walG.s3.used }} - name: AWS_ACCESS_KEY_ID - value: {{ .Values.walG.s3.awsAccessKeyId | quote }} + value: {{ .Values.walG.s3.awsAccessKeyID | quote }} - name: AWS_SECRET_ACCESS_KEY value: {{ .Values.walG.s3.awsSecretAccessKey | quote }} - name: WALG_S3_PREFIX diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml index 0bfb4b40..39c08de3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml @@ -19,7 +19,7 @@ metadata: {{- end }} spec: - schedule: "*/1 * * * *" + schedule: "{{ .Values.walG.scheduleCronJob }}" failedJobsHistoryLimit: 1 successfulJobsHistoryLimit: 1 jobTemplate: @@ -30,29 +30,14 @@ spec: containers: - name: {{ .Chart.Name }}-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: Always - #imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} command: - /usr/bin/env - bash - -c - | - echo "sleeping ...." - sleep 10000 - echo "Successfull" - init-stack /opt/drycc/wal-g/bin/wal-g backup-push - init-stack /opt/drycc/wal-g/bin/wal-g delete + curl "http://${REPLHOST}:9000/pg_backup" env: - {{- include "walg.envs" . | indent 14 }} - - name: PGHOST - value: {{ include "patroni.fullname" . }}-repl - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: password-replication - - name: PGUSER - value: standby - - name: PGPORT - value: "5432" + - name: REPLHOST + value: {{ include "patroni.fullname" . }}-repl {{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 8e436be3..a14a3139 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -56,6 +56,9 @@ spec: # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} + {{- if .Values.walG.enabled }} + {{- include "walg.envs" . | indent 8 }} + {{- end }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} - name: {{ $key | quote | upper }} @@ -156,7 +159,43 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} - {{- with .Values.nodeSelector }} + {{- if .Values.walG.enabled }} + - name: {{ .Chart.Name }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + command: + - /usr/bin/env + - bash + - -c + - | + python3 /opt/drycc/postgresql/pgbackup.py 0.0.0.0 9000 + env: + {{- include "walg.envs" . | indent 8 }} + - name: PGHOST + value: localhost + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: PGUSER + value: postgres + - name: PGDATABASE + value: postgres + - name: PGPORT + value: "5432" + - name: PGDATA + value: "{{ .Values.persistentVolume.mountPath }}/data" + ports: + - containerPort: 9000 + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + {{- end }} + {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml index c5861935..ba50b3bd 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml @@ -18,5 +18,9 @@ spec: cluster-name: {{ template "patroni.fullname" . }} role: replica ports: - - port: 5432 - targetPort: 5432 \ No newline at end of file + - name: postgresql + port: 5432 + targetPort: 5432 + - name: pgbackup + port: 9000 + targetPort: 9000 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 20d57dc3..693681bf 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -56,6 +56,7 @@ preInitScript: | - host all tea_mon 127.0.0.1/32 trust - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + - host replication postgres 0.0.0.0/0 scram-sha-256 parameters: wal_level: hot_standby hot_standby: "on" @@ -69,8 +70,8 @@ preInitScript: | wal_log_hints: "on" track_commit_timestamp: "off" archive_mode: "on" - archive_timeout: 1800s - archive_command: /bin/true + archive_timeout: 300s + archive_command: sh /opt/drycc/postgresql/walbackup.sh %f # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -222,9 +223,9 @@ metrics: memory: 512Mi walG: # Specifies whether Wal-E should be enabled - enable: false + enabled: true # Cron schedule for doing base backups - scheduleCronJob: 00 01 * * * + scheduleCronJob: "*/5 * * * *" # Amount of base backups to retain retainBackups: 2 # Name of the secret that holds the credentials to the bucket @@ -236,10 +237,11 @@ walG: # to consider WAL-E restore instead of pg_basebackup backupThresholdPercentage: 30 s3: - awsAccessKeyID: "xxx" - awsSecretAccessKey: "xx" - walGS3Prefix: "xxx" - awsEndpoint: "xxx" + used: true + awsAccessKeyID: "minioadmin" + awsSecretAccessKey: "minioadmin" + walGS3Prefix: "s3://pg1" + awsEndpoint: "http://10.10.2.11:9000" awsS3ForcePathStyle: "true" awsRegion: dx-1 From b940caa3e413a6986eb15feb41338df9ae6a7569 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 22 Nov 2023 14:27:30 +0800 Subject: [PATCH 022/176] chore(postgresql-cluster): add plans --- .../templates/cm -postgresql.yaml | 18 +++ .../{configmap.yaml => cm-patroni.yaml} | 2 +- .../templates/statefulset.yaml | 7 +- .../15/chart/postgresql-cluster/values.yaml | 28 +++- .../15/plans/standard-10/bind.yaml | 39 +++-- .../15/plans/standard-10/values.yaml | 123 ++++++++-------- .../15/plans/standard-100/bind.yaml | 30 ++++ .../standard-100/create-instance-schema.json | 12 ++ .../15/plans/standard-100/meta.yaml | 6 + .../15/plans/standard-100/values.yaml | 76 ++++++++++ .../15/plans/standard-20/bind.yaml | 40 +++--- .../15/plans/standard-20/meta.yaml | 2 +- .../15/plans/standard-20/values.yaml | 134 ++++++++++-------- .../15/plans/standard-200/bind.yaml | 30 ++++ .../standard-200/create-instance-schema.json | 12 ++ .../15/plans/standard-200/meta.yaml | 6 + .../15/plans/standard-200/values.yaml | 75 ++++++++++ .../15/plans/standard-400/bind.yaml | 30 ++++ .../standard-400/create-instance-schema.json | 12 ++ .../15/plans/standard-400/meta.yaml | 6 + .../15/plans/standard-400/values.yaml | 75 ++++++++++ .../15/plans/standard-50/bind.yaml | 30 ++++ .../standard-50/create-instance-schema.json | 12 ++ .../15/plans/standard-50/meta.yaml | 6 + .../15/plans/standard-50/values.yaml | 76 ++++++++++ .../15/plans/standard-800/bind.yaml | 30 ++++ .../standard-800/create-instance-schema.json | 12 ++ .../15/plans/standard-800/meta.yaml | 6 + .../15/plans/standard-800/values.yaml | 75 ++++++++++ 29 files changed, 837 insertions(+), 173 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml rename addons/postgresql-cluster/15/chart/postgresql-cluster/templates/{configmap.yaml => cm-patroni.yaml} (93%) create mode 100644 addons/postgresql-cluster/15/plans/standard-100/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-100/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-100/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-200/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-200/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-200/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-400/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-400/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-400/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-50/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-50/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-50/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-800/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-800/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-800/values.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml new file mode 100644 index 00000000..8aba698a --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml @@ -0,0 +1,18 @@ +{{- if (include "patroni.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-postgresql + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom_conf.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.postgresql.config "context" $ ) | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-patroni.yaml similarity index 93% rename from addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-patroni.yaml index 877d5879..ad4b5849 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-patroni.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "common.names.fullname" . }}-cm + name: {{ template "common.names.fullname" . }}-patroni namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index a14a3139..0d1ed21a 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -107,6 +107,8 @@ spec: mountPath: "{{ .Values.persistentVolume.mountPath }}" - mountPath: "/opt/drycc/postgresql/scripts/" name: patroni-config + - mountPath: "/opt/drycc/postgresql/config/" + name: postgresql-config # readOnly: true resources: {{ toYaml .Values.resources | indent 10 }} @@ -216,7 +218,10 @@ spec: volumes: - name: patroni-config configMap: - name: {{ template "common.names.fullname" . }}-cm + name: {{ template "common.names.fullname" . }}-patroni + - name: postgresql-config + configMap: + name: {{ template "common.names.fullname" . }}-postgresql {{- if not .Values.persistentVolume.enabled }} - name: storage-volume emptyDir: {} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 693681bf..451cb0ba 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -41,13 +41,23 @@ env: {} #custom patroni.yaml used by patroni boot # configuration: {} preInitScript: | - mkdir /home/postgres/pgdata/log + mkdir -p /home/postgres/pgdata/log ln -sf /dev/stdout "/home/postgres/pgdata/log/postgresql.csv" cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ log: level: INFO + restapi: + listen: 0.0.0.0:8008 + connect_address: 0.0.0.0:8008 + authentication: + username: NzUwNjg3MTEtMDgzOS00YTNkLWEyNjAt + password: YjJjMDNjYjQtMDA0Ny00NTgwLTgwYjMt bootstrap: dcs: + ttl: 30 + loop_wait: 10 + retry_timeout: 10 + maximum_lag_on_failover: 1048576 postgresql: use_pg_rewind: true use_slots: true @@ -57,12 +67,13 @@ preInitScript: | - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 - host replication postgres 0.0.0.0/0 scram-sha-256 + custom_conf: '/opt/drycc/postgresql/config/custom_conf.conf' parameters: wal_level: hot_standby hot_standby: "on" max_connections: 1005 max_worker_processes: 8 - wal_keep_segments: 8 + wal_keep_segments: 1024 max_wal_senders: 10 max_replication_slots: 10 max_prepared_transactions: 0 @@ -71,7 +82,7 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s - archive_command: sh /opt/drycc/postgresql/walbackup.sh %f + archive_command: sh /opt/drycc/postgresql/walbackup.sh %p # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -124,6 +135,17 @@ postInitScript: | echo "Skipping user creation" echo "Skipping database creation" fi +postgresql: + config: |- + log_min_duration_statement = 1008 + max_wal_size = 4GB + min_wal_size = 4GB + max_connections = 1005 + max_worker_processes = 8 + max_wal_senders = 10 + max_replication_slots = 10 + max_prepared_transactions = 0 + max_locks_per_transaction = 64 patroni: ## @param patroni.podAnnotations Additional pod annotations for Postgresql patroni pods diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index cf57e76b..d48323b0 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,34 +1,31 @@ credential: - {{- if (eq .Values.service.type "LoadBalancer") }} +{{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' - name: database valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' - name: password valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.password }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' - name: username valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index 2082d76c..b6037e16 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -2,82 +2,75 @@ ## fullnameOverride: hb-postgresql-cluster-standard-10 -preInitScript: | - cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ - log: - level: DEBUG - bootstrap: - dcs: - postgresql: - use_pg_rewind: true - use_slots: true - pg_hba: - - local all all peer - - host all tea_mon 127.0.0.1/32 trust - - host all all 0.0.0.0/0 scram-sha-256 - - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 - parameters: - wal_level: hot_standby - hot_standby: "on" - max_connections: 1005 - max_worker_processes: 8 - wal_keep_segments: 8 - max_wal_senders: 10 - max_replication_slots: 10 - max_prepared_transactions: 0 - max_locks_per_transaction: 64 - wal_log_hints: "on" - track_commit_timestamp: "off" - archive_mode: "on" - archive_timeout: 1800s - archive_command: /bin/true - # timescaledb.license: 'timescale' - shared_preload_libraries: 'pg_stat_statements' - initdb: - - auth-host: scram-sha-256 - - auth-local: trust - - encoding: UTF8 - - locale: en_US.UTF-8 - - data-checksums - post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh - restapi: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' - postgresql: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' - authentication: - superuser: - username: postgres - password: '${PATRONI_SUPERUSER_PASSWORD}' - replication: - username: standby - password: '${PATRONI_REPLICATION_PASSWORD}' - rewind: # Has no effect on postgres 10 and lower - username: rewinder - password: '${PATRONI_REWIND_USERNAME}' - watchdog: - mode: off - __EOF__ +postgresql: + config: |- + # Connectivity + max_connections = 980 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '256 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '1 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 2 + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 1000m - memory: 1Gi + memory: 2Gi # hugepages-2Mi: 4Mi requests: cpu: 1000m - memory: 1Gi + memory: 2Gi persistentVolume: enabled: true size: 10G -metrics: - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 1000m - memory: 1Gi diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml new file mode 100644 index 00000000..8b3352c9 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-100" +id: c44160a6-5ec4-49e5-af1e-a1c1676871cf +description: "Mysql Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" +displayName: "standard-100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml new file mode 100644 index 00000000..c937e07a --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -0,0 +1,76 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-100 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '4096 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '11 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 4 + max_parallel_workers_per_gather = 2 + max_parallel_maintenance_workers = 2 + max_parallel_workers = 4 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 4000m + memory: 16Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 4000m + memory: 16Gi + +persistentVolume: + enabled: true + size: 100G diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml index e8b99314..619e1429 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -1,34 +1,30 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} +{{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' - name: database valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' - name: password valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' - name: username valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml index e749a7db..e9580d73 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml @@ -1,5 +1,5 @@ name: "standard-20" -id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc +id: edf8bdfe-b1dc-4f41-b042-801153794df7 description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" displayName: "standard-20" bindable: true diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index 12db2471..f460d01f 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -1,61 +1,77 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: hb-mysql-cluster-standard-20 - -## MinIO® containers' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the MinIO® container -## @param resources.requests The requested resources for the MinIO® container -## -primary: - maxConnectionLimit: 1000 - resources: - limits: - cpu: 2000m - memory: 4Gi - requests: - cpu: 2000m - memory: 4Gi - - -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## - persistence: - ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir - ## - enabled: true - ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas - ## NOTE: When it's set the rest of persistence parameters are ignored - ## - existingClaim: "" - ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations - ## - annotations: {} - ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param primary.persistence.size MySQL primary persistent volume size - ## - size: 20Gi - ## @param primary.persistence.selector Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## application: my-app - ## - selector: {} +fullnameOverride: hb-postgresql-cluster-standard-20 + +postgresql: + config: |- + # Connectivity + max_connections = 1000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '1024 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '3 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 2 + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 2000m + memory: 4Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 2000m + memory: 4Gi + +persistentVolume: + enabled: true + size: 20G diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml new file mode 100644 index 00000000..89b4292b --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-200" +id: a2160ac2-6c35-4162-b8a2-8dfb2e01816f +description: "Mysql Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" +displayName: "standard-200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml new file mode 100644 index 00000000..9db720e6 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-200 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '8192 MB' + work_mem = '32 MB' + maintenance_work_mem = '420 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '22 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 8 + max_parallel_workers_per_gather = 4 + max_parallel_maintenance_workers = 4 + max_parallel_workers = 8 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 8000m + memory: 32Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 8000m + memory: 32Gi + +persistentVolume: + enabled: true + size: 200G diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml new file mode 100644 index 00000000..b9472699 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-400" +id: 16bfd3a8-1080-4731-93d0-bd90e6ba6dad +description: "Mysql Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml new file mode 100644 index 00000000..b1afad1d --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-400 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '16384 MB' + work_mem = '32 MB' + maintenance_work_mem = '520 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '45 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 16 + max_parallel_workers_per_gather = 8 + max_parallel_maintenance_workers = 8 + max_parallel_workers = 16 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 16000m + memory: 64Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 16000m + memory: 64Gi + +persistentVolume: + enabled: true + size: 400G diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml new file mode 100644 index 00000000..9fbb08f1 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-50" +id: 0542f411-4e7b-46af-966c-c9989e54873c +description: "Mysql Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml new file mode 100644 index 00000000..fbf8db1f --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -0,0 +1,76 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-50 + +postgresql: + config: |- + # Connectivity + max_connections = 1000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '2048 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '6 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 2 + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 2000m + memory: 8Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 2000m + memory: 8Gi + +persistentVolume: + enabled: true + size: 50G diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml new file mode 100644 index 00000000..1748ac9e --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-800" +id: 60f37e20-e69e-4f6f-9cce-e43caec34963 +description: "Mysql Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" +displayName: "standard-800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml new file mode 100644 index 00000000..3e88193a --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-800 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '32768 MB' + work_mem = '64 MB' + maintenance_work_mem = '720 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '90 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '10240 MB' + min_wal_size = '5120 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '22080 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 32 + max_parallel_workers_per_gather = 16 + max_parallel_maintenance_workers = 16 + max_parallel_workers = 32 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 32000m + memory: 128Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 32000m + memory: 128Gi + +persistentVolume: + enabled: true + size: 800G From 665deb48e500156f1629763fc103c7a6070a179d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 30 Nov 2023 14:07:27 +0800 Subject: [PATCH 023/176] chore(addons): add cloudbeaver --- .../23/chart/cloudbeaver/Chart.yaml | 24 + .../23/chart/cloudbeaver/README.md | 0 .../23/chart/cloudbeaver/templates/NOTES.txt | 3 + .../chart/cloudbeaver/templates/_helpers.tpl | 28 + .../cloudbeaver/templates/deployment.yaml | 138 +++++ .../cloudbeaver/templates/extra-list.yaml | 4 + .../chart/cloudbeaver/templates/ingress.yaml | 63 +++ .../23/chart/cloudbeaver/templates/pvc.yaml | 32 ++ .../cloudbeaver/templates/serviceaccount.yaml | 21 + .../23/chart/cloudbeaver/templates/svc.yaml | 46 ++ .../cloudbeaver/templates/tls-secrets.yaml | 44 ++ .../23/chart/cloudbeaver/values.yaml | 516 ++++++++++++++++++ addons/cloudbeaver/23/meta.yaml | 20 + .../cloudbeaver/23/plans/standard-5/bind.yaml | 20 + .../standard-5/create-instance-schema.json | 12 + .../cloudbeaver/23/plans/standard-5/meta.yaml | 6 + .../23/plans/standard-5/values.yaml | 60 ++ 17 files changed, 1037 insertions(+) create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/Chart.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/README.md create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/NOTES.txt create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/_helpers.tpl create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/extra-list.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/ingress.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/serviceaccount.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/svc.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/values.yaml create mode 100644 addons/cloudbeaver/23/meta.yaml create mode 100644 addons/cloudbeaver/23/plans/standard-5/bind.yaml create mode 100644 addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json create mode 100644 addons/cloudbeaver/23/plans/standard-5/meta.yaml create mode 100644 addons/cloudbeaver/23/plans/standard-5/values.yaml diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/Chart.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/Chart.yaml new file mode 100644 index 00000000..d5505574 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 23.2.5 +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + tags: + - drycc-common + version: ~1.1.2 +description: Cloud Database Manager +engine: gotpl +home: https://github.com/drycc-addons/addons +icon: https://github.com/dbeaver/cloudbeaver/wiki/images/cloudbeaver-logo.png +keywords: + - cloudbeaver + - database +maintainers: + - name: drycc + url: https://github.com/drycc-addons/addons +name: cloudbeaver +sources: + - https://github.com/dbeaver/cloudbeaver +version: 23.2.5 diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/README.md b/addons/cloudbeaver/23/chart/cloudbeaver/README.md new file mode 100644 index 00000000..e69de29b diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/NOTES.txt b/addons/cloudbeaver/23/chart/cloudbeaver/templates/NOTES.txt new file mode 100644 index 00000000..3eed111b --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/NOTES.txt @@ -0,0 +1,3 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} \ No newline at end of file diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/_helpers.tpl b/addons/cloudbeaver/23/chart/cloudbeaver/templates/_helpers.tpl new file mode 100644 index 00000000..dda6955a --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/_helpers.tpl @@ -0,0 +1,28 @@ +{{/* vim: set filetype=mustache: */}} + + +{{/* +Return the proper cloudbeaver image name +*/}} +{{- define "cloudbeaver.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} +{{- end -}} + + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "cloudbeaver.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) -}} +{{- end -}} + +{{/* + Create the name of the service account to use + */}} +{{- define "cloudbeaver.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml new file mode 100644 index 00000000..c00c3656 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml @@ -0,0 +1,138 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + {{- if .Values.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "cloudbeaver.serviceAccountName" . }} + {{- include "cloudbeaver.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: cloudbeaver + image: {{ include "cloudbeaver.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + workingDir: /opt/drycc/cloudbeaver/ + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit (omit .Values.livenessProbe "enabled") "path") "context" $) | nindent 12 }} + httpGet: + path: {{ .Values.livenessProbe.path }} + port: http + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit (omit .Values.readinessProbe "enabled") "path") "context" $) | nindent 12 }} + httpGet: + path: {{ .Values.readinessProbe.path }} + port: http + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit (omit .Values.startupProbe "enabled") "path") "context" $) | nindent 12 }} + httpGet: + path: {{ .Values.startupProbe.path }} + port: http + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath | quote }} + volumes: +{{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- end }} +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + annotations: + {{- if .Values.persistence.annotations }} +{{ toYaml .Values.persistence.annotations | indent 8 }} + {{- end }} + labels: + application: {{ template "cloudbeaver.fullname" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + accessModes: +{{ toYaml .Values.persistence.accessModes | indent 8 }} + resources: + requests: + storage: "{{ .Values.persistence.size }}" + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} + {{- end }} + diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/extra-list.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/extra-list.yaml new file mode 100644 index 00000000..9ac65f9e --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/ingress.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/ingress.yaml new file mode 100644 index 00000000..a857fcea --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/ingress.yaml @@ -0,0 +1,63 @@ +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname | quote }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + {{- range .Values.ingress.extraHosts }} + - {{ .name }} + {{- end }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml new file mode 100644 index 00000000..7a36a217 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ printf "%s-binding" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations .Values.persistence.resourcePolicy }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.resourcePolicy }} + helm.sh/resource-policy: {{ .Values.persistence.resourcePolicy | quote }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} +{{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/serviceaccount.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/serviceaccount.yaml new file mode 100644 index 00000000..341c96f8 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "node.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/svc.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/svc.yaml new file mode 100644 index 00000000..bb846a3a --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/svc.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.service.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: http + port: {{ .Values.service.ports.http }} + targetPort: http + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml new file mode 100644 index 00000000..b2aafcc1 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml @@ -0,0 +1,44 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $ca := genCA "node-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls" .Values.ingress.hostname }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml new file mode 100644 index 00000000..19515399 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml @@ -0,0 +1,516 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + imagePullSecrets: [] + storageClass: "" + +## @section Common parameters + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param nameOverride String to partially override node.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override node.fullname template +## +fullnameOverride: "" +## @param namespaceOverride Override namespace for resources +## Useful when including Node as a chart dependency, so it can be released into a different namespace than the parent +## +namespaceOverride: "" +## @param commonLabels Add labels to all the deployed resources +## +commonLabels: {} +## @param commonAnnotations Add annotations to all the deployed resources +## +commonAnnotations: {} + +## @param command Override default container command (useful when using custom images) +## +command: "" +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param hostAliases Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param extraEnvVars Extra environment variables to be set on Node container +## For example: +## - name: BEARER_AUTH +## value: true +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra environment variables +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra environment variables +## +extraEnvVarsSecret: "" +## MongoDB® chart configuration +## ref: https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml +## + +## Bitnami node image version +## ref: https://hub.docker.com/r/bitnami/node/tags/ +## @param image.registry NodeJS image registry +## @param image.repository NodeJS image repository +## @param image.tag NodeJS image tag (immutable tags are recommended) +## @param image.digest NodeJS image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy NodeJS image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Set to true if you would like to see extra information on logs +## +image: + registry: registry.drycc.cc + repository: drycc-addons/cloudbeaver + tag: 23 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false +## @param replicaCount Specify the number of replicas for the application +## +replicaCount: 1 +## @param updateStrategy.type Strategy to use to replace existing pods. +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## Example: +## updateStrategy: +## type: RollingUpdate +## rollingUpdate: +## maxSurge: 25% +## maxUnavailable: 25% +## +updateStrategy: + type: RollingUpdate +## @param containerPorts.http Specify the port where your application will be running +## +containerPorts: + http: 8978 +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## @param nodeSelector Node labels for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param podAnnotations Additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podLabels Additional labels for Node pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) +## +extraDeploy: [] +## Enable diagnostic mode in the deployment(s)/statefulset(s) +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s) + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s) + ## + args: + - infinity +## Configure extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.path Request path for livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + path: '/' + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## Configure extra options for readiness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.path Request path for readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + path: '/' + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 3 + successThreshold: 1 +## Configure extra options for startup probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-startup-readiness-probes/#configure-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.path Request path for startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + path: '/' + initialDelaySeconds: 5 + periodSeconds: 3 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 +## @param customLivenessProbe Override default liveness probe +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe +## +customReadinessProbe: {} +## @param customStartupProbe Override default startup probe +## +customStartupProbe: {} +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods +## +topologySpreadConstraints: [] +## @param priorityClassName Node priorityClassName +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param schedulerName Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param terminationGracePeriodSeconds Seconds Airflow web pod needs to terminate gracefully +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +terminationGracePeriodSeconds: "" +## @param lifecycleHooks lifecycleHooks for the Node container to automate configuration before or after startup. +## +lifecycleHooks: {} +## @param sidecars Add sidecars to the Node pods +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +extraVolumes: [] +## @param extraVolumeMounts Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for node pod + ## + create: false + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the `common.names.fullname` template + name: "" + ## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. + ## Only used if `create` is `true`. + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## + automountServiceAccountToken: false +## SecurityContext configuration +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## @param containerSecurityContext.enabled Node Container securityContext +## @param containerSecurityContext.runAsUser User ID for the Node container +## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true +## @param podSecurityContext.enabled Enable security context for Node pods +## @param podSecurityContext.fsGroup Group ID for the volumes of the pod +## +podSecurityContext: + enabled: true + fsGroup: 1001 +## Node conatiners' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the Node container +## @param resources.requests The requested resources for the Node container +## +resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + requests: {} + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable persistence using PVC + ## + enabled: true + ## @param persistence.mountPath Path where the volume will be mount at. + ## + mountPath: /opt/drycc/cloudbeaver/workspace/ + ## @param persistence.subPath Subdirectory of the volume to mount + ## + subPath: "" + ## @param persistence.existingClaim Name of an existing PVC to use + ## + existingClaim: "" + ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted + resourcePolicy: "" + ## @param persistence.storageClass Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.accessModes PVC Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request + ## + size: 1Gi + ## @param persistence.annotations Annotations for the PVC + ## + annotations: {} + +## @section Traffic exposure parameters + +## Service parameters +## +service: + ## @param service.type Kubernetes Service type + ## + type: LoadBalancer + ## @param service.ports.http Kubernetes Service port + ## + ports: + http: 80 + ## @param service.clusterIP Service Cluster IP + ## + clusterIP: "" + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: 'None' + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## @param service.nodePorts.http NodePort if Service type is `LoadBalancer` or `NodePort` + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "" + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.loadBalancerIP LoadBalancer IP if Service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges In order to limit which client IP's can access the Network Load Balancer, specify loadBalancerSourceRanges + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-support + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Annotations for the Service + ## This can be used to set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} +## Configure the ingress resource that allows you to access the +## Node.js installation. Set up the URL +## ref: https://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## @param ingress.enabled Set to true to enable ingress record generation + ## + enabled: false + + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Override API Version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.hostname When the ingress is enabled, a host pointing to this will be created + ## + hostname: cloudbeaver.local + ## @param ingress.path The Path to Node.js. You may need to set this to '/*' in order to use this with ALB ingress controllers. + ## + path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter + ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} + ## You can use the ingress.secrets parameter to create this TLS secret or rely on cert-manager to create it + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: node.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - node.local + ## secretName: node.local-tls + ## + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: node.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] diff --git a/addons/cloudbeaver/23/meta.yaml b/addons/cloudbeaver/23/meta.yaml new file mode 100644 index 00000000..4d740156 --- /dev/null +++ b/addons/cloudbeaver/23/meta.yaml @@ -0,0 +1,20 @@ +name: cloudbeaver +version: 7.0 +id: b7cb26a4-b258-445c-860b-a664239a67f8 +description: "cloudbeaver" +displayName: "cloudbeaver" +metadata: + displayName: "cloudbeaver" + provider: + name: drycc + supportURL: http://cloudbeaver.io/ + documentationURL: https://github.com/drycc-addons/drycc-docker-redis +tags: cloudbeaver +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "networkPolicy.allowNamespaces" + description: "networkPolicy allowNamespaces config for values.yaml" +archive: false diff --git a/addons/cloudbeaver/23/plans/standard-5/bind.yaml b/addons/cloudbeaver/23/plans/standard-5/bind.yaml new file mode 100644 index 00000000..5ee51e2a --- /dev/null +++ b/addons/cloudbeaver/23/plans/standard-5/bind.yaml @@ -0,0 +1,20 @@ +credential: + {{- if (eq .Values.service.type "LoadBalancer") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: PORT + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .spec.ports[?(@.name=="http")].port }' + diff --git a/addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json b/addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/cloudbeaver/23/plans/standard-5/meta.yaml b/addons/cloudbeaver/23/plans/standard-5/meta.yaml new file mode 100644 index 00000000..3c070e39 --- /dev/null +++ b/addons/cloudbeaver/23/plans/standard-5/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-5" +id: 9d92b94d-c63e-47a8-ac91-352f511ef0a9 +description: "Cloudbeaver standard-5 plan: Disk 5Gi ,vCPUs 1 , RAM 2G" +displayName: "standard-5" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/cloudbeaver/23/plans/standard-5/values.yaml b/addons/cloudbeaver/23/plans/standard-5/values.yaml new file mode 100644 index 00000000..920f16ca --- /dev/null +++ b/addons/cloudbeaver/23/plans/standard-5/values.yaml @@ -0,0 +1,60 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-cloudbeaver-standard-10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## + +resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 1000m + memory: 1024Mi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 5Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} From b3e6351c760972192d8518e9d712a76ed931a92d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 30 Nov 2023 17:18:09 +0800 Subject: [PATCH 024/176] chore(addons): fix plan binds --- .../23/chart/cloudbeaver/values.yaml | 2 +- addons/cloudbeaver/23/meta.yaml | 10 +++--- addons/grafana/10/chart/grafana/values.yaml | 2 +- addons/grafana/10/meta.yaml | 20 +++++++++++ .../grafana/10/plans/standard-1-2/values.yaml | 7 ---- .../{standard-1-2 => standard-5}/bind.yaml | 29 ++++++++-------- .../{standard-1-2 => standard-5}/meta.yaml | 4 +-- .../grafana/10/plans/standard-5/values.yaml | 14 ++++++++ .../8.0/chart/mysql-cluster/values.yaml | 2 +- addons/mysql-cluster/8.0/meta.yaml | 4 ++- .../8.0/plans/standard-10/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-100/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-20/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-200/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-400/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-50/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-800/bind.yaml | 31 +++++++++-------- .../templates/svc-master.yaml | 2 +- .../templates/svc-relp.yaml | 2 +- .../postgresql-cluster/templates/svc.yaml | 2 +- .../15/chart/postgresql-cluster/values.yaml | 4 +-- addons/postgresql-cluster/15/meta.yaml | 8 ++++- .../15/plans/standard-10/bind.yaml | 31 +++++++++++------ .../15/plans/standard-100/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-20/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-200/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-400/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-50/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-800/bind.yaml | 33 ++++++++++++------- 29 files changed, 353 insertions(+), 205 deletions(-) create mode 100644 addons/grafana/10/meta.yaml delete mode 100644 addons/grafana/10/plans/standard-1-2/values.yaml rename addons/grafana/10/plans/{standard-1-2 => standard-5}/bind.yaml (58%) rename addons/grafana/10/plans/{standard-1-2 => standard-5}/meta.yaml (83%) create mode 100644 addons/grafana/10/plans/standard-5/values.yaml diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml index 19515399..149c69d3 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml @@ -358,7 +358,7 @@ persistence: - ReadWriteOnce ## @param persistence.size PVC Storage Request ## - size: 1Gi + size: 10Gi ## @param persistence.annotations Annotations for the PVC ## annotations: {} diff --git a/addons/cloudbeaver/23/meta.yaml b/addons/cloudbeaver/23/meta.yaml index 4d740156..b74fe7f5 100644 --- a/addons/cloudbeaver/23/meta.yaml +++ b/addons/cloudbeaver/23/meta.yaml @@ -1,5 +1,5 @@ name: cloudbeaver -version: 7.0 +version: 23 id: b7cb26a4-b258-445c-860b-a664239a67f8 description: "cloudbeaver" displayName: "cloudbeaver" @@ -8,13 +8,13 @@ metadata: provider: name: drycc supportURL: http://cloudbeaver.io/ - documentationURL: https://github.com/drycc-addons/drycc-docker-redis + documentationURL: https://github.com/drycc-addons/ tags: cloudbeaver bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: true +plan_updateable: false allow_parameters: -- name: "networkPolicy.allowNamespaces" - description: "networkPolicy allowNamespaces config for values.yaml" +- name: "service.type" + description: "service type config for values.yaml" archive: false diff --git a/addons/grafana/10/chart/grafana/values.yaml b/addons/grafana/10/chart/grafana/values.yaml index 9b029425..f18c0343 100644 --- a/addons/grafana/10/chart/grafana/values.yaml +++ b/addons/grafana/10/chart/grafana/values.yaml @@ -575,7 +575,7 @@ serviceAccount: service: ## @param service.type Kubernetes Service type ## - type: LoadBalancer + type: ClusterIP ## @param service.clusterIP Grafana service Cluster IP ## e.g.: ## clusterIP: None diff --git a/addons/grafana/10/meta.yaml b/addons/grafana/10/meta.yaml new file mode 100644 index 00000000..224ca287 --- /dev/null +++ b/addons/grafana/10/meta.yaml @@ -0,0 +1,20 @@ +name: Grafana +version: 7.0 +id: fff5b6c7-ed85-429b-8265-493e40cc53c7 +description: "grafana" +displayName: "grafana" +metadata: + displayName: "grafana" + provider: + name: drycc + supportURL: http://grafana.io/ + documentationURL: https://github.com/drycc-addons/ +tags: cloudbeaver +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: false +allow_parameters: +- name: "service.type" + description: "service type config for values.yaml" +archive: false diff --git a/addons/grafana/10/plans/standard-1-2/values.yaml b/addons/grafana/10/plans/standard-1-2/values.yaml deleted file mode 100644 index 840b3303..00000000 --- a/addons/grafana/10/plans/standard-1-2/values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-grafana-standard-10 - -server: - persistence: - size: 10Gi \ No newline at end of file diff --git a/addons/grafana/10/plans/standard-1-2/bind.yaml b/addons/grafana/10/plans/standard-5/bind.yaml similarity index 58% rename from addons/grafana/10/plans/standard-1-2/bind.yaml rename to addons/grafana/10/plans/standard-5/bind.yaml index 8b14d5a5..a41ae66e 100644 --- a/addons/grafana/10/plans/standard-1-2/bind.yaml +++ b/addons/grafana/10/plans/standard-5/bind.yaml @@ -1,29 +1,30 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host + - name: HOST valueFrom: serviceRef: name: {{ printf "%s-router" (include "common.names.fullname" .) }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: password + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-admin jsonpath: '{ .data.GF_SECURITY_ADMIN_PASSWORD }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-admin jsonpath: '{ .data.GF_SECURITY_ADMIN_USER }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - {{- end }} + - name: PORT + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .spec.ports[?(@.name=="http")].port }' diff --git a/addons/grafana/10/plans/standard-1-2/meta.yaml b/addons/grafana/10/plans/standard-5/meta.yaml similarity index 83% rename from addons/grafana/10/plans/standard-1-2/meta.yaml rename to addons/grafana/10/plans/standard-5/meta.yaml index 5facd66f..ae70fd93 100644 --- a/addons/grafana/10/plans/standard-1-2/meta.yaml +++ b/addons/grafana/10/plans/standard-5/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-10" +name: "standard-5" id: 2b455154-8725-482a-95b2-a193c180d9b5 -description: "grafana plan which limit 1c1g ,default persistence size 10Gi." +description: "grafana plan which limit 1c1g ,default persistence size 5Gi." displayName: "1C2G" bindable: true maximum_polling_duration: 1800 diff --git a/addons/grafana/10/plans/standard-5/values.yaml b/addons/grafana/10/plans/standard-5/values.yaml new file mode 100644 index 00000000..ce943f14 --- /dev/null +++ b/addons/grafana/10/plans/standard-5/values.yaml @@ -0,0 +1,14 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-grafana-standard-5 + +resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 1000m + memory: 1024Mi + +persistence: + size: 5Gi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index a33e364c..2c70143b 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -858,7 +858,7 @@ router: service: ## @param secondary.service.type MySQL secondary Kubernetes service type ## - type: LoadBalancer + type: ClusterIP ## @param secondary.service.ports.mysql MySQL secondary Kubernetes service port ## portrw: 3306 diff --git a/addons/mysql-cluster/8.0/meta.yaml b/addons/mysql-cluster/8.0/meta.yaml index 9394d02a..4d54dd35 100644 --- a/addons/mysql-cluster/8.0/meta.yaml +++ b/addons/mysql-cluster/8.0/meta.yaml @@ -13,8 +13,10 @@ tags: mysql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: true +plan_updateable: false allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" +- name: "router.service.type" + description: "service type config for values.yaml" archive: false diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml index 48dba13d..e162dc3b 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml @@ -12,7 +12,7 @@ metadata: cluster-name: {{ template "patroni.fullname" . }} role: master spec: - type: LoadBalancer + type: {{ .Value.service.type }} selector: application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml index ba50b3bd..adc82d13 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml @@ -12,7 +12,7 @@ metadata: cluster-name: {{ template "patroni.fullname" . }} role: replica spec: - type: LoadBalancer + type: {{ .Value.service.type }} selector: application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index 77ffd855..0922fb57 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -11,7 +11,7 @@ metadata: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: - type: LoadBalancer + type: {{ .Value.service.type }} ports: - port: 5432 targetPort: 5432 diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 451cb0ba..e3128f72 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -3,7 +3,7 @@ diagnosticMode: enable: false service: - type: LoadBalancer + type: ClusterIP image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 @@ -244,7 +244,7 @@ metrics: cpu: 100m memory: 512Mi walG: - # Specifies whether Wal-E should be enabled + # Specifies whether Wal-G should be enabled enabled: true # Cron schedule for doing base backups scheduleCronJob: "*/5 * * * *" diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index f7e21529..8a78429d 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -13,8 +13,14 @@ tags: postgresql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: true +plan_updateable: false allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" +- name: "service.type" + description: "service type config for values.yaml" +- name: "metrics.enabled" + description: "metrics enable or not config for values.yaml" +- name: "walG.enabled" + description: "backup enable or not config for values.yaml" archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index d48323b0..41676f6e 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,31 +1,42 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port + - name: PORT value: 5432 -{{- end }} diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml index 619e1429..a95ec5b2 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DATABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file From 657f6f459ff980432488029bca222af12f1dbc2d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Dec 2023 11:04:27 +0800 Subject: [PATCH 025/176] chore(prometheus): add auth --- addons/postgresql-cluster/15/meta.yaml | 4 +- .../2/chart/prometheus/templates/_helpers.tpl | 8 ++++ .../templates/server/configmap.yaml | 4 +- .../templates/server/deployment.yaml | 19 +++++++- .../prometheus/templates/server/sec.yaml | 14 ++++++ .../prometheus/2/chart/prometheus/values.yaml | 10 ++++- addons/prometheus/2/meta.yaml | 6 ++- .../prometheus/2/plans/standard-10/bind.yaml | 36 +++++++-------- .../2/plans/standard-10/values.yaml | 3 +- .../prometheus/2/plans/standard-50/bind.yaml | 44 +++++++------------ .../2/plans/standard-50/values.yaml | 3 +- 11 files changed, 94 insertions(+), 57 deletions(-) create mode 100644 addons/prometheus/2/chart/prometheus/templates/server/sec.yaml diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index 8a78429d..e870c5f5 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -20,7 +20,7 @@ allow_parameters: - name: "service.type" description: "service type config for values.yaml" - name: "metrics.enabled" - description: "metrics enable or not config for values.yaml" + description: "Whether to enable metrics. default true" - name: "walG.enabled" - description: "backup enable or not config for values.yaml" + description: "Whether to use S3 for backup your data. default true . ps: Make sure there is a available S3 " archive: false \ No newline at end of file diff --git a/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl b/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl index 9136398b..45a72ec7 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl @@ -108,6 +108,14 @@ Get the Prometheus configuration configmap key. {{- end -}} {{- end -}} +{{/* +Get the Prometheus Alertmanager configuration configmap key. +*/}} +{{- define "prometheus.serever.web.configmapKey" -}} +{{- printf "web-config.yaml" -}} +{{- end -}} + + {{/* Get the Prometheus Alertmanager configuration configmap key. */}} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml index 36d64f70..3c9703e8 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml @@ -17,7 +17,9 @@ metadata: {{- end }} data: {{ include "prometheus.server.configmapKey" . }}: - {{- include "common.tplvalues.render" (dict "value" .Values.server.configuration "context" $) | toYaml | nindent 4 }} + {{- include "common.tplvalues.render" (dict "value" .Values.server.configuration "context" $) | toYaml | nindent 4 }} + {{ include "prometheus.serever.web.configmapKey" .}}: + {{- include "common.tplvalues.render" (dict "value" .Values.server.webconfig "context" $) | toYaml | nindent 4 }} rules.yaml: {{- include "common.tplvalues.render" (dict "value" .Values.server.alertingRules "context" $) | toYaml | nindent 4 }} {{- end }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml index 8429060a..026b0139 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml @@ -114,13 +114,13 @@ spec: args: - "--config.file=/opt/drycc/prometheus/conf/{{ include "prometheus.server.configmapKey" . }}" - "--storage.tsdb.path={{ .Values.server.persistence.mountPath }}" - - "--storage.tsdb.retention.time={{ .Values.server.retention }}" - "--storage.tsdb.retention.size={{ .Values.server.retentionSize }}" - "--log.level={{ .Values.server.logLevel }}" - "--log.format={{ .Values.server.logFormat }}" - "--web.listen-address=:{{ .Values.server.containerPorts.http }}" - "--web.console.libraries=/opt/drycc/prometheus/conf/console_libraries" - "--web.console.templates=/opt/drycc/prometheus/conf/consoles" + - "--web.config.file=/opt/drycc/prometheus/conf/web-config.yaml" {{- if .Values.server.enableAdminAPI}} - "--web.enable-admin-api" {{- end }} @@ -141,6 +141,11 @@ spec: {{- if .Values.server.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraEnvVars "context" $) | nindent 12 }} {{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "prometheus.server.fullname" . }} + key: PASSWORD envFrom: {{- if .Values.server.extraEnvVarsCM }} - configMapRef: @@ -164,6 +169,9 @@ spec: httpGet: path: /-/healthy port: http + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.server.username .Values.server.password | b64enc }} {{- end }} {{- if .Values.server.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.server.customReadinessProbe "context" $) | nindent 12 }} @@ -172,13 +180,20 @@ spec: httpGet: path: /-/ready port: http + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.server.username .Values.server.password | b64enc }} {{- end }} {{- if .Values.server.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.server.customStartupProbe "context" $) | nindent 12 }} {{- else if .Values.server.startupProbe.enabled }} startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.server.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: + httpGet: + path: /-/ready port: http + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.server.username .Values.server.password | b64enc }} {{- end }} {{- end }} {{- if .Values.server.lifecycleHooks }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml b/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml new file mode 100644 index 00000000..fd0b368c --- /dev/null +++ b/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "prometheus.server.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "prometheus.server.fullname" . }} + chart: {{ template "prometheus.server.fullname" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "prometheus.server.fullname" . }} +type: Opaque +data: + PASSWORD: {{ if .Values.password | default "" | ne "" }} {{ .Values.service.password | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 21331135..f7f91f7e 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -80,7 +80,7 @@ ingress: ## @param alertmanager.image.pullSecrets Alertmanager image pull secrets ## alertmanager: - enabled: true + enabled: false image: registry: registry.drycc.cc repository: drycc-addons/alertmanager @@ -577,6 +577,8 @@ alertmanager: ## @param server.image.pullSecrets Prometheus image pull secrets ## server: + username: admin + password: admin image: registry: registry.drycc.cc repository: drycc-addons/prometheus @@ -599,6 +601,10 @@ server: ## @param server.configuration [string] Promethus configuration. This content will be stored in the the prometheus.yaml file and the content can be a template. ## ref: ## + webconfig : | + basic_auth_users: + {{ htpasswd .Values.server.username .Values.server.password | replace ":" ": "}} + configuration: | global: {{- if .Values.server.scrapeInterval }} @@ -703,7 +709,7 @@ server: ## @param server.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: - enabled: false + enabled: true initialDelaySeconds: 2 periodSeconds: 5 timeoutSeconds: 2 diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index ddf83945..7ac5e2af 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -13,8 +13,12 @@ tags: prometheus bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: true +plan_updateable: false allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" +- name: "server.username" + description: "set username . default amdin" +- name: "server.username" + description: "set passsword . default amdin" archive: false diff --git a/addons/prometheus/2/plans/standard-10/bind.yaml b/addons/prometheus/2/plans/standard-10/bind.yaml index c6efaaba..e453fade 100644 --- a/addons/prometheus/2/plans/standard-10/bind.yaml +++ b/addons/prometheus/2/plans/standard-10/bind.yaml @@ -1,28 +1,24 @@ credential: - {{- if (eq .Values.server.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: HOST valueFrom: serviceRef: - name: {{ printf "%s" (include "common.names.fullname" .) }} + name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: port - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .spec.ports.port }' - {{- end }} - -alertmanager - - {{- if (eq .Values.alertmanager.service.type "LoadBalancer") }} - - name: host +{{- else if (eq .Values.service.type "ClusterIP") }} + - name: HOST valueFrom: serviceRef: - name: {{ printf "%s" (include "common.names.fullname" .) }} - jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: port + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PORT valueFrom: - secretKeyRef: + serviceRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .spec.ports.port }' - {{- end }} \ No newline at end of file + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + valule: {{ .Values.server.username }} + - name: PASSWORD + valule: {{ .Values.server.password }} + {{- end }} diff --git a/addons/prometheus/2/plans/standard-10/values.yaml b/addons/prometheus/2/plans/standard-10/values.yaml index 3470d0d5..796ae97e 100644 --- a/addons/prometheus/2/plans/standard-10/values.yaml +++ b/addons/prometheus/2/plans/standard-10/values.yaml @@ -4,4 +4,5 @@ fullnameOverride: hb-prometheus-standard-10 server: persistence: - size: 10Gi \ No newline at end of file + size: 10Gi + retentionSize: 8Gi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-50/bind.yaml index 3e652f1c..e453fade 100644 --- a/addons/prometheus/2/plans/standard-50/bind.yaml +++ b/addons/prometheus/2/plans/standard-50/bind.yaml @@ -1,34 +1,24 @@ credential: - {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: HOST valueFrom: serviceRef: - name: {{ printf "%s" (include "common.names.fullname" .) }} + name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: database +{{- else if (eq .Values.service.type "ClusterIP") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - - name: password - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: username - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - - name: portro + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PORT valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' + serviceRef: + name: {{ template "common.names.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + valule: {{ .Values.server.username }} + - name: PASSWORD + valule: {{ .Values.server.password }} {{- end }} - diff --git a/addons/prometheus/2/plans/standard-50/values.yaml b/addons/prometheus/2/plans/standard-50/values.yaml index 0dc80c4f..69caeefa 100644 --- a/addons/prometheus/2/plans/standard-50/values.yaml +++ b/addons/prometheus/2/plans/standard-50/values.yaml @@ -4,4 +4,5 @@ fullnameOverride: hb-prometheus-standard-50 server: persistence: - size: 50Gi \ No newline at end of file + size: 50Gi + retentionSize: 48Gi \ No newline at end of file From 96cc9a69fcb9c5f01914aa868cc7308bbc0a700d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Dec 2023 11:21:52 +0800 Subject: [PATCH 026/176] fix(postgresql-cluster): service type nil --- .../15/chart/postgresql-cluster/templates/svc-master.yaml | 2 +- .../15/chart/postgresql-cluster/templates/svc-relp.yaml | 2 +- .../15/chart/postgresql-cluster/templates/svc.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml index e162dc3b..f3d20fd2 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml @@ -12,7 +12,7 @@ metadata: cluster-name: {{ template "patroni.fullname" . }} role: master spec: - type: {{ .Value.service.type }} + type: {{ .Values.service.type }} selector: application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml index adc82d13..252882b3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml @@ -12,7 +12,7 @@ metadata: cluster-name: {{ template "patroni.fullname" . }} role: replica spec: - type: {{ .Value.service.type }} + type: {{ .Values.service.type }} selector: application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index 0922fb57..3644db78 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -11,7 +11,7 @@ metadata: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: - type: {{ .Value.service.type }} + type: {{ .Values.service.type }} ports: - port: 5432 targetPort: 5432 From 510b272277191288ac5288cd7a1e01f085fa2762 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Dec 2023 11:31:45 +0800 Subject: [PATCH 027/176] fix(cloudbeaver): labels application --- .../cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml index c00c3656..2b1fe314 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml @@ -118,7 +118,7 @@ spec: {{ toYaml .Values.persistence.annotations | indent 8 }} {{- end }} labels: - application: {{ template "cloudbeaver.fullname" . }} + application: {{ include "common.names.fullname" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: From 735f5376937aa661b37206593f89a4731bfecde9 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 5 Dec 2023 11:31:10 +0800 Subject: [PATCH 028/176] fix(postgresql-cluster): plans describe typo --- addons/index.yaml | 3 +++ .../15/chart/postgresql-cluster/values.yaml | 6 +++++- addons/postgresql-cluster/15/meta.yaml | 6 ++++++ addons/postgresql-cluster/15/plans/standard-100/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-20/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-200/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-400/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-50/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-800/meta.yaml | 2 +- 9 files changed, 20 insertions(+), 7 deletions(-) diff --git a/addons/index.yaml b/addons/index.yaml index 75ec5191..fb67bcb2 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -1,5 +1,8 @@ apiVersion: v1 entries: + cloudbeaver: + - version: 23 + description: "Cloud Database Manager." mysql-cluster: - version: 8.0 description: "The world's most popular open source database cluster." diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index e3128f72..960735da 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -82,7 +82,11 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s + {{- if .Values.walG.enabled }} archive_command: sh /opt/drycc/postgresql/walbackup.sh %p + {{- else }} + archive_command: /bin/true + {{- end }} # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -245,7 +249,7 @@ metrics: memory: 512Mi walG: # Specifies whether Wal-G should be enabled - enabled: true + enabled: false # Cron schedule for doing base backups scheduleCronJob: "*/5 * * * *" # Amount of base backups to retain diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index 1b5450bc..a9bfe787 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -23,4 +23,10 @@ allow_parameters: description: "Whether to enable metrics. default true" - name: "walG.enabled" description: "Whether to use S3 for backup your data. default true . ps: Make sure there is a available S3 " +- name: "walG.s3.awsAccessKeyID" + description: "S3 awsAccessKeyID" +- name: "walG.s3.awsSecretAccessKey" + description: "S3 awsSecretAccessKey" +- name: "walG.s3.walGS3Prefix" + description: "S3 walGS3Prefix : etc . s3://bucket001" archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml index 8b3352c9..699f4aaa 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml @@ -1,6 +1,6 @@ name: "standard-100" id: c44160a6-5ec4-49e5-af1e-a1c1676871cf -description: "Mysql Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" displayName: "standard-100" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml index e9580d73..0f67097a 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml @@ -1,6 +1,6 @@ name: "standard-20" id: edf8bdfe-b1dc-4f41-b042-801153794df7 -description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +description: "PostgreSQL Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" displayName: "standard-20" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml index 89b4292b..cbfb48ce 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml @@ -1,6 +1,6 @@ name: "standard-200" id: a2160ac2-6c35-4162-b8a2-8dfb2e01816f -description: "Mysql Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" displayName: "standard-200" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml index b9472699..8ec2aacb 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml @@ -1,6 +1,6 @@ name: "standard-400" id: 16bfd3a8-1080-4731-93d0-bd90e6ba6dad -description: "Mysql Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" displayName: "standard-400" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml index 9fbb08f1..29e67ad5 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml @@ -1,6 +1,6 @@ name: "standard-50" id: 0542f411-4e7b-46af-966c-c9989e54873c -description: "Mysql Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +description: "PostgreSQL standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" displayName: "standard-50" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml index 1748ac9e..72ab5126 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml @@ -1,6 +1,6 @@ name: "standard-800" id: 60f37e20-e69e-4f6f-9cce-e43caec34963 -description: "Mysql Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" displayName: "standard-800" bindable: true maximum_polling_duration: 1800 From 4efae114771740f61ff1c84642691ac9ee563879 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 8 Dec 2023 14:02:13 +0800 Subject: [PATCH 029/176] chore(postgresql-cluster): allow dyrcc params --- .../15/chart/postgresql-cluster/README.md | 164 ++---------------- .../postgresql-cluster/templates/_helpers.tpl | 34 ++-- .../postgresql-cluster/templates/cronjob.yaml | 2 +- .../templates/networkpolicy.yaml | 2 +- .../postgresql-cluster/templates/sec.yaml | 6 +- .../templates/statefulset.yaml | 10 +- .../15/chart/postgresql-cluster/values.yaml | 20 ++- addons/postgresql-cluster/15/meta.yaml | 10 +- .../15/plans/standard-10/values.yaml | 2 +- .../15/plans/standard-100/values.yaml | 1 - .../15/plans/standard-20/values.yaml | 2 +- .../15/plans/standard-200/values.yaml | 1 - .../15/plans/standard-50/values.yaml | 1 - 13 files changed, 61 insertions(+), 194 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 8d44fca1..3bab0f21 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -1,151 +1,17 @@ -# ⚠️ Repo Archive Notice -As of Nov 13, 2020, charts in this repo will no longer be updated. -For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/). - -# Patroni Helm Chart - -This directory contains a Kubernetes chart to deploy a five node [Patroni](https://github.com/zalando/patroni/) cluster using a [Spilo](https://github.com/zalando/spilo) and a StatefulSet. - - -## Prerequisites Details -* Kubernetes 1.9+ -* PV support on the underlying infrastructure - -## StatefulSet Details -* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ - -## StatefulSet Caveats -* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations - - -## Chart Details -This chart will do the following: - -* Implement a HA scalable PostgreSQL 10 cluster using a Kubernetes StatefulSet. - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add -$ helm dependency update -$ helm install --name my-release postgresql-cluster -``` - -To install the chart with randomly generated passwords: - -```console -$ helm install --name my-release postgresql-cluster \ - --set credentials.superuser="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.admin="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.standby="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)" -``` - -## Connecting to PostgreSQL - -Your access point is a cluster IP. In order to access it spin up another pod: - -```console -$ kubectl run -i --tty --rm psql --image=postgres --restart=Never -- bash -il -``` - -Then, from inside the pod, connect to PostgreSQL: - -```console -$ psql -U admin -h my-release-patroni.default.svc.cluster.local postgres - -postgres=> -``` - -## Configuration - -The following table lists the configurable parameters of the patroni chart and their default values. - -| Parameter | Description | Default | -|-----------------------------------|---------------------------------------------|-----------------------------------------------------| -| `nameOverride` | Override the name of the chart | `nil` | -| `fullnameOverride` | Override the fullname of the chart | `nil` | -| `replicaCount` | Amount of pods to spawn | `5` | -| `image.repository` | The image to pull | `registry.opensource.zalan.do/acid/spilo-10` | -| `image.tag` | The version of the image to pull | `1.5-p5` | -| `image.pullPolicy` | The pull policy | `IfNotPresent` | -| `credentials.superuser` | Password of the superuser | `tea` | -| `credentials.admin` | Password of the admin | `cola` | -| `credentials.standby` | Password of the replication user | `pinacolada` | -| `kubernetes.dcs.enable` | Using Kubernetes as DCS | `true` | -| `kubernetes.configmaps.enable` | Using Kubernetes configmaps instead of endpoints | `false` | -| `etcd.enable` | Using etcd as DCS | `false` | -| `etcd.deployChart` | Deploy etcd chart | `false` | -| `etcd.host` | Host name of etcd cluster | `nil` | -| `etcd.discovery` | Domain name of etcd cluster | `nil` | -| `zookeeper.enable` | Using ZooKeeper as DCS | `false` | -| `zookeeper.deployChart` | Deploy ZooKeeper chart | `false` | -| `zookeeper.hosts` | List of ZooKeeper cluster members | `host1:port1,host2:port,etc...` | -| `consul.enable` | Using Consul as DCS | `false` | -| `consul.deployChart` | Deploy Consul chart | `false` | -| `consul.host` | Host name of consul cluster | `nil` | -| `env` | Extra custom environment variables | `{}` | -| `walE.enable` | Use of Wal-E tool for base backup/restore | `false` | -| `walE.scheduleCronJob` | Schedule of Wal-E backups | `00 01 * * *` | -| `walE.retainBackups` | Number of base backups to retain | `2` | -| `walE.s3Bucket:` | Amazon S3 bucket used for wal-e backups | `nil` | -| `walE.gcsBucket` | GCS storage used for Wal-E backups | `nil` | -| `walE.kubernetesSecret` | K8s secret name for provider bucket | `nil` | -| `walE.backupThresholdMegabytes` | Maximum size of the WAL segments accumulated after the base backup to consider WAL-E restore instead of pg_basebackup | `1024` | -| `walE.backupThresholdPercentage` | Maximum ratio (in percents) of the accumulated WAL files to the base backup to consider WAL-E restore instead of pg_basebackup | `30` | -| `resources` | Any resources you wish to assign to the pod | `{}` | -| `nodeSelector` | Node label to use for scheduling | `{}` | -| `tolerations` | List of node taints to tolerate | `[]` | -| `affinityTemplate` | A template string to use to generate the affinity settings | Anti-affinity preferred on hostname | -| `affinity` | Affinity settings. Overrides `affinityTemplate` if set. | `{}` | -| `schedulerName` | Alternate scheduler name | `nil` | -| `persistentVolume.accessModes` | Persistent Volume access modes | `[ReadWriteOnce]` | -| `persistentVolume.annotations` | Annotations for Persistent Volume Claim` | `{}` | -| `persistentVolume.mountPath` | Persistent Volume mount root path | `/home/postgres/pgdata` | -| `persistentVolume.size` | Persistent Volume size | `2Gi` | -| `persistentVolume.storageClass` | Persistent Volume Storage Class | `volume.alpha.kubernetes.io/storage-class: default` | -| `persistentVolume.subPath` | Subdirectory of Persistent Volume to mount | `""` | -| `rbac.create` | Create required role and rolebindings | `true` | -| `serviceAccount.create` | If true, create a new service account | `true` | -| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `nil` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install --name my-release -f values.yaml incubator/patroni -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Cleanup - -To remove the spawned pods you can run a simple `helm delete `. - -Helm will however preserve created persistent volume claims, -to also remove them execute the commands below. - -```console -$ release= -$ helm delete $release -$ kubectl delete pvc -l release=$release -``` - -## Internals - -Patroni is responsible for electing a PostgreSQL master pod by leveraging the -DCS of your choice. After election it adds a `spilo-role=master` label to the -elected master and set the label to `spilo-role=replica` for all replicas. -Simultaneously it will update the `-patroni` endpoint to let the -service route traffic to the elected master. - -```console -$ kubectl get pods -l spilo-role -L spilo-role -NAME READY STATUS RESTARTS AGE SPILO-ROLE -my-release-patroni-0 1/1 Running 0 9m replica -my-release-patroni-1 1/1 Running 0 9m master -my-release-patroni-2 1/1 Running 0 8m replica -my-release-patroni-3 1/1 Running 0 8m replica -my-release-patroni-4 1/1 Running 0 8m replica ``` +dataname: + dbname: dbn + username: admin + password: R3Dv0NEmwZkhhz +networkPolicy.allowNamespaces: + - mx-test1 +service.type: ClusterIP +metrics.enabled: true +backup: + enabled: true + s3: + awsAccessKeyID: DO9l771LqiwZkhhz + awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn + walGS3Prefix: mx-test +``` \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index 1e4e50bc..feddfa57 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -46,7 +46,7 @@ Create the name of the service account to use. Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature */}} {{- define "patroni.createCronJob" -}} -{{- if and .Values.walG.enabled }} +{{- if and .Values.backup.enabled }} {{- true -}} {{- else -}} {{- end -}} @@ -143,35 +143,35 @@ Create patroni envs. {{/* Create walg envs. */}} -{{- define "walg.envs" }} -{{- if .Values.walG.enabled }} +{{- define "backup.envs" }} +{{- if .Values.backup.enabled }} - name: USE_WALG - value: {{ .Values.walG.enabled | quote }} -{{- if .Values.walG.retainBackups }} + value: {{ .Values.backup.enabled | quote }} +{{- if .Values.backup.retainBackups }} - name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.walG.retainBackups | quote}} + value: {{ .Values.backup.retainBackups | quote}} {{- end }} -{{- if .Values.walG.backupThresholdMegabytes }} +{{- if .Values.backup.backupThresholdMegabytes }} - name: WALG_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.walG.backupThresholdMegabytes | quote }} + value: {{ .Values.backup.backupThresholdMegabytes | quote }} {{- end }} -{{- if .Values.walG.backupThresholdPercentage }} +{{- if .Values.backup.backupThresholdPercentage }} - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.walG.backupThresholdPercentage | quote }} + value: {{ .Values.backup.backupThresholdPercentage | quote }} {{- end }} -{{- if .Values.walG.s3.used }} +{{- if .Values.backup.s3.used }} - name: AWS_ACCESS_KEY_ID - value: {{ .Values.walG.s3.awsAccessKeyID | quote }} + value: {{ .Values.backup.s3.awsAccessKeyID | quote }} - name: AWS_SECRET_ACCESS_KEY - value: {{ .Values.walG.s3.awsSecretAccessKey | quote }} + value: {{ .Values.backup.s3.awsSecretAccessKey | quote }} - name: WALG_S3_PREFIX - value: {{ .Values.walG.s3.walGS3Prefix | quote }} + value: {{ .Values.backup.s3.walGS3Prefix | quote }} - name: AWS_ENDPOINT - value: {{ .Values.walG.s3.awsEndpoint | quote }} + value: {{ .Values.backup.s3.awsEndpoint | quote }} - name: AWS_S3_FORCE_PATH_STYLE - value: {{ .Values.walG.s3.awsS3ForcePathStyle | quote }} + value: {{ .Values.backup.s3.awsS3ForcePathStyle | quote }} - name: AWS_REGION - value: {{ .Values.walG.s3.awsRegion | quote }} + value: {{ .Values.backup.s3.awsRegion | quote }} {{- end }} {{- else }} - name: USE_WALG diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml index 39c08de3..41e42886 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml @@ -19,7 +19,7 @@ metadata: {{- end }} spec: - schedule: "{{ .Values.walG.scheduleCronJob }}" + schedule: "{{ .Values.backup.scheduleCronJob }}" failedJobsHistoryLimit: 1 successfulJobsHistoryLimit: 1 jobTemplate: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index 8b429517..dfad66c3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -23,7 +23,7 @@ spec: - port: 5432 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.containerPort }} - {{ end }} `` + {{ end }} {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 306e93e7..0a5ed63b 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -14,6 +14,6 @@ data: password-superuser: {{ .Values.credentials.superuser | b64enc }} password-rewind: {{ .Values.credentials.rewind | b64enc }} password-replication: {{ .Values.credentials.replication | b64enc }} - data-user: {{ .Values.dataname.username | b64enc }} - data-name: {{ .Values.dataname.dbname | b64enc }} - data-password: {{ .Values.dataname.password | b64enc }} + data-user: {{ .Values.database.username | b64enc }} + data-name: {{ .Values.database.dbname | b64enc }} + data-password: {{ .Values.database.password | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 0d1ed21a..98ded996 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -56,8 +56,8 @@ spec: # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} - {{- if .Values.walG.enabled }} - {{- include "walg.envs" . | indent 8 }} + {{- if .Values.backup.enabled }} + {{- include "backup.envs" . | indent 8 }} {{- end }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} @@ -127,7 +127,7 @@ spec: {{- end }} env: - name: DATA_SOURCE_NAME - value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/%s?sslmode=disable" $.Values.dataname.dbname }} + value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/%s?sslmode=disable" $.Values.database.dbname }} ports: - name: http-metrics containerPort: {{ .Values.metrics.containerPort }} @@ -161,7 +161,7 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.walG.enabled }} + {{- if .Values.backup.enabled }} - name: {{ .Chart.Name }}-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -175,7 +175,7 @@ spec: - | python3 /opt/drycc/postgresql/pgbackup.py 0.0.0.0 9000 env: - {{- include "walg.envs" . | indent 8 }} + {{- include "backup.envs" . | indent 8 }} - name: PGHOST value: localhost - name: PGPASSWORD diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 960735da..d7b24deb 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -21,7 +21,7 @@ credentials: rewind: cola replication: reppasswd -dataname: +database: dbname: db1 username: us1 password: 111w @@ -82,7 +82,7 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s - {{- if .Values.walG.enabled }} + {{- if .Values.backup.enabled }} archive_command: sh /opt/drycc/postgresql/walbackup.sh %p {{- else }} archive_command: /bin/true @@ -243,15 +243,15 @@ metrics: limits: cpu: 100m memory: 512Mi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 20Mi requests: cpu: 100m memory: 512Mi -walG: +backup: # Specifies whether Wal-G should be enabled - enabled: false + enabled: true # Cron schedule for doing base backups - scheduleCronJob: "*/5 * * * *" + scheduleCronJob: "20 0 * * 0" # Amount of base backups to retain retainBackups: 2 # Name of the secret that holds the credentials to the bucket @@ -271,8 +271,9 @@ walG: awsS3ForcePathStyle: "true" awsRegion: dx-1 + persistentVolume: - enabled: false + enabled: true size: 10G ## database data Persistent Volume Storage Class ## If defined, storageClassName: @@ -338,7 +339,7 @@ serviceAccount: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: false + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port Postgresql is listening @@ -346,4 +347,5 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: [] \ No newline at end of file + allowNamespaces: + - mx-test1 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index a9bfe787..28de1baf 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -15,18 +15,20 @@ instances_retrievable: true bindings_retrievable: true plan_updateable: false allow_parameters: +- name: "dataname" + description: "database config for values.yaml" - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" - name: "metrics.enabled" description: "Whether to enable metrics. default true" -- name: "walG.enabled" +- name: "backup.enabled" description: "Whether to use S3 for backup your data. default true . ps: Make sure there is a available S3 " -- name: "walG.s3.awsAccessKeyID" +- name: "backup.s3.awsAccessKeyID" description: "S3 awsAccessKeyID" -- name: "walG.s3.awsSecretAccessKey" +- name: "backup.s3.awsSecretAccessKey" description: "S3 awsSecretAccessKey" -- name: "walG.s3.walGS3Prefix" +- name: "backup.s3.walGS3Prefix" description: "S3 walGS3Prefix : etc . s3://bucket001" archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index b6037e16..94917aff 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -65,7 +65,7 @@ resources: limits: cpu: 1000m memory: 2Gi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 4Mi requests: cpu: 1000m memory: 2Gi diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index c937e07a..2f4c4841 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -66,7 +66,6 @@ resources: limits: cpu: 4000m memory: 16Gi - # hugepages-2Mi: 4Mi requests: cpu: 4000m memory: 16Gi diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index f460d01f..3ef08abf 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -67,7 +67,7 @@ resources: limits: cpu: 2000m memory: 4Gi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 20Mi requests: cpu: 2000m memory: 4Gi diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index 9db720e6..5e9d641b 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -65,7 +65,6 @@ resources: limits: cpu: 8000m memory: 32Gi - # hugepages-2Mi: 4Mi requests: cpu: 8000m memory: 32Gi diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml index fbf8db1f..046e87ea 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -66,7 +66,6 @@ resources: limits: cpu: 2000m memory: 8Gi - # hugepages-2Mi: 4Mi requests: cpu: 2000m memory: 8Gi From 76fff18415ba80187b22ee13195d5b192da77765 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 11 Dec 2023 11:46:05 +0800 Subject: [PATCH 030/176] chore(postgresql-cluster): generate password random --- .../15/chart/postgresql-cluster/README.md | 83 +++++++++++++++-- .../postgresql-cluster/templates/_helpers.tpl | 88 +++++++++++++++---- .../postgresql-cluster/templates/sec.yaml | 13 ++- .../15/chart/postgresql-cluster/values.yaml | 50 +++++------ addons/postgresql-cluster/15/meta.yaml | 14 +-- 5 files changed, 184 insertions(+), 64 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 3bab0f21..9bc0f18b 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -1,17 +1,90 @@ +## CREATE PG INSTANCE ``` -dataname: - dbname: dbn - username: admin - password: R3Dv0NEmwZkhhz +# create or update pg instance template yaml networkPolicy.allowNamespaces: - mx-test1 service.type: ClusterIP metrics.enabled: true backup: + # whether BackUP should be enabled enabled: true + # Cron schedule for doing base backups + scheduleCronJob: "20 0 * * 0" + Amount of base backups to retain + retainBackups: 2 s3: awsAccessKeyID: DO9l771LqiwZkhhz awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn walGS3Prefix: mx-test -``` \ No newline at end of file +``` + +## Create app user and database + +- Login PG with admin user & password + +- CREATE APP USER +``` +CREATE USER `my_user` WITH CONNECTION LIMIT `conn_limit` LOGIN ENCRYPTED PASSWORD 'password'; +``` +- CREATE APP DATABASE +``` +CREATE DATABASE `my_db` OWNER `my_user`; +``` +- CREATE EXTENSIONS +``` +CREATE EXTENSION pg_buffercache; +``` + +## Network Access + +Default access allow policy: only namespace scope. + +- allow `mx-test1` namespace access +``` +networkPolicy.allowNamespaces: + - mx-test1 +``` + + - Assign external network IP address +``` + service.type: LoadBlance +``` + + ## Manger backup your data `Very important` + +`Strongly recommend enabling this feature.` +`Strongly recommend enabling this feature.` +`Strongly recommend enabling this feature.` + +PG data backup use S3 as backenp store. Choose an independent storage space `outside of the current environment` as your backup space. +``` +backup: + # whether BackUP should be enabled + enabled: true + # Cron schedule for doing base backups + scheduleCronJob: "20 0 * * 0" + Amount of base backups to retain + retainBackups: 2 + s3: + awsAccessKeyID: DO9l771LqiwZkhhz + awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn + walGS3Prefix: mx-test +``` + +You can modify multiple content at once, there is no need to modify part of it each time. + +# Plans + +| Resource Specification | Cores | MEMORY | Storage SIZE | +| :---: | :---: | :---: | :---: | +| standard-10 | 1C | 2G | 10G | +| standard-20 | 2C | 4G | 20G | +| standard-50 | 2C | 8G | 50G | +| standard-100 | 4C | 16G | 100G | +| standard-200 | 8C | 32G | 200G | +| standard-400 | 16C | 64G | 400G | +| standard-800 | 32C | 128G | 800G | + +In order to obtain a better experience, it is recommended not to exceed 80% usage of resource utilization for a long period of time. If there is a need for larger resource scale, please apply for private customization. + diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index feddfa57..b11ff28e 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -107,6 +107,16 @@ Create patroni envs. secretKeyRef: name: {{ template "patroni.fullname" . }} key: password-rewind +- name: ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: admin-user +- name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: admin-password - name: PATRONI_SCOPE value: {{ template "patroni.fullname" . }} - name: PATRONI_NAME @@ -123,21 +133,6 @@ Create patroni envs. value: '0.0.0.0:5432' - name: PATRONI_RESTAPI_LISTEN value: '0.0.0.0:8008' -- name: DATABASE_NAME - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: data-name -- name: DATABASE_USER - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: data-user -- name: DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: data-password {{- end -}} {{/* @@ -178,3 +173,66 @@ Create walg envs. value: "" {{- end }} {{- end }} + +{{/* +Generate random password +*/}} + +{{/* +Get the super user password ; +*/}} +{{- define "credentials.superuserValue" }} +{{- if .Values.credentials.superuser }} + {{- .Values.credentials.superuser -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-superuser") -}} +{{- end -}} +{{- end }} + +{{/* +Get the rewind password ; +*/}} +{{- define "credentials.rewindValue" }} +{{- if .Values.credentials.rewind }} + {{- .Values.credentials.rewind -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-rewind") -}} +{{- end -}} +{{- end }} + +{{/* +Get the replication password ; +*/}} +{{- define "credentials.replicationValue" }} +{{- if .Values.credentials.replication }} + {{- .Values.credentials.replication -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} +{{- end -}} +{{- end }} + +{{/* +Get the administrator password ; +*/}} +{{- define "adminRole.passwordValue" }} +{{- if .Values.adminRole.password }} + {{- .Values.adminRole.password -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} +{{- end -}} +{{- end }} + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} +{{- $len := (default 16 .Length) | int -}} +{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $obj }} +{{- index $obj .Key | b64dec -}} +{{- else -}} +{{- randAlphaNum $len -}} +{{- end -}} +{{- end }} + diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 0a5ed63b..8c94ae26 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -10,10 +10,9 @@ metadata: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} type: Opaque -data: - password-superuser: {{ .Values.credentials.superuser | b64enc }} - password-rewind: {{ .Values.credentials.rewind | b64enc }} - password-replication: {{ .Values.credentials.replication | b64enc }} - data-user: {{ .Values.database.username | b64enc }} - data-name: {{ .Values.database.dbname | b64enc }} - data-password: {{ .Values.database.password | b64enc }} +data: + password-superuser: {{ include "credentials.superuserValue" . | b64enc | quote }} + password-rewind: {{ include "credentials.rewindValue" . | b64enc | quote }} + password-replication: {{ include "credentials.replicationValue" . | b64enc | quote }} + admin-user: {{ .Values.adminRole.username | b64enc }} + admin-password: {{ .Values.adminRole.password | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index d7b24deb..389451ec 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -17,14 +17,13 @@ image: # https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql # https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst credentials: - superuser: tea - rewind: cola - replication: reppasswd + superuser: "" + rewind: "" + replication: "" -database: - dbname: db1 - username: us1 - password: 111w +adminRole: + username: administrator + password: "" # Distribution Configuration stores # Please note that only one of the following stores should be enabled. @@ -126,22 +125,21 @@ postInitScript: | #!/bin/bash set -Eeu # Create monitor user - psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" - # Create init database & user - if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then - echo "Creating user ${DATABASE_USER}" - psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" - echo "Creating database ${DATABASE_NAME} " - psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" - psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" - psql -w -c "CHECKPOINT;CHECKPOINT;" + psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor;create extension pg_stat_statements;create extension pg_buffercache ;" + # Create admin user + if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then + echo "Creating user ${ADMIN_USER}" + # psql -w -c "CREATE USER ${ADMIN_USER} WITH NOSUPERUSER CREATEDB CREATEROLE REPLICATION CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" else - echo "Skipping user creation" - echo "Skipping database creation" + echo "Skipping create admin user" fi + psql -w -c "CHECKPOINT;CHECKPOINT;" + #norm user + # + # postgresql: config: |- - log_min_duration_statement = 1008 + log_min_duration_statement = 1000 max_wal_size = 4GB min_wal_size = 4GB max_connections = 1005 @@ -249,7 +247,7 @@ metrics: memory: 512Mi backup: # Specifies whether Wal-G should be enabled - enabled: true + enabled: false # Cron schedule for doing base backups scheduleCronJob: "20 0 * * 0" # Amount of base backups to retain @@ -257,17 +255,17 @@ backup: # Name of the secret that holds the credentials to the bucket kubernetesSecret: # Maximum size of the WAL segments accumulated after the base backup to - # consider WAL-E restore instead of pg_basebackup + # consider WAL-G restore instead of pg_basebackup backupThresholdMegabytes: 1024 # Maximum ratio (in percents) of the accumulated WAL files to the base backup - # to consider WAL-E restore instead of pg_basebackup + # to consider WAL-G restore instead of pg_basebackup backupThresholdPercentage: 30 s3: used: true - awsAccessKeyID: "minioadmin" - awsSecretAccessKey: "minioadmin" - walGS3Prefix: "s3://pg1" - awsEndpoint: "http://10.10.2.11:9000" + awsAccessKeyID: "" + awsSecretAccessKey: "" + walGS3Prefix: "s3://xx" + awsEndpoint: "http://xxxx:9000" awsS3ForcePathStyle: "true" awsRegion: dx-1 diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index 28de1baf..5185d109 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -13,22 +13,14 @@ tags: postgresql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: -- name: "dataname" - description: "database config for values.yaml" - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" - name: "metrics.enabled" description: "Whether to enable metrics. default true" -- name: "backup.enabled" - description: "Whether to use S3 for backup your data. default true . ps: Make sure there is a available S3 " -- name: "backup.s3.awsAccessKeyID" - description: "S3 awsAccessKeyID" -- name: "backup.s3.awsSecretAccessKey" - description: "S3 awsSecretAccessKey" -- name: "backup.s3.walGS3Prefix" - description: "S3 walGS3Prefix : etc . s3://bucket001" +- name: "backup" + description: "Whether to use S3 for backup your data. default false . ps: Make sure there is a available S3 " archive: false \ No newline at end of file From 2e6b61a3680b9454a899c15d0361f03876f4e8e2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 11 Dec 2023 14:46:51 +0800 Subject: [PATCH 031/176] chore(postgresql-cluster): Adjust backup strategy --- .../15/chart/postgresql-cluster/README.md | 2 +- .../postgresql-cluster/templates/_helpers.tpl | 43 +++---------------- .../templates/cm-backup.yaml | 22 ++++++++++ .../templates/statefulset.yaml | 10 +++-- .../15/chart/postgresql-cluster/values.yaml | 24 +++++++---- 5 files changed, 51 insertions(+), 50 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 9bc0f18b..70d31e0c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -74,7 +74,7 @@ backup: You can modify multiple content at once, there is no need to modify part of it each time. -# Plans +## Plans | Resource Specification | Cores | MEMORY | Storage SIZE | | :---: | :---: | :---: | :---: | diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index b11ff28e..e3bedca5 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -136,43 +136,14 @@ Create patroni envs. {{- end -}} {{/* -Create walg envs. +Return true if a configmap object should be created for PG backup. */}} -{{- define "backup.envs" }} -{{- if .Values.backup.enabled }} -- name: USE_WALG - value: {{ .Values.backup.enabled | quote }} -{{- if .Values.backup.retainBackups }} -- name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.backup.retainBackups | quote}} -{{- end }} -{{- if .Values.backup.backupThresholdMegabytes }} -- name: WALG_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.backup.backupThresholdMegabytes | quote }} -{{- end }} -{{- if .Values.backup.backupThresholdPercentage }} -- name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.backup.backupThresholdPercentage | quote }} -{{- end }} -{{- if .Values.backup.s3.used }} -- name: AWS_ACCESS_KEY_ID - value: {{ .Values.backup.s3.awsAccessKeyID | quote }} -- name: AWS_SECRET_ACCESS_KEY - value: {{ .Values.backup.s3.awsSecretAccessKey | quote }} -- name: WALG_S3_PREFIX - value: {{ .Values.backup.s3.walGS3Prefix | quote }} -- name: AWS_ENDPOINT - value: {{ .Values.backup.s3.awsEndpoint | quote }} -- name: AWS_S3_FORCE_PATH_STYLE - value: {{ .Values.backup.s3.awsS3ForcePathStyle | quote }} -- name: AWS_REGION - value: {{ .Values.backup.s3.awsRegion | quote }} -{{- end }} -{{- else }} -- name: USE_WALG - value: "" -{{- end }} -{{- end }} +{{- define "backup.createConfigmap" -}} +{{- if and .Values.backup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} {{/* Generate random password diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml new file mode 100644 index 00000000..b7eb7331 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml @@ -0,0 +1,22 @@ +{{- if (include "backup.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + backup.env: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} + # archive_command.sh: | - + # #/bin/bash + # source backup.env + # [ $USE_WALG ] ? sh /opt/drycc/postgresql/walbackup.sh %p : /bin/true +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 98ded996..036f8b80 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -56,9 +56,6 @@ spec: # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} - {{- if .Values.backup.enabled }} - {{- include "backup.envs" . | indent 8 }} - {{- end }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} - name: {{ $key | quote | upper }} @@ -110,6 +107,9 @@ spec: - mountPath: "/opt/drycc/postgresql/config/" name: postgresql-config # readOnly: true + - mountPath: "/opt/drycc/postgresql/backup/" + name: postgresql-backup + # readOnly: true resources: {{ toYaml .Values.resources | indent 10 }} {{- if .Values.metrics.enabled }} @@ -175,7 +175,6 @@ spec: - | python3 /opt/drycc/postgresql/pgbackup.py 0.0.0.0 9000 env: - {{- include "backup.envs" . | indent 8 }} - name: PGHOST value: localhost - name: PGPASSWORD @@ -222,6 +221,9 @@ spec: - name: postgresql-config configMap: name: {{ template "common.names.fullname" . }}-postgresql + - name: archive-config + configMap: + name: {{ template "common.names.fullname" . }}-backup {{- if not .Values.persistentVolume.enabled }} - name: storage-volume emptyDir: {} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 389451ec..effc9e1d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -81,11 +81,7 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s - {{- if .Values.backup.enabled }} - archive_command: sh /opt/drycc/postgresql/walbackup.sh %p - {{- else }} - archive_command: /bin/true - {{- end }} + archive_command: sh /opt/drycc/postgresql/walbackup.sh %p %p # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -134,9 +130,20 @@ postInitScript: | echo "Skipping create admin user" fi psql -w -c "CHECKPOINT;CHECKPOINT;" - #norm user - # - # + +backupEnv: | + #!/bin/bash + export USE_WALG={{ .Values.backup.enabled | quote }} + export BACKUP_NUM_TO_RETAIN={{ .Values.backup.retainBackups | quote}} + export WALG_BACKUP_THRESHOLD_MEGABYTES={{ .Values.backup.backupThresholdMegabytes | quote }} + export WALE_BACKUP_THRESHOLD_PERCENTAGE={{ .Values.backup.backupThresholdPercentage | quote }} + export AWS_ACCESS_KEY_ID={{ .Values.backup.s3.awsAccessKeyID | quote }} + export AWS_SECRET_ACCESS_KEY={{ .Values.backup.s3.awsSecretAccessKey | quote }} + export WALG_S3_PREFIX={{ .Values.backup.s3.walGS3Prefix | quote }} + export AWS_ENDPOINT={{ .Values.backup.s3.awsEndpoint | quote }} + export AWS_S3_FORCE_PATH_STYLE={{ .Values.backup.s3.awsS3ForcePathStyle | quote }} + export AWS_REGION={{ .Values.backup.s3.awsRegion | quote }} + postgresql: config: |- log_min_duration_statement = 1000 @@ -269,7 +276,6 @@ backup: awsS3ForcePathStyle: "true" awsRegion: dx-1 - persistentVolume: enabled: true size: 10G From 9e6a085f6dd74ad080b6ba18ac62bec52793b0c6 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 12 Dec 2023 09:52:18 +0800 Subject: [PATCH 032/176] chore(postgresql-cluster): bind info --- .../15/chart/postgresql-cluster/README.md | 110 ++++++++++++++---- .../templates/statefulset.yaml | 6 +- .../15/chart/postgresql-cluster/values.yaml | 16 +-- .../15/plans/standard-10/bind.yaml | 10 +- .../15/plans/standard-100/bind.yaml | 7 +- .../15/plans/standard-20/bind.yaml | 7 +- .../15/plans/standard-200/bind.yaml | 7 +- .../15/plans/standard-400/bind.yaml | 9 +- .../15/plans/standard-50/bind.yaml | 7 +- .../15/plans/standard-800/bind.yaml | 7 +- 10 files changed, 121 insertions(+), 65 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 70d31e0c..0b3f8a3d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -1,5 +1,46 @@ -## CREATE PG INSTANCE +# Postgresql cluster addons +## Plans + +View and choose the service resource specifications you need. +``` + # drycc resources:plans postgresql-cluster +``` +### Resource specification list +| Resource Specification | Cores | MEMORY | Storage SIZE | +| :---: | :---: | :---: | :---: | +| standard-10 | 1C | 2G | 10G | +| standard-20 | 2C | 4G | 20G | +| standard-50 | 2C | 8G | 50G | +| standard-100 | 4C | 16G | 100G | +| standard-200 | 8C | 32G | 200G | +| standard-400 | 16C | 64G | 400G | +| standard-800 | 32C | 128G | 800G | + +In order to obtain a better experience, it is recommended not to exceed 80% usage of resource utilization for a long period of time. If there is a need for larger resource scale, please apply for private customization. + +## Create Postgresql Cluster Service instance + +- Create Postgresql service +``` +# drycc resources:create postgresql-cluster:standard-10 `my_pg_001` +``` +- View service status +``` +# drycc resources:descript `my_pg_001` +``` +- Bind service +``` +# drycc resources:bind `my_pg_001` +``` +- View resource status +``` +# drycc resources:descript `my_pg_001` +``` + +## Create Service with parameters + +`vim value.yaml` ``` # create or update pg instance template yaml networkPolicy.allowNamespaces: @@ -14,14 +55,21 @@ backup: Amount of base backups to retain retainBackups: 2 s3: - awsAccessKeyID: DO9l771LqiwZkhhz - awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn - walGS3Prefix: mx-test + awsAccessKeyID: "" + awsSecretAccessKey: "" + walGS3Prefix: "s3://xx" + awsEndpoint: "http://xxxx:9000" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 +``` +``` + drycc resources:create postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml ``` -## Create app user and database +## Update Service +### Create app user and database -- Login PG with admin user & password +- Login database web with admin user & password - CREATE APP USER ``` @@ -36,28 +84,44 @@ CREATE DATABASE `my_db` OWNER `my_user`; CREATE EXTENSION pg_buffercache; ``` -## Network Access +### Network Access Default access allow policy: only namespace scope. - allow `mx-test1` namespace access + +`vim value.yaml ` ``` networkPolicy.allowNamespaces: - mx-test1 ``` +``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +``` + + - Assign external network IP address - - Assign external network IP address +`vim value.yaml` +``` + service.type: LoadBlancer ``` - service.type: LoadBlance ``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +``` +- View resource status +``` +# drycc resources:describe `my_pg_001` +``` - ## Manger backup your data `Very important` + ### Manger backup your data `Very important` `Strongly recommend enabling this feature.` `Strongly recommend enabling this feature.` `Strongly recommend enabling this feature.` PG data backup use S3 as backenp store. Choose an independent storage space `outside of the current environment` as your backup space. + +`vim value.yaml` ``` backup: # whether BackUP should be enabled @@ -71,20 +135,20 @@ backup: awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn walGS3Prefix: mx-test ``` +``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +``` -You can modify multiple content at once, there is no need to modify part of it each time. +You can modify multiple content at once, there is no need to modify part of it each time. -## Plans -| Resource Specification | Cores | MEMORY | Storage SIZE | -| :---: | :---: | :---: | :---: | -| standard-10 | 1C | 2G | 10G | -| standard-20 | 2C | 4G | 20G | -| standard-50 | 2C | 8G | 50G | -| standard-100 | 4C | 16G | 100G | -| standard-200 | 8C | 32G | 200G | -| standard-400 | 16C | 64G | 400G | -| standard-800 | 32C | 128G | 800G | - -In order to obtain a better experience, it is recommended not to exceed 80% usage of resource utilization for a long period of time. If there is a need for larger resource scale, please apply for private customization. +## Destroy Service +- Unbind service first +``` +# drycc resources:unbind `my_pg_001` +``` +- Destroy service +``` +# drycc resources:destroy `my_pg_001` +``` \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 036f8b80..3aa16bdb 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -108,7 +108,7 @@ spec: name: postgresql-config # readOnly: true - mountPath: "/opt/drycc/postgresql/backup/" - name: postgresql-backup + name: backup-config # readOnly: true resources: {{ toYaml .Values.resources | indent 10 }} @@ -127,7 +127,7 @@ spec: {{- end }} env: - name: DATA_SOURCE_NAME - value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/%s?sslmode=disable" $.Values.database.dbname }} + value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/postgres?sslmode=disable" }} ports: - name: http-metrics containerPort: {{ .Values.metrics.containerPort }} @@ -221,7 +221,7 @@ spec: - name: postgresql-config configMap: name: {{ template "common.names.fullname" . }}-postgresql - - name: archive-config + - name: backup-config configMap: name: {{ template "common.names.fullname" . }}-backup {{- if not .Values.persistentVolume.enabled }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index effc9e1d..08560996 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -3,7 +3,8 @@ diagnosticMode: enable: false service: - type: ClusterIP + # ClusterIP LoadBalancer + type: LoadBalancer image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 @@ -81,7 +82,7 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s - archive_command: sh /opt/drycc/postgresql/walbackup.sh %p %p + archive_command: sh /opt/drycc/postgresql/walbackup.sh %p # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -201,7 +202,7 @@ patroni: ## Postgresql Prometheus exporter parameters ## metrics: - enabled: false + enabled: true image: repository: registry.drycc.cc/drycc-addons/postgres-exporter tag: "0" @@ -248,15 +249,15 @@ metrics: limits: cpu: 100m memory: 512Mi - hugepages-2Mi: 20Mi + # hugepages-2Mi: 20Mi requests: cpu: 100m memory: 512Mi backup: # Specifies whether Wal-G should be enabled - enabled: false + enabled: true # Cron schedule for doing base backups - scheduleCronJob: "20 0 * * 0" + scheduleCronJob: "22 0 * * 0" # Amount of base backups to retain retainBackups: 2 # Name of the secret that holds the credentials to the bucket @@ -351,5 +352,4 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: - - mx-test1 \ No newline at end of file + allowNamespaces: \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index 41676f6e..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: @@ -38,5 +37,4 @@ credential: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - name: PORT - value: 5432 - + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml index a95ec5b2..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,8 +21,7 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - - name: DATABASE + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: From ca4ef628084a769ea9e9f8fabaf38e6244b417bd Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 12 Dec 2023 10:04:07 +0800 Subject: [PATCH 033/176] chore(postgresql-cluster): fix typo --- .../15/chart/postgresql-cluster/README.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 0b3f8a3d..5fe50e3b 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -27,7 +27,7 @@ In order to obtain a better experience, it is recommended not to exceed 80% usag ``` - View service status ``` -# drycc resources:descript `my_pg_001` +# drycc resources:describe `my_pg_001` ``` - Bind service ``` @@ -35,12 +35,12 @@ In order to obtain a better experience, it is recommended not to exceed 80% usag ``` - View resource status ``` -# drycc resources:descript `my_pg_001` +# drycc resources:describe `my_pg_001` ``` -## Create Service with parameters +## Create Service with values file -`vim value.yaml` +`vim values.yaml` ``` # create or update pg instance template yaml networkPolicy.allowNamespaces: @@ -63,7 +63,7 @@ backup: awsRegion: dx-1 ``` ``` - drycc resources:create postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml + drycc resources:create postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml ``` ## Update Service @@ -90,23 +90,23 @@ Default access allow policy: only namespace scope. - allow `mx-test1` namespace access -`vim value.yaml ` +`vim values.yaml ` ``` networkPolicy.allowNamespaces: - mx-test1 ``` ``` -drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml ``` - Assign external network IP address -`vim value.yaml` +`vim values.yaml` ``` service.type: LoadBlancer ``` ``` -drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml ``` - View resource status ``` @@ -121,7 +121,7 @@ drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yam PG data backup use S3 as backenp store. Choose an independent storage space `outside of the current environment` as your backup space. -`vim value.yaml` +`vim values.yaml` ``` backup: # whether BackUP should be enabled @@ -136,7 +136,7 @@ backup: walGS3Prefix: mx-test ``` ``` -drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml ``` You can modify multiple content at once, there is no need to modify part of it each time. From ae73604818bab5d4afc5134222b770ad0764d5c9 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 12 Dec 2023 11:33:29 +0800 Subject: [PATCH 034/176] chore(postgresql-cluster): megre --- .../15/chart/postgresql-cluster/values.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 52157896..97d35e84 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -3,12 +3,7 @@ diagnosticMode: enable: false service: -<<<<<<< HEAD - # ClusterIP LoadBalancer - type: LoadBalancer -======= type: ClusterIP ->>>>>>> c98da89fd38c2acf5b6cc3043a3a4faa17fb9acd image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 From bdc049f5203e8dce49b079527e866562fb1fde02 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 12 Dec 2023 11:47:04 +0800 Subject: [PATCH 035/176] chore(postgresql-cluster): megre --- .../15/chart/postgresql-cluster/values.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 97d35e84..deb83746 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -248,17 +248,13 @@ metrics: limits: cpu: 100m memory: 512Mi - # hugepages-2Mi: 20Mi + hugepages-2Mi: 20Mi requests: cpu: 100m memory: 512Mi -<<<<<<< HEAD backup: -======= -walG: ->>>>>>> c98da89fd38c2acf5b6cc3043a3a4faa17fb9acd # Specifies whether Wal-G should be enabled - enabled: true + enabled: false # Cron schedule for doing base backups scheduleCronJob: "22 0 * * 0" # Amount of base backups to retain From 78e1350f1b0ff1fa759d90351963580ead240491 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 13 Dec 2023 09:01:33 +0800 Subject: [PATCH 036/176] chore(cloudbeaver): modify storage method --- .../cloudbeaver/templates/deployment.yaml | 31 +++---------------- .../23/chart/cloudbeaver/templates/pvc.yaml | 2 +- 2 files changed, 5 insertions(+), 28 deletions(-) diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml index 2b1fe314..be9271b3 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml @@ -105,34 +105,11 @@ spec: - name: data mountPath: {{ .Values.persistence.mountPath | quote }} volumes: -{{- if not .Values.persistence.enabled }} - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }} + {{- else }} emptyDir: {} -{{- end }} -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - annotations: - {{- if .Values.persistence.annotations }} -{{ toYaml .Values.persistence.annotations | indent 8 }} {{- end }} - labels: - application: {{ include "common.names.fullname" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - spec: - accessModes: -{{ toYaml .Values.persistence.accessModes | indent 8 }} - resources: - requests: - storage: "{{ .Values.persistence.size }}" - {{- if .Values.persistence.storageClass }} - {{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" - {{- end }} - {{- end }} - {{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml index 7a36a217..ee8ed038 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml @@ -2,7 +2,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ printf "%s-binding" (include "common.names.fullname" .) }} + name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} From b7494c28b2a1b1f24c69aba94bf643c159c453c2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 14 Dec 2023 16:28:08 +0800 Subject: [PATCH 037/176] chore(postgresql-cluster): adjust --- .../15/chart/postgresql-cluster/README.md | 13 +++++++++++-- .../postgresql-cluster/templates/cm-backup.yaml | 8 +------- .../15/chart/postgresql-cluster/templates/sec.yaml | 4 ++-- .../postgresql-cluster/templates/statefulset.yaml | 4 ++-- .../15/chart/postgresql-cluster/values.yaml | 4 ++-- addons/postgresql-cluster/15/meta.yaml | 4 +--- .../15/plans/standard-10/bind.yaml | 13 +++++-------- .../15/plans/standard-100/bind.yaml | 13 +++++-------- .../15/plans/standard-20/bind.yaml | 13 +++++-------- .../15/plans/standard-200/bind.yaml | 13 +++++-------- .../15/plans/standard-400/bind.yaml | 13 +++++-------- .../15/plans/standard-50/bind.yaml | 13 +++++-------- .../15/plans/standard-50/meta.yaml | 2 +- .../15/plans/standard-800/bind.yaml | 13 +++++-------- 14 files changed, 55 insertions(+), 75 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 5fe50e3b..22da4bd3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -71,13 +71,22 @@ backup: - Login database web with admin user & password +- Change administrator initial password +``` +ALTER USER administrator WITH ENCRYPTED PASSWORD 'newpassword'; +``` +- View total connections number in postgresql cluster; +``` +show max_connections ; +``` - CREATE APP USER ``` -CREATE USER `my_user` WITH CONNECTION LIMIT `conn_limit` LOGIN ENCRYPTED PASSWORD 'password'; +CREATE USER `myuser` WITH CONNECTION LIMIT `conn limit` LOGIN ENCRYPTED PASSWORD 'password'; +GRANT `myuser` to administrator ; ``` - CREATE APP DATABASE ``` -CREATE DATABASE `my_db` OWNER `my_user`; +CREATE DATABASE `mydb` OWNER `myuser`; ``` - CREATE EXTENSIONS ``` diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml index b7eb7331..1ebb88ab 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml @@ -1,4 +1,3 @@ -{{- if (include "backup.createConfigmap" .) }} apiVersion: v1 kind: ConfigMap metadata: @@ -14,9 +13,4 @@ metadata: {{- end }} data: backup.env: |- - {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} - # archive_command.sh: | - - # #/bin/bash - # source backup.env - # [ $USE_WALG ] ? sh /opt/drycc/postgresql/walbackup.sh %p : /bin/true -{{- end -}} \ No newline at end of file + {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 8c94ae26..e01a715c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -14,5 +14,5 @@ data: password-superuser: {{ include "credentials.superuserValue" . | b64enc | quote }} password-rewind: {{ include "credentials.rewindValue" . | b64enc | quote }} password-replication: {{ include "credentials.replicationValue" . | b64enc | quote }} - admin-user: {{ .Values.adminRole.username | b64enc }} - admin-password: {{ .Values.adminRole.password | b64enc }} + admin-user: {{ .Values.adminRole.username | b64enc | quote }} + admin-password: {{ include "adminRole.passwordValue" . | b64enc | quote }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 3aa16bdb..d56c34e3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -161,7 +161,7 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.backup.enabled }} + - name: {{ .Chart.Name }}-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -195,7 +195,7 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - {{- end }} + {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index deb83746..a648e096 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -124,8 +124,8 @@ postInitScript: | psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor;create extension pg_stat_statements;create extension pg_buffercache ;" # Create admin user if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then - echo "Creating user ${ADMIN_USER}" - # psql -w -c "CREATE USER ${ADMIN_USER} WITH NOSUPERUSER CREATEDB CREATEROLE REPLICATION CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" + echo "Creating user ${ADMIN_USER}" + psql -w -c "CREATE USER ${ADMIN_USER} WITH SUPERUSER CREATEDB CREATEROLE CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" else echo "Skipping create admin user" fi diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index baa53c9e..cded881f 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -13,14 +13,12 @@ tags: postgresql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" -- name: "metrics.enabled" - description: "Whether to enable metrics. default true" - name: "backup" description: "Whether to use S3 for backup your data. default false . ps: Make sure there is a available S3 " archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml index 29e67ad5..a194f7ef 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml @@ -1,6 +1,6 @@ name: "standard-50" id: 0542f411-4e7b-46af-966c-c9989e54873c -description: "PostgreSQL standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" displayName: "standard-50" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file From 5a4f70f44c91573ea20df2e81589a6400e86d333 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 15 Dec 2023 11:33:58 +0800 Subject: [PATCH 038/176] chore(postgresql-cluster): fix password & netpolicy --- .../15/chart/postgresql-cluster/templates/_helpers.tpl | 2 +- .../15/chart/postgresql-cluster/templates/networkpolicy.yaml | 1 + .../15/chart/postgresql-cluster/templates/statefulset.yaml | 2 ++ .../postgresql-cluster/15/chart/postgresql-cluster/values.yaml | 2 +- 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index e3bedca5..bb67a496 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -189,7 +189,7 @@ Get the administrator password ; {{- if .Values.adminRole.password }} {{- .Values.adminRole.password -}} {{- else -}} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "admin-password") -}} {{- end -}} {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index dfad66c3..92fdc9a7 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -21,6 +21,7 @@ spec: # Allow inbound connections - ports: - port: 5432 + - port: 9000 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.containerPort }} {{ end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index d56c34e3..790854dd 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -195,6 +195,8 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" + - mountPath: "/opt/drycc/postgresql/backup/" + name: backup-config {{- with .Values.nodeSelector }} nodeSelector: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index a648e096..a0d90cb4 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -112,7 +112,7 @@ preInitScript: | password: '${PATRONI_REPLICATION_PASSWORD}' rewind: # Has no effect on postgres 10 and lower username: rewinder - password: '${PATRONI_REWIND_USERNAME}' + password: '${PATRONI_REWIND_PASSWORD}' watchdog: mode: off __EOF__ From d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd Mon Sep 17 00:00:00 2001 From: lijianguo Date: Thu, 21 Dec 2023 17:45:39 +0800 Subject: [PATCH 039/176] chore(addons): add persistentVolumeClaimRetentionPolicy --- .../templates/distributed/statefulset.yaml | 5 ++++ addons/minio/2023/chart/minio/values.yaml | 9 ++++++ .../templates/data/statefulset.yaml | 5 ++++ .../templates/master/statefulset.yaml | 5 ++++ .../chart/rabbitmq/templates/statefulset.yaml | 5 ++++ .../rabbitmq/3.12/chart/rabbitmq/values.yaml | 13 ++++++++ .../templates/redis-statefulset.yaml | 5 ++++ .../7.0/chart/redis-cluster/values.yaml | 9 ++++++ .../redis/templates/master/application.yaml | 5 ++++ .../redis/templates/replicas/statefulset.yaml | 5 ++++ .../redis/templates/sentinel/statefulset.yaml | 5 ++++ addons/redis/7.0/chart/redis/values.yaml | 30 +++++++++++++++++++ .../templates/filer/statefulset.yaml | 5 ++++ .../templates/master/statefulset.yaml | 5 ++++ .../templates/volume/statefulset.yaml | 5 ++++ .../seaweedfs/3/chart/seaweedfs/values.yaml | 27 +++++++++++++++++ addons/spark/3.4/meta.yaml | 4 +++ .../zookeeper/templates/statefulset.yaml | 5 ++++ .../zookeeper/3.9/chart/zookeeper/values.yaml | 10 ++++++- 19 files changed, 161 insertions(+), 1 deletion(-) diff --git a/addons/minio/2023/chart/minio/templates/distributed/statefulset.yaml b/addons/minio/2023/chart/minio/templates/distributed/statefulset.yaml index 467e66e2..65275fee 100644 --- a/addons/minio/2023/chart/minio/templates/distributed/statefulset.yaml +++ b/addons/minio/2023/chart/minio/templates/distributed/statefulset.yaml @@ -298,6 +298,11 @@ spec: - name: data emptyDir: {} {{- else }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: {{- if gt $drivesPerNode 1 }} {{- range $diskId := until $drivesPerNode }} diff --git a/addons/minio/2023/chart/minio/values.yaml b/addons/minio/2023/chart/minio/values.yaml index f5260b4e..1772a858 100644 --- a/addons/minio/2023/chart/minio/values.yaml +++ b/addons/minio/2023/chart/minio/values.yaml @@ -887,6 +887,15 @@ persistence: ## existingClaim: "" +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted ## @section Volume Permissions parameters ## Init containers parameters: diff --git a/addons/opensearch/2.10/chart/opensearch/templates/data/statefulset.yaml b/addons/opensearch/2.10/chart/opensearch/templates/data/statefulset.yaml index c8c6c1c7..527bc948 100644 --- a/addons/opensearch/2.10/chart/opensearch/templates/data/statefulset.yaml +++ b/addons/opensearch/2.10/chart/opensearch/templates/data/statefulset.yaml @@ -327,6 +327,11 @@ spec: persistentVolumeClaim: claimName: {{ .Values.data.persistence.existingClaim }} {{- else }} + {{- if .Values.data.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.data.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.data.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: "data" diff --git a/addons/opensearch/2.10/chart/opensearch/templates/master/statefulset.yaml b/addons/opensearch/2.10/chart/opensearch/templates/master/statefulset.yaml index 3fb19060..e4b18de2 100644 --- a/addons/opensearch/2.10/chart/opensearch/templates/master/statefulset.yaml +++ b/addons/opensearch/2.10/chart/opensearch/templates/master/statefulset.yaml @@ -339,6 +339,11 @@ spec: persistentVolumeClaim: claimName: {{ .Values.master.persistence.existingClaim }} {{- else }} + {{- if .Values.master.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: "data" diff --git a/addons/rabbitmq/3.12/chart/rabbitmq/templates/statefulset.yaml b/addons/rabbitmq/3.12/chart/rabbitmq/templates/statefulset.yaml index c928ee6a..0f94407c 100644 --- a/addons/rabbitmq/3.12/chart/rabbitmq/templates/statefulset.yaml +++ b/addons/rabbitmq/3.12/chart/rabbitmq/templates/statefulset.yaml @@ -406,6 +406,11 @@ spec: claimName: {{ tpl . $ }} {{- end }} {{- else }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: data diff --git a/addons/rabbitmq/3.12/chart/rabbitmq/values.yaml b/addons/rabbitmq/3.12/chart/rabbitmq/values.yaml index 3eca3af5..966b792e 100644 --- a/addons/rabbitmq/3.12/chart/rabbitmq/values.yaml +++ b/addons/rabbitmq/3.12/chart/rabbitmq/values.yaml @@ -835,6 +835,19 @@ persistence: ## example.io/disk-volume-type: SSD ## annotations: {} +## Persistent Volume Claim Retention Policy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## +persistentVolumeClaimRetentionPolicy: + ## @param persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for rabbitmq Statefulset + ## + enabled: true + ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## + whenScaled: Delete + ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + whenDeleted: Delete ## @section Exposure parameters ## diff --git a/addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml b/addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml index fe2a8545..031566ce 100644 --- a/addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml +++ b/addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml @@ -425,6 +425,11 @@ spec: secretName: {{ include "redis-cluster.tlsSecretName" . }} defaultMode: 256 {{- end }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: redis-data diff --git a/addons/redis-cluster/7.0/chart/redis-cluster/values.yaml b/addons/redis-cluster/7.0/chart/redis-cluster/values.yaml index edae7c6f..ff0953d7 100644 --- a/addons/redis-cluster/7.0/chart/redis-cluster/values.yaml +++ b/addons/redis-cluster/7.0/chart/redis-cluster/values.yaml @@ -322,6 +322,15 @@ persistence: ## matchExpressions: {} +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted ## Init containers parameters: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup ## diff --git a/addons/redis/7.0/chart/redis/templates/master/application.yaml b/addons/redis/7.0/chart/redis/templates/master/application.yaml index c5da3282..4d1b220b 100644 --- a/addons/redis/7.0/chart/redis/templates/master/application.yaml +++ b/addons/redis/7.0/chart/redis/templates/master/application.yaml @@ -449,6 +449,11 @@ spec: persistentVolumeClaim: claimName: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} {{- else }} + {{- if .Values.master.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: redis-data diff --git a/addons/redis/7.0/chart/redis/templates/replicas/statefulset.yaml b/addons/redis/7.0/chart/redis/templates/replicas/statefulset.yaml index d7bf8be0..df2d130c 100644 --- a/addons/redis/7.0/chart/redis/templates/replicas/statefulset.yaml +++ b/addons/redis/7.0/chart/redis/templates/replicas/statefulset.yaml @@ -437,6 +437,11 @@ spec: emptyDir: {} {{- end }} {{- else }} + {{- if .Values.replica.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.replica.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.replica.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: redis-data diff --git a/addons/redis/7.0/chart/redis/templates/sentinel/statefulset.yaml b/addons/redis/7.0/chart/redis/templates/sentinel/statefulset.yaml index 5d54e525..fa2ab677 100644 --- a/addons/redis/7.0/chart/redis/templates/sentinel/statefulset.yaml +++ b/addons/redis/7.0/chart/redis/templates/sentinel/statefulset.yaml @@ -637,6 +637,11 @@ spec: emptyDir: {} {{- end }} {{- else }} + {{- if .Values.sentinel.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.sentinel.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: redis-data diff --git a/addons/redis/7.0/chart/redis/values.yaml b/addons/redis/7.0/chart/redis/values.yaml index c877ea98..526428d2 100644 --- a/addons/redis/7.0/chart/redis/values.yaml +++ b/addons/redis/7.0/chart/redis/values.yaml @@ -445,6 +445,16 @@ master: ## NOTE: requires master.persistence.enabled: true ## existingClaim: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param master.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param master.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param master.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete ## Redis™ master service parameters ## service: @@ -805,6 +815,16 @@ replica: ## @param replica.persistence.dataSource Custom PVC data source ## dataSource: {} + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param replica.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param replica.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param replica.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete ## Redis™ replicas service parameters ## service: @@ -1053,6 +1073,16 @@ sentinel: ## @param sentinel.persistence.dataSource Custom PVC data source ## dataSource: {} + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param sentinel.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete ## Redis™ Sentinel resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param sentinel.resources.limits The resources limits for the Redis™ Sentinel containers diff --git a/addons/seaweedfs/3/chart/seaweedfs/templates/filer/statefulset.yaml b/addons/seaweedfs/3/chart/seaweedfs/templates/filer/statefulset.yaml index b22cc244..a5b9640d 100644 --- a/addons/seaweedfs/3/chart/seaweedfs/templates/filer/statefulset.yaml +++ b/addons/seaweedfs/3/chart/seaweedfs/templates/filer/statefulset.yaml @@ -124,6 +124,11 @@ spec: runAsGroup: 1001 runAsUser: 1001 {{- if .Values.filer.persistence.enabled }} + {{- if .Values.filer.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.filer.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.filer.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: datadir diff --git a/addons/seaweedfs/3/chart/seaweedfs/templates/master/statefulset.yaml b/addons/seaweedfs/3/chart/seaweedfs/templates/master/statefulset.yaml index 6acdbe0f..6a7b375c 100644 --- a/addons/seaweedfs/3/chart/seaweedfs/templates/master/statefulset.yaml +++ b/addons/seaweedfs/3/chart/seaweedfs/templates/master/statefulset.yaml @@ -109,6 +109,11 @@ spec: runAsGroup: 1001 runAsUser: 1001 {{- if .Values.master.persistence.enabled }} + {{- if .Values.master.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: datadir diff --git a/addons/seaweedfs/3/chart/seaweedfs/templates/volume/statefulset.yaml b/addons/seaweedfs/3/chart/seaweedfs/templates/volume/statefulset.yaml index f1489f6a..5e52e693 100644 --- a/addons/seaweedfs/3/chart/seaweedfs/templates/volume/statefulset.yaml +++ b/addons/seaweedfs/3/chart/seaweedfs/templates/volume/statefulset.yaml @@ -134,6 +134,11 @@ spec: runAsGroup: 1001 runAsUser: 1001 {{- if or (.Values.volume.persistence.meta.enabled) (.Values.volume.persistence.data.enabled) }} + {{- if .Values.volume.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.volume.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.volume.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: {{- if .Values.volume.persistence.meta.enabled }} - metadata: diff --git a/addons/seaweedfs/3/chart/seaweedfs/values.yaml b/addons/seaweedfs/3/chart/seaweedfs/values.yaml index bd5b274b..4e32b559 100644 --- a/addons/seaweedfs/3/chart/seaweedfs/values.yaml +++ b/addons/seaweedfs/3/chart/seaweedfs/values.yaml @@ -195,6 +195,15 @@ master: storageClass: "" garbageThreshold: 0.3 defaultReplication: "001" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted filer: replicas: 3 @@ -272,6 +281,15 @@ filer: enabled: false size: 5Gi storageClass: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted volume: replicas: 4 @@ -351,6 +369,15 @@ volume: size: 5Gi storageClass: "" compactionMBps: 50 + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted cronjob: scripts: | diff --git a/addons/spark/3.4/meta.yaml b/addons/spark/3.4/meta.yaml index 922087c7..89ed9270 100644 --- a/addons/spark/3.4/meta.yaml +++ b/addons/spark/3.4/meta.yaml @@ -19,6 +19,10 @@ allow_parameters: description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" +- name: "master.configOptions" + description: "master configOptions config for values.yaml" +- name: "worker.configOptions" + description: "worker configOptions config for values.yaml" - name: "metrics.enable" description: "metrics enable or not config for values.yaml" archive: false diff --git a/addons/zookeeper/3.9/chart/zookeeper/templates/statefulset.yaml b/addons/zookeeper/3.9/chart/zookeeper/templates/statefulset.yaml index eb2680b7..fcd5ad0b 100644 --- a/addons/zookeeper/3.9/chart/zookeeper/templates/statefulset.yaml +++ b/addons/zookeeper/3.9/chart/zookeeper/templates/statefulset.yaml @@ -485,6 +485,11 @@ spec: {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} {{- if and .Values.persistence.enabled (not (and .Values.persistence.existingClaim .Values.persistence.dataLogDir.existingClaim) ) }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: {{- if not .Values.persistence.existingClaim }} - metadata: diff --git a/addons/zookeeper/3.9/chart/zookeeper/values.yaml b/addons/zookeeper/3.9/chart/zookeeper/values.yaml index 0a74af78..81e1b734 100644 --- a/addons/zookeeper/3.9/chart/zookeeper/values.yaml +++ b/addons/zookeeper/3.9/chart/zookeeper/values.yaml @@ -637,7 +637,15 @@ persistence: ## app: my-app ## selector: {} - +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted ## @section Volume Permissions parameters ## From 8ecd90270e791666c47919b6d7005e81ba34b9e2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 22 Dec 2023 13:37:27 +0800 Subject: [PATCH 040/176] chore(addons): update support --- .../10/chart/grafana/templates/_helpers.tpl | 22 +++ .../10/chart/grafana/templates/secret.yaml | 2 +- addons/grafana/10/chart/grafana/values.yaml | 2 +- addons/grafana/10/meta.yaml | 10 +- addons/grafana/10/plans/standard-5/bind.yaml | 15 +- .../15/chart/postgresql-cluster/Chart.yaml | 2 +- .../15/plans/standard-10/values.yaml | 2 +- .../15/plans/standard-100/values.yaml | 2 +- .../15/plans/standard-20/values.yaml | 2 +- .../15/plans/standard-200/values.yaml | 2 +- .../15/plans/standard-400/values.yaml | 2 +- .../15/plans/standard-800/values.yaml | 2 +- .../2/chart/prometheus/templates/_helpers.tpl | 24 ++- .../templates/server/configmap.yaml | 5 +- .../templates/server/deployment.yaml | 1 + .../prometheus/templates/server/sec.yaml | 2 +- .../prometheus/2/chart/prometheus/values.yaml | 40 +++-- addons/prometheus/2/meta.yaml | 16 +- .../prometheus/2/plans/standard-10/bind.yaml | 19 +-- .../2/plans/standard-10/values.yaml | 2 +- .../prometheus/2/plans/standard-100/bind.yaml | 23 +++ .../standard-100/create-instance-schema.json | 12 ++ .../prometheus/2/plans/standard-100/meta.yaml | 6 + .../2/plans/standard-100/values.yaml | 8 + .../prometheus/2/plans/standard-200/bind.yaml | 23 +++ .../standard-200/create-instance-schema.json | 12 ++ .../prometheus/2/plans/standard-200/meta.yaml | 6 + .../2/plans/standard-200/values.yaml | 8 + .../prometheus/2/plans/standard-50/bind.yaml | 19 +-- .../2/plans/standard-50/values.yaml | 2 +- .../prometheus/2/plans/standard-500/bind.yaml | 23 +++ .../standard-500/create-instance-schema.json | 12 ++ .../prometheus/2/plans/standard-500/meta.yaml | 6 + .../2/plans/standard-500/values.yaml | 8 + addons/prometheus/rules.yaml | 159 ++++++++++++++++++ 35 files changed, 438 insertions(+), 63 deletions(-) create mode 100644 addons/prometheus/2/plans/standard-100/bind.yaml create mode 100644 addons/prometheus/2/plans/standard-100/create-instance-schema.json create mode 100644 addons/prometheus/2/plans/standard-100/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-100/values.yaml create mode 100644 addons/prometheus/2/plans/standard-200/bind.yaml create mode 100644 addons/prometheus/2/plans/standard-200/create-instance-schema.json create mode 100644 addons/prometheus/2/plans/standard-200/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-200/values.yaml create mode 100644 addons/prometheus/2/plans/standard-500/bind.yaml create mode 100644 addons/prometheus/2/plans/standard-500/create-instance-schema.json create mode 100644 addons/prometheus/2/plans/standard-500/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-500/values.yaml create mode 100644 addons/prometheus/rules.yaml diff --git a/addons/grafana/10/chart/grafana/templates/_helpers.tpl b/addons/grafana/10/chart/grafana/templates/_helpers.tpl index 011ba817..ba7f9a04 100644 --- a/addons/grafana/10/chart/grafana/templates/_helpers.tpl +++ b/addons/grafana/10/chart/grafana/templates/_helpers.tpl @@ -57,6 +57,14 @@ Return the Grafana admin password key {{- end -}} {{- end -}} +{{- define "admin.passwordValue" -}} +{{- if .Values.admin.password }} + {{- .Values.admin.password -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "GF_SECURITY_ADMIN_PASSWORD") -}} +{{- end -}} +{{- end }} + {{/* Return true if a secret object should be created */}} @@ -67,6 +75,20 @@ Return true if a secret object should be created {{- end -}} {{- end -}} +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} +{{- $len := (default 16 .Length) | int -}} +{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $obj }} +{{- index $obj .Key | b64dec -}} +{{- else -}} +{{- randAlphaNum $len -}} +{{- end -}} +{{- end }} + {{/* Return the Grafana SMTP credentials secret */}} diff --git a/addons/grafana/10/chart/grafana/templates/secret.yaml b/addons/grafana/10/chart/grafana/templates/secret.yaml index bbe05846..645ebb05 100644 --- a/addons/grafana/10/chart/grafana/templates/secret.yaml +++ b/addons/grafana/10/chart/grafana/templates/secret.yaml @@ -11,6 +11,6 @@ metadata: app.kubernetes.io/component: grafana type: Opaque data: - GF_SECURITY_ADMIN_PASSWORD: {{ ternary (randAlphaNum 10) .Values.admin.password (empty .Values.admin.password) | b64enc | quote }} + GF_SECURITY_ADMIN_PASSWORD: {{ include "admin.passwordValue" . | b64enc | quote }} GF_SECURITY_ADMIN_USER: {{ .Values.admin.user | b64enc |quote }} {{- end }} diff --git a/addons/grafana/10/chart/grafana/values.yaml b/addons/grafana/10/chart/grafana/values.yaml index f18c0343..9b029425 100644 --- a/addons/grafana/10/chart/grafana/values.yaml +++ b/addons/grafana/10/chart/grafana/values.yaml @@ -575,7 +575,7 @@ serviceAccount: service: ## @param service.type Kubernetes Service type ## - type: ClusterIP + type: LoadBalancer ## @param service.clusterIP Grafana service Cluster IP ## e.g.: ## clusterIP: None diff --git a/addons/grafana/10/meta.yaml b/addons/grafana/10/meta.yaml index 224ca287..53031a14 100644 --- a/addons/grafana/10/meta.yaml +++ b/addons/grafana/10/meta.yaml @@ -1,5 +1,5 @@ -name: Grafana -version: 7.0 +name: grafana +version: "10" id: fff5b6c7-ed85-429b-8265-493e40cc53c7 description: "grafana" displayName: "grafana" @@ -9,12 +9,14 @@ metadata: name: drycc supportURL: http://grafana.io/ documentationURL: https://github.com/drycc-addons/ -tags: cloudbeaver +tags: grafana bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: +- name: "networkPolicy.allowNamespaces" + description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" archive: false diff --git a/addons/grafana/10/plans/standard-5/bind.yaml b/addons/grafana/10/plans/standard-5/bind.yaml index a41ae66e..ba4641b9 100644 --- a/addons/grafana/10/plans/standard-5/bind.yaml +++ b/addons/grafana/10/plans/standard-5/bind.yaml @@ -1,30 +1,29 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + {{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ printf "%s-router" (include "common.names.fullname" .) }} + name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-admin + name: {{ include "common.names.fullname" . }}-admin jsonpath: '{ .data.GF_SECURITY_ADMIN_PASSWORD }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-admin + name: {{ include "common.names.fullname" . }}-admin jsonpath: '{ .data.GF_SECURITY_ADMIN_USER }' - name: PORT valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }} jsonpath: '{ .spec.ports[?(@.name=="http")].port }' diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml index 375ae4fe..da518fb1 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml @@ -25,4 +25,4 @@ name: postgresql sources: - https://github.com/drycc-addons/ - https://www.postgresql.org/ -version: 15.3.1 +version: 15.4.1 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index 94917aff..fd8fd98f 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -72,5 +72,5 @@ resources: persistentVolume: enabled: true - size: 10G + size: 10Gi diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index 2f4c4841..90625a5d 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -72,4 +72,4 @@ resources: persistentVolume: enabled: true - size: 100G + size: 100Gi diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index 3ef08abf..fed1e2da 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -74,4 +74,4 @@ resources: persistentVolume: enabled: true - size: 20G + size: 20Gi diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index 5e9d641b..a0427d92 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -71,4 +71,4 @@ resources: persistentVolume: enabled: true - size: 200G + size: 200Gi diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml index b1afad1d..062ee7cb 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -72,4 +72,4 @@ resources: persistentVolume: enabled: true - size: 400G + size: 400Gi diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml index 3e88193a..c6efbfa0 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -72,4 +72,4 @@ resources: persistentVolume: enabled: true - size: 800G + size: 800Gi diff --git a/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl b/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl index 45a72ec7..9027a2ff 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl @@ -161,4 +161,26 @@ Get the Alertmanager configuration configmap. {{- else }} {{- include "prometheus.alertmanager.fullname" . -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{- define "server.passwordValue" -}} +{{- if .Values.server.password }} + {{- .Values.server.password -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "PASSWORD") -}} +{{- end -}} +{{- end }} + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} +{{- $len := (default 16 .Length) | int -}} +{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $obj }} +{{- index $obj .Key | b64dec -}} +{{- else -}} +{{- randAlphaNum $len -}} +{{- end -}} +{{- end }} \ No newline at end of file diff --git a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml index 3c9703e8..cbd54657 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml @@ -20,6 +20,7 @@ data: {{- include "common.tplvalues.render" (dict "value" .Values.server.configuration "context" $) | toYaml | nindent 4 }} {{ include "prometheus.serever.web.configmapKey" .}}: {{- include "common.tplvalues.render" (dict "value" .Values.server.webconfig "context" $) | toYaml | nindent 4 }} - rules.yaml: - {{- include "common.tplvalues.render" (dict "value" .Values.server.alertingRules "context" $) | toYaml | nindent 4 }} + rules.yaml: + {{- include "common.tplvalues.render" (dict "value" .Values.server.rules "context" $) | toYaml | nindent 4 }} + {{- end }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml index 026b0139..1d5bd7a2 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml @@ -114,6 +114,7 @@ spec: args: - "--config.file=/opt/drycc/prometheus/conf/{{ include "prometheus.server.configmapKey" . }}" - "--storage.tsdb.path={{ .Values.server.persistence.mountPath }}" + - "--storage.tsdb.retention.time={{ .Values.server.retentionDays }}" - "--storage.tsdb.retention.size={{ .Values.server.retentionSize }}" - "--log.level={{ .Values.server.logLevel }}" - "--log.format={{ .Values.server.logFormat }}" diff --git a/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml b/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml index fd0b368c..c538a98a 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml @@ -11,4 +11,4 @@ metadata: cluster-name: {{ template "prometheus.server.fullname" . }} type: Opaque data: - PASSWORD: {{ if .Values.password | default "" | ne "" }} {{ .Values.service.password | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }} + PASSWORD: {{ include "server.passwordValue" . | b64enc | quote }} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index f7f91f7e..a148e230 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -360,7 +360,7 @@ alertmanager: ingress: ## @param alertmanager.ingress.enabled Enable ingress record generation for Alertmanager ## - enabled: true + enabled: false ## @param alertmanager.ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -479,7 +479,7 @@ alertmanager: service: ## @param alertmanager.service.type Alertmanager service type ## - type: LoadBalancer + type: ClusterIP ## @param alertmanager.service.ports.http Alertmanager service HTTP port ## @param alertmanager.service.ports.cluster Alertmanager cluster HA port ## @@ -578,7 +578,7 @@ alertmanager: ## server: username: admin - password: admin + password: To6EJBHPUo image: registry: registry.drycc.cc repository: drycc-addons/prometheus @@ -626,6 +626,9 @@ server: {{- end }} scrape_configs: - job_name: prometheus + basic_auth: + username: {{ .Values.server.username }} + password: {{ .Values.server.password }} {{- include "prometheus.scrape_config" (dict "component" "server" "context" $) | nindent 4 }} {{- if .Values.alertmanager.enabled }} - job_name: alertmanager @@ -650,15 +653,29 @@ server: - scheme: HTTP static_configs: - targets: [ "{{ printf "%s.%s.svc.%s:%d" (include "prometheus.alertmanager.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain (int .Values.alertmanager.service.ports.http) }}" ] + {{- end }} rule_files: - rules.yaml - {{- end }} - - + ## @param server.alertingRules Prometheus alerting rules. This content will be stored in the the rules.yaml file and the content can be a template. ## ref: - ## - alertingRules: {} + ## + rules: | + {{` + groups: + - name: PG数据库-监控告警 + rules: + - alert: PostgresqlDown + expr: pg_up == 0 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql down (instance {{ $labels.instance }}) + description: "Postgresql instance is down\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + `}} + ## @param server.extraScrapeConfigs Promethus configuration, useful to declare new scrape_configs. This content will be merged with the 'server.configuration' value and stored in the the prometheus.yaml file. ## ref: ## @@ -932,7 +949,7 @@ server: logFormat: logfmt ## @param server.retention Metrics retention days ## - retention: 10d + retentionDays: 15d ## @param server.retentionSize Maximum size of metrics ## retentionSize: "0" @@ -1239,7 +1256,7 @@ server: ingress: ## @param server.ingress.enabled Enable ingress record generation for Prometheus ## - enabled: true + enabled: false ## @param server.ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -1357,7 +1374,7 @@ server: service: ## @param server.service.type Prometheus service type ## - type: LoadBalancer + type: ClusterIP ## @param server.service.ports.http Prometheus service HTTP port ## ports: @@ -1412,6 +1429,7 @@ server: ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## + persistence: ## @param server.persistence.enabled Enable persistence using Persistent Volume Claims. If you have multiple instances (server.repicacount > 1), please considere using an external storage service like Thanos or Grafana Mimir ## diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index 7ac5e2af..4f7d7ef2 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -13,12 +13,18 @@ tags: prometheus bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" -- name: "server.username" - description: "set username . default amdin" -- name: "server.username" - description: "set passsword . default amdin" +- name: "server.service.type" + description: "service type config for values.yaml" +- name: "alertmanager.enabled" + description: "alertmanager config for values.yaml" +- name: "server.retentionDays" + description: "retentionDays config for values.yaml default 15d" +- name: "server.retentionSize" + description: "retentionSize config for values.yaml default 0, unit MB, GB, TB" +- name: "server.rules" + description: "rules config for values.yaml" archive: false diff --git a/addons/prometheus/2/plans/standard-10/bind.yaml b/addons/prometheus/2/plans/standard-10/bind.yaml index e453fade..dd543b83 100644 --- a/addons/prometheus/2/plans/standard-10/bind.yaml +++ b/addons/prometheus/2/plans/standard-10/bind.yaml @@ -1,24 +1,23 @@ credential: {{- if (eq .Values.server.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: - serviceRef: - name: {{ include "common.names.fullname" . }} + serviceRef: + name: {{ template "prometheus.server.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' -{{- else if (eq .Values.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ template "prometheus.server.fullname" . }} jsonpath: '{ .spec.clusterIP }' -{{- end }} - name: PORT valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }} + name: {{ template "prometheus.server.fullname" . }} jsonpath: ' { .spec.ports[?(@.name=="http")].port }' - name: USER - valule: {{ .Values.server.username }} + value: {{ .Values.server.username }} - name: PASSWORD - valule: {{ .Values.server.password }} - {{- end }} + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-10/values.yaml b/addons/prometheus/2/plans/standard-10/values.yaml index 796ae97e..06e89f6a 100644 --- a/addons/prometheus/2/plans/standard-10/values.yaml +++ b/addons/prometheus/2/plans/standard-10/values.yaml @@ -5,4 +5,4 @@ fullnameOverride: hb-prometheus-standard-10 server: persistence: size: 10Gi - retentionSize: 8Gi \ No newline at end of file + # retentionSize: 8GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-100/bind.yaml b/addons/prometheus/2/plans/standard-100/bind.yaml new file mode 100644 index 00000000..668c5cdf --- /dev/null +++ b/addons/prometheus/2/plans/standard-100/bind.yaml @@ -0,0 +1,23 @@ +credential: +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.server.username }} + - name: PASSWORD + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-100/create-instance-schema.json b/addons/prometheus/2/plans/standard-100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-100/meta.yaml b/addons/prometheus/2/plans/standard-100/meta.yaml new file mode 100644 index 00000000..fdc3185e --- /dev/null +++ b/addons/prometheus/2/plans/standard-100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-100" +id: 118aada0-4826-4dba-83d8-989fbf47c55a +description: "Prometheus Cluster standard-100 plan persistence size 100Gi." +displayName: "100Gi" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-100/values.yaml b/addons/prometheus/2/plans/standard-100/values.yaml new file mode 100644 index 00000000..7e8b3d46 --- /dev/null +++ b/addons/prometheus/2/plans/standard-100/values.yaml @@ -0,0 +1,8 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-100 + +server: + persistence: + size: 100Gi + # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-200/bind.yaml b/addons/prometheus/2/plans/standard-200/bind.yaml new file mode 100644 index 00000000..668c5cdf --- /dev/null +++ b/addons/prometheus/2/plans/standard-200/bind.yaml @@ -0,0 +1,23 @@ +credential: +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.server.username }} + - name: PASSWORD + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-200/create-instance-schema.json b/addons/prometheus/2/plans/standard-200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-200/meta.yaml b/addons/prometheus/2/plans/standard-200/meta.yaml new file mode 100644 index 00000000..ddc6523c --- /dev/null +++ b/addons/prometheus/2/plans/standard-200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-200" +id: be99a35d-dbb4-4e17-8b27-1f00c5bca057 +description: "Prometheus Cluster standard-200 plan persistence size 200Gi." +displayName: "200Gi" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-200/values.yaml b/addons/prometheus/2/plans/standard-200/values.yaml new file mode 100644 index 00000000..c5f2a7e5 --- /dev/null +++ b/addons/prometheus/2/plans/standard-200/values.yaml @@ -0,0 +1,8 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-200 + +server: + persistence: + size: 200Gi + # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-50/bind.yaml index e453fade..668c5cdf 100644 --- a/addons/prometheus/2/plans/standard-50/bind.yaml +++ b/addons/prometheus/2/plans/standard-50/bind.yaml @@ -1,24 +1,23 @@ credential: {{- if (eq .Values.server.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: - serviceRef: - name: {{ include "common.names.fullname" . }} + serviceRef: + name: {{ template "prometheus.server.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' -{{- else if (eq .Values.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ template "prometheus.server.fullname" . }} jsonpath: '{ .spec.clusterIP }' -{{- end }} - name: PORT valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }} + name: {{ template "prometheus.server.fullname" . }} jsonpath: ' { .spec.ports[?(@.name=="http")].port }' - name: USER - valule: {{ .Values.server.username }} + value: {{ .Values.server.username }} - name: PASSWORD - valule: {{ .Values.server.password }} - {{- end }} + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-50/values.yaml b/addons/prometheus/2/plans/standard-50/values.yaml index 69caeefa..b59af0aa 100644 --- a/addons/prometheus/2/plans/standard-50/values.yaml +++ b/addons/prometheus/2/plans/standard-50/values.yaml @@ -5,4 +5,4 @@ fullnameOverride: hb-prometheus-standard-50 server: persistence: size: 50Gi - retentionSize: 48Gi \ No newline at end of file + # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-500/bind.yaml b/addons/prometheus/2/plans/standard-500/bind.yaml new file mode 100644 index 00000000..668c5cdf --- /dev/null +++ b/addons/prometheus/2/plans/standard-500/bind.yaml @@ -0,0 +1,23 @@ +credential: +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.server.username }} + - name: PASSWORD + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-500/create-instance-schema.json b/addons/prometheus/2/plans/standard-500/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-500/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-500/meta.yaml b/addons/prometheus/2/plans/standard-500/meta.yaml new file mode 100644 index 00000000..d58ee8e0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-500/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-500" +id: c28dc645-f17d-4304-a3f9-5dcaabad2a49 +description: "Prometheus Cluster standard-500 plan persistence size 500Gi." +displayName: "500Gi" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-500/values.yaml b/addons/prometheus/2/plans/standard-500/values.yaml new file mode 100644 index 00000000..2b8e6318 --- /dev/null +++ b/addons/prometheus/2/plans/standard-500/values.yaml @@ -0,0 +1,8 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-500 + +server: + persistence: + size: 500Gi + # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/rules.yaml b/addons/prometheus/rules.yaml new file mode 100644 index 00000000..fe3d5a18 --- /dev/null +++ b/addons/prometheus/rules.yaml @@ -0,0 +1,159 @@ +server: + rules: |- + {{` + groups: + - name: PG数据库-监控告警 + rules: + - alert: PostgresqlDown + expr: pg_up == 0 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql down (instance {{ $labels.instance }}) + description: "Postgresql instance is down\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlRestarted + expr: time() - pg_postmaster_start_time_seconds < 60 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql restarted (instance {{ $labels.instance }}) + description: "Postgresql restarted\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlExporterError + expr: pg_exporter_last_scrape_error > 0 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql exporter error (instance {{ $labels.instance }}) + description: "Postgresql exporter is showing errors. A query may be buggy in query.yaml\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlTableNotAutoVacuumed + expr: (pg_stat_user_tables_last_autovacuum > 0) and (time() - pg_stat_user_tables_last_autovacuum) > 60 * 60 * 24 * 10 + for: 0m + labels: + severity: warning + annotations: + summary: Postgresql table not auto vacuumed (instance {{ $labels.instance }}) + description: "Table {{ $labels.relname }} has not been auto vacuumed for 10 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlTableNotAutoAnalyzed + expr: (pg_stat_user_tables_last_autoanalyze > 0) and (time() - pg_stat_user_tables_last_autoanalyze) > 24 * 60 * 60 * 10 + for: 0m + labels: + severity: warning + annotations: + summary: Postgresql table not auto analyzed (instance {{ $labels.instance }}) + description: "Table {{ $labels.relname }} has not been auto analyzed for 10 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlTooManyConnections + expr: sum by (datname) (pg_stat_activity_count{datname!~"template.*|postgres"}) > pg_settings_max_connections * 0.8 + for: 2m + labels: + severity: warning + annotations: + summary: Postgresql too many connections (instance {{ $labels.instance }}) + description: "PostgreSQL instance has too many connections (> 80%).\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlNotEnoughConnections + expr: sum by (datname) (pg_stat_activity_count{datname!~"template.*|postgres"}) < 5 + for: 2m + labels: + severity: warning + annotations: + summary: Postgresql not enough connections (instance {{ $labels.instance }}) + description: "PostgreSQL instance should have more connections (> 5)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlDeadLocks + expr: increase(pg_stat_database_deadlocks{datname!~"template.*|postgres"}[1m]) > 5 + for: 0m + labels: + severity: warning + annotations: + summary: Postgresql dead locks (instance {{ $labels.instance }}) + description: "PostgreSQL has dead-locks\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlHighRollbackRate + expr: sum by (namespace,datname) ((rate(pg_stat_database_xact_rollback{datname!~"template.*|postgres",datid!="0"}[3m])) / ((rate(pg_stat_database_xact_rollback{datname!~"template.*|postgres",datid!="0"}[3m])) + (rate(pg_stat_database_xact_commit{datname!~"template.*|postgres",datid!="0"}[3m])))) > 0.02 + for: 0m + labels: + severity: warning + annotations: + summary: Postgresql high rollback rate (instance {{ $labels.instance }}) + description: "Ratio of transactions being aborted compared to committed is > 2 %\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlCommitRateLow + expr: rate(pg_stat_database_xact_commit[1m]) < 10 + for: 2m + labels: + severity: critical + annotations: + summary: Postgresql commit rate low (instance {{ $labels.instance }}) + description: "Postgresql seems to be processing very few transactions\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlLowXidConsumption + expr: rate(pg_txid_current[1m]) < 5 + for: 2m + labels: + severity: warning + annotations: + summary: Postgresql low XID consumption (instance {{ $labels.instance }}) + description: "Postgresql seems to be consuming transaction IDs very slowly\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlHighRateStatementTimeout + expr: rate(postgresql_errors_total{type="statement_timeout"}[1m]) > 3 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql high rate statement timeout (instance {{ $labels.instance }}) + description: "Postgres transactions showing high rate of statement timeouts\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlHighRateDeadlock + expr: increase(postgresql_errors_total{type="deadlock_detected"}[1m]) > 1 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql high rate deadlock (instance {{ $labels.instance }}) + description: "Postgres detected deadlocks\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlUnusedReplicationSlot + expr: pg_replication_slots_active == 0 + for: 1m + labels: + severity: warning + annotations: + summary: Postgresql unused replication slot (instance {{ $labels.instance }}) + description: "Unused Replication Slots\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlTooManyDeadTuples + expr: ((pg_stat_user_tables_n_dead_tup > 10000) / (pg_stat_user_tables_n_live_tup + pg_stat_user_tables_n_dead_tup)) >= 0.1 + for: 2m + labels: + severity: warning + annotations: + summary: Postgresql too many dead tuples (instance {{ $labels.instance }}) + description: "PostgreSQL dead tuples is too large\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlConfigurationChanged + expr: '{__name__=~"pg_settings_.*"} != ON(__name__) {__name__=~"pg_settings_([^t]|t[^r]|tr[^a]|tra[^n]|tran[^s]|trans[^a]|transa[^c]|transac[^t]|transact[^i]|transacti[^o]|transactio[^n]|transaction[^_]|transaction_[^r]|transaction_r[^e]|transaction_re[^a]|transaction_rea[^d]|transaction_read[^_]|transaction_read_[^o]|transaction_read_o[^n]|transaction_read_on[^l]|transaction_read_onl[^y]).* "} OFFSET 5m' + for: 0m + labels: + severity: info + annotations: + summary: Postgresql configuration changed (instance {{ $labels.instance }}) + description: "Postgres Database configuration change has occurred\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlSslCompressionActive + expr: sum(pg_stat_ssl_compression) > 0 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql SSL compression active (instance {{ $labels.instance }}) + description: "Database connections with SSL compression enabled. This may add significant jitter in replication delay. in recovery.conf.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + `}} \ No newline at end of file From 55d5e3307aafca4d86b0813310ab43973252bbc8 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 22 Dec 2023 14:00:13 +0800 Subject: [PATCH 041/176] megre(addons): megre from upstream --- .../15/chart/postgresql-cluster/README.md | 11 +---------- .../postgresql-cluster/templates/_helpers.tpl | 4 ---- .../postgresql-cluster/templates/cm-backup.yaml | 14 +------------- .../15/chart/postgresql-cluster/templates/sec.yaml | 7 +------ .../postgresql-cluster/templates/statefulset.yaml | 5 ----- .../15/chart/postgresql-cluster/values.yaml | 7 ++----- .../15/plans/standard-10/bind.yaml | 5 +---- .../15/plans/standard-50/meta.yaml | 4 ---- 8 files changed, 6 insertions(+), 51 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 59cf8250..4dd6522d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -71,7 +71,6 @@ backup: - Login database web with admin user & password -<<<<<<< HEAD - Change administrator initial password ``` ALTER USER administrator WITH ENCRYPTED PASSWORD 'newpassword'; @@ -88,15 +87,7 @@ GRANT `myuser` to administrator ; - CREATE APP DATABASE ``` CREATE DATABASE `mydb` OWNER `myuser`; -======= -- CREATE APP USER -``` -CREATE USER `my_user` WITH CONNECTION LIMIT `conn_limit` LOGIN ENCRYPTED PASSWORD 'password'; -``` -- CREATE APP DATABASE -``` -CREATE DATABASE `my_db` OWNER `my_user`; ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + ``` - CREATE EXTENSIONS ``` diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index ad84a3b0..bb67a496 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -189,11 +189,7 @@ Get the administrator password ; {{- if .Values.adminRole.password }} {{- .Values.adminRole.password -}} {{- else -}} -<<<<<<< HEAD {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "admin-password") -}} -======= - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd {{- end -}} {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml index 601a4f03..62cb7596 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml @@ -1,7 +1,3 @@ -<<<<<<< HEAD -======= -{{- if (include "backup.createConfigmap" .) }} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd apiVersion: v1 kind: ConfigMap metadata: @@ -17,13 +13,5 @@ metadata: {{- end }} data: backup.env: |- -<<<<<<< HEAD {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} -======= - {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} - # archive_command.sh: | - - # #/bin/bash - # source backup.env - # [ $USE_WALG ] ? sh /opt/drycc/postgresql/walbackup.sh %p : /bin/true -{{- end -}} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 9bd002e3..c2e13055 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -14,10 +14,5 @@ data: password-superuser: {{ include "credentials.superuserValue" . | b64enc | quote }} password-rewind: {{ include "credentials.rewindValue" . | b64enc | quote }} password-replication: {{ include "credentials.replicationValue" . | b64enc | quote }} -<<<<<<< HEAD admin-user: {{ .Values.adminRole.username | b64enc | quote }} - admin-password: {{ include "adminRole.passwordValue" . | b64enc | quote }} -======= - admin-user: {{ .Values.adminRole.username | b64enc }} - admin-password: {{ .Values.adminRole.password | b64enc }} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + admin-password: {{ include "adminRole.passwordValue" . | b64enc | quote }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 66c979cd..0dad1437 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -161,11 +161,6 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} -<<<<<<< HEAD - -======= - {{- if .Values.backup.enabled }} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd - name: {{ .Chart.Name }}-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index cd40d29a..d15aa52a 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -124,13 +124,10 @@ postInitScript: | psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor;create extension pg_stat_statements;create extension pg_buffercache ;" # Create admin user if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then -<<<<<<< HEAD + echo "Creating user ${ADMIN_USER}" psql -w -c "CREATE USER ${ADMIN_USER} WITH SUPERUSER CREATEDB CREATEROLE CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" -======= - echo "Creating user ${ADMIN_USER}" - # psql -w -c "CREATE USER ${ADMIN_USER} WITH NOSUPERUSER CREATEDB CREATEROLE REPLICATION CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + else echo "Skipping create admin user" fi diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index 11bbb4e1..e41b7b31 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -32,10 +32,7 @@ credential: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.admin-user }' - name: PORT -<<<<<<< HEAD value: 5432 - name: DADABASE value: postgres -======= - value: 5432 ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml index 7586884a..a194f7ef 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml @@ -1,10 +1,6 @@ name: "standard-50" id: 0542f411-4e7b-46af-966c-c9989e54873c -<<<<<<< HEAD description: "PostgreSQL Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" -======= -description: "PostgreSQL standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd displayName: "standard-50" bindable: true maximum_polling_duration: 1800 From 1965e9b4f4a5d27ea539445d1e17d3b1cb0464d2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 2 Jan 2024 14:33:56 +0800 Subject: [PATCH 042/176] chore(postgresql-cluster): reset wal retain size --- .../15/chart/postgresql-cluster/values.yaml | 1 - .../postgresql-cluster/15/plans/standard-10/values.yaml | 4 ++-- .../postgresql-cluster/15/plans/standard-100/values.yaml | 8 ++++---- .../postgresql-cluster/15/plans/standard-20/values.yaml | 4 ++-- .../postgresql-cluster/15/plans/standard-200/values.yaml | 8 ++++---- .../postgresql-cluster/15/plans/standard-400/values.yaml | 8 ++++---- .../postgresql-cluster/15/plans/standard-50/values.yaml | 4 ++-- .../postgresql-cluster/15/plans/standard-800/values.yaml | 8 ++++---- 8 files changed, 22 insertions(+), 23 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index d15aa52a..b32ab391 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -72,7 +72,6 @@ preInitScript: | hot_standby: "on" max_connections: 1005 max_worker_processes: 8 - wal_keep_segments: 1024 max_wal_senders: 10 max_replication_slots: 10 max_prepared_transactions: 0 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index fd8fd98f..adf735cd 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -28,7 +28,7 @@ postgresql: # Checkpointing: checkpoint_timeout = '15 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' + max_wal_size = '1 GB' min_wal_size = '512 MB' # WAL writing @@ -36,7 +36,7 @@ postgresql: wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '1 GB' # Background writer bgwriter_delay = 200ms diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index 90625a5d..97b6efe0 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -26,17 +26,17 @@ postgresql: synchronous_commit = on # Checkpointing: - checkpoint_timeout = '15 min' + checkpoint_timeout = '25 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' - min_wal_size = '512 MB' + max_wal_size = '4 GB' + min_wal_size = '2 GB' # WAL writing wal_compression = on wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '4 GB' # Background writer diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index fed1e2da..b0f465d2 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -28,7 +28,7 @@ postgresql: # Checkpointing: checkpoint_timeout = '15 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' + max_wal_size = '2 GB' min_wal_size = '512 MB' @@ -37,7 +37,7 @@ postgresql: wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '1 GB' # Background writer diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index a0427d92..24ca6659 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -26,17 +26,17 @@ postgresql: synchronous_commit = on # Checkpointing: - checkpoint_timeout = '15 min' + checkpoint_timeout = '25 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' - min_wal_size = '512 MB' + max_wal_size = '5 GB' + min_wal_size = '3 GB' # WAL writing wal_compression = on wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '5 GB' # Background writer bgwriter_delay = 200ms diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml index 062ee7cb..44d572d8 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -26,17 +26,17 @@ postgresql: synchronous_commit = on # Checkpointing: - checkpoint_timeout = '15 min' + checkpoint_timeout = '30 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' - min_wal_size = '512 MB' + max_wal_size = '6 GB' + min_wal_size = '2 GB' # WAL writing wal_compression = on wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '10 GB' # Background writer bgwriter_delay = 200ms diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml index 046e87ea..c911400d 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -28,7 +28,7 @@ postgresql: # Checkpointing: checkpoint_timeout = '15 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' + max_wal_size = '2 GB' min_wal_size = '512 MB' # WAL writing @@ -36,7 +36,7 @@ postgresql: wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '3 GB' # Background writer diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml index c6efbfa0..4c62936e 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -26,17 +26,17 @@ postgresql: synchronous_commit = on # Checkpointing: - checkpoint_timeout = '15 min' + checkpoint_timeout = '30 min' checkpoint_completion_target = 0.9 - max_wal_size = '10240 MB' - min_wal_size = '5120 MB' + max_wal_size = '8 GB' + min_wal_size = '4 GB' # WAL writing wal_compression = on wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '22080 MB' + wal_keep_size = '10 GB' # Background writer bgwriter_delay = 200ms From a3e38686bd3a356614065b1484e11c5dae06d064 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 11 Jan 2024 09:35:37 +0800 Subject: [PATCH 043/176] chore(postgresql-cluster):add hugepages-2Mi limit in plans --- addons/postgresql-cluster/15/plans/standard-100/values.yaml | 1 + addons/postgresql-cluster/15/plans/standard-200/values.yaml | 1 + addons/postgresql-cluster/15/plans/standard-400/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-50/values.yaml | 3 ++- addons/postgresql-cluster/15/plans/standard-800/values.yaml | 2 +- 5 files changed, 6 insertions(+), 3 deletions(-) diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index 97b6efe0..fff5cf6a 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -66,6 +66,7 @@ resources: limits: cpu: 4000m memory: 16Gi + hugepages-2Mi: 50Mi requests: cpu: 4000m memory: 16Gi diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index 24ca6659..097a65b6 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -65,6 +65,7 @@ resources: limits: cpu: 8000m memory: 32Gi + hugepages-2Mi: 60Mi requests: cpu: 8000m memory: 32Gi diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml index 44d572d8..3dd25a18 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -65,7 +65,7 @@ resources: limits: cpu: 16000m memory: 64Gi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 40Mi requests: cpu: 16000m memory: 64Gi diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml index c911400d..4712cacb 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -66,10 +66,11 @@ resources: limits: cpu: 2000m memory: 8Gi + hugepages-2Mi: 20Mi requests: cpu: 2000m memory: 8Gi persistentVolume: enabled: true - size: 50G + size: 50Gi diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml index 4c62936e..a91fe646 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -65,7 +65,7 @@ resources: limits: cpu: 32000m memory: 128Gi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 80Mi requests: cpu: 32000m memory: 128Gi From 6e6c35485120be392059b32f127dae01e7dc6313 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 18 Jan 2024 09:56:36 +0800 Subject: [PATCH 044/176] chore(addons): alter cloudbeaver plan to 10, prometheus add hotupdate param --- .../23/plans/{standard-5 => standard-10}/bind.yaml | 0 .../create-instance-schema.json | 0 .../23/plans/{standard-5 => standard-10}/meta.yaml | 0 .../23/plans/{standard-5 => standard-10}/values.yaml | 2 +- .../chart/postgresql-cluster/templates/statefulset.yaml | 5 +++++ .../15/chart/postgresql-cluster/values.yaml | 9 +++++++++ .../2/chart/prometheus/templates/server/deployment.yaml | 1 + 7 files changed, 16 insertions(+), 1 deletion(-) rename addons/cloudbeaver/23/plans/{standard-5 => standard-10}/bind.yaml (100%) rename addons/cloudbeaver/23/plans/{standard-5 => standard-10}/create-instance-schema.json (100%) rename addons/cloudbeaver/23/plans/{standard-5 => standard-10}/meta.yaml (100%) rename addons/cloudbeaver/23/plans/{standard-5 => standard-10}/values.yaml (99%) diff --git a/addons/cloudbeaver/23/plans/standard-5/bind.yaml b/addons/cloudbeaver/23/plans/standard-10/bind.yaml similarity index 100% rename from addons/cloudbeaver/23/plans/standard-5/bind.yaml rename to addons/cloudbeaver/23/plans/standard-10/bind.yaml diff --git a/addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json b/addons/cloudbeaver/23/plans/standard-10/create-instance-schema.json similarity index 100% rename from addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json rename to addons/cloudbeaver/23/plans/standard-10/create-instance-schema.json diff --git a/addons/cloudbeaver/23/plans/standard-5/meta.yaml b/addons/cloudbeaver/23/plans/standard-10/meta.yaml similarity index 100% rename from addons/cloudbeaver/23/plans/standard-5/meta.yaml rename to addons/cloudbeaver/23/plans/standard-10/meta.yaml diff --git a/addons/cloudbeaver/23/plans/standard-5/values.yaml b/addons/cloudbeaver/23/plans/standard-10/values.yaml similarity index 99% rename from addons/cloudbeaver/23/plans/standard-5/values.yaml rename to addons/cloudbeaver/23/plans/standard-10/values.yaml index 920f16ca..dee9c848 100644 --- a/addons/cloudbeaver/23/plans/standard-5/values.yaml +++ b/addons/cloudbeaver/23/plans/standard-10/values.yaml @@ -51,7 +51,7 @@ persistence: - ReadWriteOnce ## @param primary.persistence.size MySQL primary persistent volume size ## - size: 5Gi + size: 10Gi ## @param primary.persistence.selector Selector to match an existing Persistent Volume ## selector: ## matchLabels: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 0dad1437..61881313 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -229,6 +229,11 @@ spec: - name: storage-volume emptyDir: {} {{- end }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} {{- if .Values.persistentVolume.enabled }} volumeClaimTemplates: - metadata: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index b32ab391..857ee44d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -277,6 +277,15 @@ backup: awsS3ForcePathStyle: "true" awsRegion: dx-1 +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete persistentVolume: enabled: true size: 10G diff --git a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml index 12480ad1..d8ecaa9f 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml @@ -122,6 +122,7 @@ spec: - "--web.console.libraries=/opt/drycc/prometheus/conf/console_libraries" - "--web.console.templates=/opt/drycc/prometheus/conf/consoles" - "--web.config.file=/opt/drycc/prometheus/conf/web-config.yaml" + - "--web.enable-lifecycle" {{- if .Values.server.enableAdminAPI}} - "--web.enable-admin-api" {{- end }} From 739675b98b85952772d460b43b790b6841200319 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 23 Jan 2024 10:28:41 +0800 Subject: [PATCH 045/176] chore(mysql-cluster): adjust bind params --- .../8.0/chart/mysql-cluster/Chart.yaml | 4 +- .../templates/cluster/deployments.yaml | 41 +++++++++++++++++++ .../mysql-cluster/templates/cluster/job.yaml | 3 +- .../mysql-cluster/templates/secrets.yaml | 4 +- .../8.0/chart/mysql-cluster/values.yaml | 8 ++-- addons/mysql-cluster/8.0/meta.yaml | 4 +- .../8.0/plans/standard-10/bind.yaml | 17 +++----- .../8.0/plans/standard-10/values.yaml | 4 +- .../8.0/plans/standard-100/bind.yaml | 19 ++++----- .../8.0/plans/standard-20/bind.yaml | 17 +++----- .../8.0/plans/standard-200/bind.yaml | 17 +++----- .../8.0/plans/standard-400/bind.yaml | 17 +++----- .../8.0/plans/standard-50/bind.yaml | 17 +++----- .../8.0/plans/standard-800/bind.yaml | 17 +++----- 14 files changed, 99 insertions(+), 90 deletions(-) create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/Chart.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/Chart.yaml index 634f9453..8b3d99c5 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/Chart.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/Chart.yaml @@ -1,7 +1,7 @@ annotations: category: Database apiVersion: v2 -appVersion: 8.0.30 +appVersion: 8.0.35 dependencies: - name: common repository: oci://registry.drycc.cc/charts @@ -25,4 +25,4 @@ name: mysql sources: - https://github.com/drycc/containers/tree/main/drycc/mysql - https://mysql.com -version: 9.3.5 +version: 8.0.35 diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml new file mode 100644 index 00000000..ef626420 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml @@ -0,0 +1,41 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mysql.cluster.fullname" . }}-tools + namespace: {{ include "common.names.namespace" . | quote }} +spec: + replicas: 1 + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mysql-cluster-tools + + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mysql-cluster-tools + + spec: + containers: + - name: cluster-tools + image: {{ include "cluster.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + sleep infinity + env: + - name: MYSQL_MASTER_PORT_NUMBER + value: {{ .Values.primary.service.ports.mysql | quote }} + - name: MYSQL_MASTER_ROOT_USER + value: "root" + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-root-password diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml index a922a4c4..88365d71 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml @@ -67,7 +67,8 @@ spec: " > /tmp/slave.sql mysql -h${HOST_1} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/slave.sql mysql -h${HOST_2} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/slave.sql - + mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "GRANT ALL PRIVILEGES ON *.* TO administrator@'%' WITH GRANT OPTION;flush privileges;" + env: - name: DRYCC_DEBUG value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/secrets.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/secrets.yaml index c51cfb39..75c6bf5e 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/secrets.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/secrets.yaml @@ -46,7 +46,7 @@ metadata: {{- end }} type: servicebinding.io/mysql data: - provider: {{ print "bitnami" | b64enc | quote }} + provider: {{ print "drycc" | b64enc | quote }} type: {{ print "mysql" | b64enc | quote }} host: {{ print $host | b64enc | quote }} port: {{ print $port | b64enc | quote }} @@ -60,7 +60,7 @@ data: apiVersion: v1 kind: Secret metadata: - name: {{ include "common.names.fullname" . }}-svcbind-custom-user + name: {{ include "common.names.fullname" . }}-svcbind-administrator-user namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 2c70143b..031cbe43 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -113,11 +113,11 @@ auth: ## @param auth.database Name for a custom database to create ## ref: https://github.com/drycc/containers/tree/main/drycc/mysql#creating-a-database-on-first-run ## - database: "mx_database" + database: "mondb" ## @param auth.username Name for a custom user to create ## ref: https://github.com/drycc/containers/tree/main/drycc/mysql#creating-a-database-user-on-first-run ## - username: "mx111" + username: "administrator" ## @param auth.password Password for the new user. Ignored if existing secret is provided ## password: "" @@ -127,7 +127,7 @@ auth: replicationUser: replicator ## @param auth.replicationPassword MySQL replication user password. Ignored if existing secret is provided ## - replicationPassword: "user4_repUU" + replicationPassword: "" ## @param auth.existingSecret Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` ## NOTE: When it's set the auth.rootPassword, auth.password, auth.replicationPassword are ignored. ## @@ -244,6 +244,7 @@ primary: disabled_storage_engines="MyISAM,BLACKHOLE,FEDERATED,ARCHIVE,MEMORY" sql_require_primary_key=ON log_error_suppression_list='MY-013360' + binlog_transaction_dependency_tracking=WRITESET # Replication log_bin=mysql-bin @@ -603,6 +604,7 @@ cluster: digest: "" pullPolicy: IfNotPresent + router: ## @param router.name Name of the router ## diff --git a/addons/mysql-cluster/8.0/meta.yaml b/addons/mysql-cluster/8.0/meta.yaml index 5af39a4c..273e3a55 100644 --- a/addons/mysql-cluster/8.0/meta.yaml +++ b/addons/mysql-cluster/8.0/meta.yaml @@ -13,7 +13,7 @@ tags: mysql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: - name: "networkPolicy.allowNamespaces" required: false @@ -21,4 +21,4 @@ allow_parameters: - name: "router.service.type" required: false description: "service type config for values.yaml" -archive: false +archive: false \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml index f90075a8..5e2e6f5d 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml @@ -16,10 +16,10 @@ primary: resources: limits: cpu: 1000m - memory: 1024Mi + memory: 2048Mi requests: cpu: 1000m - memory: 1024Mi + memory: 2048Mi ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml index 3ec3ed37..1bb7d8b5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' + {{- end }} - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file From d120aa803377aeaa74a296d0e66009c69306bb1b Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 23 Jan 2024 15:45:30 +0800 Subject: [PATCH 046/176] chore(postgresql-cluster): add plan 4t --- .../15/plans/standard-4t/bind.yaml | 37 +++++++++ .../standard-4t/create-instance-schema.json | 12 +++ .../15/plans/standard-4t/meta.yaml | 6 ++ .../15/plans/standard-4t/values.yaml | 75 +++++++++++++++++++ 4 files changed, 130 insertions(+) create mode 100644 addons/postgresql-cluster/15/plans/standard-4t/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-4t/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-4t/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-4t/bind.yaml b/addons/postgresql-cluster/15/plans/standard-4t/bind.yaml new file mode 100644 index 00000000..0283dff3 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-4t/bind.yaml @@ -0,0 +1,37 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml b/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml new file mode 100644 index 00000000..208f253c --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4t" +id: 138f8059-a3f6-4efe-a210-09d9ff00f9a9 +description: "PostgreSQL Cluster standard-4t plan: Disk 4Ti ,vCPUs 32 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-4t" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml new file mode 100644 index 00000000..d4046150 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-800 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '16384 MB' + work_mem = '256 MB' + maintenance_work_mem = '2048 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '45 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '30 min' + checkpoint_completion_target = 0.9 + max_wal_size = '32 GB' + min_wal_size = '16 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '60 GB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 32 + max_parallel_workers_per_gather = 16 + max_parallel_maintenance_workers = 16 + max_parallel_workers = 32 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 32000m + memory: 64Gi + hugepages-2Mi: 80Mi + requests: + cpu: 32000m + memory: 64Gi + +persistentVolume: + enabled: true + size: 4Ti From b573f917c03baf7e1b56d398f4b3270e8235d06c Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 21 Feb 2024 11:56:51 +0800 Subject: [PATCH 047/176] chore(postgresql-cluster): adjust pg params & monitor user privilege --- .../15/chart/postgresql-cluster/values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 857ee44d..02f9bdfa 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -57,6 +57,7 @@ preInitScript: | loop_wait: 10 retry_timeout: 10 maximum_lag_on_failover: 1048576 + failsafe_mode: true postgresql: use_pg_rewind: true use_slots: true @@ -74,6 +75,7 @@ preInitScript: | max_worker_processes: 8 max_wal_senders: 10 max_replication_slots: 10 + hot_standby_feedback: on max_prepared_transactions: 0 max_locks_per_transaction: 64 wal_log_hints: "on" @@ -120,7 +122,7 @@ postInitScript: | #!/bin/bash set -Eeu # Create monitor user - psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor;create extension pg_stat_statements;create extension pg_buffercache ;" + psql -w -c "CREATE USER tea_mon ;GRANT pg_monitor TO tea_mon ;create extension pg_stat_statements;create extension pg_buffercache ;" # Create admin user if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then From d00010ff498085e5df4a5d5cd657b9f097423546 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 21 Feb 2024 14:44:26 +0800 Subject: [PATCH 048/176] chore(mysql-cluster): set persistentVolumeClaimRetentionPolicy deleted --- .../chart/mysql-cluster/templates/primary/statefulset.yaml | 5 +++++ addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 4 ++++ addons/mysql-cluster/8.0/plans/standard-10/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-10/values.yaml | 6 +++--- addons/mysql-cluster/8.0/plans/standard-100/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-20/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-200/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-400/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-50/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-800/bind.yaml | 5 ++--- 10 files changed, 26 insertions(+), 24 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 24302e10..a5ffa045 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -369,6 +369,11 @@ spec: - name: data emptyDir: {} {{- else if and .Values.primary.persistence.enabled (not .Values.primary.persistence.existingClaim) }} + {{- if .Values.primary.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.primary.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.primary.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: data diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 031cbe43..1f460ecf 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -474,6 +474,10 @@ primary: ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete persistence: ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir ## diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml index 5e2e6f5d..198b5253 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml @@ -16,11 +16,11 @@ primary: resources: limits: cpu: 1000m - memory: 2048Mi + memory: 4Gi requests: cpu: 1000m - memory: 2048Mi - + memory: 4Gi + ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml index 1bb7d8b5..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: From 104fec2249bdf7aa74e0d8747464c523d09c705f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 26 Feb 2024 17:17:23 +0800 Subject: [PATCH 049/176] chore(mysql-cluster): persistence group_replication_group_name after greate new cluster --- .../mysql-cluster/charts/common/.helmignore | 22 +++ .../mysql-cluster/charts/common/Chart.yaml | 9 + .../charts/common/templates/_affinities.tpl | 139 +++++++++++++ .../charts/common/templates/_capabilities.tpl | 185 ++++++++++++++++++ .../charts/common/templates/_errors.tpl | 28 +++ .../charts/common/templates/_images.tpl | 101 ++++++++++ .../charts/common/templates/_ingress.tpl | 73 +++++++ .../charts/common/templates/_labels.tpl | 39 ++++ .../charts/common/templates/_names.tpl | 71 +++++++ .../charts/common/templates/_secrets.tpl | 172 ++++++++++++++++ .../charts/common/templates/_storage.tpl | 28 +++ .../charts/common/templates/_tplvalues.tpl | 38 ++++ .../charts/common/templates/_utils.tpl | 67 +++++++ .../charts/common/templates/_warnings.tpl | 19 ++ .../templates/validations/_cassandra.tpl | 77 ++++++++ .../common/templates/validations/_mariadb.tpl | 108 ++++++++++ .../common/templates/validations/_mongodb.tpl | 113 +++++++++++ .../common/templates/validations/_mysql.tpl | 108 ++++++++++ .../templates/validations/_postgresql.tpl | 134 +++++++++++++ .../common/templates/validations/_redis.tpl | 81 ++++++++ .../templates/validations/_validations.tpl | 51 +++++ .../mysql-cluster/charts/common/values.yaml | 2 + .../mysql-cluster/templates/cluster/job.yaml | 7 +- .../templates/networkpolicy.yaml | 1 + .../templates/router/statefulset.yaml | 18 +- .../8.0/chart/mysql-cluster/values.yaml | 16 +- 26 files changed, 1683 insertions(+), 24 deletions(-) create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml new file mode 100644 index 00000000..424bb6ae --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +description: Drycc Common +home: https://github.com/drycc/common +maintainers: +- email: team@drycc.cc + name: Team Drycc +name: common +type: library +version: 1.1.3 diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl new file mode 100644 index 00000000..e85b1df4 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl @@ -0,0 +1,139 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a topologyKey definition +{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} +*/}} +{{- define "common.affinities.topologyKey" -}} +{{ .topologyKey | default "kubernetes.io/hostname" -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: 1 + {{- range $extraPodAffinityTerms }} + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: {{ .weight | default 1 -}} + {{- end -}} +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- range $extraPodAffinityTerms }} + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- end -}} +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl new file mode 100644 index 00000000..c6d115fe --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl @@ -0,0 +1,185 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "common.capabilities.hpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl new file mode 100644 index 00000000..07ded6f6 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl @@ -0,0 +1,28 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl new file mode 100644 index 00000000..e248d6d0 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl @@ -0,0 +1,101 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $separator := ":" -}} +{{- $termination := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if .imageRoot.digest }} + {{- $separator = "@" -}} + {{- $termination = .imageRoot.digest | toString -}} +{{- end -}} +{{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} +{{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) +{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} +*/}} +{{- define "common.images.version" -}} +{{- $imageTag := .imageRoot.tag | toString -}} +{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} +{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} + {{- $version := semver $imageTag -}} + {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} +{{- else -}} + {{- print .chart.AppVersion -}} +{{- end -}} +{{- end -}} + diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl new file mode 100644 index 00000000..efa5b85c --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl @@ -0,0 +1,73 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl new file mode 100644 index 00000000..a0534f7f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl @@ -0,0 +1,39 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Kubernetes standard labels +{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} +*/}} +{{- define "common.labels.standard" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) (dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service) | toYaml }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} +{{- end -}} + +{{/* +Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector +{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} + +We don't want to loop over custom labels appending them to the selector +since it's very likely that it will break deployments, services, etc. +However, it's important to overwrite the standard labels if the user +overwrote them on metadata.labels fields. +*/}} +{{- define "common.labels.matchLabels" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl new file mode 100644 index 00000000..a222924f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl @@ -0,0 +1,71 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified app name adding the installation's namespace. +*/}} +{{- define "common.names.fullname.namespace" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl new file mode 100644 index 00000000..a193c46b --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl @@ -0,0 +1,172 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $failOnNew := default true .failOnNew }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key | quote }} + {{- else if $failOnNew }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Reuses the value from an existing secret, otherwise sets its value to a default value. + +Usage: +{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - context - Context - Required - Parent context. + +*/}} +{{- define "common.secrets.lookup" -}} +{{- $value := "" -}} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} +{{- if and $secretData (hasKey $secretData .key) -}} + {{- $value = index $secretData .key -}} +{{- else if .defaultValue -}} + {{- $value = .defaultValue | toString | b64enc -}} +{{- end -}} +{{- if $value -}} +{{- printf "%s" $value -}} +{{- end -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl new file mode 100644 index 00000000..16405a0f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl @@ -0,0 +1,28 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl new file mode 100644 index 00000000..a8ed7637 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,38 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template perhaps with scope if the scope is present. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} +*/}} +{{- define "common.tplvalues.render" -}} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl $value .context }} + {{- end }} +{{- else }} + {{- $value }} +{{- end }} +{{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl new file mode 100644 index 00000000..c87040cd --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl @@ -0,0 +1,67 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl new file mode 100644 index 00000000..66dffc1f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl @@ -0,0 +1,19 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 00000000..eda9aada --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 00000000..17d83a2f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 00000000..bbb445b8 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,113 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl new file mode 100644 index 00000000..ca3953f8 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MySQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mysql.passwords" -}} + {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mysql.values.enabled" . -}} + {{- $architecture := include "common.mysql.values.architecture" . -}} + {{- $authPrefix := include "common.mysql.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mysql. + +Usage: +{{ include "common.mysql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mysql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mysql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.key.auth" -}} + {{- if .subchart -}} + mysql.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 00000000..8c9aa570 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,134 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl new file mode 100644 index 00000000..fc0d208d --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,81 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis® required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl new file mode 100644 index 00000000..31ceda87 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,51 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml new file mode 100644 index 00000000..79ba8424 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml @@ -0,0 +1,2 @@ +## drycc/common +## It is required by CI/CD tools and processes. \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml index 88365d71..d2efbfc6 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml @@ -103,8 +103,13 @@ spec: - -ec - | export HOST_0=${MYSQL_MASTER_HOST}-0.${MYSQL_MASTER_HOST} - echo 'Y' | mysqlsh --uri=${MYSQL_MASTER_ROOT_USER}@${HOST_0}:${MYSQL_MASTER_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} -e'var c=dba.createCluster("MXMGR");' + export HOST_1=${MYSQL_MASTER_HOST}-1.${MYSQL_MASTER_HOST} + export HOST_2=${MYSQL_MASTER_HOST}-2.${MYSQL_MASTER_HOST} + echo 'Y' | mysqlsh --uri=${MYSQL_MASTER_ROOT_USER}@${HOST_0}:${MYSQL_MASTER_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} -e'var c=dba.createCluster("MXMGR");' + mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; + mysql -h${HOST_1} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; + mysql -h${HOST_2} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; env: - name: MYSQL_MASTER_HOST value: {{ include "mysql.primary.fullname" . }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index 40a5c22d..b792b024 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -26,6 +26,7 @@ spec: - port: {{ .Values.router.service.portrw }} - port: {{ .Values.router.service.portro }} - port: 24901 + - port: 33061 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.service.port }} {{ end }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml index dd5365fa..28722c28 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml @@ -186,11 +186,7 @@ spec: - /bin/bash - -ec - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -h127.0.0.1 -P6446 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -P6446 -p"${MYSQL_ROOT_PASSWORD}" {{- end }} {{- if .Values.router.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.router.customReadinessProbe "context" $) | nindent 12 }} @@ -201,11 +197,7 @@ spec: - /bin/bash - -ec - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -h127.0.0.1 -P6446 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -P6446 -p"${MYSQL_ROOT_PASSWORD}" {{- end }} {{- if .Values.router.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.router.customStartupProbe "context" $) | nindent 12 }} @@ -216,11 +208,7 @@ spec: - /bin/bash - -ec - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -h127.0.0.1 -P6446 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -P6446 -p"${MYSQL_ROOT_PASSWORD}" {{- end }} {{- end }} {{- if .Values.router.resources }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 1f460ecf..6915cd65 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -408,7 +408,7 @@ primary: enabled: true initialDelaySeconds: 5 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 ## Configure extra options for readiness probe @@ -424,7 +424,7 @@ primary: enabled: true initialDelaySeconds: 5 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 ## Configure extra options for startupProbe probe @@ -440,7 +440,7 @@ primary: enabled: true initialDelaySeconds: 15 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 10 successThreshold: 1 ## @param primary.customLivenessProbe Override default liveness probe for MySQL primary containers @@ -743,7 +743,7 @@ router: enabled: true initialDelaySeconds: 5 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 ## Configure extra options for readiness probe @@ -759,7 +759,7 @@ router: enabled: true initialDelaySeconds: 5 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 ## Configure extra options for startupProbe probe @@ -775,7 +775,7 @@ router: enabled: true initialDelaySeconds: 15 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 15 successThreshold: 1 ## @param secondary.customLivenessProbe Override default liveness probe for MySQL secondary containers @@ -1154,7 +1154,7 @@ metrics: enabled: true initialDelaySeconds: 120 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 ## Mysqld Prometheus exporter readiness probe @@ -1170,7 +1170,7 @@ metrics: enabled: true initialDelaySeconds: 30 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 ## Prometheus Service Monitor From e48239d5e644030ca14e5b3e372787ef1bc2aa8b Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 26 Feb 2024 17:19:22 +0800 Subject: [PATCH 050/176] chore(mysql-cluster): delete charts common --- .../mysql-cluster/charts/common/.helmignore | 22 --- .../mysql-cluster/charts/common/Chart.yaml | 9 - .../charts/common/templates/_affinities.tpl | 139 ------------- .../charts/common/templates/_capabilities.tpl | 185 ------------------ .../charts/common/templates/_errors.tpl | 28 --- .../charts/common/templates/_images.tpl | 101 ---------- .../charts/common/templates/_ingress.tpl | 73 ------- .../charts/common/templates/_labels.tpl | 39 ---- .../charts/common/templates/_names.tpl | 71 ------- .../charts/common/templates/_secrets.tpl | 172 ---------------- .../charts/common/templates/_storage.tpl | 28 --- .../charts/common/templates/_tplvalues.tpl | 38 ---- .../charts/common/templates/_utils.tpl | 67 ------- .../charts/common/templates/_warnings.tpl | 19 -- .../templates/validations/_cassandra.tpl | 77 -------- .../common/templates/validations/_mariadb.tpl | 108 ---------- .../common/templates/validations/_mongodb.tpl | 113 ----------- .../common/templates/validations/_mysql.tpl | 108 ---------- .../templates/validations/_postgresql.tpl | 134 ------------- .../common/templates/validations/_redis.tpl | 81 -------- .../templates/validations/_validations.tpl | 51 ----- .../mysql-cluster/charts/common/values.yaml | 2 - 22 files changed, 1665 deletions(-) delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore deleted file mode 100644 index 50af0317..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml deleted file mode 100644 index 424bb6ae..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v2 -description: Drycc Common -home: https://github.com/drycc/common -maintainers: -- email: team@drycc.cc - name: Team Drycc -name: common -type: library -version: 1.1.3 diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl deleted file mode 100644 index e85b1df4..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,139 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a topologyKey definition -{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} -*/}} -{{- define "common.affinities.topologyKey" -}} -{{ .topologyKey | default "kubernetes.io/hostname" -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: 1 - {{- range $extraPodAffinityTerms }} - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: {{ .weight | default 1 -}} - {{- end -}} -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- range $extraPodAffinityTerms }} - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- end -}} -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl deleted file mode 100644 index c6d115fe..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,185 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "common.capabilities.daemonset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Vertical Pod Autoscaler. -*/}} -{{- define "common.capabilities.vpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl deleted file mode 100644 index 07ded6f6..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl deleted file mode 100644 index e248d6d0..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl +++ /dev/null @@ -1,101 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $separator := ":" -}} -{{- $termination := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if .imageRoot.digest }} - {{- $separator = "@" -}} - {{- $termination = .imageRoot.digest | toString -}} -{{- end -}} -{{- if $registryName }} - {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} -{{- else -}} - {{- printf "%s%s%s" $repositoryName $separator $termination -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) -{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} -*/}} -{{- define "common.images.version" -}} -{{- $imageTag := .imageRoot.tag | toString -}} -{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} -{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} - {{- $version := semver $imageTag -}} - {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} -{{- else -}} - {{- print .chart.AppVersion -}} -{{- end -}} -{{- end -}} - diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl deleted file mode 100644 index efa5b85c..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl deleted file mode 100644 index a0534f7f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Kubernetes standard labels -{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} -*/}} -{{- define "common.labels.standard" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) (dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service) | toYaml }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} -{{- end -}} - -{{/* -Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector -{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} - -We don't want to loop over custom labels appending them to the selector -since it's very likely that it will break deployments, services, etc. -However, it's important to overwrite the standard labels if the user -overwrote them on metadata.labels fields. -*/}} -{{- define "common.labels.matchLabels" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl deleted file mode 100644 index a222924f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl deleted file mode 100644 index a193c46b..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,172 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $failOnNew := default true .failOnNew }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key | quote }} - {{- else if $failOnNew }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString | b64enc | quote }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} - {{- else }} - {{- $password = randAlphaNum $passwordLength | b64enc | quote }} - {{- end }} -{{- end -}} -{{- printf "%s" $password -}} -{{- end -}} - -{{/* -Reuses the value from an existing secret, otherwise sets its value to a default value. - -Usage: -{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - context - Context - Required - Parent context. - -*/}} -{{- define "common.secrets.lookup" -}} -{{- $value := "" -}} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} -{{- if and $secretData (hasKey $secretData .key) -}} - {{- $value = index $secretData .key -}} -{{- else if .defaultValue -}} - {{- $value = .defaultValue | toString | b64enc -}} -{{- end -}} -{{- if $value -}} -{{- printf "%s" $value -}} -{{- end -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl deleted file mode 100644 index 16405a0f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index a8ed7637..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template perhaps with scope if the scope is present. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} -*/}} -{{- define "common.tplvalues.render" -}} -{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} -{{- if contains "{{" (toJson .value) }} - {{- if .scope }} - {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} - {{- else }} - {{- tpl $value .context }} - {{- end }} -{{- else }} - {{- $value }} -{{- end }} -{{- end -}} - -{{/* -Merge a list of values that contains template after rendering them. -Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge -Usage: -{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} -*/}} -{{- define "common.tplvalues.merge" -}} -{{- $dst := dict -}} -{{- range .values -}} -{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} -{{- end -}} -{{ $dst | toYaml }} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl deleted file mode 100644 index c87040cd..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,67 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl deleted file mode 100644 index 66dffc1f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index eda9aada..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index 17d83a2f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index bbb445b8..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,113 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index ca3953f8..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 8c9aa570..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,134 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index fc0d208d..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,81 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 31ceda87..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml deleted file mode 100644 index 79ba8424..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -## drycc/common -## It is required by CI/CD tools and processes. \ No newline at end of file From 3892256048f495b54dccd1e65e816a26c61227a0 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 26 Feb 2024 17:26:44 +0800 Subject: [PATCH 051/176] chore(postgresql-cluster): reset max_slot_wal_keep_size --- addons/postgresql-cluster/15/plans/standard-100/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-200/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-400/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-4t/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-50/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-800/values.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index fff5cf6a..29e30b2e 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -56,7 +56,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 10GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index 097a65b6..255f68a5 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -55,7 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 20GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml index 3dd25a18..0ead38b4 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -55,7 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 40GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml index d4046150..ff1aab00 100644 --- a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml @@ -55,7 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 100GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml index 4712cacb..5d12b83a 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -56,7 +56,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 5GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml index a91fe646..9ef5bde1 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -55,7 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 80GB track_wal_io_timing = on maintenance_io_concurrency = 100 From 6c7dec7f8b9c33f7e252a0965497308f292879ff Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Mar 2024 15:39:29 +0800 Subject: [PATCH 052/176] chore(mysql): Re-implementing the cluster implementation --- .../templates/cluster/deployments.yaml | 12 ++- .../mysql-cluster/templates/cluster/job.yaml | 100 ++++++------------ .../templates/primary/statefulset.yaml | 10 +- .../templates/router/statefulset.yaml | 4 + .../8.0/chart/mysql-cluster/values.yaml | 23 ++-- .../8.0/plans/standard-10/bind.yaml | 2 +- .../8.0/plans/standard-100/bind.yaml | 2 +- .../8.0/plans/standard-20/bind.yaml | 2 +- .../8.0/plans/standard-200/bind.yaml | 2 +- .../8.0/plans/standard-400/bind.yaml | 2 +- .../8.0/plans/standard-50/bind.yaml | 2 +- .../8.0/plans/standard-800/bind.yaml | 2 +- 12 files changed, 65 insertions(+), 98 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml index ef626420..3f0deb99 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml @@ -6,20 +6,22 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "mysql.cluster.fullname" . }}-tools + name: {{ include "mysql.cluster.fullname" . }}-manager namespace: {{ include "common.names.namespace" . | quote }} spec: replicas: 1 selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} app.kubernetes.io/component: mysql-cluster-tools - template: metadata: labels: {{- include "common.labels.standard" . | nindent 8 }} app.kubernetes.io/component: mysql-cluster-tools - spec: + subdomain: {{ include "mysql.primary.fullname" . }} + dnsConfig: + searches: + - {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.cluster.local containers: - name: cluster-tools image: {{ include "cluster.image" . }} @@ -30,9 +32,11 @@ spec: - | sleep infinity env: + - name: MYSQL_HOST + value: {{ include "mysql.primary.fullname" . }} - name: MYSQL_MASTER_PORT_NUMBER value: {{ .Values.primary.service.ports.mysql | quote }} - - name: MYSQL_MASTER_ROOT_USER + - name: MYSQL_ROOT_USER value: "root" - name: MYSQL_ROOT_PASSWORD valueFrom: diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml index d2efbfc6..aa9ecfed 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml @@ -6,7 +6,7 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} kind: Job metadata: - name: {{ include "mysql.cluster.fullname" . }} + name: {{ include "mysql.cluster.fullname" . }}-init namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: primary @@ -21,6 +21,10 @@ spec: template: spec: restartPolicy: Never + subdomain: {{ include "mysql.primary.fullname" . }} + dnsConfig: + searches: + - {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.cluster.local initContainers: - name: init-wait image: registry.uucin.com/drycc/python-dev:latest @@ -29,70 +33,16 @@ spec: - netcat - -v - -u - - mysql://$(MYSQL_MASTER_HOST)-0.$(MYSQL_MASTER_HOST):$(MYSQL_MASTER_PORT_NUMBER),mysql://$(MYSQL_MASTER_HOST)-1.$(MYSQL_MASTER_HOST):$(MYSQL_MASTER_PORT_NUMBER),mysql://$(MYSQL_MASTER_HOST)-2.$(MYSQL_MASTER_HOST):$(MYSQL_MASTER_PORT_NUMBER) + - mysql://$(MYSQL_HOST)-2:$(MYSQL_PORT_NUMBER) env: - - name: MYSQL_MASTER_HOST + - name: MYSQL_HOST value: {{ include "mysql.primary.fullname" . }} - - name: MYSQL_MASTER_PORT_NUMBER + - name: MYSQL_PORT_NUMBER value: {{ .Values.primary.service.ports.mysql | quote }} - - - name: mgr - image: {{ include "mysql.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.primary.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - command: - - /bin/bash - - -ec - - | - export HOST_0=${MYSQL_MASTER_HOST}-0.${MYSQL_MASTER_HOST} - export HOST_1=${MYSQL_MASTER_HOST}-1.${MYSQL_MASTER_HOST} - export HOST_2=${MYSQL_MASTER_HOST}-2.${MYSQL_MASTER_HOST} - - echo " - set global group_replication_bootstrap_group=on; - start group_replication; - select * from performance_schema.replication_group_members; - set global group_replication_bootstrap_group=off; - " > /tmp/master.sql - mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/master.sql - - echo " - reset master; - change master to master_user='$(MYSQL_REPLICATION_USER)',master_password='$(MYSQL_REPLICATION_PASSWORD)' for channel 'group_replication_recovery'; - start group_replication; - select * from performance_schema.replication_group_members; - " > /tmp/slave.sql - mysql -h${HOST_1} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/slave.sql - mysql -h${HOST_2} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/slave.sql - mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "GRANT ALL PRIVILEGES ON *.* TO administrator@'%' WITH GRANT OPTION;flush privileges;" - - env: - - name: DRYCC_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: MYSQL_MASTER_HOST - value: {{ include "mysql.primary.fullname" . }} - - name: MYSQL_MASTER_PORT_NUMBER - value: {{ .Values.primary.service.ports.mysql | quote }} - - name: MYSQL_MASTER_ROOT_USER - value: "root" - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-root-password - - name: MYSQL_REPLICATION_USER - value: {{ .Values.auth.replicationUser | quote }} - - name: MYSQL_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-replication-password containers: - - name: cluster + - name: init-cluster image: {{ include "cluster.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.primary.containerSecurityContext.enabled }} @@ -102,20 +52,32 @@ spec: - /bin/bash - -ec - | - export HOST_0=${MYSQL_MASTER_HOST}-0.${MYSQL_MASTER_HOST} - export HOST_1=${MYSQL_MASTER_HOST}-1.${MYSQL_MASTER_HOST} - export HOST_2=${MYSQL_MASTER_HOST}-2.${MYSQL_MASTER_HOST} - echo 'Y' | mysqlsh --uri=${MYSQL_MASTER_ROOT_USER}@${HOST_0}:${MYSQL_MASTER_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} -e'var c=dba.createCluster("MXMGR");' - mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; - mysql -h${HOST_1} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; - mysql -h${HOST_2} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; + export HOST_0=${MYSQL_HOST}-0 + export HOST_1=${MYSQL_HOST}-1 + export HOST_2=${MYSQL_HOST}-2 + + # create mysql cluster --file + echo " + shell.options['dba.restartWaitTimeout']=300; + dba.createCluster('MXMGR',{disableClone:false}); + dba.getCluster().addInstance('root@${HOST_1}',{recoveryMethod:'clone'}); + dba.getCluster().addInstance('root@${HOST_2}',{recoveryMethod:'clone'}); + dba.getCluster().status(); + " > /tmp/create_cluster.js + mysqlsh --uri=${MYSQL_ROOT_USER}@${HOST_0}:${MYSQL_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} -f /tmp/create_cluster.js + + # init sql --sql + echo " + GRANT ALL PRIVILEGES ON *.* TO administrator@'%' WITH GRANT OPTION;flush privileges; + " > /tmp/init.sql + mysqlsh --uri=${MYSQL_ROOT_USER}@${HOST_0}:${MYSQL_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} --sql -f /tmp/init.sql env: - - name: MYSQL_MASTER_HOST + - name: MYSQL_HOST value: {{ include "mysql.primary.fullname" . }} - - name: MYSQL_MASTER_PORT_NUMBER + - name: MYSQL_PORT_NUMBER value: {{ .Values.primary.service.ports.mysql | quote }} - - name: MYSQL_MASTER_ROOT_USER + - name: MYSQL_ROOT_USER value: "root" - name: MYSQL_ROOT_PASSWORD valueFrom: diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index a5ffa045..822a407b 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -46,6 +46,10 @@ spec: {{- if .Values.primary.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }} {{- end }} + subdomain: {{ include "mysql.primary.fullname" . }} + dnsConfig: + searches: + - {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.cluster.local {{- if .Values.primary.affinity }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} {{- else }} @@ -214,7 +218,7 @@ spec: if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi - mysqladmin status -uroot -h127.0.0.1 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -p"${password_aux}" {{- end }} {{- if .Values.primary.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }} @@ -229,7 +233,7 @@ spec: if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi - mysqladmin status -uroot -h127.0.0.1 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -p"${password_aux}" {{- end }} {{- if .Values.primary.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customStartupProbe "context" $) | nindent 12 }} @@ -244,7 +248,7 @@ spec: if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi - mysqladmin status -uroot -h127.0.0.1 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -p"${password_aux}" {{- end }} {{- end }} {{- if .Values.primary.resources }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml index 28722c28..9134cbfe 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml @@ -43,6 +43,10 @@ spec: {{- if .Values.router.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.router.hostAliases "context" $) | nindent 8 }} {{- end }} + subdomain: {{ include "mysql.primary.fullname" . }} + dnsConfig: + searches: + - {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.cluster.local {{- if .Values.router.affinity }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.router.affinity "context" $) | nindent 8 }} {{- else }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 6915cd65..ce87fd76 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -176,9 +176,9 @@ initdbScripts: # Add an offset to avoid reserved server-id=0 value. echo server-id=$((100 + $ordinal)) >> $base_conf_file # Copy appropriate conf.d files from config-map to emptyDir. - echo loose-group_replication_local_address=$mgr_host.$svc_mgr_host:24901 >> $base_conf_file - echo report_host=$mgr_host.$svc_mgr_host >> $base_conf_file - echo loose-group_replication_group_seeds="$svc_mgr_host-0.$svc_mgr_host:24901,$svc_mgr_host-1.$svc_mgr_host:24901,$svc_mgr_host-2.$svc_mgr_host:24901" >> $base_conf_file + echo loose-group_replication_local_address=$mgr_host:24901 >> $base_conf_file + echo report_host=$mgr_host >> $base_conf_file + echo loose-group_replication_group_seeds="$svc_mgr_host-0:24901,$svc_mgr_host-1:24901,$svc_mgr_host-2:24901" >> $base_conf_file echo plugin_load_add='group_replication.so' >> $base_conf_file @@ -204,7 +204,7 @@ primary: ## args: [] ## @param primary.lifecycleHooks for the MySQL Primary container(s) to automate configuration before or after startup - ## + ##configuration lifecycleHooks: {} ## @param primary.hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ @@ -259,18 +259,11 @@ primary: # Multi-threaded Replication replica_preserve_commit_order=ON - replica_parallel_workers=4 + replica_parallel_workers=8 + replica_parallel_type=LOGICAL_CLOCK # Group Replication Settings - #plugin_load_add="group_replication.so" - loose-group_replication_recovery_get_public_key=ON - loose-group_replication_recovery_use_ssl=on - loose-group_replication_group_name="{{uuidv4}}" - loose-group_replication_ip_allowlist="0.0.0.0/0" - - loose-group_replication_bootstrap_group=OFF - loose-group_replication_start_on_boot=OFF - + [client] port=3306 socket=/opt/drycc/mysql/tmp/mysql.sock @@ -689,7 +682,7 @@ router: ## @param secondary.podManagementPolicy podManagementPolicy to manage scaling operation of MySQL secondary pods ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies ## - podManagementPolicy: "" + podManagementPolicy: "Parallel" ## MySQL secondary Pod security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param secondary.podSecurityContext.enabled Enable security context for MySQL secondary pods diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST From 713ae7484eb6f733ecedf70706db1d66b72a7d99 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Mar 2024 16:04:37 +0800 Subject: [PATCH 053/176] chore(postgresql-cluster): fix 4t plan --- addons/pmm/2.41/chart/pmm /.helmignore | 23 -- addons/pmm/2.41/chart/pmm /Chart.yaml | 18 -- addons/pmm/2.41/chart/pmm /README.md | 205 ------------- .../pmm/2.41/chart/pmm /templates/NOTES.txt | 32 -- .../2.41/chart/pmm /templates/_helpers.tpl | 79 ----- .../chart/pmm /templates/clusterrole.yaml | 28 -- .../pmm /templates/clusterrolebinding.yaml | 29 -- .../2.41/chart/pmm /templates/configmap.yaml | 13 - .../2.41/chart/pmm /templates/ingress.yaml | 148 ---------- .../chart/pmm /templates/secret-certs.yaml | 18 -- .../pmm/2.41/chart/pmm /templates/secret.yaml | 24 -- .../2.41/chart/pmm /templates/service.yaml | 49 ---- .../chart/pmm /templates/serviceaccount.yaml | 22 -- .../chart/pmm /templates/statefulset.yaml | 149 ---------- addons/pmm/2.41/chart/pmm /values.yaml | 276 ------------------ .../15/plans/standard-4t/values.yaml | 4 - 16 files changed, 1117 deletions(-) delete mode 100644 addons/pmm/2.41/chart/pmm /.helmignore delete mode 100644 addons/pmm/2.41/chart/pmm /Chart.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /README.md delete mode 100644 addons/pmm/2.41/chart/pmm /templates/NOTES.txt delete mode 100644 addons/pmm/2.41/chart/pmm /templates/_helpers.tpl delete mode 100644 addons/pmm/2.41/chart/pmm /templates/clusterrole.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/clusterrolebinding.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/configmap.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/ingress.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/secret-certs.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/secret.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/service.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/serviceaccount.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/statefulset.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /values.yaml diff --git a/addons/pmm/2.41/chart/pmm /.helmignore b/addons/pmm/2.41/chart/pmm /.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/addons/pmm/2.41/chart/pmm /.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/pmm/2.41/chart/pmm /Chart.yaml b/addons/pmm/2.41/chart/pmm /Chart.yaml deleted file mode 100644 index 7353e99f..00000000 --- a/addons/pmm/2.41/chart/pmm /Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v2 -name: pmm -description: A Helm chart for Percona Monitoring and Management (PMM) -type: application -version: 1.3.11 -appVersion: "2.41.1" -home: https://github.com/percona/pmm -maintainers: - - name: tplavcic - email: tomislav.plavcic@percona.com - - name: bupychuk - email: nurlan.moldomurov@percona.com - - name: spron-in - email: sergey.pronin@percona.com -keywords: - - PMM - - Monitoring -icon: https://www.percona.com/sites/default/files/pmm-logo.png diff --git a/addons/pmm/2.41/chart/pmm /README.md b/addons/pmm/2.41/chart/pmm /README.md deleted file mode 100644 index 3f8a3a4b..00000000 --- a/addons/pmm/2.41/chart/pmm /README.md +++ /dev/null @@ -1,205 +0,0 @@ -# Percona Monitoring and Management (PMM) - -## Introduction - -PMM is an open source database monitoring, observability and management tool. - -Check more info here: https://docs.percona.com/percona-monitoring-and-management/index.html - -## Prerequisites - -- Kubernetes 1.22+ -- Helm 3.2.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `pmm`: - -```sh -helm repo add percona https://percona.github.io/percona-helm-charts/ -helm install pmm percona/pmm -``` - -The command deploys PMM on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall `pmm` deployment: - -```sh -helm uninstall pmm -``` - -This command takes a release name and uninstalls the release. - -It removes all of the resources associated with the last release of the chart as well as the release history. - -## Parameters - -### Percona Monitoring and Management (PMM) parameters - -| Name | Description | Value | -| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |----------------------| -| `image.repository` | PMM image repository | `percona/pmm-server` | -| `image.pullPolicy` | PMM image pull policy | `IfNotPresent` | -| `image.tag` | PMM image tag (immutable tags are recommended) | `2.41.1` | -| `image.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `pmmEnv.DISABLE_UPDATES` | Disables a periodic check for new PMM versions as well as ability to apply upgrades using the UI (need to be disabled in k8s environment as updates rolled with helm/container update) | `1` | -| `pmmResources` | optional [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) requested for [PMM container](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) | `{}` | -| `readyProbeConf.initialDelaySeconds` | Number of seconds after the container has started before readiness probes is initiated | `1` | -| `readyProbeConf.periodSeconds` | How often (in seconds) to perform the probe | `5` | -| `readyProbeConf.failureThreshold` | When a probe fails, Kubernetes will try failureThreshold times before giving up | `6` | - - -### PMM secrets - -| Name | Description | Value | -| --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -| `secret.name` | Defines the name of the k8s secret that holds passwords and other secrets | `pmm-secret` | -| `secret.annotations` | Defines the annotations of the k8s secret that holds passwords and other secrets | `{}` | -| `secret.create` | If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user. | `true` | -| `secret.pmm_password` | Initial PMM password - it changes only on the first deployment, ignored if PMM was already provisioned and just restarted. If PMM admin password is not set, it will be generated. | `""` | -| `certs` | Optional certificates, if not provided PMM would use generated self-signed certificates, | `{}` | - - -### PMM network configuration - -| Name | Description | Value | -| --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `service.name` | Service name that is dns name monitoring services would send data to. `monitoring-service` used by default by pmm-client in Percona operators. | `monitoring-service` | -| `service.type` | Kubernetes Service type | `NodePort` | -| `service.ports[0].port` | https port number | `443` | -| `service.ports[0].targetPort` | target port to map for statefulset and ingress | `https` | -| `service.ports[0].protocol` | protocol for https | `TCP` | -| `service.ports[0].name` | port name | `https` | -| `service.ports[1].port` | http port number | `80` | -| `service.ports[1].targetPort` | target port to map for statefulset and ingress | `http` | -| `service.ports[1].protocol` | protocol for http | `TCP` | -| `service.ports[1].name` | port name | `http` | -| `ingress.enabled` | -- Enable ingress controller resource | `false` | -| `ingress.nginxInc` | -- Using ingress controller from NGINX Inc | `false` | -| `ingress.annotations` | -- Ingress annotations configuration | `{}` | -| `ingress.community.annotations` | -- Ingress annotations configuration for community managed ingress (nginxInc = false) | `{}` | -| `ingress.ingressClassName` | -- Sets the ingress controller class name to use. | `""` | -| `ingress.hosts[0].host` | hostname | `chart-example.local` | -| `ingress.hosts[0].paths` | path mapping | `[]` | -| `ingress.pathType` | -- How ingress paths should be treated. | `Prefix` | -| `ingress.tls` | -- Ingress TLS configuration | `[]` | - - -### PMM storage configuration - -| Name | Description | Value | -| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| `storage.name` | name of PVC | `pmm-storage` | -| `storage.storageClassName` | optional PMM data Persistent Volume Storage Class | `""` | -| `storage.size` | size of storage [depends](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) on number of monitored services and data retention | `10Gi` | -| `storage.dataSource` | VolumeSnapshot to start from | `{}` | -| `storage.selector` | select existing PersistentVolume | `{}` | - - -### PMM kubernetes configurations - -| Name | Description | Value | -| ---------------------------- | ------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `""` | -| `extraLabels` | Labels to add to all deployed objects | `{}` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `pmm-service-account` | -| `podAnnotations` | Pod annotations | `{}` | -| `podSecurityContext` | Configure Pods Security Context | `{}` | -| `securityContext` | Configure Container Security Context | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | - - -Specify each parameter using the `--set key=value[,key=value]` or `--set-string key=value[,key=value]` arguments to `helm install`. For example, - -```sh -helm install pmm \ - --set service.type="NodePort" \ - --set storage.storageClassName="linode-block-storage-retain" \ - percona/pmm -``` - -The above command installs PMM with the Service network type set to `NodePort` and storage class to `linode-block-storage-retain` for persistence storage on LKE. - -> NOTE: Once this chart is deployed, it is impossible to change the application's access credentials, such as password, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example: - -```sh -helm install pmm -f values.yaml percona/pmm -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) or get them from chart definition: `helm show values percona/pmm > values.yaml` - -## Configuration and installation details - -### [Image tags](https://kubernetes.io/docs/concepts/containers/images/#updating-images) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Percona will release a new chart updating its containers if a new version of the main container is available, there are any significant changes, or critical vulnerabilities exist. - -### PMM admin password - -PMM admin password would be set only on the first deployment. That setting is ignored if PMM was already provisioned and just restarted and/or updated. In real-life situations it is recommended to create the `pmm-secret` secret manually before the release and set `secret.create` to false. The chart then won't overwrite secret during install or upgrade and values.yaml won't contain any secret. - -If PMM admin password is not set explicitly (default), it will be generated. - -To get admin password execute: - -```sh -kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode -``` - -### PMM SSL certificates - -PMM ships with self signed SSL certificates to provide secure connection between client and server ([check here](https://docs.percona.com/percona-monitoring-and-management/how-to/secure.html#ssl-encryption)). -You could see the warning when connecting to PMM. To further increase security, you could provide your certificates and add values of credentials to the fields of the `cert` section: - -```yaml -certs: - name: pmm-certs - files: - certificate.crt: - certificate.key: - ca-certs.pem: - dhparam.pem: -``` - -### PMM updates - -By default UI update feature is disabled and should not be enabled. Do not modify that parameter or add it while modifying the custom `values.yaml` file: - -```yaml -pmmEnv: - DISABLE_UPDATES: "1" -``` - -Before updating the helm chart, it is recommended to pre-pull the image on the node where PMM is running, as the PMM images could be large and could take time to download - -PMM updates should happen in a standard way: - -```sh -helm repo update percona -helm upgrade pmm -f values.yaml percona/pmm -``` - -This will check updates in the repo and upgrade deployment if the updates are available. - -### [PMM environment variables](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/docker.html#environment-variables) - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `pmmEnv` property. - -```yaml -pmmEnv: - DISABLE_UPDATES: "1" - DATA_RETENTION: "2160h" # 90 days -``` diff --git a/addons/pmm/2.41/chart/pmm /templates/NOTES.txt b/addons/pmm/2.41/chart/pmm /templates/NOTES.txt deleted file mode 100644 index 5901a351..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ - -Percona Monitoring and Management (PMM) - -An open source database monitoring, observability and management tool -Check more info here: https://docs.percona.com/percona-monitoring-and-management/index.html - -Get the application URL: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Values.service.name }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo https://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ .Values.service.name }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ .Values.service.name }} -o jsonpath="{.status.loadBalancer.ingress[0].ip}") - echo https://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pmm.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[1].containerPort}") - echo "Visit https://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} - -Get password for the "admin" user: - export ADMIN_PASS=$(kubectl get secret pmm-secret --namespace {{ .Release.Namespace }} -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode) - echo $ADMIN_PASS diff --git a/addons/pmm/2.41/chart/pmm /templates/_helpers.tpl b/addons/pmm/2.41/chart/pmm /templates/_helpers.tpl deleted file mode 100644 index 232b94b9..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/_helpers.tpl +++ /dev/null @@ -1,79 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "pmm.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pmm.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pmm.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "pmm.labels" -}} -helm.sh/chart: {{ include "pmm.chart" . }} -{{ include "pmm.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "pmm.selectorLabels" -}} -app.kubernetes.io/name: {{ include "pmm.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/component: pmm-server -app.kubernetes.io/part-of: percona-platform -{{- if .Values.extraLabels }} -{{ toYaml .Values.extraLabels }} -{{- end }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "pmm.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "pmm.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Pod annotation -*/}} -{{- define "pmm.podAnnotations" -}} -app.kubernetes.io/managed-by: {{ .Release.Service }} -helm.sh/chart: {{ include "pmm.chart" . }} -checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations }} -{{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/clusterrole.yaml b/addons/pmm/2.41/chart/pmm /templates/clusterrole.yaml deleted file mode 100644 index 0a0350b6..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/clusterrole.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "pmm.fullname" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} -rules: -# standard RBAC -- apiGroups: [""] # "" indicates the core API group - resources: - - namespaces - - endpoints - - services - - nodes - - pods - - secrets - - serviceaccounts - verbs: - - get - - watch - - list -- nonResourceURLs: - - /metrics - - /metrics/resources - verbs: - - get -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/clusterrolebinding.yaml b/addons/pmm/2.41/chart/pmm /templates/clusterrolebinding.yaml deleted file mode 100644 index dd3ee52d..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/clusterrolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -{{- if .Values.pmmEnv.ENABLE_CLUSTER_ROLE_ADMIN -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "pmm.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: {{ include "pmm.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "pmm.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "pmm.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "pmm.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/configmap.yaml b/addons/pmm/2.41/chart/pmm /templates/configmap.yaml deleted file mode 100644 index cda6b950..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.pmmEnv -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "pmm.fullname" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} -data: -# environment passed to the PMM - {{- with .Values.pmmEnv }} - {{- . | toYaml | nindent 6 }} - {{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/ingress.yaml b/addons/pmm/2.41/chart/pmm /templates/ingress.yaml deleted file mode 100644 index 5af7679f..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/ingress.yaml +++ /dev/null @@ -1,148 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := .Values.service.name -}} -{{- $grpcPort := (index $.Values.service.ports 0).port -}} -{{- $servicePort := (index $.Values.service.ports 1).port -}} -{{- $ingressPathType := .Values.ingress.pathType -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "pmm.fullname" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} -{{- if or .Values.ingress.annotations .Values.ingress.nginxInc }} - annotations: - {{- toYaml .Values.ingress.annotations | nindent 4 }} - {{- if .Values.ingress.nginxInc }} - nginx.org/ssl-services: {{ $serviceName }}-grpc - nginx.org/grpc-services: {{ $serviceName }}-grpc - {{- end }} -{{- end }} -spec: -{{- if .Values.ingress.ingressClassName }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} -{{- end }} -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- if $.Values.ingress.nginxInc }} - # gRPC paths - - path: {{ printf "%s/agent." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/inventory." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/management." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/server." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - {{- end }} - {{- end }} - {{- end }} -{{- if not .Values.ingress.nginxInc }} ---- -# Community version of ingress-nginx requires second Ingress for gRPC -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "pmm.fullname" . }}-grpc - labels: - {{- include "pmm.labels" . | nindent 4 }} - annotations: - {{- with .Values.ingress.community.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - nginx.ingress.kubernetes.io/backend-protocol: "GRPCS" - nginx.ingress.kubernetes.io/use-regex: "true" -spec: -{{- if .Values.ingress.ingressClassName }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} -{{- end }} -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - # gRPC paths - - path: {{ printf "%s/agent." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/inventory." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/management." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/server." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/secret-certs.yaml b/addons/pmm/2.41/chart/pmm /templates/secret-certs.yaml deleted file mode 100644 index f05117df..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/secret-certs.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.certs.name -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.certs.name }} - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -type: Opaque -data: -# ngnix ssl certificates - {{- with .Values.certs.files }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/secret.yaml b/addons/pmm/2.41/chart/pmm /templates/secret.yaml deleted file mode 100644 index 040235f4..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/secret.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.secret.create -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.secret.name }} - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.secret.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -type: Opaque -data: -# base64 encoded password -# encode some password: `echo -n "admin" | base64` -# to get the password on deployed cluster: `kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode` - PMM_ADMIN_PASSWORD: {{ .Values.secret.pmm_password | default (randAscii 16) | b64enc | quote }} - {{- if .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_ID -}} - GF_AUTH_GENERIC_OAUTH_CLIENT_ID: {{ .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_ID }} - {{- end }} - {{- if .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET -}} - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET }} - {{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/service.yaml b/addons/pmm/2.41/chart/pmm /templates/service.yaml deleted file mode 100644 index 655b06a7..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- $serviceType := .Values.service.type -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.service.finalizers }} - finalizers: - {{- toYaml . | nindent 8 }} - {{- end }} -spec: - type: {{ $serviceType | default "ClusterIP" }} - {{- with .Values.service.ports }} - ports: - {{- toYaml . | nindent 8 }} - {{- end }} - selector: - {{- include "pmm.selectorLabels" . | nindent 4 }} -{{- if .Values.ingress.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }}-grpc - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.service.finalizers }} - finalizers: - {{- toYaml . | nindent 8 }} - {{- end }} -spec: - type: {{ $serviceType | default "ClusterIP" }} - {{- with .Values.service.ports }} - ports: - {{- toYaml . | nindent 8 }} - {{- end }} - selector: - {{- include "pmm.selectorLabels" . | nindent 4 }} ---- -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/serviceaccount.yaml b/addons/pmm/2.41/chart/pmm /templates/serviceaccount.yaml deleted file mode 100644 index 655f844c..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/serviceaccount.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "pmm.serviceAccountName" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -secrets: - - name: {{ include "pmm.serviceAccountName" . }}-token ---- -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ include "pmm.serviceAccountName" . }}-token - annotations: - kubernetes.io/service-account.name: {{ include "pmm.serviceAccountName" . }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/statefulset.yaml b/addons/pmm/2.41/chart/pmm /templates/statefulset.yaml deleted file mode 100644 index a310cfee..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/statefulset.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "pmm.fullname" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} -spec: - serviceName: {{ .Values.service.name }} - replicas: 1 - selector: - matchLabels: - {{- include "pmm.selectorLabels" . | nindent 6 }} - updateStrategy: - type: RollingUpdate - template: - metadata: - annotations: - {{- include "pmm.podAnnotations" . | nindent 8 }} - labels: - {{- include "pmm.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.image.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.serviceAccount.create }} - serviceAccountName: {{ include "pmm.serviceAccountName" . }} - {{- end }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- if .Values.pmmResources }} - resources: - {{- toYaml .Values.pmmResources | nindent 12 }} - {{- end }} - - # environment passed to PMM, defined in configMap - envFrom: - - configMapRef: - name: {{ include "pmm.fullname" . }} - optional: true - - # additional secrets that could be used for Grafana iDP - env: - - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.secret.name }} - key: GF_AUTH_GENERIC_OAUTH_CLIENT_ID - optional: true - - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.secret.name }} - key: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET - optional: true - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.secret.name }} - key: PMM_ADMIN_PASSWORD - optional: true - - name: PMM_INSTALL_METHOD - valueFrom: - fieldRef: - fieldPath: metadata.annotations['app.kubernetes.io/managed-by'] - ports: - - name: http - containerPort: 80 - - name: https - containerPort: 443 - readinessProbe: - httpGet: - path: /v1/readyz - port: http - {{- if .Values.readyProbeConf }} - {{- toYaml .Values.readyProbeConf | nindent 12 }} - {{- end }} - volumeMounts: - - name: {{ .Values.storage.name }} - mountPath: /srv - - name: annotations - mountPath: "/var/run/pmm/annotations" - readOnly: true - {{- if .Values.certs.name }} - - name: {{ .Values.certs.name }} - mountPath: /srv/nginx - readOnly: true - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - volumes: - - name: annotations - projected: - sources: - - downwardAPI: - items: - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - {{- if .Values.certs.name }} - - name: {{ .Values.certs.name }} - secret: - secretName: {{ .Values.certs.name }} - optional: false - {{- end }} - {{- if .Values.extraVolumes }} - {{- toYaml .Values.extraVolumes | nindent 8 }} - {{- end }} - volumeClaimTemplates: - - metadata: - name: {{ .Values.storage.name }} - spec: - {{- if .Values.storage.selector }} - selector: - {{- toYaml .Values.storage.selector | nindent 10 }} - {{- end }} - {{ if .Values.storage.storageClassName }} - storageClassName: {{ .Values.storage.storageClassName }} - {{ end }} - {{- if .Values.storage.dataSource }} - dataSource: - {{- toYaml .Values.storage.dataSource | nindent 10 }} - {{- end }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.storage.size }} diff --git a/addons/pmm/2.41/chart/pmm /values.yaml b/addons/pmm/2.41/chart/pmm /values.yaml deleted file mode 100644 index 2c02d351..00000000 --- a/addons/pmm/2.41/chart/pmm /values.yaml +++ /dev/null @@ -1,276 +0,0 @@ -## @section Percona Monitoring and Management (PMM) parameters -## Default values for PMM. -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. - -## PMM image version -## ref: https://hub.docker.com/r/percona/pmm-server/tags -## @param image.repository PMM image repository -## @param image.pullPolicy PMM image pull policy -## @param image.tag PMM image tag (immutable tags are recommended) -## @param image.imagePullSecrets Global Docker registry secret names as an array -## -image: - repository: percona/pmm-server - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "2.41.1" - imagePullSecrets: [] - -## PMM environment variables -## ref: https://docs.percona.com/percona-monitoring-and-management/setting-up/server/docker.html#environment-variables -## -pmmEnv: - ## @param pmmEnv.DISABLE_UPDATES Disables a periodic check for new PMM versions as well as ability to apply upgrades using the UI (need to be disabled in k8s environment as updates rolled with helm/container update) - ## - DISABLE_UPDATES: "1" -# optional variables to integrate Grafana with internal iDP, see also secret part -# GF_AUTH_GENERIC_OAUTH_ENABLED: 'true' -# GF_AUTH_GENERIC_OAUTH_SCOPES: '' -# GF_AUTH_GENERIC_OAUTH_AUTH_URL: '' -# GF_AUTH_GENERIC_OAUTH_TOKEN_URL: '' -# GF_AUTH_GENERIC_OAUTH_API_URL: '' -# GF_AUTH_GENERIC_OAUTH_ALLOWED_DOMAINS: '' - -## @param pmmResources optional [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) requested for [PMM container](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) - ## pmmResources: - ## requests: - ## memory: "32Gi" - ## cpu: "8" - ## limits: - ## memory: "64Gi" - ## cpu: "32" -#pmmResources: {} -pmmResources: - requests: - memory: "4Gi" - cpu: "4" - hugepages-2Mi: 4Mi - limits: - memory: "4Gi" - cpu: "4" - - -## Readiness probe Config -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes -## @param readyProbeConf.initialDelaySeconds Number of seconds after the container has started before readiness probes is initiated -## @param readyProbeConf.periodSeconds How often (in seconds) to perform the probe -## @param readyProbeConf.failureThreshold When a probe fails, Kubernetes will try failureThreshold times before giving up -## -readyProbeConf: - initialDelaySeconds: 1 - periodSeconds: 5 - failureThreshold: 6 - -## @section PMM secrets -## -secret: - ## @param secret.name Defines the name of the k8s secret that holds passwords and other secrets - ## - name: pmm-secret - ## @param secret.annotations -- Secret annotations configuration - annotations: {} - ## @param secret.create If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user. - ## - create: true - ## @param secret.pmm_password Initial PMM password - it changes only on the first deployment, ignored if PMM was already provisioned and just restarted. If PMM admin password is not set, it will be generated. - ## E.g. - ## pmm_password: admin - ## - ## To get password execute `kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode` - ## - pmm_password: "" - ## - # GF_AUTH_GENERIC_OAUTH_CLIENT_ID optional client ID to integrate Grafana with internal iDP, requires other env defined as well under pmmEnv - # GF_AUTH_GENERIC_OAUTH_CLIENT_ID: - # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET optional secret to integrate Grafana with internal iDP, requires other env defined as well under pmmEnv - # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: - -## @param certs Optional certificates, if not provided PMM would use generated self-signed certificates, -## please provide your own signed ssl certificates like this in base 64 format: -## certs: - ## name: pmm-certs - ## files: - ## certificate.crt: - ## certificate.key: - ## ca-certs.pem: - ## dhparam.pem: - ## certificate.conf: -certs: {} - -## @section PMM network configuration -## Service configuration -## -service: - ## @param service.name Service name that is dns name monitoring services would send data to. `monitoring-service` used by default by pmm-client in Percona operators. - ## - name: monitoring-service - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - - ## Ports 443 and/or 80 - ## - ports: - ## @param service.ports[0].port https port number - - port: 443 - ## @param service.ports[0].targetPort target port to map for statefulset and ingress - targetPort: https - ## @param service.ports[0].protocol protocol for https - protocol: TCP - ## @param service.ports[0].name port name - name: https - ## @param service.ports[1].port http port number - - port: 80 - ## @param service.ports[1].targetPort target port to map for statefulset and ingress - targetPort: http - ## @param service.ports[1].protocol protocol for http - protocol: TCP - ## @param service.ports[1].name port name - name: http - -## Ingress controller configuration -## -ingress: - ## @param ingress.enabled -- Enable ingress controller resource - enabled: false - ## @param ingress.nginxInc -- Using ingress controller from NGINX Inc - nginxInc: false - ## @param ingress.annotations -- Ingress annotations configuration - annotations: {} - ## kubernetes.io/ingress.class: nginx - ## kubernetes.io/tls-acme: "true" - ### nginx proxy to https - ## nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - ## @param ingress.community.annotations -- Ingress annotations configuration for community managed ingress (nginxInc = false) - community: - annotations: {} - ## kubernetes.io/ingress.class: nginx - ## kubernetes.io/tls-acme: "true" - ## @param ingress.ingressClassName -- Sets the ingress controller class name to use. - ingressClassName: "" - - ## Ingress resource hostnames and path mappings - hosts: - ## @param ingress.hosts[0].host hostname - - host: chart-example.local - ## @param ingress.hosts[0].paths path mapping - paths: [] - - ## @param ingress.pathType -- How ingress paths should be treated. - pathType: Prefix - - ## @param ingress.tls -- Ingress TLS configuration - tls: [] - ## - secretName: chart-example-tls - ## hosts: - ## - chart-example.local - -## @section PMM storage configuration -## Claiming storage for PMM using Persistent Volume Claims (PVC) -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## -storage: - ## @param storage.name name of PVC - name: pmm-storage - ## @param storage.storageClassName optional PMM data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClassName: "" - ## - ## @param storage.size size of storage [depends](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) on number of monitored services and data retention - ## - size: 10Gi - ## - ## @param storage.dataSource VolumeSnapshot to start from - ## - dataSource: {} - ## name: before-vX.Y.Z-upgrade - ## kind: VolumeSnapshot - ## apiGroup: snapshot.storage.k8s.io - ## - ## @param storage.selector select existing PersistentVolume - ## - selector: {} - ## matchLabels: - ## release: "stable" - ## matchExpressions: - ## - key: environment - ## operator: In - ## values: - ## - dev - -## @section PMM kubernetes configurations -## @param nameOverride String to partially override common.names.fullname template with a string (will prepend the release name) -## -nameOverride: "" - -## @param extraLabels Labels to add to all deployed objects -## -extraLabels: {} - -## Pods Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## @param serviceAccount.create Specifies whether a ServiceAccount should be created -## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. -## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. -## -serviceAccount: - create: true - annotations: {} - name: "pmm-service-account" - -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## @param podSecurityContext Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## E.g -## podSecurityContext: - ## fsGroup: 2000 -## -podSecurityContext: {} - -## @param securityContext Configure Container Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## securityContext.capabilities The capabilities to add/drop when running containers -## securityContext.runAsUser Set pmm containers' Security Context runAsUser -## securityContext.runAsNonRoot Set pmm container's Security Context runAsNonRoot -## E.g. -## securityContext: - ## capabilities: - ## drop: - ## - ALL - ## readOnlyRootFilesystem: true - ## runAsNonRoot: true - ## runAsUser: 1000 -securityContext: {} - - -## @param nodeSelector Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts -## -extraVolumeMounts: [] -## @param extraVolumes Optionally specify extra list of additional volumes -## -extraVolumes: [] diff --git a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml index b305d3f2..ff1aab00 100644 --- a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml @@ -55,11 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on -<<<<<<< HEAD max_slot_wal_keep_size = 100GB -======= - max_slot_wal_keep_size = '1000 MB' ->>>>>>> 13b64985573dbeb3604907bf1fa5e72ce6e4c14c track_wal_io_timing = on maintenance_io_concurrency = 100 From 7db45b831f1a47dee1c959407d19af9a185603f9 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 5 Mar 2024 11:26:27 +0800 Subject: [PATCH 054/176] chore(addons): add pmm --- addons/index.yaml | 3 + addons/pmm/2.41/chart/pmm/.helmignore | 23 ++ addons/pmm/2.41/chart/pmm/Chart.yaml | 18 ++ addons/pmm/2.41/chart/pmm/README.md | 205 ++++++++++++++++ addons/pmm/2.41/chart/pmm/templates/NOTES.txt | 26 ++ .../pmm/2.41/chart/pmm/templates/_helpers.tpl | 68 ++++++ .../2.41/chart/pmm/templates/clusterrole.yaml | 28 +++ .../pmm/templates/clusterrolebinding.yaml | 29 +++ .../2.41/chart/pmm/templates/configmap.yaml | 13 + .../chart/pmm/templates/secret-certs.yaml | 18 ++ .../pmm/2.41/chart/pmm/templates/secret.yaml | 24 ++ .../pmm/2.41/chart/pmm/templates/service.yaml | 23 ++ .../chart/pmm/templates/serviceaccount.yaml | 22 ++ .../2.41/chart/pmm/templates/statefulset.yaml | 149 +++++++++++ addons/pmm/2.41/chart/pmm/values.yaml | 231 ++++++++++++++++++ addons/pmm/2.41/meta.yaml | 21 ++ addons/pmm/2.41/plans/standard-10/bind.yaml | 28 +++ .../standard-10/create-instance-schema.json | 12 + addons/pmm/2.41/plans/standard-10/meta.yaml | 6 + addons/pmm/2.41/plans/standard-10/values.yaml | 30 +++ 20 files changed, 977 insertions(+) create mode 100644 addons/pmm/2.41/chart/pmm/.helmignore create mode 100644 addons/pmm/2.41/chart/pmm/Chart.yaml create mode 100644 addons/pmm/2.41/chart/pmm/README.md create mode 100644 addons/pmm/2.41/chart/pmm/templates/NOTES.txt create mode 100644 addons/pmm/2.41/chart/pmm/templates/_helpers.tpl create mode 100644 addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml create mode 100644 addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml create mode 100644 addons/pmm/2.41/chart/pmm/templates/configmap.yaml create mode 100644 addons/pmm/2.41/chart/pmm/templates/secret-certs.yaml create mode 100644 addons/pmm/2.41/chart/pmm/templates/secret.yaml create mode 100644 addons/pmm/2.41/chart/pmm/templates/service.yaml create mode 100644 addons/pmm/2.41/chart/pmm/templates/serviceaccount.yaml create mode 100644 addons/pmm/2.41/chart/pmm/templates/statefulset.yaml create mode 100644 addons/pmm/2.41/chart/pmm/values.yaml create mode 100644 addons/pmm/2.41/meta.yaml create mode 100644 addons/pmm/2.41/plans/standard-10/bind.yaml create mode 100644 addons/pmm/2.41/plans/standard-10/create-instance-schema.json create mode 100644 addons/pmm/2.41/plans/standard-10/meta.yaml create mode 100644 addons/pmm/2.41/plans/standard-10/values.yaml diff --git a/addons/index.yaml b/addons/index.yaml index 3b8320d3..cd0ea8e0 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -51,3 +51,6 @@ entries: kafka: - version: 3.6 description: "Apache Kafka is an open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications." + pmm: + - version: 2.41 + description: "Percona Monitoring and Management: an open source database monitoring, observability and management tool ." diff --git a/addons/pmm/2.41/chart/pmm/.helmignore b/addons/pmm/2.41/chart/pmm/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/addons/pmm/2.41/chart/pmm/Chart.yaml b/addons/pmm/2.41/chart/pmm/Chart.yaml new file mode 100644 index 00000000..7353e99f --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: pmm +description: A Helm chart for Percona Monitoring and Management (PMM) +type: application +version: 1.3.11 +appVersion: "2.41.1" +home: https://github.com/percona/pmm +maintainers: + - name: tplavcic + email: tomislav.plavcic@percona.com + - name: bupychuk + email: nurlan.moldomurov@percona.com + - name: spron-in + email: sergey.pronin@percona.com +keywords: + - PMM + - Monitoring +icon: https://www.percona.com/sites/default/files/pmm-logo.png diff --git a/addons/pmm/2.41/chart/pmm/README.md b/addons/pmm/2.41/chart/pmm/README.md new file mode 100644 index 00000000..3f8a3a4b --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/README.md @@ -0,0 +1,205 @@ +# Percona Monitoring and Management (PMM) + +## Introduction + +PMM is an open source database monitoring, observability and management tool. + +Check more info here: https://docs.percona.com/percona-monitoring-and-management/index.html + +## Prerequisites + +- Kubernetes 1.22+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `pmm`: + +```sh +helm repo add percona https://percona.github.io/percona-helm-charts/ +helm install pmm percona/pmm +``` + +The command deploys PMM on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall `pmm` deployment: + +```sh +helm uninstall pmm +``` + +This command takes a release name and uninstalls the release. + +It removes all of the resources associated with the last release of the chart as well as the release history. + +## Parameters + +### Percona Monitoring and Management (PMM) parameters + +| Name | Description | Value | +| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |----------------------| +| `image.repository` | PMM image repository | `percona/pmm-server` | +| `image.pullPolicy` | PMM image pull policy | `IfNotPresent` | +| `image.tag` | PMM image tag (immutable tags are recommended) | `2.41.1` | +| `image.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `pmmEnv.DISABLE_UPDATES` | Disables a periodic check for new PMM versions as well as ability to apply upgrades using the UI (need to be disabled in k8s environment as updates rolled with helm/container update) | `1` | +| `pmmResources` | optional [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) requested for [PMM container](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) | `{}` | +| `readyProbeConf.initialDelaySeconds` | Number of seconds after the container has started before readiness probes is initiated | `1` | +| `readyProbeConf.periodSeconds` | How often (in seconds) to perform the probe | `5` | +| `readyProbeConf.failureThreshold` | When a probe fails, Kubernetes will try failureThreshold times before giving up | `6` | + + +### PMM secrets + +| Name | Description | Value | +| --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | +| `secret.name` | Defines the name of the k8s secret that holds passwords and other secrets | `pmm-secret` | +| `secret.annotations` | Defines the annotations of the k8s secret that holds passwords and other secrets | `{}` | +| `secret.create` | If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user. | `true` | +| `secret.pmm_password` | Initial PMM password - it changes only on the first deployment, ignored if PMM was already provisioned and just restarted. If PMM admin password is not set, it will be generated. | `""` | +| `certs` | Optional certificates, if not provided PMM would use generated self-signed certificates, | `{}` | + + +### PMM network configuration + +| Name | Description | Value | +| --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `service.name` | Service name that is dns name monitoring services would send data to. `monitoring-service` used by default by pmm-client in Percona operators. | `monitoring-service` | +| `service.type` | Kubernetes Service type | `NodePort` | +| `service.ports[0].port` | https port number | `443` | +| `service.ports[0].targetPort` | target port to map for statefulset and ingress | `https` | +| `service.ports[0].protocol` | protocol for https | `TCP` | +| `service.ports[0].name` | port name | `https` | +| `service.ports[1].port` | http port number | `80` | +| `service.ports[1].targetPort` | target port to map for statefulset and ingress | `http` | +| `service.ports[1].protocol` | protocol for http | `TCP` | +| `service.ports[1].name` | port name | `http` | +| `ingress.enabled` | -- Enable ingress controller resource | `false` | +| `ingress.nginxInc` | -- Using ingress controller from NGINX Inc | `false` | +| `ingress.annotations` | -- Ingress annotations configuration | `{}` | +| `ingress.community.annotations` | -- Ingress annotations configuration for community managed ingress (nginxInc = false) | `{}` | +| `ingress.ingressClassName` | -- Sets the ingress controller class name to use. | `""` | +| `ingress.hosts[0].host` | hostname | `chart-example.local` | +| `ingress.hosts[0].paths` | path mapping | `[]` | +| `ingress.pathType` | -- How ingress paths should be treated. | `Prefix` | +| `ingress.tls` | -- Ingress TLS configuration | `[]` | + + +### PMM storage configuration + +| Name | Description | Value | +| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | +| `storage.name` | name of PVC | `pmm-storage` | +| `storage.storageClassName` | optional PMM data Persistent Volume Storage Class | `""` | +| `storage.size` | size of storage [depends](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) on number of monitored services and data retention | `10Gi` | +| `storage.dataSource` | VolumeSnapshot to start from | `{}` | +| `storage.selector` | select existing PersistentVolume | `{}` | + + +### PMM kubernetes configurations + +| Name | Description | Value | +| ---------------------------- | ------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `""` | +| `extraLabels` | Labels to add to all deployed objects | `{}` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `pmm-service-account` | +| `podAnnotations` | Pod annotations | `{}` | +| `podSecurityContext` | Configure Pods Security Context | `{}` | +| `securityContext` | Configure Container Security Context | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | + + +Specify each parameter using the `--set key=value[,key=value]` or `--set-string key=value[,key=value]` arguments to `helm install`. For example, + +```sh +helm install pmm \ + --set service.type="NodePort" \ + --set storage.storageClassName="linode-block-storage-retain" \ + percona/pmm +``` + +The above command installs PMM with the Service network type set to `NodePort` and storage class to `linode-block-storage-retain` for persistence storage on LKE. + +> NOTE: Once this chart is deployed, it is impossible to change the application's access credentials, such as password, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example: + +```sh +helm install pmm -f values.yaml percona/pmm +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) or get them from chart definition: `helm show values percona/pmm > values.yaml` + +## Configuration and installation details + +### [Image tags](https://kubernetes.io/docs/concepts/containers/images/#updating-images) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Percona will release a new chart updating its containers if a new version of the main container is available, there are any significant changes, or critical vulnerabilities exist. + +### PMM admin password + +PMM admin password would be set only on the first deployment. That setting is ignored if PMM was already provisioned and just restarted and/or updated. In real-life situations it is recommended to create the `pmm-secret` secret manually before the release and set `secret.create` to false. The chart then won't overwrite secret during install or upgrade and values.yaml won't contain any secret. + +If PMM admin password is not set explicitly (default), it will be generated. + +To get admin password execute: + +```sh +kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode +``` + +### PMM SSL certificates + +PMM ships with self signed SSL certificates to provide secure connection between client and server ([check here](https://docs.percona.com/percona-monitoring-and-management/how-to/secure.html#ssl-encryption)). +You could see the warning when connecting to PMM. To further increase security, you could provide your certificates and add values of credentials to the fields of the `cert` section: + +```yaml +certs: + name: pmm-certs + files: + certificate.crt: + certificate.key: + ca-certs.pem: + dhparam.pem: +``` + +### PMM updates + +By default UI update feature is disabled and should not be enabled. Do not modify that parameter or add it while modifying the custom `values.yaml` file: + +```yaml +pmmEnv: + DISABLE_UPDATES: "1" +``` + +Before updating the helm chart, it is recommended to pre-pull the image on the node where PMM is running, as the PMM images could be large and could take time to download + +PMM updates should happen in a standard way: + +```sh +helm repo update percona +helm upgrade pmm -f values.yaml percona/pmm +``` + +This will check updates in the repo and upgrade deployment if the updates are available. + +### [PMM environment variables](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/docker.html#environment-variables) + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `pmmEnv` property. + +```yaml +pmmEnv: + DISABLE_UPDATES: "1" + DATA_RETENTION: "2160h" # 90 days +``` diff --git a/addons/pmm/2.41/chart/pmm/templates/NOTES.txt b/addons/pmm/2.41/chart/pmm/templates/NOTES.txt new file mode 100644 index 00000000..a517561e --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/NOTES.txt @@ -0,0 +1,26 @@ + +Percona Monitoring and Management (PMM) + +An open source database monitoring, observability and management tool +Check more info here: https://docs.percona.com/percona-monitoring-and-management/index.html + +Get the application URL: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Values.service.name }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo https://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ .Values.service.name }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ .Values.service.name }} -o jsonpath="{.status.loadBalancer.ingress[0].ip}") + echo https://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pmm.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[1].containerPort}") + echo "Visit https://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} + +Get password for the "admin" user: + export ADMIN_PASS=$(kubectl get secret pmm-secret --namespace {{ .Release.Namespace }} -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode) + echo $ADMIN_PASS diff --git a/addons/pmm/2.41/chart/pmm/templates/_helpers.tpl b/addons/pmm/2.41/chart/pmm/templates/_helpers.tpl new file mode 100644 index 00000000..5a31f77b --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "pmm.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pmm.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pmm.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "pmm.labels" -}} +helm.sh/chart: {{ include "pmm.chart" . }} +{{ include "pmm.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "pmm.selectorLabels" -}} +app.kubernetes.io/name: {{ include "pmm.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: pmm-server +app.kubernetes.io/part-of: percona-platform +{{- if .Values.extraLabels }} +{{ toYaml .Values.extraLabels }} +{{- end }} +{{- end }} + +{{/* +Pod annotation +*/}} +{{- define "pmm.podAnnotations" -}} +app.kubernetes.io/managed-by: {{ .Release.Service }} +helm.sh/chart: {{ include "pmm.chart" . }} +checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations }} +{{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml b/addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml new file mode 100644 index 00000000..a470d4de --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml @@ -0,0 +1,28 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} +rules: +# standard RBAC +- apiGroups: [""] # "" indicates the core API group + resources: + - namespaces + - endpoints + - services + - nodes + - pods + - secrets + - serviceaccounts + verbs: + - get + - watch + - list +- nonResourceURLs: + - /metrics + - /metrics/resources + verbs: + - get +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml b/addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..d82e4ccc --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml @@ -0,0 +1,29 @@ +{{- if .Values.serviceAccount.create -}} +{{- if .Values.pmmEnv.ENABLE_CLUSTER_ROLE_ADMIN -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "pmm.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: {{ include "pmm.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- else }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "pmm.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "pmm.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "pmm.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/configmap.yaml b/addons/pmm/2.41/chart/pmm/templates/configmap.yaml new file mode 100644 index 00000000..cda6b950 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/configmap.yaml @@ -0,0 +1,13 @@ +{{- if .Values.pmmEnv -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} +data: +# environment passed to the PMM + {{- with .Values.pmmEnv }} + {{- . | toYaml | nindent 6 }} + {{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/secret-certs.yaml b/addons/pmm/2.41/chart/pmm/templates/secret-certs.yaml new file mode 100644 index 00000000..f05117df --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/secret-certs.yaml @@ -0,0 +1,18 @@ +{{- if .Values.certs.name -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.certs.name }} + labels: + {{- include "pmm.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +type: Opaque +data: +# ngnix ssl certificates + {{- with .Values.certs.files }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/secret.yaml b/addons/pmm/2.41/chart/pmm/templates/secret.yaml new file mode 100644 index 00000000..a7602c88 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/secret.yaml @@ -0,0 +1,24 @@ +{{- if .Values.secret.create -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} + {{- with .Values.secret.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +type: Opaque +data: +# base64 encoded password +# encode some password: `echo -n "admin" | base64` +# to get the password on deployed cluster: `kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode` + PMM_ADMIN_PASSWORD: {{ .Values.secret.pmm_password | default (randAscii 16) | b64enc | quote }} + {{- if .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_ID -}} + GF_AUTH_GENERIC_OAUTH_CLIENT_ID: {{ .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_ID }} + {{- end }} + {{- if .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET -}} + GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET }} + {{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/service.yaml b/addons/pmm/2.41/chart/pmm/templates/service.yaml new file mode 100644 index 00000000..6eef557a --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.service.finalizers }} + finalizers: + {{- toYaml . | nindent 8 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- with .Values.service.ports }} + ports: + {{- toYaml . | nindent 8 }} + {{- end }} + selector: + {{- include "pmm.selectorLabels" . | nindent 4 }} + diff --git a/addons/pmm/2.41/chart/pmm/templates/serviceaccount.yaml b/addons/pmm/2.41/chart/pmm/templates/serviceaccount.yaml new file mode 100644 index 00000000..094261b9 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/serviceaccount.yaml @@ -0,0 +1,22 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +secrets: + - name: {{ include "pmm.fullname" . }}-token +--- +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: {{ include "pmm.fullname" . }}-token + annotations: + kubernetes.io/service-account.name: {{ include "pmm.fullname" . }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml b/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml new file mode 100644 index 00000000..752fb9ad --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml @@ -0,0 +1,149 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} +spec: + serviceName: {{ .Values.service.name }} + replicas: 1 + selector: + matchLabels: + {{- include "pmm.selectorLabels" . | nindent 6 }} + updateStrategy: + type: RollingUpdate + template: + metadata: + annotations: + {{- include "pmm.podAnnotations" . | nindent 8 }} + labels: + {{- include "pmm.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.image.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.serviceAccount.create }} + serviceAccountName: {{ include "pmm.fullname" . }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.pmmResources }} + resources: + {{- toYaml .Values.pmmResources | nindent 12 }} + {{- end }} + + # environment passed to PMM, defined in configMap + envFrom: + - configMapRef: + name: {{ include "pmm.fullname" . }} + optional: true + + # additional secrets that could be used for Grafana iDP + env: + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: GF_AUTH_GENERIC_OAUTH_CLIENT_ID + optional: true + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET + optional: true + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: PMM_ADMIN_PASSWORD + optional: true + - name: PMM_INSTALL_METHOD + valueFrom: + fieldRef: + fieldPath: metadata.annotations['app.kubernetes.io/managed-by'] + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + readinessProbe: + httpGet: + path: /v1/readyz + port: http + {{- if .Values.readyProbeConf }} + {{- toYaml .Values.readyProbeConf | nindent 12 }} + {{- end }} + volumeMounts: + - name: {{ include "pmm.fullname" . }} + mountPath: /srv + - name: annotations + mountPath: "/var/run/pmm/annotations" + readOnly: true + {{- if .Values.certs.name }} + - name: {{ .Values.certs.name }} + mountPath: /srv/nginx + readOnly: true + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + volumes: + - name: annotations + projected: + sources: + - downwardAPI: + items: + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + {{- if .Values.certs.name }} + - name: {{ .Values.certs.name }} + secret: + secretName: {{ .Values.certs.name }} + optional: false + {{- end }} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: {{ include "pmm.fullname" . }} + spec: + {{- if .Values.storage.selector }} + selector: + {{- toYaml .Values.storage.selector | nindent 10 }} + {{- end }} + {{ if .Values.storage.storageClassName }} + storageClassName: {{ .Values.storage.storageClassName }} + {{ end }} + {{- if .Values.storage.dataSource }} + dataSource: + {{- toYaml .Values.storage.dataSource | nindent 10 }} + {{- end }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.storage.size }} diff --git a/addons/pmm/2.41/chart/pmm/values.yaml b/addons/pmm/2.41/chart/pmm/values.yaml new file mode 100644 index 00000000..1647399a --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/values.yaml @@ -0,0 +1,231 @@ +## @section Percona Monitoring and Management (PMM) parameters +## Default values for PMM. +## This is a YAML-formatted file. +## Declare variables to be passed into your templates. + +## PMM image version +## ref: https://hub.docker.com/r/percona/pmm-server/tags +## @param image.repository PMM image repository +## @param image.pullPolicy PMM image pull policy +## @param image.tag PMM image tag (immutable tags are recommended) +## @param image.imagePullSecrets Global Docker registry secret names as an array +## +image: + repository: percona/pmm-server + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "2.41.1" + imagePullSecrets: [] + +## PMM environment variables +## ref: https://docs.percona.com/percona-monitoring-and-management/setting-up/server/docker.html#environment-variables +## +pmmEnv: + ## @param pmmEnv.DISABLE_UPDATES Disables a periodic check for new PMM versions as well as ability to apply upgrades using the UI (need to be disabled in k8s environment as updates rolled with helm/container update) + ## + DISABLE_UPDATES: "1" +# optional variables to integrate Grafana with internal iDP, see also secret part +# GF_AUTH_GENERIC_OAUTH_ENABLED: 'true' +# GF_AUTH_GENERIC_OAUTH_SCOPES: '' +# GF_AUTH_GENERIC_OAUTH_AUTH_URL: '' +# GF_AUTH_GENERIC_OAUTH_TOKEN_URL: '' +# GF_AUTH_GENERIC_OAUTH_API_URL: '' +# GF_AUTH_GENERIC_OAUTH_ALLOWED_DOMAINS: '' + +## @param pmmResources optional [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) requested for [PMM container](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) + ## pmmResources: + ## requests: + ## memory: "32Gi" + ## cpu: "8" + ## limits: + ## memory: "64Gi" + ## cpu: "32" +#pmmResources: {} +pmmResources: + requests: + memory: "4Gi" + cpu: "4" + hugepages-2Mi: 4Mi + limits: + memory: "4Gi" + cpu: "4" + hugepages-2Mi: 4Mi + + +## Readiness probe Config +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param readyProbeConf.initialDelaySeconds Number of seconds after the container has started before readiness probes is initiated +## @param readyProbeConf.periodSeconds How often (in seconds) to perform the probe +## @param readyProbeConf.failureThreshold When a probe fails, Kubernetes will try failureThreshold times before giving up +## +readyProbeConf: + initialDelaySeconds: 1 + periodSeconds: 5 + failureThreshold: 6 + +## @section PMM secrets +## +secret: + ## @param secret.name Defines the name of the k8s secret that holds passwords and other secrets + ## + name: "" + ## @param secret.annotations -- Secret annotations configuration + annotations: {} + ## @param secret.create If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user. + ## + create: true + ## @param secret.pmm_password Initial PMM password - it changes only on the first deployment, ignored if PMM was already provisioned and just restarted. If PMM admin password is not set, it will be generated. + ## E.g. + ## pmm_password: admin + ## + ## To get password execute `kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode` + ## + pmm_password: "admin" + ## + # GF_AUTH_GENERIC_OAUTH_CLIENT_ID optional client ID to integrate Grafana with internal iDP, requires other env defined as well under pmmEnv + # GF_AUTH_GENERIC_OAUTH_CLIENT_ID: + # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET optional secret to integrate Grafana with internal iDP, requires other env defined as well under pmmEnv + # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: + +## @param certs Optional certificates, if not provided PMM would use generated self-signed certificates, +## please provide your own signed ssl certificates like this in base 64 format: +## certs: + ## name: pmm-certs + ## files: + ## certificate.crt: + ## certificate.key: + ## ca-certs.pem: + ## dhparam.pem: + ## certificate.conf: +certs: {} + +## @section PMM network configuration +## Service configuration +## +service: + ## @param service.type Kubernetes Service type + ## + type: LoadBalancer + + ## Ports 443 and/or 80 + ## + ports: + ## @param service.ports[0].port https port number + - port: 443 + ## @param service.ports[0].targetPort target port to map for statefulset and ingress + targetPort: https + ## @param service.ports[0].protocol protocol for https + protocol: TCP + ## @param service.ports[0].name port name + name: https + ## @param service.ports[1].port http port number + - port: 80 + ## @param service.ports[1].targetPort target port to map for statefulset and ingress + targetPort: http + ## @param service.ports[1].protocol protocol for http + protocol: TCP + ## @param service.ports[1].name port name + name: http + +storage: + ## @param storage.storageClassName optional PMM data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClassName: "" + ## + ## @param storage.size size of storage [depends](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) on number of monitored services and data retention + ## + size: 10Gi + ## + ## @param storage.dataSource VolumeSnapshot to start from + ## + dataSource: {} + ## name: before-vX.Y.Z-upgrade + ## kind: VolumeSnapshot + ## apiGroup: snapshot.storage.k8s.io + ## + ## @param storage.selector select existing PersistentVolume + ## + selector: {} + ## matchLabels: + ## release: "stable" + ## matchExpressions: + ## - key: environment + ## operator: In + ## values: + ## - dev + +## @section PMM kubernetes configurations +## @param nameOverride String to partially override common.names.fullname template with a string (will prepend the release name) +## +nameOverride: "" + +## @param extraLabels Labels to add to all deployed objects +## +extraLabels: {} + +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## @param serviceAccount.create Specifies whether a ServiceAccount should be created +## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. +## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. +## +serviceAccount: + create: true + annotations: {} + name: "" + +## @param podAnnotations Pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} + +## @param podSecurityContext Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## E.g +## podSecurityContext: + ## fsGroup: 2000 +## +podSecurityContext: {} + +## @param securityContext Configure Container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## securityContext.capabilities The capabilities to add/drop when running containers +## securityContext.runAsUser Set pmm containers' Security Context runAsUser +## securityContext.runAsNonRoot Set pmm container's Security Context runAsNonRoot +## E.g. +## securityContext: + ## capabilities: + ## drop: + ## - ALL + ## readOnlyRootFilesystem: true + ## runAsNonRoot: true + ## runAsUser: 1000 +securityContext: {} + + +## @param nodeSelector Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## @param tolerations Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## @param affinity Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts +## +extraVolumeMounts: [] +## @param extraVolumes Optionally specify extra list of additional volumes +## +extraVolumes: [] diff --git a/addons/pmm/2.41/meta.yaml b/addons/pmm/2.41/meta.yaml new file mode 100644 index 00000000..25bf83f3 --- /dev/null +++ b/addons/pmm/2.41/meta.yaml @@ -0,0 +1,21 @@ +name: pmm +version: 2.41 +id: 1db95161-7193-4544-8c76-e5ad5f6c03f6 +description: "pmm" +displayName: "pmm" +metadata: + displayName: "pmm" + provider: + name: drycc + supportURL: https://www.percona.com/software/database-tools/percona-monitoring-and-management + documentationURL: https://www.percona.com/software/database-tools/percona-monitoring-and-management +tags: pmm +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "service.type" + required: false + description: "service type config for values.yaml" +archive: false \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-10/bind.yaml b/addons/pmm/2.41/plans/standard-10/bind.yaml new file mode 100644 index 00000000..eaaa1d36 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-10/bind.yaml @@ -0,0 +1,28 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .data.password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .data.username }' + - name: PORT + valueFrom: + secretKeyRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .data.portro }' \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-10/create-instance-schema.json b/addons/pmm/2.41/plans/standard-10/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-10/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-10/meta.yaml b/addons/pmm/2.41/plans/standard-10/meta.yaml new file mode 100644 index 00000000..aaa411c0 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-10" +id: d4d9338c-4958-4203-8e7d-bdfcb0d81945 +description: "pmm standard-10 plan: Disk 10Gi ,vCPUs 2 , RAM 2G" +displayName: "standard-10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/pmm/2.41/plans/standard-10/values.yaml b/addons/pmm/2.41/plans/standard-10/values.yaml new file mode 100644 index 00000000..676edb9d --- /dev/null +++ b/addons/pmm/2.41/plans/standard-10/values.yaml @@ -0,0 +1,30 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: pmm-standard-10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +pmmResources: + requests: + memory: "4Gi" + cpu: "4" + hugepages-2Mi: 4Mi + limits: + memory: "4Gi" + cpu: "4" + hugepages-2Mi: 4Mi + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +storage: + size: 10Gi From fe1679aeb612c1691024b575437f7163cd1630c4 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 5 Mar 2024 16:05:59 +0800 Subject: [PATCH 055/176] chore(pmm): set instance name --- .../pmm/2.41/chart/pmm/templates/statefulset.yaml | 6 +++--- addons/pmm/2.41/chart/pmm/values.yaml | 3 --- addons/pmm/2.41/plans/standard-10/bind.yaml | 15 +-------------- 3 files changed, 4 insertions(+), 20 deletions(-) diff --git a/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml b/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml index 752fb9ad..18fae7d6 100644 --- a/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml +++ b/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml @@ -64,19 +64,19 @@ spec: - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID valueFrom: secretKeyRef: - name: {{ .Values.secret.name }} + name: {{ include "pmm.fullname" . }} key: GF_AUTH_GENERIC_OAUTH_CLIENT_ID optional: true - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: - name: {{ .Values.secret.name }} + name: {{ include "pmm.fullname" . }} key: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET optional: true - name: GF_SECURITY_ADMIN_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.secret.name }} + name: {{ include "pmm.fullname" . }} key: PMM_ADMIN_PASSWORD optional: true - name: PMM_INSTALL_METHOD diff --git a/addons/pmm/2.41/chart/pmm/values.yaml b/addons/pmm/2.41/chart/pmm/values.yaml index 1647399a..21e4f3c6 100644 --- a/addons/pmm/2.41/chart/pmm/values.yaml +++ b/addons/pmm/2.41/chart/pmm/values.yaml @@ -66,9 +66,6 @@ readyProbeConf: ## @section PMM secrets ## secret: - ## @param secret.name Defines the name of the k8s secret that holds passwords and other secrets - ## - name: "" ## @param secret.annotations -- Secret annotations configuration annotations: {} ## @param secret.create If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user. diff --git a/addons/pmm/2.41/plans/standard-10/bind.yaml b/addons/pmm/2.41/plans/standard-10/bind.yaml index eaaa1d36..973abc94 100644 --- a/addons/pmm/2.41/plans/standard-10/bind.yaml +++ b/addons/pmm/2.41/plans/standard-10/bind.yaml @@ -11,18 +11,5 @@ credential: serviceRef: name: {{ include "pmm.fullname" . }} jsonpath: '{ .spec.clusterIP }' - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "pmm.fullname" . }} - jsonpath: '{ .data.password }' - - name: USERNAME - valueFrom: - secretKeyRef: - name: {{ include "pmm.fullname" . }} - jsonpath: '{ .data.username }' - name: PORT - valueFrom: - secretKeyRef: - name: {{ include "pmm.fullname" . }} - jsonpath: '{ .data.portro }' \ No newline at end of file + value: 80 \ No newline at end of file From b798fecfe5ccf526c4d564055e913b1e01e211f6 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 6 Mar 2024 17:34:20 +0800 Subject: [PATCH 056/176] chore(prometheus): add scrape namespace --- .../prometheus/templates/_scrape_config.tpl | 6 ++- .../templates/server/deployment.yaml | 35 +++++++++++++ .../prometheus/2/chart/prometheus/values.yaml | 52 ++++++++++++++++++- addons/prometheus/2/meta.yaml | 2 + 4 files changed, 92 insertions(+), 3 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index c6753fa3..14f45299 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -92,8 +92,12 @@ kubernetes_sd_configs: - role: endpoints namespaces: own_namespace: true - names: + names: - {{ include "common.names.namespace" .context }} + {{- range .value }} + - {{ include "common.tplvalues.render" (dict "value" . "context" $) }} + {{- end }} + relabel_configs: - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] action: keep diff --git a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml index d8ecaa9f..83711fde 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml @@ -95,6 +95,41 @@ spec: {{- include "common.tplvalues.render" (dict "value" .Values.server.initContainers "context" $) | nindent 8 }} {{- end }} containers: + {{- if .Values.configmapReload.prometheus.enabled }} + - name: prometheus-reload + image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" + imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" + {{- with .Values.configmapReload.prometheus.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + args: + - --volume-dir=/opt/drycc/prometheus/conf/ + - --webhook-url=http://{{ .Values.server.username }}:{{ .Values.server.password}}@127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload + {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- range .Values.configmapReload.prometheus.extraVolumeDirs }} + - --volume-dir={{ . }} + {{- end }} + {{- if .Values.configmapReload.prometheus.containerPort }} + ports: + - containerPort: {{ .Values.configmapReload.prometheus.containerPort }} + {{- end }} + resources: + {{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }} + volumeMounts: + - name: config + mountPath: /opt/drycc/prometheus/conf/ + readOnly: true + {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- end }} + - name: prometheus image: {{ template "prometheus.server.image" . }} imagePullPolicy: {{ .Values.server.image.pullPolicy }} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 807a45d1..55262846 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -578,7 +578,7 @@ alertmanager: ## server: username: admin - password: To6EJBHPUo + password: Sx3EIELCA image: registry: registry.drycc.cc repository: drycc-addons/prometheus @@ -636,7 +636,7 @@ server: {{- end }} {{- if .Values.scrapeAddons.enabled }} - job_name: addons - {{- include "addons.ds_scrape_config" (dict "context" $) | nindent 4 }} + {{- include "addons.ds_scrape_config" (dict "value" .Values.scrapeNamespaces "context" $) | nindent 4 }} {{- end }} {{- if .Values.server.extraScrapeConfigs}} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraScrapeConfigs "context" $) | nindent 2 }} @@ -1558,3 +1558,51 @@ volumePermissions: scrapeAddons: enabled: true + +scrapeNamespaces: + - xx1 + - xx2 + +configmapReload: + prometheus: + ## If false, the configmap-reload container will not be deployed + ## + enabled: true + + ## configmap-reload container name + ## + name: configmap-reload + + ## configmap-reload container image + ## + image: + repository: jimmidyson/configmap-reload + tag: v0.5.0 + pullPolicy: IfNotPresent + + # containerPort: 9533 + + ## Additional configmap-reload container arguments + ## + extraArgs: {} + ## Additional configmap-reload volume directories + ## + extraVolumeDirs: [] + + + ## Additional configmap-reload mounts + ## + extraConfigmapMounts: [] + # - name: prometheus-alerts + # mountPath: /etc/alerts.d + # subPath: "" + # configMap: prometheus-alerts + # readOnly: true + + ## Security context to be added to configmap-reload container + containerSecurityContext: {} + + ## configmap-reload resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} \ No newline at end of file diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index 0b0a15dc..a95995b0 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -33,4 +33,6 @@ allow_parameters: - name: "server.rules" required: false description: "rules config for values.yaml" +- name: "scrapeNamespaces" + required: false archive: false From 4d6a9988c9100595c275be2721f70251d2fb560c Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 7 Mar 2024 17:10:37 +0800 Subject: [PATCH 057/176] chore(postgres): set service type to ClusterIP --- .../15/chart/postgresql-cluster/templates/svc.yaml | 2 +- .../15/chart/postgresql-cluster/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index 3644db78..ac0c2c44 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -11,7 +11,7 @@ metadata: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: - type: {{ .Values.service.type }} + type: ClusterIP ports: - port: 5432 targetPort: 5432 diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 02f9bdfa..039ba9f6 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -204,7 +204,7 @@ patroni: ## Postgresql Prometheus exporter parameters ## metrics: - enabled: true + enabled: false image: repository: registry.drycc.cc/drycc-addons/postgres-exporter tag: "0" @@ -213,7 +213,7 @@ metrics: ## @param metrics.customMetrics Define additional custom metrics ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file ## customMetrics: - ## pg_database: + ## pg_database:.... ## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" ## metrics: ## - name: From a7a2a9fd12a9cb43c439b900dc8a7d178cf7a240 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 7 Mar 2024 17:19:30 +0800 Subject: [PATCH 058/176] chore(postgres): update metrics default values --- .../postgresql-cluster/15/chart/postgresql-cluster/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 039ba9f6..d1e7d72f 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -204,7 +204,7 @@ patroni: ## Postgresql Prometheus exporter parameters ## metrics: - enabled: false + enabled: true image: repository: registry.drycc.cc/drycc-addons/postgres-exporter tag: "0" From 0d90c1f242ff16606cd5bee9d4a80e80c5adb04d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 12 Mar 2024 17:38:41 +0800 Subject: [PATCH 059/176] chore(mysql-cluster): add router configmap , add resources limits to router and metrics --- .../mysql-cluster/templates/_helpers.tpl | 21 +++++++++++++++ .../templates/router/configmap.yaml | 23 ++++++++++++++++ .../templates/router/statefulset.yaml | 8 ++++-- .../8.0/chart/mysql-cluster/values.yaml | 26 ++++++++++++------- addons/mysql-cluster/8.0/meta.yaml | 3 +++ 5 files changed, 70 insertions(+), 11 deletions(-) create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/configmap.yaml diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/_helpers.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/_helpers.tpl index bb2ba662..b350f2de 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/_helpers.tpl +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/_helpers.tpl @@ -99,6 +99,17 @@ Return the configmap with the MySQL Primary configuration {{- end -}} {{- end -}} +{{/* +Return the configmap with the MySQL Router configuration +*/}} +{{- define "mysql.router.configmapName" -}} +{{- if .Values.router.existingConfigmap -}} + {{- printf "%s" (tpl .Values.router.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-router" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + {{/* Return true if a configmap object should be created for MySQL Secondary */}} @@ -109,6 +120,16 @@ Return true if a configmap object should be created for MySQL Secondary {{- end -}} {{- end -}} +{{/* +Return true if a configmap object should be created for MySQL router +*/}} +{{- define "mysql.router.createConfigmap" -}} +{{- if and .Values.router.configuration (not .Values.router.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + {{/* Return the configmap with the MySQL Primary configuration */}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/configmap.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/configmap.yaml new file mode 100644 index 00000000..3e5b02b5 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/configmap.yaml @@ -0,0 +1,23 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "mysql.router.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mysql.router.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: router + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + extra-router.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.router.configuration "context" $ ) | nindent 4 }} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml index 9134cbfe..9ef9e93e 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml @@ -157,7 +157,7 @@ spec: - -ec - | ln -sf /dev/stdout /opt/drycc/mysql/conf/router/log/mysqlrouter.log - mysqlrouter -c /opt/drycc/mysql/conf/router/mysqlrouter.conf + mysqlrouter -c /opt/drycc/mysql/conf/router/mysqlrouter.conf -a /opt/drycc/mysql/conf/router/extra/extra-router.conf env: - name: MYSQL_HOST value: {{ include "mysql.primary.fullname" . }} @@ -174,7 +174,8 @@ spec: volumeMounts: - name: router-volume mountPath: /opt/drycc/mysql/conf - + - name: extra-config + mountPath: /opt/drycc/mysql/conf/router/extra ports: - name: routerrw containerPort: 6446 @@ -222,3 +223,6 @@ spec: volumes: - name: router-volume emptyDir: {} + - name: extra-config + configMap: + name: {{ include "mysql.router.configmapName" . }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index ce87fd76..79c58704 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -179,9 +179,7 @@ initdbScripts: echo loose-group_replication_local_address=$mgr_host:24901 >> $base_conf_file echo report_host=$mgr_host >> $base_conf_file echo loose-group_replication_group_seeds="$svc_mgr_host-0:24901,$svc_mgr_host-1:24901,$svc_mgr_host-2:24901" >> $base_conf_file - - echo plugin_load_add='group_replication.so' >> $base_conf_file - + echo loose-group_replication_start_on_boot='OFF' >> $base_conf_file echo max_connections=$MAX_CONNECTION_LIMIT >> $base_conf_file ## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) @@ -218,7 +216,6 @@ primary: configuration: |- [mysqld] # server - max_connections=10000 default_authentication_plugin=caching_sha2_password skip-name-resolve relay-log=relay-log @@ -260,7 +257,6 @@ primary: # Multi-threaded Replication replica_preserve_commit_order=ON replica_parallel_workers=8 - replica_parallel_type=LOGICAL_CLOCK # Group Replication Settings @@ -610,6 +606,10 @@ router: ## replicaCount: 2 + configuration: |- + [routing:bootstrap_rw] + max_connections=1000 + ## @param primary.existingConfigmap Name of existing ConfigMap with MySQL Primary configuration. ## NOTE: When it's set the 'configuration' parameter is ignored ## @@ -716,13 +716,17 @@ router: ## cpu: 250m ## memory: 256Mi ## - limits: {} + limits: + cpu: 250m + memory: 256Mi ## Examples: ## requests: ## cpu: 250m ## memory: 256Mi ## - requests: {} + requests: + cpu: 250m + memory: 256Mi ## Configure extra options for liveness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param secondary.livenessProbe.enabled Enable livenessProbe @@ -1117,12 +1121,16 @@ metrics: ## limits: ## cpu: 100m ## memory: 256Mi - limits: {} + limits: + cpu: 100m + memory: 256Mi ## Examples: ## requests: ## cpu: 100m ## memory: 256Mi - requests: {} + requests: + cpu: 100m + memory: 256Mi containerSecurityContext: enabled: true runAsUser: 1001 diff --git a/addons/mysql-cluster/8.0/meta.yaml b/addons/mysql-cluster/8.0/meta.yaml index 273e3a55..5c748c3b 100644 --- a/addons/mysql-cluster/8.0/meta.yaml +++ b/addons/mysql-cluster/8.0/meta.yaml @@ -21,4 +21,7 @@ allow_parameters: - name: "router.service.type" required: false description: "service type config for values.yaml" +- name: "router.configuration" + required: false + description: "router config for values.yaml" archive: false \ No newline at end of file From b190f6c83406019a213f288ff84a262c62736806 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 13 Mar 2024 09:53:02 +0800 Subject: [PATCH 060/176] chore(mysql-cluster): modify networkpolicy rules. empty ingress when router service type is loadbalancer --- .../mysql-cluster/templates/networkpolicy.yaml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index b792b024..7571e48b 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -20,6 +20,7 @@ spec: podSelector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.router.service.type "ClusterIP" }} ingress: # Allow inbound connections - ports: @@ -27,10 +28,10 @@ spec: - port: {{ .Values.router.service.portro }} - port: 24901 - port: 33061 - {{- if and .Values.metrics.enabled }} + {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.service.port }} - {{ end }} - {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + {{- end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} - namespaceSelector: @@ -38,11 +39,16 @@ spec: kubernetes.io/metadata.name: {{ .Release.Namespace }} {{- end }} {{- range $namespace := .Values.networkPolicy.allowNamespaces }} - {{- if $namespace }} + {{- if $namespace }} - namespaceSelector: matchLabels: kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} {{- end }} - {{- end }} + {{- end }} {{- end }} + {{- if eq .Values.router.service.type "LoadBalancer" }} + ingress: + - {} + {{- end}} {{- end }} From 82bc0c31f46436e5b324219646c9f73e2a29f372 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 13 Mar 2024 11:56:16 +0800 Subject: [PATCH 061/176] chore(postgresql-cluster): Allow all ip when service type is Loadbalancer --- .../templates/networkpolicy.yaml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index 92fdc9a7..cf6bfb01 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -17,15 +17,16 @@ spec: podSelector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.service.type "ClusterIP" }} ingress: # Allow inbound connections - ports: - port: 5432 - port: 9000 - {{- if and .Values.metrics.enabled }} + {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.containerPort }} - {{ end }} - {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + {{ end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} - namespaceSelector: @@ -33,11 +34,16 @@ spec: kubernetes.io/metadata.name: {{ .Release.Namespace }} {{- end }} {{- range $namespace := .Values.networkPolicy.allowNamespaces }} - {{- if $namespace }} + {{- if $namespace }} - namespaceSelector: matchLabels: kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} {{- end }} - {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + ingress: + - {} {{- end }} {{- end }} From 5c786db90a6b43a8906042e1ee789ce23e74e1b6 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 13 Mar 2024 15:45:03 +0800 Subject: [PATCH 062/176] chore(cloudbeaver): add networkpolicy ,Allow all ip when service type is Loadbalancer --- .../cloudbeaver/templates/networkpolicy.yaml | 48 +++++++++++++++++++ .../23/chart/cloudbeaver/values.yaml | 17 +++++++ addons/cloudbeaver/23/meta.yaml | 5 +- .../23/plans/standard-10/bind.yaml | 5 +- .../23/plans/standard-10/meta.yaml | 6 +-- 5 files changed, 74 insertions(+), 7 deletions(-) create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/networkpolicy.yaml diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/networkpolicy.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/networkpolicy.yaml new file mode 100644 index 00000000..bc795be6 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/networkpolicy.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.service.type "ClusterIP" }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.service.ports.http }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + ingress: + - {} + {{- end}} +{{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml index 149c69d3..6ecd5d54 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml @@ -514,3 +514,20 @@ ingress: ## name: http ## extraRules: [] + ## @section Network Policy + +## MySQL Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port MySQL is listening + ## on. When true, MySQL will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] + diff --git a/addons/cloudbeaver/23/meta.yaml b/addons/cloudbeaver/23/meta.yaml index ad833d26..099b9e53 100644 --- a/addons/cloudbeaver/23/meta.yaml +++ b/addons/cloudbeaver/23/meta.yaml @@ -13,8 +13,11 @@ tags: cloudbeaver bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: +- name: "networkPolicy.allowNamespaces" + required: false + description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" required: false description: "service type config for values.yaml" diff --git a/addons/cloudbeaver/23/plans/standard-10/bind.yaml b/addons/cloudbeaver/23/plans/standard-10/bind.yaml index 5ee51e2a..cb335964 100644 --- a/addons/cloudbeaver/23/plans/standard-10/bind.yaml +++ b/addons/cloudbeaver/23/plans/standard-10/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PORT valueFrom: serviceRef: diff --git a/addons/cloudbeaver/23/plans/standard-10/meta.yaml b/addons/cloudbeaver/23/plans/standard-10/meta.yaml index 3c070e39..8c43a1e4 100644 --- a/addons/cloudbeaver/23/plans/standard-10/meta.yaml +++ b/addons/cloudbeaver/23/plans/standard-10/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-5" +name: "standard-10" id: 9d92b94d-c63e-47a8-ac91-352f511ef0a9 -description: "Cloudbeaver standard-5 plan: Disk 5Gi ,vCPUs 1 , RAM 2G" -displayName: "standard-5" +description: "Cloudbeaver standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G" +displayName: "standard-10" bindable: true maximum_polling_duration: 1800 From 9e65f72391c4c8ac34017e27034387bcf3431aec Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 13 Mar 2024 16:02:32 +0800 Subject: [PATCH 063/176] chore(cloudbeaver): fix typo --- addons/cloudbeaver/23/chart/cloudbeaver/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml index 6ecd5d54..3da722b3 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml @@ -516,7 +516,7 @@ ingress: extraRules: [] ## @section Network Policy -## MySQL Nework Policy configuration +## Nework Policy configuration ## networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources From f5bd56fb8b52e9d9810ae47cd5827dd616cc0b47 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 14 Mar 2024 16:40:17 +0800 Subject: [PATCH 064/176] chore(pmm): pmm network support --- .../chart/pmm/templates/networkpolicy.yaml | 50 +++++++++++++++++++ addons/pmm/2.41/chart/pmm/values.yaml | 15 ++++++ 2 files changed, 65 insertions(+) create mode 100644 addons/pmm/2.41/chart/pmm/templates/networkpolicy.yaml diff --git a/addons/pmm/2.41/chart/pmm/templates/networkpolicy.yaml b/addons/pmm/2.41/chart/pmm/templates/networkpolicy.yaml new file mode 100644 index 00000000..7bf5bed7 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/networkpolicy.yaml @@ -0,0 +1,50 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.service.type "ClusterIP" }} + ingress: + # Allow inbound connections + {{- with .Values.service.ports }} + - ports: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + ingress: + - {} + {{- end}} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/values.yaml b/addons/pmm/2.41/chart/pmm/values.yaml index 21e4f3c6..ccda0b1a 100644 --- a/addons/pmm/2.41/chart/pmm/values.yaml +++ b/addons/pmm/2.41/chart/pmm/values.yaml @@ -226,3 +226,18 @@ extraVolumeMounts: [] ## @param extraVolumes Optionally specify extra list of additional volumes ## extraVolumes: [] + +## Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port MySQL is listening + ## on. When true, MySQL will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] From 20bb4605fcca3badd4323a639bccbca69731fa67 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 14 Mar 2024 17:07:46 +0800 Subject: [PATCH 065/176] chore(pmm): fix pmm chart.yaml --- addons/pmm/2.41/chart/pmm/Chart.yaml | 41 +++++++++++++++++----------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/addons/pmm/2.41/chart/pmm/Chart.yaml b/addons/pmm/2.41/chart/pmm/Chart.yaml index 7353e99f..a80e91fc 100644 --- a/addons/pmm/2.41/chart/pmm/Chart.yaml +++ b/addons/pmm/2.41/chart/pmm/Chart.yaml @@ -1,18 +1,27 @@ +annotations: + category: monitor apiVersion: v2 -name: pmm -description: A Helm chart for Percona Monitoring and Management (PMM) -type: application -version: 1.3.11 -appVersion: "2.41.1" -home: https://github.com/percona/pmm -maintainers: - - name: tplavcic - email: tomislav.plavcic@percona.com - - name: bupychuk - email: nurlan.moldomurov@percona.com - - name: spron-in - email: sergey.pronin@percona.com +appVersion: 2.41 +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + tags: + - drycc-common + version: ~1.1.2 +description: Percona Monitoring and Management an open source database monitoring, observability and management tool +engine: gotpl +home: https://github.com/drycc/charts/tree/master/drycc/pmm +icon: https://drycc.com/assets/stacks/pmm/img/pmm-stack-220x234.png keywords: - - PMM - - Monitoring -icon: https://www.percona.com/sites/default/files/pmm-logo.png + - mysql + - postgres + - mongodb + - monitor +maintainers: + - name: Drycc + url: https://github.com/drycc/charts +name: pmm +sources: + - https://github.com/drycc/containers/tree/main/drycc/mysql + - https://github.com/percona/pmm +version: 2.41 From f641e92fd2dc6236e7b80c743e867e1407952104 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 14 Mar 2024 17:16:22 +0800 Subject: [PATCH 066/176] chore(pmm): fix pmm chart.yaml --- addons/pmm/2.41/chart/pmm/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/addons/pmm/2.41/chart/pmm/Chart.yaml b/addons/pmm/2.41/chart/pmm/Chart.yaml index a80e91fc..55497a7d 100644 --- a/addons/pmm/2.41/chart/pmm/Chart.yaml +++ b/addons/pmm/2.41/chart/pmm/Chart.yaml @@ -1,7 +1,7 @@ annotations: category: monitor apiVersion: v2 -appVersion: 2.41 +appVersion: 2.41.0 dependencies: - name: common repository: oci://registry.drycc.cc/charts @@ -24,4 +24,4 @@ name: pmm sources: - https://github.com/drycc/containers/tree/main/drycc/mysql - https://github.com/percona/pmm -version: 2.41 +version: 2.41.0 From 31f839fb516a114c1fd0040e832851e13ee26929 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 12 Apr 2024 11:48:39 +0800 Subject: [PATCH 067/176] chore(addons): against plans to standard specifications --- addons/cloudbeaver/23/plans/standard-10/meta.yaml | 6 +++--- addons/grafana/10/plans/standard-5/meta.yaml | 6 +++--- addons/mysql-cluster/8.0/plans/standard-10/meta.yaml | 6 ------ addons/mysql-cluster/8.0/plans/standard-100/meta.yaml | 6 ------ .../8.0/plans/{standard-10 => standard-16c64g400}/bind.yaml | 0 .../create-instance-schema.json | 0 addons/mysql-cluster/8.0/plans/standard-16c64g400/meta.yaml | 6 ++++++ .../plans/{standard-400 => standard-16c64g400}/values.yaml | 0 .../8.0/plans/{standard-100 => standard-1c2g10}/bind.yaml | 0 .../create-instance-schema.json | 0 addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml | 6 ++++++ .../8.0/plans/{standard-10 => standard-1c2g10}/values.yaml | 0 addons/mysql-cluster/8.0/plans/standard-20/meta.yaml | 6 ------ addons/mysql-cluster/8.0/plans/standard-200/meta.yaml | 6 ------ .../8.0/plans/{standard-20 => standard-2c4g20}/bind.yaml | 0 .../create-instance-schema.json | 0 addons/mysql-cluster/8.0/plans/standard-2c4g20/meta.yaml | 6 ++++++ .../8.0/plans/{standard-20 => standard-2c4g20}/values.yaml | 0 .../8.0/plans/{standard-200 => standard-2c8g50}/bind.yaml | 0 .../create-instance-schema.json | 0 addons/mysql-cluster/8.0/plans/standard-2c8g50/meta.yaml | 6 ++++++ .../8.0/plans/{standard-50 => standard-2c8g50}/values.yaml | 0 .../plans/{standard-400 => standard-32c128g800}/bind.yaml | 0 .../create-instance-schema.json | 0 .../mysql-cluster/8.0/plans/standard-32c128g800/meta.yaml | 6 ++++++ .../plans/{standard-800 => standard-32c128g800}/values.yaml | 0 addons/mysql-cluster/8.0/plans/standard-400/meta.yaml | 6 ------ .../8.0/plans/{standard-50 => standard-4c16g100}/bind.yaml | 0 .../create-instance-schema.json | 0 addons/mysql-cluster/8.0/plans/standard-4c16g100/meta.yaml | 6 ++++++ .../plans/{standard-100 => standard-4c16g100}/values.yaml | 0 addons/mysql-cluster/8.0/plans/standard-50/meta.yaml | 6 ------ addons/mysql-cluster/8.0/plans/standard-800/meta.yaml | 6 ------ .../8.0/plans/{standard-800 => standard-8c32g200}/bind.yaml | 0 .../create-instance-schema.json | 0 addons/mysql-cluster/8.0/plans/standard-8c32g200/meta.yaml | 6 ++++++ .../plans/{standard-200 => standard-8c32g200}/values.yaml | 0 addons/pmm/2.41/plans/standard-10/meta.yaml | 6 ------ .../2.41/plans/{standard-10 => standard-2c2g10}/bind.yaml | 0 .../create-instance-schema.json | 0 addons/pmm/2.41/plans/standard-2c2g10/meta.yaml | 6 ++++++ .../2.41/plans/{standard-10 => standard-2c2g10}/values.yaml | 0 addons/postgresql-cluster/15/plans/standard-100/meta.yaml | 6 ------ .../15/plans/{standard-100 => standard-16c64g400}/bind.yaml | 0 .../create-instance-schema.json | 0 .../15/plans/standard-16c64g400/meta.yaml | 6 ++++++ .../plans/{standard-400 => standard-16c64g400}/values.yaml | 0 .../15/plans/{standard-10 => standard-1c2g10}/bind.yaml | 0 .../create-instance-schema.json | 0 .../15/plans/{standard-10 => standard-1c2g10}/meta.yaml | 4 ++-- .../15/plans/{standard-10 => standard-1c2g10}/values.yaml | 0 addons/postgresql-cluster/15/plans/standard-20/meta.yaml | 6 ------ addons/postgresql-cluster/15/plans/standard-200/meta.yaml | 6 ------ .../15/plans/{standard-20 => standard-2c4g20}/bind.yaml | 0 .../create-instance-schema.json | 0 .../postgresql-cluster/15/plans/standard-2c4g20/meta.yaml | 6 ++++++ .../15/plans/{standard-20 => standard-2c4g20}/values.yaml | 0 .../15/plans/{standard-200 => standard-2c8g50}/bind.yaml | 0 .../create-instance-schema.json | 0 .../postgresql-cluster/15/plans/standard-2c8g50/meta.yaml | 6 ++++++ .../15/plans/{standard-50 => standard-2c8g50}/values.yaml | 0 .../plans/{standard-400 => standard-32c128g800}/bind.yaml | 0 .../create-instance-schema.json | 0 .../15/plans/standard-32c128g800/meta.yaml | 6 ++++++ .../plans/{standard-800 => standard-32c128g800}/values.yaml | 0 .../15/plans/{standard-4t => standard-32c64g4000}/bind.yaml | 0 .../create-instance-schema.json | 0 .../15/plans/standard-32c64g4000/meta.yaml | 6 ++++++ .../plans/{standard-4t => standard-32c64g4000}/values.yaml | 0 addons/postgresql-cluster/15/plans/standard-400/meta.yaml | 6 ------ .../15/plans/{standard-50 => standard-4c16g100}/bind.yaml | 0 .../create-instance-schema.json | 0 .../postgresql-cluster/15/plans/standard-4c16g100/meta.yaml | 6 ++++++ .../plans/{standard-100 => standard-4c16g100}/values.yaml | 0 addons/postgresql-cluster/15/plans/standard-4t/meta.yaml | 6 ------ addons/postgresql-cluster/15/plans/standard-50/meta.yaml | 6 ------ addons/postgresql-cluster/15/plans/standard-800/meta.yaml | 6 ------ .../15/plans/{standard-800 => standard-8c32g200}/bind.yaml | 0 .../create-instance-schema.json | 0 .../postgresql-cluster/15/plans/standard-8c32g200/meta.yaml | 6 ++++++ .../plans/{standard-200 => standard-8c32g200}/values.yaml | 0 81 files changed, 98 insertions(+), 98 deletions(-) delete mode 100644 addons/mysql-cluster/8.0/plans/standard-10/meta.yaml delete mode 100644 addons/mysql-cluster/8.0/plans/standard-100/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-10 => standard-16c64g400}/bind.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-10 => standard-16c64g400}/create-instance-schema.json (100%) create mode 100644 addons/mysql-cluster/8.0/plans/standard-16c64g400/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-400 => standard-16c64g400}/values.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-100 => standard-1c2g10}/bind.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-100 => standard-1c2g10}/create-instance-schema.json (100%) create mode 100644 addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-10 => standard-1c2g10}/values.yaml (100%) delete mode 100644 addons/mysql-cluster/8.0/plans/standard-20/meta.yaml delete mode 100644 addons/mysql-cluster/8.0/plans/standard-200/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-20 => standard-2c4g20}/bind.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-20 => standard-2c4g20}/create-instance-schema.json (100%) create mode 100644 addons/mysql-cluster/8.0/plans/standard-2c4g20/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-20 => standard-2c4g20}/values.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-200 => standard-2c8g50}/bind.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-200 => standard-2c8g50}/create-instance-schema.json (100%) create mode 100644 addons/mysql-cluster/8.0/plans/standard-2c8g50/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-50 => standard-2c8g50}/values.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-400 => standard-32c128g800}/bind.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-400 => standard-32c128g800}/create-instance-schema.json (100%) create mode 100644 addons/mysql-cluster/8.0/plans/standard-32c128g800/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-800 => standard-32c128g800}/values.yaml (100%) delete mode 100644 addons/mysql-cluster/8.0/plans/standard-400/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-50 => standard-4c16g100}/bind.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-50 => standard-4c16g100}/create-instance-schema.json (100%) create mode 100644 addons/mysql-cluster/8.0/plans/standard-4c16g100/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-100 => standard-4c16g100}/values.yaml (100%) delete mode 100644 addons/mysql-cluster/8.0/plans/standard-50/meta.yaml delete mode 100644 addons/mysql-cluster/8.0/plans/standard-800/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-800 => standard-8c32g200}/bind.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-800 => standard-8c32g200}/create-instance-schema.json (100%) create mode 100644 addons/mysql-cluster/8.0/plans/standard-8c32g200/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-200 => standard-8c32g200}/values.yaml (100%) delete mode 100644 addons/pmm/2.41/plans/standard-10/meta.yaml rename addons/pmm/2.41/plans/{standard-10 => standard-2c2g10}/bind.yaml (100%) rename addons/pmm/2.41/plans/{standard-10 => standard-2c2g10}/create-instance-schema.json (100%) create mode 100644 addons/pmm/2.41/plans/standard-2c2g10/meta.yaml rename addons/pmm/2.41/plans/{standard-10 => standard-2c2g10}/values.yaml (100%) delete mode 100644 addons/postgresql-cluster/15/plans/standard-100/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-100 => standard-16c64g400}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-10 => standard-16c64g400}/create-instance-schema.json (100%) create mode 100644 addons/postgresql-cluster/15/plans/standard-16c64g400/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-400 => standard-16c64g400}/values.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-10 => standard-1c2g10}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-100 => standard-1c2g10}/create-instance-schema.json (100%) rename addons/postgresql-cluster/15/plans/{standard-10 => standard-1c2g10}/meta.yaml (77%) rename addons/postgresql-cluster/15/plans/{standard-10 => standard-1c2g10}/values.yaml (100%) delete mode 100644 addons/postgresql-cluster/15/plans/standard-20/meta.yaml delete mode 100644 addons/postgresql-cluster/15/plans/standard-200/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-20 => standard-2c4g20}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-20 => standard-2c4g20}/create-instance-schema.json (100%) create mode 100644 addons/postgresql-cluster/15/plans/standard-2c4g20/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-20 => standard-2c4g20}/values.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-200 => standard-2c8g50}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-200 => standard-2c8g50}/create-instance-schema.json (100%) create mode 100644 addons/postgresql-cluster/15/plans/standard-2c8g50/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-50 => standard-2c8g50}/values.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-400 => standard-32c128g800}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-400 => standard-32c128g800}/create-instance-schema.json (100%) create mode 100644 addons/postgresql-cluster/15/plans/standard-32c128g800/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-800 => standard-32c128g800}/values.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-4t => standard-32c64g4000}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-4t => standard-32c64g4000}/create-instance-schema.json (100%) create mode 100644 addons/postgresql-cluster/15/plans/standard-32c64g4000/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-4t => standard-32c64g4000}/values.yaml (100%) delete mode 100644 addons/postgresql-cluster/15/plans/standard-400/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-50 => standard-4c16g100}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-50 => standard-4c16g100}/create-instance-schema.json (100%) create mode 100644 addons/postgresql-cluster/15/plans/standard-4c16g100/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-100 => standard-4c16g100}/values.yaml (100%) delete mode 100644 addons/postgresql-cluster/15/plans/standard-4t/meta.yaml delete mode 100644 addons/postgresql-cluster/15/plans/standard-50/meta.yaml delete mode 100644 addons/postgresql-cluster/15/plans/standard-800/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-800 => standard-8c32g200}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-800 => standard-8c32g200}/create-instance-schema.json (100%) create mode 100644 addons/postgresql-cluster/15/plans/standard-8c32g200/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-200 => standard-8c32g200}/values.yaml (100%) diff --git a/addons/cloudbeaver/23/plans/standard-10/meta.yaml b/addons/cloudbeaver/23/plans/standard-10/meta.yaml index 8c43a1e4..fb12258c 100644 --- a/addons/cloudbeaver/23/plans/standard-10/meta.yaml +++ b/addons/cloudbeaver/23/plans/standard-10/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-10" +name: "standard-1c2g10" id: 9d92b94d-c63e-47a8-ac91-352f511ef0a9 -description: "Cloudbeaver standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G" -displayName: "standard-10" +description: "Cloudbeaver standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G" +displayName: "standard-1c2g10" bindable: true maximum_polling_duration: 1800 diff --git a/addons/grafana/10/plans/standard-5/meta.yaml b/addons/grafana/10/plans/standard-5/meta.yaml index 9940bdc8..455ec32f 100644 --- a/addons/grafana/10/plans/standard-5/meta.yaml +++ b/addons/grafana/10/plans/standard-5/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-5" +name: "standard-1c1g5" id: 1694a049-0f1d-40c6-8c56-59b8285f1654 -description: "grafana plan which limit 1c1g ,default persistence size 5Gi." -displayName: "1C2G" +description: "grafana plan standard-1c1g5 which limit 1c1g ,default persistence size 5Gi." +displayName: "1c1g5" bindable: true maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml deleted file mode 100644 index 6c738828..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-10" -id: 2b455154-8725-482a-95b2-a193c180d9b5 -description: "Mysql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" -displayName: "standard-10" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml deleted file mode 100644 index 3cb9c0d4..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-100" -id: 20cf5c53-699f-46e8-b541-d95c9fcccb86 -description: "Mysql Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 4000" -displayName: "standard-100" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/bind.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-10/bind.yaml rename to addons/mysql-cluster/8.0/plans/standard-16c64g400/bind.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-10/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-16c64g400/create-instance-schema.json similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-10/create-instance-schema.json rename to addons/mysql-cluster/8.0/plans/standard-16c64g400/create-instance-schema.json diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/meta.yaml new file mode 100644 index 00000000..5b3b5c02 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-16c64g400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-16c64g400" +id: f96fb7d8-3012-4175-931e-902e26697441 +description: "Mysql Cluster standard-16c64g400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 1600" +displayName: "standard-16c64g400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-400/values.yaml rename to addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-100/bind.yaml rename to addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json rename to addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml new file mode 100644 index 00000000..c8f45468 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1g2g10" +id: 2b455154-8725-482a-95b2-a193c180d9b5 +description: "Mysql Cluster standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" +displayName: "standard-1c2g10" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-10/values.yaml rename to addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml deleted file mode 100644 index e749a7db..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-20" -id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc -description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" -displayName: "standard-20" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml deleted file mode 100644 index b857ef1e..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-200" -id: 8205e5d3-a954-4c68-a570-efa8c607c1d7 -description: "Mysql Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 8000" -displayName: "standard-200" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-2c4g20/bind.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-20/bind.yaml rename to addons/mysql-cluster/8.0/plans/standard-2c4g20/bind.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-2c4g20/create-instance-schema.json similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json rename to addons/mysql-cluster/8.0/plans/standard-2c4g20/create-instance-schema.json diff --git a/addons/mysql-cluster/8.0/plans/standard-2c4g20/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-2c4g20/meta.yaml new file mode 100644 index 00000000..9df7017f --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-2c4g20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g20" +id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc +description: "Mysql Cluster standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-2c4g20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-20/values.yaml b/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-20/values.yaml rename to addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-2c8g50/bind.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-200/bind.yaml rename to addons/mysql-cluster/8.0/plans/standard-2c8g50/bind.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-2c8g50/create-instance-schema.json similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json rename to addons/mysql-cluster/8.0/plans/standard-2c8g50/create-instance-schema.json diff --git a/addons/mysql-cluster/8.0/plans/standard-2c8g50/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-2c8g50/meta.yaml new file mode 100644 index 00000000..cc17b298 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-2c8g50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c8g50" +id: 6f69bee2-6de2-4baf-bbe1-27844a2998b2 +description: "Mysql Cluster standard-2c8g50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-2c8g50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-50/values.yaml b/addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-50/values.yaml rename to addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/bind.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-400/bind.yaml rename to addons/mysql-cluster/8.0/plans/standard-32c128g800/bind.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-32c128g800/create-instance-schema.json similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json rename to addons/mysql-cluster/8.0/plans/standard-32c128g800/create-instance-schema.json diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/meta.yaml new file mode 100644 index 00000000..57d19b9b --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-32c128g800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c128g800" +id: 829768aa-f287-42ee-b98c-db40ec670d38 +description: "Mysql Cluster standard-32c128g800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 32000" +displayName: "standard-32c128g800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-800/values.yaml rename to addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml deleted file mode 100644 index c802ccc6..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-400" -id: f96fb7d8-3012-4175-931e-902e26697441 -description: "Mysql Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 1600" -displayName: "standard-400" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-4c16g100/bind.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-50/bind.yaml rename to addons/mysql-cluster/8.0/plans/standard-4c16g100/bind.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-4c16g100/create-instance-schema.json similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json rename to addons/mysql-cluster/8.0/plans/standard-4c16g100/create-instance-schema.json diff --git a/addons/mysql-cluster/8.0/plans/standard-4c16g100/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-4c16g100/meta.yaml new file mode 100644 index 00000000..720efb35 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-4c16g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c16g100" +id: 20cf5c53-699f-46e8-b541-d95c9fcccb86 +description: "Mysql Cluster standard-4c16g100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 4000" +displayName: "standard-4c16g100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-100/values.yaml b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-100/values.yaml rename to addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml deleted file mode 100644 index a6d4e5bd..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-50" -id: 6f69bee2-6de2-4baf-bbe1-27844a2998b2 -description: "Mysql Cluster standard-10 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" -displayName: "standard-50" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml deleted file mode 100644 index 72806d97..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-800" -id: 829768aa-f287-42ee-b98c-db40ec670d38 -description: "Mysql Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 32000" -displayName: "standard-800" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/bind.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-800/bind.yaml rename to addons/mysql-cluster/8.0/plans/standard-8c32g200/bind.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-8c32g200/create-instance-schema.json similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json rename to addons/mysql-cluster/8.0/plans/standard-8c32g200/create-instance-schema.json diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/meta.yaml new file mode 100644 index 00000000..4b70945d --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-8c32g200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c32g200" +id: 8205e5d3-a954-4c68-a570-efa8c607c1d7 +description: "Mysql Cluster standard-8c32g200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 8000" +displayName: "standard-8c32g200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-200/values.yaml rename to addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml diff --git a/addons/pmm/2.41/plans/standard-10/meta.yaml b/addons/pmm/2.41/plans/standard-10/meta.yaml deleted file mode 100644 index aaa411c0..00000000 --- a/addons/pmm/2.41/plans/standard-10/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-10" -id: d4d9338c-4958-4203-8e7d-bdfcb0d81945 -description: "pmm standard-10 plan: Disk 10Gi ,vCPUs 2 , RAM 2G" -displayName: "standard-10" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/pmm/2.41/plans/standard-10/bind.yaml b/addons/pmm/2.41/plans/standard-2c2g10/bind.yaml similarity index 100% rename from addons/pmm/2.41/plans/standard-10/bind.yaml rename to addons/pmm/2.41/plans/standard-2c2g10/bind.yaml diff --git a/addons/pmm/2.41/plans/standard-10/create-instance-schema.json b/addons/pmm/2.41/plans/standard-2c2g10/create-instance-schema.json similarity index 100% rename from addons/pmm/2.41/plans/standard-10/create-instance-schema.json rename to addons/pmm/2.41/plans/standard-2c2g10/create-instance-schema.json diff --git a/addons/pmm/2.41/plans/standard-2c2g10/meta.yaml b/addons/pmm/2.41/plans/standard-2c2g10/meta.yaml new file mode 100644 index 00000000..bf17a90c --- /dev/null +++ b/addons/pmm/2.41/plans/standard-2c2g10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c2g10" +id: d4d9338c-4958-4203-8e7d-bdfcb0d81945 +description: "pmm standard-2c2g10 plan: Disk 10Gi ,vCPUs 2 , RAM 2G" +displayName: "standard-2c2g10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/pmm/2.41/plans/standard-10/values.yaml b/addons/pmm/2.41/plans/standard-2c2g10/values.yaml similarity index 100% rename from addons/pmm/2.41/plans/standard-10/values.yaml rename to addons/pmm/2.41/plans/standard-2c2g10/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml deleted file mode 100644 index 699f4aaa..00000000 --- a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-100" -id: c44160a6-5ec4-49e5-af1e-a1c1676871cf -description: "PostgreSQL Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" -displayName: "standard-100" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-100/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-16c64g400/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-16c64g400/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-16c64g400/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-16c64g400/meta.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/meta.yaml new file mode 100644 index 00000000..0e82a8d2 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-16c64g400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-16c64g400" +id: 16bfd3a8-1080-4731-93d0-bd90e6ba6dad +description: "PostgreSQL Cluster standard-16c64g400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-16c64g400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-400/values.yaml rename to addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-1c2g10/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-10/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-1c2g10/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml b/addons/postgresql-cluster/15/plans/standard-1c2g10/meta.yaml similarity index 77% rename from addons/postgresql-cluster/15/plans/standard-10/meta.yaml rename to addons/postgresql-cluster/15/plans/standard-1c2g10/meta.yaml index f5c2257b..ecec7095 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-1c2g10/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-10" +name: "standard-1c2g10" id: 83c3b52e-2685-4362-9ea1-42e170060c78 description: "Postgresql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" -displayName: "standard-10" +displayName: "standard-1c2g10" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-10/values.yaml rename to addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml deleted file mode 100644 index 0f67097a..00000000 --- a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-20" -id: edf8bdfe-b1dc-4f41-b042-801153794df7 -description: "PostgreSQL Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" -displayName: "standard-20" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml deleted file mode 100644 index cbfb48ce..00000000 --- a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-200" -id: a2160ac2-6c35-4162-b8a2-8dfb2e01816f -description: "PostgreSQL Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" -displayName: "standard-200" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-2c4g20/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-20/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-2c4g20/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-2c4g20/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-2c4g20/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-2c4g20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-2c4g20/meta.yaml new file mode 100644 index 00000000..e6fc9417 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-2c4g20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g20" +id: edf8bdfe-b1dc-4f41-b042-801153794df7 +description: "PostgreSQL Cluster standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-2c4g20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-20/values.yaml rename to addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-2c8g50/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-200/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-2c8g50/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-2c8g50/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-2c8g50/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-2c8g50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-2c8g50/meta.yaml new file mode 100644 index 00000000..f559091d --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-2c8g50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c8g50" +id: 0542f411-4e7b-46af-966c-c9989e54873c +description: "PostgreSQL Cluster standard-2c8g50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-2c8g50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-50/values.yaml rename to addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-400/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-32c128g800/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-32c128g800/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-32c128g800/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-32c128g800/meta.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/meta.yaml new file mode 100644 index 00000000..90f0ee80 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-32c128g800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c128g800" +id: 60f37e20-e69e-4f6f-9cce-e43caec34963 +description: "PostgreSQL Cluster standard-32c128g800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" +displayName: "standard-32c128g800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-800/values.yaml rename to addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-4t/bind.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-4t/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-32c64g4000/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-32c64g4000/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-32c64g4000/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-32c64g4000/meta.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/meta.yaml new file mode 100644 index 00000000..37d28b85 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-32c64g4000/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c64g4000" +id: 138f8059-a3f6-4efe-a210-09d9ff00f9a9 +description: "PostgreSQL Cluster standard-32c64g4000 plan: Disk 4Ti ,vCPUs 32 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-32c64g4000" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-4t/values.yaml rename to addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml deleted file mode 100644 index 8ec2aacb..00000000 --- a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-400" -id: 16bfd3a8-1080-4731-93d0-bd90e6ba6dad -description: "PostgreSQL Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" -displayName: "standard-400" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-4c16g100/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-50/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-4c16g100/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-4c16g100/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-4c16g100/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-4c16g100/meta.yaml b/addons/postgresql-cluster/15/plans/standard-4c16g100/meta.yaml new file mode 100644 index 00000000..7e6943c1 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-4c16g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c16g100" +id: c44160a6-5ec4-49e5-af1e-a1c1676871cf +description: "PostgreSQL Cluster standard-4c16g100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" +displayName: "standard-4c16g100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-100/values.yaml rename to addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml b/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml deleted file mode 100644 index 208f253c..00000000 --- a/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-4t" -id: 138f8059-a3f6-4efe-a210-09d9ff00f9a9 -description: "PostgreSQL Cluster standard-4t plan: Disk 4Ti ,vCPUs 32 , RAM 64G , DB MAX Connection 2000" -displayName: "standard-4t" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml deleted file mode 100644 index a194f7ef..00000000 --- a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-50" -id: 0542f411-4e7b-46af-966c-c9989e54873c -description: "PostgreSQL Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" -displayName: "standard-50" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml deleted file mode 100644 index 72ab5126..00000000 --- a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-800" -id: 60f37e20-e69e-4f6f-9cce-e43caec34963 -description: "PostgreSQL Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" -displayName: "standard-800" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-800/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-8c32g200/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-8c32g200/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-8c32g200/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-8c32g200/meta.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/meta.yaml new file mode 100644 index 00000000..e71fc4d6 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-8c32g200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c32g200" +id: a2160ac2-6c35-4162-b8a2-8dfb2e01816f +description: "PostgreSQL Cluster standard-8c32g200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" +displayName: "standard-8c32g200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-200/values.yaml rename to addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml From 24161d3d0335b7d2b6c7bbaff183e7b77a7f7419 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 12 Apr 2024 16:08:26 +0800 Subject: [PATCH 068/176] chore(mysql-cluster): fix standard-1c2g10 --- addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml index 198b5253..437127a4 100644 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml @@ -16,10 +16,10 @@ primary: resources: limits: cpu: 1000m - memory: 4Gi + memory: 2Gi requests: cpu: 1000m - memory: 4Gi + memory: 2Gi ## @section Persistence parameters From 6c2cb1bcdbb446ea2c31482a9a5b4fd50dbc54e8 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 18 Apr 2024 17:35:12 +0800 Subject: [PATCH 069/176] chore(addons) add mongodb --- addons/index.yaml | 3 + addons/mongodb/7.0/chart/mongodb/.helmignore | 21 + addons/mongodb/7.0/chart/mongodb/Chart.yaml | 29 + addons/mongodb/7.0/chart/mongodb/README.md | 787 +++++++ .../7.0/chart/mongodb/templates/NOTES.txt | 202 ++ .../7.0/chart/mongodb/templates/_helpers.tpl | 432 ++++ .../mongodb/templates/arbiter/configmap.yaml | 18 + .../templates/arbiter/headless-svc.yaml | 33 + .../chart/mongodb/templates/arbiter/pdb.yaml | 25 + .../templates/arbiter/statefulset.yaml | 279 +++ .../mongodb/templates/common-scripts-cm.yaml | 104 + .../chart/mongodb/templates/configmap.yaml | 18 + .../chart/mongodb/templates/extra-list.yaml | 4 + .../mongodb/templates/hidden/configmap.yaml | 15 + .../templates/hidden/external-access-svc.yaml | 67 + .../templates/hidden/headless-svc.yaml | 34 + .../chart/mongodb/templates/hidden/pdb.yaml | 22 + .../mongodb/templates/hidden/statefulset.yaml | 533 +++++ .../templates/initialization-configmap.yaml | 17 + .../chart/mongodb/templates/metrics-svc.yaml | 33 + .../mongodb/templates/networkpolicy.yaml | 44 + .../mongodb/templates/prometheusrule.yaml | 18 + .../7.0/chart/mongodb/templates/psp.yaml | 50 + .../templates/replicaset/access-svc.yaml | 32 + .../replicaset/external-access-svc.yaml | 67 + .../templates/replicaset/headless-svc.yaml | 34 + .../mongodb/templates/replicaset/pdb.yaml | 25 + .../replicaset/scripts-configmap.yaml | 301 +++ .../templates/replicaset/statefulset.yaml | 543 +++++ .../mongodb/templates/replicaset/svc.yaml | 43 + .../7.0/chart/mongodb/templates/role.yaml | 30 + .../chart/mongodb/templates/rolebinding.yaml | 19 + .../chart/mongodb/templates/secrets-ca.yaml | 37 + .../7.0/chart/mongodb/templates/secrets.yaml | 41 + .../mongodb/templates/serviceaccount.yaml | 23 + .../mongodb/templates/servicemonitor.yaml | 48 + .../mongodb/templates/standalone/dep-sts.yaml | 474 ++++ .../mongodb/templates/standalone/pvc.yaml | 33 + .../mongodb/templates/standalone/svc.yaml | 58 + .../7.0/chart/mongodb/values.schema.json | 173 ++ addons/mongodb/7.0/chart/mongodb/values.yaml | 2053 +++++++++++++++++ addons/mongodb/7.0/meta.yaml | 21 + .../7.0/plans/standard-1c2g10/bind.yaml | 28 + .../create-instance-schema.json | 12 + .../7.0/plans/standard-1c2g10/meta.yaml | 6 + .../7.0/plans/standard-1c2g10/values.yaml | 23 + .../8.0/plans/standard-1c2g10/bind.yaml | 2 +- .../15/chart/postgresql-cluster/README.md | 4 +- 48 files changed, 6916 insertions(+), 2 deletions(-) create mode 100644 addons/mongodb/7.0/chart/mongodb/.helmignore create mode 100644 addons/mongodb/7.0/chart/mongodb/Chart.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/README.md create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/psp.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/role.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/values.schema.json create mode 100644 addons/mongodb/7.0/chart/mongodb/values.yaml create mode 100644 addons/mongodb/7.0/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/values.yaml diff --git a/addons/index.yaml b/addons/index.yaml index cd0ea8e0..0ec08fc0 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -54,3 +54,6 @@ entries: pmm: - version: 2.41 description: "Percona Monitoring and Management: an open source database monitoring, observability and management tool ." + mongodb: + - version: 7.0 + description: "MongoDB is a document database designed for ease of application development and scaling." \ No newline at end of file diff --git a/addons/mongodb/7.0/chart/mongodb/.helmignore b/addons/mongodb/7.0/chart/mongodb/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/addons/mongodb/7.0/chart/mongodb/Chart.yaml b/addons/mongodb/7.0/chart/mongodb/Chart.yaml new file mode 100644 index 00000000..4d7cf00d --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/Chart.yaml @@ -0,0 +1,29 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 7.0.8 +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + tags: + - drycc-common + version: ~1.1.2 +description: MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. +engine: gotpl +home: https://github.com/drycc/charts/tree/master/drycc/mongodb +icon: https://drycc.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png +keywords: + - mongodb + - database + - nosql + - cluster + - replicaset + - replication +maintainers: + - name: Drycc + url: https://github.com/drycc/charts +name: mongodb +sources: + - https://github.com/drycc/containers/tree/main/drycc/mongodb + - https://mongodb.org +version: 13.1.7 diff --git a/addons/mongodb/7.0/chart/mongodb/README.md b/addons/mongodb/7.0/chart/mongodb/README.md new file mode 100644 index 00000000..5a83118a --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/README.md @@ -0,0 +1,787 @@ + + +# MongoDB(R) packaged by Drycc + +MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. + +[Overview of MongoDB®](http://www.mongodb.org) + +Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from Drycc. + +## TL;DR + +```bash +$ helm repo add my-repo https://charts.drycc.com/drycc +$ helm install my-release my-repo/mongodb +``` + +## Introduction + +This chart bootstraps a [MongoDB(®)](https://github.com/drycc/containers/tree/main/drycc/mongodb) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Drycc charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install my-release my-repo/mongodb +``` + +The command deploys MongoDB(®) on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Architecture + +This chart allows installing MongoDB(®) using two different architecture setups: `standalone` or `replicaset`. Use the `architecture` parameter to choose the one to use: + +```console +architecture="standalone" +architecture="replicaset" +``` + +Refer to the [chart documentation for more information on each of these architectures](https://docs.drycc.com/kubernetes/infrastructure/mongodb/get-started/understand-architecture/). + +## Parameters + +### Global parameters + +| Name | Description | Value | +| -------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.namespaceOverride` | Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------------------------- | --------------- | +| `nameOverride` | String to partially override mongodb.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override mongodb.fullname template | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `commonLabels` | Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template | `{}` | +| `commonAnnotations` | Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template | `{}` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + + +### MongoDB(®) parameters + +| Name | Description | Value | +| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------- | +| `image.registry` | MongoDB(®) image registry | `docker.io` | +| `image.repository` | MongoDB(®) image registry | `drycc/mongodb` | +| `image.tag` | MongoDB(®) image tag (immutable tags are recommended) | `6.0.2-debian-11-r1` | +| `image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | MongoDB(®) image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Set to true if you would like to see extra information on logs | `false` | +| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `architecture` | MongoDB(®) architecture (`standalone` or `replicaset`) | `standalone` | +| `useStatefulSet` | Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) | `false` | +| `auth.enabled` | Enable authentication | `true` | +| `auth.rootUser` | MongoDB(®) root user | `root` | +| `auth.rootPassword` | MongoDB(®) root password | `""` | +| `auth.usernames` | List of custom users to be created during the initialization | `[]` | +| `auth.passwords` | List of passwords for the custom users set at `auth.usernames` | `[]` | +| `auth.databases` | List of custom databases to be created during the initialization | `[]` | +| `auth.username` | DEPRECATED: use `auth.usernames` instead | `""` | +| `auth.password` | DEPRECATED: use `auth.passwords` instead | `""` | +| `auth.database` | DEPRECATED: use `auth.databases` instead | `""` | +| `auth.replicaSetKey` | Key used for authentication in the replicaset (only when `architecture=replicaset`) | `""` | +| `auth.existingSecret` | Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) | `""` | +| `tls.enabled` | Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes | `false` | +| `tls.autoGenerated` | Generate a custom CA and self-signed certificates | `true` | +| `tls.existingSecret` | Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) | `""` | +| `tls.caCert` | Custom CA certificated (base64 encoded) | `""` | +| `tls.caKey` | CA certificate private key (base64 encoded) | `""` | +| `tls.image.registry` | Init container TLS certs setup image registry | `docker.io` | +| `tls.image.repository` | Init container TLS certs setup image repository | `drycc/nginx` | +| `tls.image.tag` | Init container TLS certs setup image tag (immutable tags are recommended) | `1.23.1-debian-11-r26` | +| `tls.image.digest` | Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `tls.image.pullPolicy` | Init container TLS certs setup image pull policy | `IfNotPresent` | +| `tls.image.pullSecrets` | Init container TLS certs specify docker-registry secret names as an array | `[]` | +| `tls.extraDnsNames` | Add extra dns names to the CA, can solve x509 auth issue for pod clients | `[]` | +| `tls.mode` | Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) | `requireTLS` | +| `tls.resources.limits` | Init container generate-tls-certs resource limits | `{}` | +| `tls.resources.requests` | Init container generate-tls-certs resource requests | `{}` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `replicaSetName` | Name of the replica set (only when `architecture=replicaset`) | `rs0` | +| `replicaSetHostnames` | Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) | `true` | +| `enableIPv6` | Switch to enable/disable IPv6 on MongoDB(®) | `false` | +| `directoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB(®) | `false` | +| `systemLogVerbosity` | MongoDB(®) system log verbosity level | `0` | +| `disableSystemLog` | Switch to enable/disable MongoDB(®) system log | `false` | +| `disableJavascript` | Switch to enable/disable MongoDB(®) server-side JavaScript execution | `false` | +| `enableJournal` | Switch to enable/disable MongoDB(®) Journaling | `true` | +| `configuration` | MongoDB(®) configuration file to be used for Primary and Secondary nodes | `""` | + + +### replicaSetConfigurationSettings settings applied during runtime (not via configuration file) + +| Name | Description | Value | +| ----------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------- | +| `replicaSetConfigurationSettings.enabled` | Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings | `false` | +| `replicaSetConfigurationSettings.configuration` | run-time rs.conf settings | `{}` | +| `existingConfigmap` | Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes | `""` | +| `initdbScripts` | Dictionary of initdb scripts | `{}` | +| `initdbScriptsConfigMap` | Existing ConfigMap with custom initdb scripts | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `extraFlags` | MongoDB(®) additional command line flags | `[]` | +| `extraEnvVars` | Extra environment variables to add to MongoDB(®) pods | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | + + +### MongoDB(®) statefulset parameters + +| Name | Description | Value | +| --------------------------------------- | --------------------------------------------------------------------------------------------------------------- | --------------- | +| `annotations` | Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | +| `labels` | Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | +| `replicaCount` | Number of MongoDB(®) nodes (only when `architecture=replicaset`) | `2` | +| `updateStrategy.type` | Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, | `RollingUpdate` | +| `podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | +| `podAffinityPreset` | MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | MongoDB(®) Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | MongoDB(®) Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | MongoDB(®) Affinity for pod assignment | `{}` | +| `nodeSelector` | MongoDB(®) Node labels for pod assignment | `{}` | +| `tolerations` | MongoDB(®) Tolerations for pod assignment | `[]` | +| `topologySpreadConstraints` | MongoDB(®) Spread Constraints for Pods | `[]` | +| `lifecycleHooks` | LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup | `{}` | +| `terminationGracePeriodSeconds` | MongoDB(®) Termination Grace Period | `""` | +| `podLabels` | MongoDB(®) pod labels | `{}` | +| `podAnnotations` | MongoDB(®) Pod annotations | `{}` | +| `priorityClassName` | Name of the existing priority class to be used by MongoDB(®) pod(s) | `""` | +| `runtimeClassName` | Name of the runtime class to be used by MongoDB(®) pod(s) | `""` | +| `podSecurityContext.enabled` | Enable MongoDB(®) pod(s)' Security Context | `true` | +| `podSecurityContext.fsGroup` | Group ID for the volumes of the MongoDB(®) pod(s) | `1001` | +| `podSecurityContext.sysctls` | sysctl settings of the MongoDB(®) pod(s)' | `[]` | +| `containerSecurityContext.enabled` | Enable MongoDB(®) container(s)' Security Context | `true` | +| `containerSecurityContext.runAsUser` | User ID for the MongoDB(®) container | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set MongoDB(®) container's Security Context runAsNonRoot | `true` | +| `resources.limits` | The resources limits for MongoDB(®) containers | `{}` | +| `resources.requests` | The requested resources for MongoDB(®) containers | `{}` | +| `containerPorts.mongodb` | MongoDB(®) container port | `27017` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `20` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `10` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | +| `customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | +| `customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `initContainers` | Add additional init containers for the hidden node pod(s) | `[]` | +| `sidecars` | Add additional sidecar containers for the MongoDB(®) pod(s) | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) | `[]` | +| `extraVolumes` | Optionally specify extra list of additional volumes to the MongoDB(®) statefulset | `[]` | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) | `false` | +| `pdb.minAvailable` | Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction | `1` | +| `pdb.maxUnavailable` | Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction | `""` | + + +### Traffic exposure parameters + +| Name | Description | Value | +| -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `service.nameOverride` | MongoDB(®) service name | `""` | +| `service.type` | Kubernetes Service type (only for standalone architecture) | `ClusterIP` | +| `service.portName` | MongoDB(®) service port name (only for standalone architecture) | `mongodb` | +| `service.ports.mongodb` | MongoDB(®) service port. | `27017` | +| `service.nodePorts.mongodb` | Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) | `""` | +| `service.clusterIP` | MongoDB(®) service cluster IP (only for standalone architecture) | `""` | +| `service.externalIPs` | Specify the externalIP value ClusterIP service type (only for standalone architecture) | `[]` | +| `service.loadBalancerIP` | loadBalancerIP for MongoDB(®) Service (only for standalone architecture) | `""` | +| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) | `[]` | +| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `service.annotations` | Provide any additional annotations that may be required | `{}` | +| `service.externalTrafficPolicy` | service external traffic policy (only for standalone architecture) | `Local` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `externalAccess.enabled` | Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) | `false` | +| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs by querying the K8s API | `false` | +| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | +| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `drycc/kubectl` | +| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.2-debian-11-r2` | +| `externalAccess.autoDiscovery.image.digest` | Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | +| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | +| `externalAccess.autoDiscovery.resources.limits` | Init container auto-discovery resource limits | `{}` | +| `externalAccess.autoDiscovery.resources.requests` | Init container auto-discovery resource requests | `{}` | +| `externalAccess.service.type` | Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | +| `externalAccess.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | +| `externalAccess.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | +| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | +| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | +| `externalAccess.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort | `[]` | +| `externalAccess.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | +| `externalAccess.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `externalAccess.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `externalAccess.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `externalAccess.hidden.enabled` | Enable Kubernetes external cluster access to MongoDB(®) hidden nodes | `false` | +| `externalAccess.hidden.service.type` | Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer | `LoadBalancer` | +| `externalAccess.hidden.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | +| `externalAccess.hidden.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | +| `externalAccess.hidden.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | +| `externalAccess.hidden.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.hidden.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | +| `externalAccess.hidden.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount | `[]` | +| `externalAccess.hidden.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | +| `externalAccess.hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `externalAccess.hidden.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.hidden.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `externalAccess.hidden.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | + + +### Persistence parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `persistence.enabled` | Enable MongoDB(®) data persistence using PVC | `true` | +| `persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` | +| `persistence.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` | +| `persistence.storageClass` | PVC Storage Class for MongoDB(®) data volume | `""` | +| `persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | +| `persistence.size` | PVC Storage Request for MongoDB(®) data volume | `8Gi` | +| `persistence.annotations` | PVC annotations | `{}` | +| `persistence.mountPath` | Path to mount the volume at | `/drycc/mongodb` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | +| `persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | +| `persistence.volumeClaimTemplates.dataSource` | Add dataSource to the VolumeClaimTemplate | `{}` | + + +### RBAC parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable creation of ServiceAccount for MongoDB(®) pods | `true` | +| `serviceAccount.name` | Name of the created serviceAccount | `""` | +| `serviceAccount.annotations` | Additional Service Account annotations | `{}` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | +| `rbac.create` | Whether to create & use RBAC resources or not | `false` | +| `rbac.rules` | Custom rules to create following the role specification | `[]` | +| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | +| `podSecurityPolicy.allowPrivilegeEscalation` | Enable privilege escalation | `false` | +| `podSecurityPolicy.privileged` | Allow privileged | `false` | +| `podSecurityPolicy.spec` | Specify the full spec to use for Pod Security Policy | `{}` | + + +### Volume Permissions parameters + +| Name | Description | Value | +| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `drycc/drycc-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r37` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | +| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | +| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions container | `0` | + + +### Arbiter parameters + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------------------- | --------------- | +| `arbiter.enabled` | Enable deploying the arbiter | `true` | +| `arbiter.hostAliases` | Add deployment host aliases | `[]` | +| `arbiter.configuration` | Arbiter configuration file to be used | `""` | +| `arbiter.existingConfigmap` | Name of existing ConfigMap with Arbiter configuration | `""` | +| `arbiter.command` | Override default container command (useful when using custom images) | `[]` | +| `arbiter.args` | Override default container args (useful when using custom images) | `[]` | +| `arbiter.extraFlags` | Arbiter additional command line flags | `[]` | +| `arbiter.extraEnvVars` | Extra environment variables to add to Arbiter pods | `[]` | +| `arbiter.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `arbiter.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | +| `arbiter.annotations` | Additional labels to be added to the Arbiter statefulset | `{}` | +| `arbiter.labels` | Annotations to be added to the Arbiter statefulset | `{}` | +| `arbiter.topologySpreadConstraints` | MongoDB(®) Spread Constraints for arbiter Pods | `[]` | +| `arbiter.lifecycleHooks` | LifecycleHook for the Arbiter container to automate configuration before or after startup | `{}` | +| `arbiter.terminationGracePeriodSeconds` | Arbiter Termination Grace Period | `""` | +| `arbiter.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | +| `arbiter.podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | +| `arbiter.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `arbiter.podAffinityPreset` | Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `arbiter.podAntiAffinityPreset` | Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `arbiter.nodeAffinityPreset.type` | Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `arbiter.nodeAffinityPreset.key` | Arbiter Node label key to match Ignored if `affinity` is set. | `""` | +| `arbiter.nodeAffinityPreset.values` | Arbiter Node label values to match. Ignored if `affinity` is set. | `[]` | +| `arbiter.affinity` | Arbiter Affinity for pod assignment | `{}` | +| `arbiter.nodeSelector` | Arbiter Node labels for pod assignment | `{}` | +| `arbiter.tolerations` | Arbiter Tolerations for pod assignment | `[]` | +| `arbiter.podLabels` | Arbiter pod labels | `{}` | +| `arbiter.podAnnotations` | Arbiter Pod annotations | `{}` | +| `arbiter.priorityClassName` | Name of the existing priority class to be used by Arbiter pod(s) | `""` | +| `arbiter.runtimeClassName` | Name of the runtime class to be used by Arbiter pod(s) | `""` | +| `arbiter.podSecurityContext.enabled` | Enable Arbiter pod(s)' Security Context | `true` | +| `arbiter.podSecurityContext.fsGroup` | Group ID for the volumes of the Arbiter pod(s) | `1001` | +| `arbiter.podSecurityContext.sysctls` | sysctl settings of the Arbiter pod(s)' | `[]` | +| `arbiter.containerSecurityContext.enabled` | Enable Arbiter container(s)' Security Context | `true` | +| `arbiter.containerSecurityContext.runAsUser` | User ID for the Arbiter container | `1001` | +| `arbiter.containerSecurityContext.runAsNonRoot` | Set Arbiter containers' Security Context runAsNonRoot | `true` | +| `arbiter.resources.limits` | The resources limits for Arbiter containers | `{}` | +| `arbiter.resources.requests` | The requested resources for Arbiter containers | `{}` | +| `arbiter.containerPorts.mongodb` | MongoDB(®) arbiter container port | `27017` | +| `arbiter.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `arbiter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `arbiter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `arbiter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `arbiter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `arbiter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `arbiter.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `arbiter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `arbiter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | +| `arbiter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | +| `arbiter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `arbiter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `arbiter.startupProbe.enabled` | Enable startupProbe | `false` | +| `arbiter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `arbiter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `arbiter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `arbiter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `arbiter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `arbiter.customLivenessProbe` | Override default liveness probe for Arbiter containers | `{}` | +| `arbiter.customReadinessProbe` | Override default readiness probe for Arbiter containers | `{}` | +| `arbiter.customStartupProbe` | Override default startup probe for Arbiter containers | `{}` | +| `arbiter.initContainers` | Add additional init containers for the Arbiter pod(s) | `[]` | +| `arbiter.sidecars` | Add additional sidecar containers for the Arbiter pod(s) | `[]` | +| `arbiter.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Arbiter container(s) | `[]` | +| `arbiter.extraVolumes` | Optionally specify extra list of additional volumes to the Arbiter statefulset | `[]` | +| `arbiter.pdb.create` | Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) | `false` | +| `arbiter.pdb.minAvailable` | Minimum number/percentage of Arbiter pods that should remain scheduled | `1` | +| `arbiter.pdb.maxUnavailable` | Maximum number/percentage of Arbiter pods that may be made unavailable | `""` | +| `arbiter.service.nameOverride` | The arbiter service name | `""` | +| `arbiter.service.ports.mongodb` | MongoDB(®) service port | `27017` | +| `arbiter.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `arbiter.service.annotations` | Provide any additional annotations that may be required | `{}` | + + +### Hidden Node parameters + +| Name | Description | Value | +| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------- | +| `hidden.enabled` | Enable deploying the hidden nodes | `false` | +| `hidden.hostAliases` | Add deployment host aliases | `[]` | +| `hidden.configuration` | Hidden node configuration file to be used | `""` | +| `hidden.existingConfigmap` | Name of existing ConfigMap with Hidden node configuration | `""` | +| `hidden.command` | Override default container command (useful when using custom images) | `[]` | +| `hidden.args` | Override default container args (useful when using custom images) | `[]` | +| `hidden.extraFlags` | Hidden node additional command line flags | `[]` | +| `hidden.extraEnvVars` | Extra environment variables to add to Hidden node pods | `[]` | +| `hidden.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `hidden.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | +| `hidden.annotations` | Additional labels to be added to thehidden node statefulset | `{}` | +| `hidden.labels` | Annotations to be added to the hidden node statefulset | `{}` | +| `hidden.topologySpreadConstraints` | MongoDB(®) Spread Constraints for hidden Pods | `[]` | +| `hidden.lifecycleHooks` | LifecycleHook for the Hidden container to automate configuration before or after startup | `{}` | +| `hidden.replicaCount` | Number of hidden nodes (only when `architecture=replicaset`) | `1` | +| `hidden.terminationGracePeriodSeconds` | Hidden Termination Grace Period | `""` | +| `hidden.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | +| `hidden.podManagementPolicy` | Pod management policy for hidden node | `OrderedReady` | +| `hidden.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `hidden.podAffinityPreset` | Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `hidden.podAntiAffinityPreset` | Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `hidden.nodeAffinityPreset.type` | Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `hidden.nodeAffinityPreset.key` | Hidden Node label key to match Ignored if `affinity` is set. | `""` | +| `hidden.nodeAffinityPreset.values` | Hidden Node label values to match. Ignored if `affinity` is set. | `[]` | +| `hidden.affinity` | Hidden node Affinity for pod assignment | `{}` | +| `hidden.nodeSelector` | Hidden node Node labels for pod assignment | `{}` | +| `hidden.tolerations` | Hidden node Tolerations for pod assignment | `[]` | +| `hidden.podLabels` | Hidden node pod labels | `{}` | +| `hidden.podAnnotations` | Hidden node Pod annotations | `{}` | +| `hidden.priorityClassName` | Name of the existing priority class to be used by hidden node pod(s) | `""` | +| `hidden.runtimeClassName` | Name of the runtime class to be used by hidden node pod(s) | `""` | +| `hidden.podSecurityContext.enabled` | Enable Hidden pod(s)' Security Context | `true` | +| `hidden.podSecurityContext.fsGroup` | Group ID for the volumes of the Hidden pod(s) | `1001` | +| `hidden.podSecurityContext.sysctls` | sysctl settings of the Hidden pod(s)' | `[]` | +| `hidden.containerSecurityContext.enabled` | Enable Hidden container(s)' Security Context | `true` | +| `hidden.containerSecurityContext.runAsUser` | User ID for the Hidden container | `1001` | +| `hidden.containerSecurityContext.runAsNonRoot` | Set Hidden containers' Security Context runAsNonRoot | `true` | +| `hidden.resources.limits` | The resources limits for hidden node containers | `{}` | +| `hidden.resources.requests` | The requested resources for hidden node containers | `{}` | +| `hidden.containerPorts.mongodb` | MongoDB(®) hidden container port | `27017` | +| `hidden.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `hidden.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `hidden.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `hidden.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `hidden.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `hidden.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `hidden.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `hidden.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `hidden.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | +| `hidden.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | +| `hidden.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `hidden.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `hidden.startupProbe.enabled` | Enable startupProbe | `false` | +| `hidden.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `hidden.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `hidden.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `hidden.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `hidden.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `hidden.customLivenessProbe` | Override default liveness probe for hidden node containers | `{}` | +| `hidden.customReadinessProbe` | Override default readiness probe for hidden node containers | `{}` | +| `hidden.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `hidden.initContainers` | Add init containers to the MongoDB(®) Hidden pods. | `[]` | +| `hidden.sidecars` | Add additional sidecar containers for the hidden node pod(s) | `[]` | +| `hidden.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the hidden node container(s) | `[]` | +| `hidden.extraVolumes` | Optionally specify extra list of additional volumes to the hidden node statefulset | `[]` | +| `hidden.pdb.create` | Enable/disable a Pod Disruption Budget creation for hidden node pod(s) | `false` | +| `hidden.pdb.minAvailable` | Minimum number/percentage of hidden node pods that should remain scheduled | `1` | +| `hidden.pdb.maxUnavailable` | Maximum number/percentage of hidden node pods that may be made unavailable | `""` | +| `hidden.persistence.enabled` | Enable hidden node data persistence using PVC | `true` | +| `hidden.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `hidden.persistence.storageClass` | PVC Storage Class for hidden node data volume | `""` | +| `hidden.persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | +| `hidden.persistence.size` | PVC Storage Request for hidden node data volume | `8Gi` | +| `hidden.persistence.annotations` | PVC annotations | `{}` | +| `hidden.persistence.mountPath` | The path the volume will be mounted at, useful when using different MongoDB(®) images. | `/drycc/mongodb` | +| `hidden.persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments | `""` | +| `hidden.persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | +| `hidden.persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | +| `hidden.persistence.volumeClaimTemplates.dataSource` | Set volumeClaimTemplate dataSource | `{}` | +| `hidden.service.portName` | MongoDB(®) service port name | `mongodb` | +| `hidden.service.ports.mongodb` | MongoDB(®) service port | `27017` | +| `hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `hidden.service.annotations` | Provide any additional annotations that may be required | `{}` | + + +### Metrics parameters + +| Name | Description | Value | +| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `metrics.enabled` | Enable using a sidecar Prometheus exporter | `false` | +| `metrics.image.registry` | MongoDB(®) Prometheus exporter image registry | `docker.io` | +| `metrics.image.repository` | MongoDB(®) Prometheus exporter image repository | `drycc/mongodb-exporter` | +| `metrics.image.tag` | MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) | `0.34.0-debian-11-r19` | +| `metrics.image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | MongoDB(®) Prometheus exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.username` | String with username for the metrics exporter | `""` | +| `metrics.password` | String with password for the metrics exporter | `""` | +| `metrics.extraFlags` | String with extra flags to the metrics exporter | `""` | +| `metrics.command` | Override default container command (useful when using custom images) | `[]` | +| `metrics.args` | Override default container args (useful when using custom images) | `[]` | +| `metrics.resources.limits` | The resources limits for Prometheus exporter containers | `{}` | +| `metrics.resources.requests` | The requested resources for Prometheus exporter containers | `{}` | +| `metrics.containerPort` | Port of the Prometheus metrics container | `9216` | +| `metrics.service.annotations` | Annotations for Prometheus Exporter pods. Evaluated as a template. | `{}` | +| `metrics.service.type` | Type of the Prometheus metrics service | `ClusterIP` | +| `metrics.service.ports.metrics` | Port of the Prometheus metrics service | `9216` | +| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.startupProbe.enabled` | Enable startupProbe | `false` | +| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `metrics.customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | +| `metrics.customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | +| `metrics.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricsRelabelConfigs to apply to samples before ingestion. | `[]` | +| `metrics.serviceMonitor.labels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | Namespace where prometheusRules resource should be created | `""` | +| `metrics.prometheusRule.rules` | Rules to be created, check values for an example | `[]` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set auth.rootPassword=secretpassword,auth.username=my-user,auth.password=my-password,auth.database=my-database \ + my-repo/mongodb +``` + +The above command sets the MongoDB(®) `root` account password to `secretpassword`. Additionally, it creates a standard database user named `my-user`, with the password `my-password`, who has access to a database named `my-database`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install my-release -f values.yaml my-repo/mongodb +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling vs Immutable tags](https://docs.drycc.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Drycc will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Customize a new MongoDB instance + +The [Drycc MongoDB(®) image](https://github.com/drycc/containers/tree/main/drycc/mongodb) supports the use of custom scripts to initialize a fresh instance. In order to execute the scripts, two options are available: + +* Specify them using the `initdbScripts` parameter as dict. +* Define an external Kubernetes ConfigMap with all the initialization scripts by setting the `initdbScriptsConfigMap` parameter. Note that this will override the previous option. + +The allowed script extensions are `.sh` and `.js`. + +### Replicaset: Access MongoDB(®) nodes from outside the cluster + +In order to access MongoDB(®) nodes from outside the cluster when using a replicaset architecture, a specific service per MongoDB(®) pod will be created. There are two ways of configuring external access: + +- Using LoadBalancer services +- Using NodePort services. + +Refer to the [chart documentation for more details and configuration examples](https://docs.drycc.com/kubernetes/infrastructure/mongodb/configuration/configure-external-access-replicaset/). + +### Add extra environment variables + +To add extra environment variables (useful for advanced operations like custom init scripts), use the `extraEnvVars` property. + +```yaml +extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` properties. + +### Use Sidecars and Init Containers + +If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. + +Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.drycc.com/kubernetes/infrastructure/mongodb/configuration/configure-sidecar-init-containers/). + +## Persistence + +The [Drycc MongoDB(®)](https://github.com/drycc/containers/tree/main/drycc/mongodb) image stores the MongoDB(®) data and configurations at the `/drycc/mongodb` path of the container. + +The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. + +If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.drycc.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). + +## Use custom Prometheus rules + +Custom Prometheus rules can be defined for the Prometheus Operator by using the `prometheusRule` parameter. + +Refer to the [chart documentation for an example of a custom rule](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/use-prometheus-rules/). + +## Enable SSL/TLS + +This chart supports enabling SSL/TLS between nodes in the cluster, as well as between MongoDB(®) clients and nodes, by setting the `MONGODB_EXTRA_FLAGS` and `MONGODB_CLIENT_EXTRA_FLAGS` container environment variables, together with the correct `MONGODB_ADVERTISED_HOSTNAME`. To enable full TLS encryption, set the `tls.enabled` parameter to `true`. + +Refer to the [chart documentation for more information on enabling TLS](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/enable-tls/). + +### Set Pod affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [drycc/common](https://github.com/drycc/charts/tree/master/drycc/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Drycc's Helm charts in [this troubleshooting guide](https://docs.drycc.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +If authentication is enabled, it's necessary to set the `auth.rootPassword` (also `auth.replicaSetKey` when using a replicaset architecture) when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Credentials' section. Please note down the password, and run the command below to upgrade your chart: + +```bash +$ helm upgrade my-release my-repo/mongodb --set auth.rootPassword=[PASSWORD] (--set auth.replicaSetKey=[REPLICASETKEY]) +``` + +> Note: you need to substitute the placeholders [PASSWORD] and [REPLICASETKEY] with the values obtained in the installation notes. + +### To 12.0.0 + +This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Drycc charts repository. + +Affected values: + +- `strategyType` is replaced by `updateStrategy` +- `service.port` is renamed to `service.ports.mongodb` +- `service.nodePort` is renamed to `service.nodePorts.mongodb` +- `externalAccess.service.port` is renamed to `externalAccess.hidden.service.ports.mongodb` +- `rbac.role.rules` is renamed to `rbac.rules` +- `externalAccess.hidden.service.port` is renamed ot `externalAccess.hidden.service.ports.mongodb` +- `hidden.strategyType` is replaced by `hidden.updateStrategy` +- `metrics.serviceMonitor.relabellings` is renamed to `metrics.serviceMonitor.relabelings`(typo fixed) +- `metrics.serviceMonitor.additionalLabels` is renamed to `metrics.serviceMonitor.labels` + +Additionally also updates the MongoDB image dependency to it newest major, 5.0 + +### To 11.0.0 + +In this version, the mongodb-exporter bundled as part of this Helm chart was updated to a new version which, even it is not a major change, can contain breaking changes (from `0.11.X` to `0.30.X`). +Please visit the release notes from the upstream project at https://github.com/percona/mongodb_exporter/releases + +### To 10.0.0 + +[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +[Learn more about this change and related upgrade considerations](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/upgrade-helm3/). + +### To 9.0.0 + +MongoDB(®) container images were updated to `4.4.x` and it can affect compatibility with older versions of MongoDB(®). Refer to the following guides to upgrade your applications: + +- [Standalone](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-standalone/) +- [Replica Set](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-replica-set/) + +### To 8.0.0 + +- Architecture used to configure MongoDB(®) as a replicaset was completely refactored. Now, both primary and secondary nodes are part of the same statefulset. +- Chart labels were adapted to follow the Helm charts best practices. +- This version introduces `drycc/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/drycc/charts/tree/master/drycc/common#drycc-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. +- Several parameters were renamed or disappeared in favor of new ones on this major version. These are the most important ones: + - `replicas` is renamed to `replicaCount`. + - Authentication parameters are reorganized under the `auth.*` parameter: + - `usePassword` is renamed to `auth.enabled`. + - `mongodbRootPassword`, `mongodbUsername`, `mongodbPassword`, `mongodbDatabase`, and `replicaSet.key` are now `auth.rootPassword`, `auth.username`, `auth.password`, `auth.database`, and `auth.replicaSetKey` respectively. + - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. + - Parameters prefixed with `mongodb` are renamed removing the prefix. E.g. `mongodbEnableIPv6` is renamed to `enableIPv6`. + - Parameters affecting Arbiter nodes are reorganized under the `arbiter.*` parameter. + +Consequences: + +- Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MongoDB(®) chart, and migrate your data by creating a backup of the database, and restoring it on the new release. + +### To 7.0.0 + +From this version, the way of setting the ingress rules has changed. Instead of using `ingress.paths` and `ingress.hosts` as separate objects, you should now define the rules as objects inside the `ingress.hosts` value, for example: + +```yaml +ingress: + hosts: + - name: mongodb.local + path: / +``` + +### To 6.0.0 + +From this version, `mongodbEnableIPv6` is set to `false` by default in order to work properly in most k8s clusters, if you want to use IPv6 support, you need to set this variable to `true` by adding `--set mongodbEnableIPv6=true` to your `helm` command. +You can find more information in the [`drycc/mongodb` image README](https://github.com/drycc/containers/tree/main/drycc/mongodb#readme). + +### To 5.0.0 + +When enabling replicaset configuration, backwards compatibility is not guaranteed unless you modify the labels used on the chart's statefulsets. +Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is `my-release`: + +```console +$ kubectl delete statefulset my-release-mongodb-arbiter my-release-mongodb-primary my-release-mongodb-secondary --cascade=false +``` + +### Add extra deployment options + +To add extra deployments (useful for advanced features like sidecars), use the `extraDeploy` property. + +In the example below, you can find how to use a example here for a [MongoDB replica set pod labeler sidecar](https://github.com/combor/k8s-mongo-labeler-sidecar) to identify the primary pod and dynamically label it as the primary node: + +```yaml +extraDeploy: + - apiVersion: v1 + kind: Service + metadata: + name: mongodb-primary + namespace: default + labels: + app.kubernetes.io/component: mongodb + app.kubernetes.io/instance: mongodb + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: mongodb + spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - name: mongodb-primary + port: 30001 + nodePort: 30001 + protocol: TCP + targetPort: mongodb + selector: + app.kubernetes.io/component: mongodb + app.kubernetes.io/instance: mongodb + app.kubernetes.io/name: mongodb + primary: "true" +``` + +## License + +Copyright © 2022 Drycc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt b/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt new file mode 100644 index 00000000..2bb79222 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt @@ -0,0 +1,202 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + +{{- else }} + +{{- $replicaCount := int .Values.replicaCount }} +{{- $portNumber := int .Values.service.ports.mongodb }} +{{- $fullname := include "mongodb.fullname" . }} +{{- $releaseNamespace := include "mongodb.namespace" . }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- $mongoList := list }} +{{- range $e, $i := until $replicaCount }} +{{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} +{{- end }} + +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer") }} + +#################################################################################### +### ERROR: You enabled external access to MongoDB® nodes without specifying ### +### the array of load balancer IPs for MongoDB® nodes. ### +#################################################################################### + +This deployment will be incomplete until you configure the array of load balancer +IPs for MongoDB® nodes. To complete your deployment follow the steps below: + +1. Wait for the load balancer IPs (it may take a few minutes for them to be available): + + kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb" -w + +2. Obtain the load balancer IPs and upgrade your chart: + + {{- range $e, $i := until $replicaCount }} + LOAD_BALANCER_IP_{{ add $i 1 }}="$(kubectl get svc --namespace {{ $releaseNamespace }} {{ $fullname }}-{{ $i }}-external -o jsonpath='{.status.loadBalancer.ingress[0].ip}')" + {{- end }} + +3. Upgrade you chart: + + helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} my-repo/{{ .Chart.Name }} \ + --set mongodb.replicaCount={{ $replicaCount }} \ + --set mongodb.externalAccess.enabled=true \ + {{- range $i, $e := until $replicaCount }} + --set mongodb.externalAccess.service.loadBalancerIPs[{{ $i }}]=$LOAD_BALANCER_IP_{{ add $i 1 }} \ + {{- end }} + --set mongodb.externalAccess.service.type=LoadBalancer + +{{- else }} + +{{- if and (or (and (eq .Values.architecture "standalone") (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort"))) (and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled)) (not .Values.auth.enabled) }} +------------------------------------------------------------------------------- + WARNING + + By not enabling "mongodb.auth.enabled" you have most likely exposed the + MongoDB® service externally without any authentication mechanism. + + For security reasons, we strongly suggest that you enable authentiation + setting the "mongodb.auth.enabled" parameter to "true". + +------------------------------------------------------------------------------- +{{- end }} + +** Please be patient while the chart is being deployed ** + +MongoDB® can be accessed on the following DNS name(s) and ports from within your cluster: + +{{- if eq .Values.architecture "replicaset" }} +{{ join "\n" $mongoList | nindent 4 }} +{{- else }} + + {{ $fullname }}.{{ $releaseNamespace }}.svc.{{ .Values.clusterDomain }} + +{{- end }} + +{{- if .Values.auth.enabled }} + +To get the root password run: + + export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.secretName" . }} -o jsonpath="{.data.mongodb-root-password}" | base64 -d) + +{{- end }} +{{- $customUsers := include "mongodb.customUsers" . -}} +{{- $customDatabases := include "mongodb.customDatabases" . -}} +{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} +{{- $customUsersList := splitList "," $customUsers }} +{{- range $index, $user := $customUsersList }} + +To get the password for "{{ $user }}" run: + + export MONGODB_PASSWORD=$(kubectl get secret --namespace {{ include "mongodb.namespace" $ }} {{ include "mongodb.secretName" $ }} -o jsonpath="{.data.mongodb-passwords}" | base64 -d | awk -F',' '{print ${{ add 1 $index }}}') + +{{- end }} +{{- end }} + +To connect to your database, create a MongoDB® client container: + + kubectl run --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }}-client --rm --tty -i --restart='Never' --env="MONGODB_ROOT_PASSWORD=$MONGODB_ROOT_PASSWORD" --image {{ template "mongodb.image" . }} --command -- bash + +Then, run the following command: + + {{- if eq .Values.architecture "replicaset" }} + mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} + {{- else }} + mongosh admin --host "{{ template "mongodb.fullname" . }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} + {{- end }} + +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }} + +To connect to your database nodes from outside, you need to add both primary and secondary nodes hostnames/IPs to your Mongo client. To obtain them, follow the instructions below: + +{{- if eq "NodePort" .Values.externalAccess.service.type }} +{{- if .Values.externalAccess.service.domain }} + + MongoDB® nodes domain: Use your provided hostname to reach MongoDB® nodes, {{ .Values.externalAccess.service.domain }} + +{{- else }} + + MongoDB® nodes domain: you can reach MongoDB® nodes on any of the K8s nodes external IPs. + + kubectl get nodes -o wide + +{{- end }} + + MongoDB® nodes port: You will have a different node port for each MongoDB® node. You can get the list of configured node ports using the command below: + + echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].spec.ports[0].nodePort}' | tr ' ' '\n')" + +{{- else if contains "LoadBalancer" .Values.externalAccess.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IPs to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -w' + + MongoDB® nodes domain: You will have a different external IP for each MongoDB® node. You can get the list of external IPs using the command below: + + echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}' | tr ' ' '\n')" + + MongoDB® nodes port: {{ .Values.externalAccess.service.ports.mongodb }} + +{{- end }} + +{{- else if eq .Values.architecture "standalone" }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "mongodb.fullname" . }}) + mongo --host $NODE_IP --port $NODE_PORT {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ template "mongodb.namespace" . }} -w {{ template "mongodb.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + mongosh --host $SERVICE_IP --port {{ $portNumber }} {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ template "mongodb.namespace" . }} svc/{{ template "mongodb.fullname" . }} {{ $portNumber }}:{{ $portNumber }} & + mongosh --host 127.0.0.1 {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- end }} +{{- end }} +{{- end }} + +{{- if .Values.metrics.enabled }} + +To access the MongoDB® Prometheus metrics, get the MongoDB® Prometheus URL by running: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "mongodb.fullname" . }}-metrics {{ .Values.metrics.service.ports.metrics }}:{{ .Values.metrics.service.ports.metrics }} & + echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.metrics.service.ports.metrics }}/metrics" + +Then, open the obtained URL in a browser. + +{{- end }} +{{- end }} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "common.warnings.rollingTag" .Values.externalAccess.autoDiscovery.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "common.warnings.rollingTag" .Values.tls.image }} + diff --git a/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl b/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl new file mode 100644 index 00000000..81f6889c --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl @@ -0,0 +1,432 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mongodb.name" -}} +{{- include "common.names.name" . -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mongodb.fullname" -}} +{{- include "common.names.fullname" . -}} +{{- end -}} + +{{/* +Create a default mongo service name which can be overridden. +*/}} +{{- define "mongodb.service.nameOverride" -}} + {{- if and .Values.service .Values.service.nameOverride -}} + {{- print .Values.service.nameOverride -}} + {{- else -}} + {{- printf "%s-headless" (include "mongodb.fullname" .) -}} + {{- end }} +{{- end }} + +{{/* +Create a default mongo arbiter service name which can be overridden. +*/}} +{{- define "mongodb.arbiter.service.nameOverride" -}} + {{- if and .Values.arbiter.service .Values.arbiter.service.nameOverride -}} + {{- print .Values.arbiter.service.nameOverride -}} + {{- else -}} + {{- printf "%s-arbiter-headless" (include "mongodb.fullname" .) -}} + {{- end }} +{{- end }} + +{{/* +Return the proper MongoDB® image name +*/}} +{{- define "mongodb.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the metrics image) +*/}} +{{- define "mongodb.metrics.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "mongodb.volumePermissions.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container auto-discovery image) +*/}} +{{- define "mongodb.externalAccess.autoDiscovery.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the TLS Certs image) +*/}} +{{- define "mongodb.tls.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.tls.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "mongodb.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "mongodb.namespace" -}} + {{- if and .Values.global .Values.global.namespaceOverride -}} + {{- print .Values.global.namespaceOverride -}} + {{- else -}} + {{- print .Release.Namespace -}} + {{- end }} +{{- end -}} +{{- define "mongodb.serviceMonitor.namespace" -}} + {{- if .Values.metrics.serviceMonitor.namespace -}} + {{- print .Values.metrics.serviceMonitor.namespace -}} + {{- else -}} + {{- include "mongodb.namespace" . -}} + {{- end }} +{{- end -}} +{{- define "mongodb.prometheusRule.namespace" -}} + {{- if .Values.metrics.prometheusRule.namespace -}} + {{- print .Values.metrics.prometheusRule.namespace -}} + {{- else -}} + {{- include "mongodb.namespace" . -}} + {{- end }} +{{- end -}} + +{{/* +Returns the proper service account name depending if an explicit service account name is set +in the values file. If the name is not set it will default to either mongodb.fullname if serviceAccount.create +is true or default otherwise. +*/}} +{{- define "mongodb.serviceAccountName" -}} + {{- if .Values.serviceAccount.create -}} + {{- default (include "mongodb.fullname" .) (print .Values.serviceAccount.name) -}} + {{- else -}} + {{- default "default" (print .Values.serviceAccount.name) -}} + {{- end -}} +{{- end -}} + +{{/* +Return the list of custom users to create during the initialization (string format) +*/}} +{{- define "mongodb.customUsers" -}} + {{- $customUsers := list -}} + {{- if .Values.auth.username -}} + {{- $customUsers = append $customUsers .Values.auth.username }} + {{- end }} + {{- range .Values.auth.usernames }} + {{- $customUsers = append $customUsers . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customUsers)) -}} +{{- end -}} + +{{/* +Return the list of passwords for the custom users (string format) +*/}} +{{- define "mongodb.customPasswords" -}} + {{- $customPasswords := list -}} + {{- if .Values.auth.password -}} + {{- $customPasswords = append $customPasswords .Values.auth.password }} + {{- end }} + {{- range .Values.auth.passwords }} + {{- $customPasswords = append $customPasswords . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customPasswords)) -}} +{{- end -}} + +{{/* +Return the list of custom databases to create during the initialization (string format) +*/}} +{{- define "mongodb.customDatabases" -}} + {{- $customDatabases := list -}} + {{- if .Values.auth.database -}} + {{- $customDatabases = append $customDatabases .Values.auth.database }} + {{- end }} + {{- range .Values.auth.databases }} + {{- $customDatabases = append $customDatabases . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customDatabases)) -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration +*/}} +{{- define "mongodb.configmapName" -}} +{{- if .Values.existingConfigmap -}} + {{- printf "%s" (tpl .Values.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® +*/}} +{{- define "mongodb.createConfigmap" -}} +{{- if and .Values.configuration (not .Values.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret with MongoDB® credentials +*/}} +{{- define "mongodb.secretName" -}} + {{- if .Values.auth.existingSecret -}} + {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} + {{- else -}} + {{- printf "%s" (include "mongodb.fullname" .) -}} + {{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for MongoDB® +*/}} +{{- define "mongodb.createSecret" -}} +{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "mongodb.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if the Arbiter should be deployed +*/}} +{{- define "mongodb.arbiter.enabled" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration for the Arbiter +*/}} +{{- define "mongodb.arbiter.configmapName" -}} +{{- if .Values.arbiter.existingConfigmap -}} + {{- printf "%s" (tpl .Values.arbiter.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-arbiter" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® Arbiter +*/}} +{{- define "mongodb.arbiter.createConfigmap" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled .Values.arbiter.configuration (not .Values.arbiter.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if the Hidden should be deployed +*/}} +{{- define "mongodb.hidden.enabled" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.hidden.enabled }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration for the Hidden +*/}} +{{- define "mongodb.hidden.configmapName" -}} +{{- if .Values.hidden.existingConfigmap -}} + {{- printf "%s" (tpl .Values.hidden.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-hidden" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® Hidden +*/}} +{{- define "mongodb.hidden.createConfigmap" -}} +{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.enabled .Values.hidden.configuration (not .Values.hidden.existingConfigmap) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "mongodb.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "mongodb.validateValues.pspAndRBAC" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.architecture" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBs" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBsLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.externalAccessServiceType" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.loadBalancerIPsListLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.nodePortListLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate RBAC is created when using PSP */}} +{{- define "mongodb.validateValues.pspAndRBAC" -}} +{{- if and (.Values.podSecurityPolicy.create) (not .Values.rbac.create) -}} +mongodb: podSecurityPolicy.create, rbac.create + Both podSecurityPolicy.create and rbac.create must be true, if you want + to create podSecurityPolicy +{{- end -}} +{{- end -}} + +{{/* Validate values of MongoDB® - must provide a valid architecture */}} +{{- define "mongodb.validateValues.architecture" -}} +{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replicaset") -}} +mongodb: architecture + Invalid architecture selected. Valid values are "standalone" and + "replicaset". Please set a valid architecture (--set mongodb.architecture="xxxx") +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - both auth.usernames and auth.databases are necessary +to create a custom user and database during 1st initialization +*/}} +{{- define "mongodb.validateValues.customUsersDBs" -}} +{{- $customUsers := include "mongodb.customUsers" . -}} +{{- $customDatabases := include "mongodb.customDatabases" . -}} +{{- if or (and (empty $customUsers) (not (empty $customDatabases))) (and (not (empty $customUsers)) (empty $customDatabases)) }} +mongodb: auth.usernames, auth.databases + Both auth.usernames and auth.databases must be provided to create + custom users and databases during 1st initialization. + Please set both of them (--set auth.usernames[0]="xxxx",auth.databases[0]="yyyy") +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - both auth.usernames and auth.databases arrays should have the same length +to create a custom user and database during 1st initialization +*/}} +{{- define "mongodb.validateValues.customUsersDBsLength" -}} +{{- if ne (len .Values.auth.usernames) (len .Values.auth.databases) }} +mongodb: auth.usernames, auth.databases + Both auth.usernames and auth.databases arrays should have the same length +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - service type for external access +*/}} +{{- define "mongodb.validateValues.externalAccessServiceType" -}} +{{- if and (eq .Values.architecture "replicaset") (not (eq .Values.externalAccess.service.type "NodePort")) (not (eq .Values.externalAccess.service.type "LoadBalancer")) (not (eq .Values.externalAccess.service.type "ClusterIP")) -}} +mongodb: externalAccess.service.type + Available service type for external access are NodePort, LoadBalancer or ClusterIP. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - number of replicas must be the same than LoadBalancer IPs list +*/}} +{{- define "mongodb.validateValues.loadBalancerIPsListLength" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- $loadBalancerListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled ) (eq .Values.externalAccess.service.type "LoadBalancer") (not (eq $replicaCount $loadBalancerListLength )) -}} +mongodb: .Values.externalAccess.service.loadBalancerIPs + Number of replicas and loadBalancerIPs array length must be the same. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - number of replicas must be the same than NodePort list +*/}} +{{- define "mongodb.validateValues.nodePortListLength" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- $nodePortListLength := len .Values.externalAccess.service.nodePorts }} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "NodePort") (not (eq $replicaCount $nodePortListLength )) -}} +mongodb: .Values.externalAccess.service.nodePorts + Number of replicas and nodePorts array length must be the same. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - RBAC should be enabled when autoDiscovery is enabled +*/}} +{{- define "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (not .Values.rbac.create ) }} +mongodb: rbac.create + By specifying "externalAccess.enabled=true" and "externalAccess.autoDiscovery.enabled=true" + an initContainer will be used to autodetect the external IPs/ports by querying the + K8s API. Please note this initContainer requires specific RBAC resources. You can create them + by specifying "--set rbac.create=true". +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® exporter URI string - auth.enabled and/or tls.enabled must be enabled or it defaults +*/}} +{{- define "mongodb.mongodb_exporter.uri" -}} + {{- $uriTlsArgs := ternary "tls=true&tlsCertificateKeyFile=/certs/mongodb.pem&tlsCAFile=/certs/mongodb-ca-cert" "" .Values.tls.enabled -}} + {{- if .Values.metrics.username }} + {{- $uriAuth := ternary "$(echo $MONGODB_METRICS_USERNAME | sed -r \"s/@/%40/g;s/:/%3A/g\"):$(echo $MONGODB_METRICS_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} + {{- printf "mongodb://%slocalhost:27017/admin?%s" $uriAuth $uriTlsArgs -}} + {{- else -}} + {{- $uriAuth := ternary "$MONGODB_ROOT_USER:$(echo $MONGODB_ROOT_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} + {{- printf "mongodb://%slocalhost:27017/admin?%s" $uriAuth $uriTlsArgs -}} + {{- end -}} +{{- end -}} + + +{{/* +Return the appropriate apiGroup for PodSecurityPolicy. +*/}} +{{- define "podSecurityPolicy.apiGroup" -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "policy" -}} +{{- else -}} +{{- print "extensions" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS secret object should be created +*/}} +{{- define "mongodb.createTlsSecret" -}} +{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret containing MongoDB® TLS certificates +*/}} +{{- define "mongodb.tlsSecretName" -}} +{{- $secretName := .Values.tls.existingSecret -}} +{{- if $secretName -}} + {{- printf "%s" (tpl $secretName $) -}} +{{- else -}} + {{- printf "%s-ca" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml new file mode 100644 index 00000000..1aacbd79 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "mongodb.arbiter.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ print "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml new file mode 100644 index 00000000..2bc3658c --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml @@ -0,0 +1,33 @@ +{{- if (include "mongodb.arbiter.enabled" .) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.arbiter.service.nameOverride" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.arbiter.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.arbiter.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-mongodb + port: {{ .Values.arbiter.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.arbiter.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: arbiter +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml new file mode 100644 index 00000000..6402f682 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml @@ -0,0 +1,25 @@ +{{- if and (include "mongodb.arbiter.enabled" .) .Values.arbiter.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.arbiter.pdb.minAvailable }} + minAvailable: {{ .Values.arbiter.pdb.minAvailable }} + {{- end }} + {{- if .Values.arbiter.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.arbiter.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: arbiter +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml new file mode 100644 index 00000000..a54b3575 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml @@ -0,0 +1,279 @@ +{{- if (include "mongodb.arbiter.enabled" .) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.arbiter.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.arbiter.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.arbiter.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + serviceName: {{ include "mongodb.arbiter.service.nameOverride" . }} + podManagementPolicy: {{ .Values.arbiter.podManagementPolicy }} + {{- if .Values.arbiter.updateStrategy }} + updateStrategy: {{- toYaml .Values.arbiter.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: arbiter + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: arbiter + {{- if .Values.arbiter.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.arbiter.createConfigmap" .) .Values.arbiter.podAnnotations }} + annotations: + {{- if (include "mongodb.arbiter.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/arbiter/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.arbiter.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.arbiter.schedulerName }} + schedulerName: {{ .Values.arbiter.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.arbiter.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAffinityPreset "component" "arbiter" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAntiAffinityPreset "component" "arbiter" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.arbiter.nodeAffinityPreset.type "key" .Values.arbiter.nodeAffinityPreset.key "values" .Values.arbiter.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.arbiter.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.priorityClassName }} + priorityClassName: {{ .Values.arbiter.priorityClassName }} + {{- end }} + {{- if .Values.arbiter.runtimeClassName }} + runtimeClassName: {{ .Values.arbiter.runtimeClassName }} + {{- end }} + {{- if .Values.arbiter.podSecurityContext.enabled }} + securityContext: {{- omit .Values.arbiter.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.arbiter.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.arbiter.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if .Values.arbiter.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: generate-client + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.arbiter.service.nameOverride" . }} + {{- end }} + containers: + - name: mongodb-arbiter + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.arbiter.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.arbiter.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.arbiter.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.arbiter.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.arbiter.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.arbiter.service.nameOverride" . }}" + - name: MONGODB_REPLICA_SET_MODE + value: "arbiter" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.%s.$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) (include "mongodb.service.nameOverride" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + - name: MONGODB_PORT_NUMBER + value: {{ .Values.arbiter.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_INITIAL_PRIMARY_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + {{- $extraFlags := .Values.arbiter.extraFlags | join " " -}} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.arbiter.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.arbiter.extraEnvVarsCM .Values.arbiter.extraEnvVarsSecret }} + envFrom: + {{- if .Values.arbiter.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.arbiter.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.arbiter.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.arbiter.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.arbiter.containerPorts.mongodb }} + name: mongodb + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.arbiter.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- if .Values.arbiter.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.readinessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- if .Values.arbiter.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- end }} + {{- if .Values.arbiter.resources }} + resources: {{- toYaml .Values.arbiter.resources | nindent 12 }} + {{- end }} + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumeMounts .Values.tls.enabled }} + volumeMounts: + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.arbiter.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.arbiter.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0555 + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.arbiter.configmapName" . }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if .Values.arbiter.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml b/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml new file mode 100644 index 00000000..cb70b52f --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml @@ -0,0 +1,104 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + startup-probe.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true$' + readiness-probe.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + # Run the proper check depending on the version + [[ $(mongod -version | grep "db version") =~ ([0-9]+\.[0-9]+\.[0-9]+) ]] && VERSION=${BASH_REMATCH[1]} + . /opt/drycc/scripts/libversion.sh + VERSION_MAJOR="$(get_sematic_version "$VERSION" 1)" + VERSION_MINOR="$(get_sematic_version "$VERSION" 2)" + VERSION_PATCH="$(get_sematic_version "$VERSION" 3)" + if [[ ( "$VERSION_MAJOR" -ge 5 ) || ( "$VERSION_MAJOR" -ge 4 && "$VERSION_MINOR" -ge 4 && "$VERSION_PATCH" -ge 2 ) ]]; then + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true$' + else + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.isMaster().ismaster || db.isMaster().secondary' | grep -q 'true$' + fi + ping-mongodb.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval "db.adminCommand('ping')" + {{- if .Values.tls.enabled }} + generate-certs.sh: | + #!/bin/bash + additional_ips=() + additional_names=() + while getopts "i:n:s:" flag + do + case "${flag}" in + i) read -a additional_ips <<< ${OPTARG//,/ } ;; + n) read -a additional_names <<< ${OPTARG//,/ } ;; + s) svc=${OPTARG// /} ;; + \?) exit 1 ;; + esac + done + + my_hostname=$(hostname) + cp /certs/CAs/* /certs/ + cat >/certs/openssl.cnf <>/certs/openssl.cnf <>/certs/openssl.cnf < /certs/mongodb.pem + cd /certs/ + shopt -s extglob + rm -rf !(mongodb-ca-cert|mongodb.pem|CAs|openssl.cnf) + chmod 0600 mongodb-ca-cert mongodb.pem + {{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml new file mode 100644 index 00000000..76608c4e --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "mongodb.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml b/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml new file mode 100644 index 00000000..9ac65f9e --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml new file mode 100644 index 00000000..d7271f05 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml @@ -0,0 +1,15 @@ +{{- if (include "mongodb.hidden.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml new file mode 100644 index 00000000..d9bbdc8e --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml @@ -0,0 +1,67 @@ +{{- if and (include "mongodb.hidden.enabled" .) .Values.externalAccess.hidden.enabled }} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.hidden.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-hidden-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-hidden-%d-external" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} + {{- if or $root.Values.externalAccess.hidden.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.externalAccess.hidden.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.hidden.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.hidden.service.type }} + {{- if eq $root.Values.externalAccess.hidden.service.type "LoadBalancer" }} + {{- if not (empty $root.Values.externalAccess.hidden.service.loadBalancerIPs) }} + loadBalancerIP: {{ index $root.Values.externalAccess.hidden.service.loadBalancerIPs $i }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + {{- if (or (eq $root.Values.externalAccess.hidden.service.type "LoadBalancer") (eq $root.Values.externalAccess.hidden.service.type "NodePort")) }} + externalTrafficPolicy: {{ $root.Values.externalAccess.hidden.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.sessionAffinity }} + sessionAffinity: {{ $root.Values.externalAccess.hidden.service.sessionAffinity }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.externalAccess.hidden.service.portName | quote }} + port: {{ $root.Values.externalAccess.hidden.service.ports.mongodb }} + {{- if not (empty $root.Values.externalAccess.hidden.service.nodePorts) }} + {{- $nodePort := index $root.Values.externalAccess.hidden.service.nodePorts $i }} + nodePort: {{ $nodePort }} + {{- else }} + nodePort: null + {{- end }} + targetPort: mongodb + {{- if $root.Values.externalAccess.hidden.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: hidden + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml new file mode 100644 index 00000000..725e0256 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml @@ -0,0 +1,34 @@ +{{- if (include "mongodb.hidden.enabled" .) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.hidden.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.hidden.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: {{ .Values.hidden.service.portName | quote }} + port: {{ .Values.hidden.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.hidden.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: hidden +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml new file mode 100644 index 00000000..ce233db3 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml @@ -0,0 +1,22 @@ +{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" . )}} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.hidden.pdb.minAvailable }} + minAvailable: {{ .Values.hidden.pdb.minAvailable }} + {{- end }} + {{- if .Values.hidden.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.hidden.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: hidden +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml new file mode 100644 index 00000000..56ce237b --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml @@ -0,0 +1,533 @@ +{{- if (include "mongodb.hidden.enabled" .) }} +{{- $replicaCount := int .Values.hidden.replicaCount }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.hidden.service.loadBalancerIPs }} +{{- if not (and .Values.externalAccess.hidden.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.hidden.service.type "LoadBalancer")) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.hidden.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.hidden.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + serviceName: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + podManagementPolicy: {{ .Values.hidden.podManagementPolicy }} + replicas: {{ .Values.hidden.replicaCount }} + {{- if .Values.hidden.updateStrategy }} + updateStrategy: {{- toYaml .Values.hidden.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: hidden + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: hidden + {{- if .Values.hidden.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.hidden.createConfigmap" .) .Values.hidden.podAnnotations }} + annotations: + {{- if (include "mongodb.hidden.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/hidden/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.hidden.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hidden.schedulerName }} + schedulerName: {{ .Values.hidden.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.hidden.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAffinityPreset "component" "" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAntiAffinityPreset "component" "" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.hidden.nodeAffinityPreset.type "key" .Values.hidden.nodeAffinityPreset.key "values" .Values.hidden.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.hidden.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.priorityClassName }} + priorityClassName: {{ .Values.hidden.priorityClassName }} + {{- end }} + {{- if .Values.hidden.runtimeClassName }} + runtimeClassName: {{ .Values.hidden.runtimeClassName }} + {{- end }} + {{- if .Values.hidden.podSecurityContext.enabled }} + securityContext: {{- omit .Values.hidden.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.hidden.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.hidden.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.hidden.initContainers (and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled) (and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.hidden.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} + find {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.hidden.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + {{- if .Values.externalAccess.hidden.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.hidden.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: auto-discovery + image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} + imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} + command: + - /scripts/auto-discovery.sh + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SHARED_FILE + value: "/shared/info.txt" + {{- if .Values.externalAccess.autoDiscovery.resources }} + resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: shared + mountPath: /shared + - name: scripts + mountPath: /scripts/auto-discovery.sh + subPath: auto-discovery.sh + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.hidden.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.hidden.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.hidden.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.command "context" $) | nindent 12 }} + {{- else }} + command: + - /scripts/setup-hidden.sh + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.hidden.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.hidden.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: SHARED_FILE + value: "/shared/info.txt" + {{- end }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.service.nameOverride" . }}" + - name: K8S_HIDDEN_NODE_SERVICE_NAME + value: "{{ include "mongodb.fullname" . }}-hidden-headless" + - name: MONGODB_REPLICA_SET_MODE + value: "hidden" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.hidden.enabled) }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_HIDDEN_NODE_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + {{- end }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.hidden.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.hidden.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.hidden.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.hidden.extraEnvVarsCM .Values.hidden.extraEnvVarsSecret }} + envFrom: + {{- if .Values.hidden.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.hidden.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.hidden.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.hidden.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.hidden.containerPorts.mongodb }} + name: mongodb + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.hidden.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.hidden.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.hidden.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.hidden.resources }} + resources: {{- toYaml .Values.hidden.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.hidden.persistence.mountPath }} + subPath: {{ .Values.hidden.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + - name: scripts + mountPath: /scripts/setup-hidden.sh + subPath: setup-hidden.sh + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: shared + mountPath: /shared + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.hidden.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + /bin/mongodb_exporter --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: 9216 + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.hidden.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0555 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.hidden.configmapName" . }} + {{- end }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: shared + emptyDir: {} + {{- end }} + - name: scripts + configMap: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0755 + {{- if .Values.hidden.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.hidden.persistence.enabled }} + - name: datadir + {{- if .Values.hidden.persistence.medium }} + emptyDir: + medium: {{ .Values.hidden.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.hidden.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.hidden.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.hidden.persistence.size | quote }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.requests }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.hidden.persistence "global" .Values.global) }} + {{- end }} +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml new file mode 100644 index 00000000..f3d023ab --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-init-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml new file mode 100644 index 00000000..2a36dfc8 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml @@ -0,0 +1,33 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.metrics.service.type }} + ports: + - port: {{ .Values.metrics.service.ports.metrics }} + targetPort: metrics + protocol: TCP + name: http-metrics + {{- if .Values.metrics.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml new file mode 100644 index 00000000..26149ccb --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml @@ -0,0 +1,44 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.service.type "ClusterIP" }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.service.ports.mongodb }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + ingress: + - {} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml b/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml new file mode 100644 index 00000000..29d2ea46 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.prometheusRule.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "mongodb.fullname" . }} + rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml b/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml new file mode 100644 index 00000000..e9ef023b --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml @@ -0,0 +1,50 @@ +{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- if and $pspAvailable .Values.podSecurityPolicy.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: +{{- if .Values.podSecurityPolicy.spec }} +{{ include "common.tplvalues.render" ( dict "value" .Values.podSecurityPolicy.spec "context" $ ) | nindent 2 }} +{{- else }} + allowPrivilegeEscalation: {{ .Values.podSecurityPolicy.allowPrivilegeEscalation }} + fsGroup: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.podSecurityContext.fsGroup }} + max: {{ .Values.podSecurityContext.fsGroup }} + hostIPC: false + hostNetwork: false + hostPID: false + privileged: {{ .Values.podSecurityPolicy.privileged }} + readOnlyRootFilesystem: false + requiredDropCapabilities: + - ALL + runAsUser: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.containerSecurityContext.runAsUser }} + max: {{ .Values.containerSecurityContext.runAsUser }} + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.containerSecurityContext.runAsUser }} + max: {{ .Values.containerSecurityContext.runAsUser }} + volumes: + - 'configMap' + - 'secret' + - 'emptyDir' + - 'persistentVolumeClaim' +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml new file mode 100644 index 00000000..caa15f36 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml @@ -0,0 +1,32 @@ +{{- if (eq .Values.architecture "replicaset") }} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} +spec: + type: {{ $root.Values.service.type }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.service.portName | quote }} + port: {{ $root.Values.service.ports.mongodb }} + targetPort: mongodb + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml new file mode 100644 index 00000000..f1acd6bf --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml @@ -0,0 +1,67 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not (eq .Values.externalAccess.service.type "ClusterIP")) false}} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d-external" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} + {{- if or $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.externalAccess.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.service.type }} + {{- if eq $root.Values.externalAccess.service.type "LoadBalancer" }} + {{- if not (empty $root.Values.externalAccess.service.loadBalancerIPs) }} + loadBalancerIP: {{ index $root.Values.externalAccess.service.loadBalancerIPs $i }} + {{- end }} + {{- if $root.Values.externalAccess.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + {{- if (or (eq $root.Values.externalAccess.service.type "LoadBalancer") (eq $root.Values.externalAccess.service.type "NodePort")) }} + externalTrafficPolicy: {{ $root.Values.externalAccess.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if $root.Values.externalAccess.service.sessionAffinity }} + sessionAffinity: {{ $root.Values.externalAccess.service.sessionAffinity }} + {{- end }} + {{- if $root.Values.externalAccess.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.externalAccess.service.portName | quote }} + port: {{ $root.Values.externalAccess.service.ports.mongodb }} + {{- if not (empty $root.Values.externalAccess.service.nodePorts) }} + {{- $nodePort := index $root.Values.externalAccess.service.nodePorts $i }} + nodePort: {{ $nodePort }} + {{- else }} + nodePort: null + {{- end }} + targetPort: mongodb + {{- if $root.Values.externalAccess.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml new file mode 100644 index 00000000..78f26ab9 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml @@ -0,0 +1,34 @@ +{{- if eq .Values.architecture "replicaset" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.service.nameOverride" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: {{ .Values.service.portName | quote }} + port: {{ .Values.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml new file mode 100644 index 00000000..a2b6492f --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml @@ -0,0 +1,25 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml new file mode 100644 index 00000000..ed5a8627 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml @@ -0,0 +1,301 @@ +{{- if eq .Values.architecture "replicaset" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- $fullname := include "mongodb.fullname" . }} + {{- $releaseNamespace := include "mongodb.namespace" . }} + {{- if and .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + auto-discovery.sh: |- + #!/bin/bash + + SVC_NAME="${MY_POD_NAME}-external" + + # Auxiliary functions + retry_while() { + local -r cmd="${1:?cmd is missing}" + local -r retries="${2:-12}" + local -r sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<< "$cmd" + for ((i = 1 ; i <= retries ; i+=1 )); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value + } + k8s_svc_lb_ip() { + local namespace=${1:?namespace is missing} + local service=${2:?service is missing} + local service_ip=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].ip}") + local service_hostname=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].hostname}") + + if [[ -n ${service_ip} ]]; then + echo "${service_ip}" + else + echo "${service_hostname}" + fi + } + k8s_svc_lb_ip_ready() { + local namespace=${1:?namespace is missing} + local service=${2:?service is missing} + [[ -n "$(k8s_svc_lb_ip "$namespace" "$service")" ]] + } + # Wait until LoadBalancer IP is ready + retry_while "k8s_svc_lb_ip_ready {{ $releaseNamespace }} $SVC_NAME" || exit 1 + # Obtain LoadBalancer external IP + k8s_svc_lb_ip "{{ $releaseNamespace }}" "$SVC_NAME" | tee "$SHARED_FILE" + {{- end }} + setup.sh: |- + #!/bin/bash + + . /opt/drycc/scripts/mongodb-env.sh + . /opt/drycc/scripts/libfs.sh + . /opt/drycc/scripts/liblog.sh + . /opt/drycc/scripts/libvalidations.sh + + {{- if .Values.externalAccess.enabled }} + {{- if eq .Values.externalAccess.service.type "LoadBalancer" }} + {{- if .Values.externalAccess.autoDiscovery.enabled }} + export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" + {{- else }} + ID="${MY_POD_NAME#"{{ $fullname }}-"}" + export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- end }} + {{- else if eq .Values.externalAccess.service.type "NodePort" }} + ID="${MY_POD_NAME#"{{ $fullname }}-"}" + export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- if .Values.externalAccess.service.domain }} + export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.service.domain }} + {{- else }} + export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP + {{- end }} + {{- end }} + {{- end }} + + {{- if .Values.replicaSetConfigurationSettings.enabled }} + # placed here before root password env is overwritten + # makes no assumption about starting state + # ensures that any stepDown or non-default starting state is handled + /scripts/replicaSetConfigurationSettings.sh & + {{- end }} + + if is_empty_value "$MONGODB_ADVERTISED_PORT_NUMBER"; then + export MONGODB_ADVERTISED_PORT_NUMBER="$MONGODB_PORT_NUMBER" + fi + + info "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME" + info "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER" + + # Check for existing replica set in case there is no data in the PVC + # This is for cases where the PVC is lost or for MongoDB caches without + # persistence + current_primary="" + if is_dir_empty "${MONGODB_DATA_DIR}/db"; then + info "Data dir empty, checking if the replica set already exists" + {{- $replicaCount := int .Values.replicaCount }} + {{- $portNumber := int .Values.service.ports.mongodb }} + {{- $fullname := include "mongodb.fullname" . }} + {{- $releaseNamespace := include "mongodb.namespace" . }} + {{- $clusterDomain := .Values.clusterDomain }} + {{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} + {{- $mongoList := list }} + {{- range $e, $i := until $replicaCount }} + {{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} + {{- end }} + current_primary=$(mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }}{{- if .Values.tls.enabled}} --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert{{- end }} --eval 'db.runCommand("ismaster")' | awk -F\' '/primary/ {print $2}') + + if ! is_empty_value "$current_primary"; then + info "Detected existing primary: ${current_primary}" + fi + fi + + if ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" == "$current_primary" ]]; then + info "Advertised name matches current primary, configuring node as a primary" + export MONGODB_REPLICA_SET_MODE="primary" + elif ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" != "$current_primary" ]]; then + info "Current primary is different from this node. Configuring the node as replica of ${current_primary}" + export MONGODB_REPLICA_SET_MODE="secondary" + export MONGODB_INITIAL_PRIMARY_HOST="${current_primary%:*}" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="${current_primary#*:}" + export MONGODB_SET_SECONDARY_OK="yes" + elif [[ "$MY_POD_NAME" = "{{ $fullname }}-0" ]]; then + info "Pod name matches initial primary pod name, configuring node as a primary" + export MONGODB_REPLICA_SET_MODE="primary" + else + info "Pod name doesn't match initial primary pod name, configuring node as a secondary" + export MONGODB_REPLICA_SET_MODE="secondary" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER" + fi + + if [[ "$MONGODB_REPLICA_SET_MODE" == "secondary" ]]; then + export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER" + export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" + export MONGODB_ROOT_PASSWORD="" + export MONGODB_EXTRA_USERNAMES="" + export MONGODB_EXTRA_DATABASES="" + export MONGODB_EXTRA_PASSWORDS="" + export MONGODB_ROOT_PASSWORD_FILE="" + export MONGODB_EXTRA_USERNAMES_FILE="" + export MONGODB_EXTRA_DATABASES_FILE="" + export MONGODB_EXTRA_PASSWORDS_FILE="" + fi + + exec /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + setup-hidden.sh: |- + #!/bin/bash + + . /opt/drycc/scripts/mongodb-env.sh + + {{- if .Values.externalAccess.hidden.enabled }} + {{- if eq .Values.externalAccess.hidden.service.type "LoadBalancer" }} + {{- if .Values.externalAccess.autoDiscovery.enabled }} + export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" + {{- else }} + ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}" + export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.hidden.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- end }} + {{- else if eq .Values.externalAccess.hidden.service.type "NodePort" }} + ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}" + export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.hidden.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- if .Values.externalAccess.hidden.service.domain }} + export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.hidden.service.domain }} + {{- else }} + export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP + {{- end }} + {{- end }} + {{- end }} + + {{- if .Values.replicaSetConfigurationSettings.enabled }} + # placed here before root password env is overwritten + # makes no assumption about starting state + # ensures that any stepDown or non-default starting state is handled + /scripts/replicaSetConfigurationSettings.sh & + {{- end }} + + echo "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME" + echo "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER" + echo "Configuring node as a hidden node" + export MONGODB_REPLICA_SET_MODE="hidden" + export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER" + export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER" + export MONGODB_ROOT_PASSWORD="" + export MONGODB_EXTRA_USERNAMES="" + export MONGODB_EXTRA_DATABASES="" + export MONGODB_EXTRA_PASSWORDS="" + export MONGODB_ROOT_PASSWORD_FILE="" + export MONGODB_EXTRA_USERNAMES_FILE="" + export MONGODB_EXTRA_DATABASES_FILE="" + export MONGODB_EXTRA_PASSWORDS_FILE="" + exec /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + {{- if .Values.replicaSetConfigurationSettings.enabled }} + replicaSetConfigurationSettings.sh: |- + #!/bin/bash + # This script to be called when pod starts. + # This script sets rs settings which can not be applied via conf file + + function logger () + #$1 is the line to be logged + { + echo "replicaSetConfigurationSettings.sh -- ${1}" >&1 + } + + SLEEP_PERIOD=10 + + {{- if and .Values.auth.enabled .Values.auth.rootPassword }} + usernameAndPassword="-u root -p ${MONGODB_ROOT_PASSWORD}" + {{- else }} + usernameAndPassword="" + {{- end }} + + # load Values.replicaSetConfigurationSettings.configuration into associtive array which makes iterating and string manipulation easy + declare -A desiredRsConf + {{ range $setting, $value := .Values.replicaSetConfigurationSettings.configuration -}} + {{ printf "desiredRsConf[%s]='%v'" $setting $value }} + {{ end }} + + rsConfWriteAttempts=0 + rs_conf_configured_ok=unknown + + while [[ "${rs_conf_configured_ok}" != "true" ]]; do + + # give the rs setup a chance to succeed before attempting to read or configure + sleep ${SLEEP_PERIOD} + + counter=0 + while ! mongosh ${usernameAndPassword} --eval 'rs.conf()'; do + counter=$((${counter} +1)) + logger "not yet able to read rs.conf settings from the currently running rs (after ${counter} attempts)" + sleep ${SLEEP_PERIOD} + done + counter=$((${counter} +1)) + logger "rs.conf settings have been read from the currently running rs (after ${counter} attempts)" + + # read rs.conf again and store it. settings format is '"" : ,' + currentRsConf=$(mongosh ${usernameAndPassword} --eval 'rs.conf()') + + desiredEqualsactual=unknown + settingsToConfigure="" + for key in ${!desiredRsConf[@]}; do + value=${desiredRsConf[$key]} + if ! $(echo "\"${currentRsConf}"\" | grep -q -e "${key}: ${value},"); then + logger "rs conf setting: ${key} value will be set to: ${value}" + settingsToConfigure="${settingsToConfigure}cfg.settings.${key} = ${value}; " + desiredEqualsactual=false + else + logger "rs conf: ${key} is already at desired value: ${value}" + fi + done + + if [[ "${desiredEqualsactual}" != "false" ]]; then + logger "replicaSetConfigurationSettings match the settings of the currently running rs" + desiredEqualsactual=true + rs_conf_configured_ok=true + logger "Current settings match desired settings (There have been ${rsConfWriteAttempts} attempts to write to mongoDB rs configuration)" + exit + fi + + # apply the settings only if this member is currently the mongo replicaset PRIMARY + # it might take a little time before any pod is PRIMARY + isMaster=unknown + if ! mongosh ${usernameAndPassword} --eval 'rs.isMaster()' | grep -q "ismaster: true"; then + isMaster=false + logger "This node is not yet PRIMARY - replicaSetConfigurationSettings will only be set on the member that is currently PRIMARY" + else + isMaster=true + logger "This node is PRIMARY" + fi + + if [[ "${isMaster}" == "true" ]]; then + logger "This node is currently PRIMARY - will apply rs.conf settings" + + # avoiding tricky string substitution with single quotes by making the eval string a set of vars + rsconf="cfg = rs.conf();" + rsreconf="rs.reconfig(cfg);" + rsCommand="${rsconf} ${settingsToConfigure} ${rsreconf}" + + mongosh ${usernameAndPassword} --eval "${rsCommand}" + if [ $? -ne 0 ]; then + logger "Failed to apply mongodb cfg.settings configuration" + else + logger "mongodb replicaset cfg.settings configuration applied" + logger "Will check rs conf" + # don't exit just yet - the settings will be checked in the next loop + fi + rsConfWriteAttempts=$((${rsConfWriteAttempts} + 1 )) + fi + done + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml new file mode 100644 index 00000000..e7c0ff1c --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml @@ -0,0 +1,543 @@ +{{- if eq .Values.architecture "replicaset" }} +{{- $replicaCount := int .Values.replicaCount }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- if not (and .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer")) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.labels "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + serviceName: {{ include "mongodb.service.nameOverride" . }} + podManagementPolicy: {{ .Values.podManagementPolicy }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: Delete + whenScaled: Delete + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mongodb + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} + annotations: + {{- if (include "mongodb.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: {{ .Values.runtimeClassName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.service.nameOverride" . }} + {{- if .Values.externalAccess.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: auto-discovery + image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} + imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} + command: + - /scripts/auto-discovery.sh + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SHARED_FILE + value: "/shared/info.txt" + {{- if .Values.externalAccess.autoDiscovery.resources }} + resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: shared + mountPath: /shared + - name: scripts + mountPath: /scripts/auto-discovery.sh + subPath: auto-discovery.sh + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- else }} + command: + - /scripts/setup.sh + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: DRYCC_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: SHARED_FILE + value: "/shared/info.txt" + {{- end }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.service.nameOverride" . }}" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.enabled) }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + {{- end }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - name: mongodb + containerPort: {{ .Values.containerPorts.mongodb }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/readiness-probe.sh + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + - name: scripts + mountPath: /scripts/setup.sh + subPath: setup.sh + {{ if .Values.replicaSetConfigurationSettings.enabled }} + - name: scripts + mountPath: /scripts/replicaSetConfigurationSettings.sh + subPath: replicaSetConfigurationSettings.sh + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: shared + mountPath: /shared + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPort }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0550 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.configmapName" . }} + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: shared + emptyDir: {} + {{- end }} + - name: scripts + configMap: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0755 + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: datadir + {{- if .Values.persistence.medium }} + emptyDir: + medium: {{ .Values.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.volumeClaimTemplates.requests }} + {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.persistence.volumeClaimTemplates.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- end }} +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml new file mode 100644 index 00000000..55c56b87 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml @@ -0,0 +1,43 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }} + +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or $root.Values.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.service.type }} + ports: + - name: {{ $root.Values.service.portName | quote }} + port: {{ $root.Values.service.ports.mongodb }} + targetPort: mongodb + {{- if $root.Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/role.yaml b/addons/mongodb/7.0/chart/mongodb/templates/role.yaml new file mode 100644 index 00000000..56300431 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +{{- if .Values.rbac.rules }} +{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} +{{- end -}} +{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- if and $pspAvailable .Values.podSecurityPolicy.create }} + - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ include "mongodb.fullname" . }}] +{{- end -}} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml b/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml new file mode 100644 index 00000000..8950f8bb --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: Role + name: {{ include "mongodb.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "mongodb.serviceAccountName" . }} + namespace: {{ include "mongodb.namespace" . | quote }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml b/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml new file mode 100644 index 00000000..1c4e76ff --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml @@ -0,0 +1,37 @@ +{{- if (include "mongodb.createTlsSecret" .) }} +{{- $fullname := include "mongodb.fullname" . }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $cn := printf "%s.%s.svc.%s" $fullname .Release.Namespace $clusterDomain }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "mongodb.tlsSecretName" . }} + namespace: {{ template "mongodb.namespace" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if or .Values.tls.caCert .Values.tls.caKey (not .Values.tls.autoGenerated) }} + {{- $ca := buildCustomCert (required "A valid .Values.tls.caCert is required!" .Values.tls.caCert) (required "A valid .Values.tls.caKey is required!" .Values.tls.caKey) }} + {{- $cert := genSignedCert $cn nil nil 3650 $ca }} + {{- $pem := printf "%s%s" $cert.Cert $cert.Key }} + mongodb-ca-cert: {{ b64enc $ca.Cert }} + mongodb-ca-key: {{ b64enc $ca.Key }} + client-pem: {{ b64enc $pem }} + {{- else }} + {{- $ca:= genCA "myMongo-ca" 3650 }} + {{- $cert := genSignedCert $cn nil nil 3650 $ca }} + {{- $pem := printf "%s%s" $cert.Cert $cert.Key }} + mongodb-ca-cert: {{ b64enc $ca.Cert }} + mongodb-ca-key: {{ b64enc $ca.Key }} + client-pem: {{ b64enc $pem }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml b/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml new file mode 100644 index 00000000..acf8c483 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml @@ -0,0 +1,41 @@ +{{- if (include "mongodb.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ template "mongodb.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + mongodb-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-root-password" "providedValues" (list "auth.rootPassword" ) "context" $) }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- $customPasswords := include "mongodb.customPasswords" . -}} + {{- $passwordList := list -}} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) -}} + {{- if not (empty $customPasswords) -}} + {{- $passwordList = $customPasswords -}} + {{- else -}} + {{- $customUsersList := splitList "," $customUsers -}} + {{- $customPasswordsList := list -}} + {{- range $customUsersList -}} + {{- $customPasswordsList = append $customPasswordsList (randAlphaNum 10) -}} + {{- end -}} + {{- $passwordList = (join "," $customPasswordsList) -}} + {{- end }} + mongodb-passwords: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-passwords" "providedValues" (list "mongodbPasswords") "context" (set (deepCopy $) "Values" (dict "mongodbPasswords" $passwordList))) }} + {{- end }} + {{- if .Values.metrics.username }} + mongodb-metrics-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-metrics-password" "providedValues" (list "metrics.password" ) "context" $) }} + {{- end }} + {{- if eq .Values.architecture "replicaset" }} + mongodb-replica-set-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-replica-set-key" "providedValues" (list "auth.replicaSetKey" ) "context" $) }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml b/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml new file mode 100644 index 00000000..f4aa81a5 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml @@ -0,0 +1,23 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mongodb.serviceAccountName" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.serviceAccount.annotations }} + {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +secrets: + - name: {{ template "mongodb.fullname" . }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml b/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml new file mode 100644 index 00000000..0a00f719 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.serviceMonitor.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: metrics + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: metrics + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - "{{ include "mongodb.namespace" . }}" +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml new file mode 100644 index 00000000..ba3b74d2 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml @@ -0,0 +1,474 @@ +{{- if not (eq .Values.architecture "replicaset") }} +apiVersion: {{ if .Values.useStatefulSet }}{{ include "common.capabilities.statefulset.apiVersion" . }}{{- else }}{{ include "common.capabilities.deployment.apiVersion" . }}{{- end }} +kind: {{ if .Values.useStatefulSet }}StatefulSet{{- else }}Deployment{{- end }} +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.useStatefulSet }} + serviceName: {{ include "mongodb.fullname" . }} + {{- end }} + {{- if .Values.updateStrategy}} + {{- if .Values.useStatefulSet }} + updateStrategy: + {{- else }} + strategy: + {{- end }} + {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end}} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mongodb + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} + annotations: + {{- if (include "mongodb.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: {{ .Values.runtimeClassName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.service.nameOverride" . }} + {{- if .Values.externalAccess.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - name: mongodb + containerPort: {{ .Values.containerPorts.mongodb }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/readiness-probe.sh + {{- end }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPort }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0550 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.configmapName" . }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: datadir + {{- if .Values.persistence.medium }} + emptyDir: + medium: {{ .Values.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else if .Values.persistence.existingClaim }} + - name: datadir + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.persistence.existingClaim .) }} + {{- else if not .Values.useStatefulSet }} + - name: datadir + persistentVolumeClaim: + claimName: {{ template "mongodb.fullname" . }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml new file mode 100644 index 00000000..7786de63 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (not (eq .Values.architecture "replicaset")) (not .Values.useStatefulSet) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations .Values.persistence.resourcePolicy }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.resourcePolicy }} + helm.sh/resource-policy: {{ .Values.persistence.resourcePolicy | quote }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml new file mode 100644 index 00000000..44255798 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml @@ -0,0 +1,58 @@ +{{- if not (eq .Values.architecture "replicaset") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.externalIPs }} + externalIPs: {{ toYaml .Values.service.externalIPs | nindent 4 }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + ports: + - name: {{ .Values.service.portName | quote }} + port: {{ .Values.service.ports.mongodb }} + targetPort: mongodb + {{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) .Values.service.nodePorts.mongodb }} + nodePort: {{ .Values.service.nodePorts.mongodb }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/values.schema.json b/addons/mongodb/7.0/chart/mongodb/values.schema.json new file mode 100644 index 00000000..be8e54b4 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/values.schema.json @@ -0,0 +1,173 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "architecture": { + "type": "string", + "title": "MongoDB® architecture", + "form": true, + "description": "Allowed values: `standalone` or `replicaset`" + }, + "auth": { + "type": "object", + "title": "Authentication configuration", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Authentication", + "form": true + }, + "rootUser": { + "type": "string", + "title": "MongoDB® admin user", + "form": true, + "description": "Name of the admin user. Default is root" + }, + "rootPassword": { + "type": "string", + "title": "MongoDB® admin password", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": false, + "path": "auth/enabled" + } + }, + "database": { + "type": "string", + "title": "MongoDB® custom database", + "description": "Name of the custom database to be created during the 1st initialization of MongoDB®", + "form": true + }, + "username": { + "type": "string", + "title": "MongoDB® custom user", + "description": "Name of the custom user to be created during the 1st initialization of MongoDB®. This user only has permissions on the MongoDB® custom database", + "form": true + }, + "password": { + "type": "string", + "title": "Password for MongoDB® custom user", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": false, + "path": "auth/enabled" + } + }, + "replicaSetKey": { + "type": "string", + "title": "Key used for replica set authentication", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "replicaCount": { + "type": "integer", + "form": true, + "title": "Number of MongoDB® replicas", + "hidden": { + "value": "standalone", + "path": "architecture" + } + }, + "configuration": { + "type": "string", + "title": "MongoDB® Custom Configuration", + "form": true, + "render": "textArea" + }, + "arbiter": { + "type": "object", + "title": "Arbiter configuration", + "form": true, + "properties": { + "configuration": { + "type": "string", + "title": "Arbiter Custom Configuration", + "form": true, + "render": "textArea", + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "persistence": { + "type": "object", + "title": "Persistence configuration", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable persistence", + "description": "Enable persistence using Persistent Volume Claims" + }, + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi", + "hidden": { + "value": false, + "path": "persistence/enabled" + } + } + } + }, + "volumePermissions": { + "type": "object", + "hidden": { + "value": false, + "path": "persistence/enabled" + }, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" + } + } + }, + "metrics": { + "type": "object", + "form": true, + "title": "Prometheus metrics details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus metrics exporter", + "description": "Create a side-car container to expose Prometheus metrics", + "form": true + }, + "serviceMonitor": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus Operator ServiceMonitor", + "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", + "form": true, + "hidden": { + "value": false, + "path": "metrics/enabled" + } + } + } + } + } + } + } +} diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml new file mode 100644 index 00000000..7731f190 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -0,0 +1,2053 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## @param global.namespaceOverride Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + namespaceOverride: "" + +## @section Common parameters +## + +## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override mongodb.fullname template +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## extraDeploy: +## This needs to be uncommented and added to 'extraDeploy' in order to use the replicaset 'mongo-labeler' sidecar +## for dynamically discovering the mongodb primary pod +## suggestion is to use a hard-coded and predictable TCP port for the primary mongodb pod (here is 30001, choose your own) +## - apiVersion: v1 +## kind: Service +## metadata: +## name: mongodb-primary +## namespace: the-mongodb-namespace +## labels: +## app.kubernetes.io/component: mongodb +## app.kubernetes.io/instance: mongodb +## app.kubernetes.io/managed-by: Helm +## app.kubernetes.io/name: mongodb +## spec: +## type: NodePort +## externalTrafficPolicy: Cluster +## ports: +## - name: mongodb +## port: 30001 +## nodePort: 30001 +## protocol: TCP +## targetPort: mongodb +## selector: +## app.kubernetes.io/component: mongodb +## app.kubernetes.io/instance: mongodb +## app.kubernetes.io/name: mongodb +## primary: "true" +## +extraDeploy: [] +## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template +## +commonLabels: {} +## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template +## +commonAnnotations: {} + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section MongoDB(®) parameters +## + +## Drycc MongoDB(®) image +## ref: https://hub.docker.com/r/drycc/mongodb/tags/ +## @param image.registry MongoDB(®) image registry +## @param image.repository MongoDB(®) image registry +## @param image.tag MongoDB(®) image tag (immutable tags are recommended) +## @param image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy MongoDB(®) image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Set to true if you would like to see extra information on logs +## +image: + registry: registry.drycc.cc + repository: drycc-addons/mongodb + tag: "7.0" + digest: "" + ## Specify a imagePullPolicy + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false + +## @param schedulerName Name of the scheduler (other than default) to dispatch pods +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`) +## +architecture: replicaset +## @param useStatefulSet Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) +## +useStatefulSet: false +## MongoDB(®) Authentication parameters +## +auth: + ## @param auth.enabled Enable authentication + ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ + ## + enabled: true + ## @param auth.rootUser MongoDB(®) root user + ## + rootUser: root + ## @param auth.rootPassword MongoDB(®) root password + ## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#setting-the-root-user-and-password-on-first-run + ## + rootPassword: "" + ## MongoDB(®) custom users and databases + ## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#creating-a-user-and-database-on-first-run + ## @param auth.usernames List of custom users to be created during the initialization + ## @param auth.passwords List of passwords for the custom users set at `auth.usernames` + ## @param auth.databases List of custom databases to be created during the initialization + ## + usernames: [] + passwords: [] + databases: [] + ## @param auth.username DEPRECATED: use `auth.usernames` instead + ## @param auth.password DEPRECATED: use `auth.passwords` instead + ## @param auth.database DEPRECATED: use `auth.databases` instead + username: "" + password: "" + database: "" + ## @param auth.replicaSetKey Key used for authentication in the replicaset (only when `architecture=replicaset`) + ## + replicaSetKey: "" + ## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) + ## NOTE: When it's set the previous parameters are ignored. + ## + existingSecret: "" +tls: + ## @param tls.enabled Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes + ## + enabled: false + ## @param tls.autoGenerated Generate a custom CA and self-signed certificates + ## + autoGenerated: true + ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) + ## NOTE: When it's set it will disable certificate creation + ## + existingSecret: "" + ## Add Custom CA certificate + ## @param tls.caCert Custom CA certificated (base64 encoded) + ## @param tls.caKey CA certificate private key (base64 encoded) + ## + caCert: "" + caKey: "" + ## Drycc Nginx image + ## @param tls.image.registry Init container TLS certs setup image registry + ## @param tls.image.repository Init container TLS certs setup image repository + ## @param tls.image.tag Init container TLS certs setup image tag (immutable tags are recommended) + ## @param tls.image.digest Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param tls.image.pullPolicy Init container TLS certs setup image pull policy + ## @param tls.image.pullSecrets Init container TLS certs specify docker-registry secret names as an array + ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients + ## + image: + registry: docker.io + repository: drycc/nginx + tag: 1.23.1-debian-11-r26 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + ## e.g: + ## extraDnsNames + ## "DNS.6": "$my_host" + ## "DNS.7": "$test" + ## + extraDnsNames: [] + ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) + ## + mode: requireTLS + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param tls.resources.limits Init container generate-tls-certs resource limits + ## @param tls.resources.requests Init container generate-tls-certs resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} +## @param hostAliases Add deployment host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param replicaSetName Name of the replica set (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## +replicaSetName: rs0 +## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## Ignored when externalAccess.enabled=true +## +replicaSetHostnames: true +## @param enableIPv6 Switch to enable/disable IPv6 on MongoDB(®) +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#enablingdisabling-ipv6 +## +enableIPv6: false +## @param directoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB(®) +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#enablingdisabling-directoryperdb +## +directoryPerDB: false +## MongoDB(®) System Log configuration +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#configuring-system-log-verbosity-level +## @param systemLogVerbosity MongoDB(®) system log verbosity level +## @param disableSystemLog Switch to enable/disable MongoDB(®) system log +## +systemLogVerbosity: 0 +disableSystemLog: false +## @param disableJavascript Switch to enable/disable MongoDB(®) server-side JavaScript execution +## ref: https://docs.mongodb.com/manual/core/server-side-javascript/ +## +disableJavascript: false +## @param enableJournal Switch to enable/disable MongoDB(®) Journaling +## ref: https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-storage.journal.enabled +## +enableJournal: true +## @param configuration MongoDB(®) configuration file to be used for Primary and Secondary nodes +## For documentation of all options, see: http://docs.mongodb.org/manual/reference/configuration-options/ +## Example: +## configuration: |- +## # where and how to store data. +## storage: +## dbPath: /drycc/mongodb/data/db +## journal: +## enabled: true +## directoryPerDB: false +## # where to write logging data +## systemLog: +## destination: file +## quiet: false +## logAppend: true +## logRotate: reopen +## path: /opt/drycc/mongodb/logs/mongodb.log +## verbosity: 0 +## # network interfaces +## net: +## port: 27017 +## unixDomainSocket: +## enabled: true +## pathPrefix: /opt/drycc/mongodb/tmp +## ipv6: false +## bindIpAll: true +## # replica set options +## #replication: +## #replSetName: replicaset +## #enableMajorityReadConcern: true +## # process management options +## processManagement: +## fork: false +## pidFilePath: /opt/drycc/mongodb/tmp/mongodb.pid +## # set parameter options +## setParameter: +## enableLocalhostAuthBypass: true +## # security options +## security: +## authorization: disabled +## #keyFile: /opt/drycc/mongodb/conf/keyfile +## +configuration: "" +## @section replicaSetConfigurationSettings settings applied during runtime (not via configuration file) +## If enabled, these are applied by a script which is called within setup.sh +## for documentation see https://docs.mongodb.com/manual/reference/replica-configuration/#replica-set-configuration-fields +## @param replicaSetConfigurationSettings.enabled Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings +## @param replicaSetConfigurationSettings.configuration run-time rs.conf settings +## +replicaSetConfigurationSettings: + enabled: false + configuration: {} +## chainingAllowed : false +## heartbeatTimeoutSecs : 10 +## heartbeatIntervalMillis : 2000 +## electionTimeoutMillis : 10000 +## catchUpTimeoutMillis : 30000 +## @param existingConfigmap Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes +## NOTE: When it's set the arbiter.configuration parameter is ignored +## +existingConfigmap: "" +## @param initdbScripts Dictionary of initdb scripts +## Specify dictionary of scripts to be run at first boot +## Example: +## initdbScripts: +## my_init_script.sh: | +## #!/bin/bash +## echo "Do something." +## +initdbScripts: {} +## @param initdbScriptsConfigMap Existing ConfigMap with custom initdb scripts +## +initdbScriptsConfigMap: "" +## Command and args for running the container (set to default if not set). Use array form +## @param command Override default container command (useful when using custom images) +## @param args Override default container args (useful when using custom images) +## +command: [] +args: [] +## @param extraFlags MongoDB(®) additional command line flags +## Example: +## extraFlags: +## - "--wiredTigerCacheSizeGB=2" +## +extraFlags: [] +## @param extraEnvVars Extra environment variables to add to MongoDB(®) pods +## E.g: +## extraEnvVars: +## - name: FOO +## value: BAR +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) +## +extraEnvVarsSecret: "" + +## @section MongoDB(®) statefulset parameters +## + +## @param annotations Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template +## +annotations: {} +## @param labels Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template +## +labels: {} +## @param replicaCount Number of MongoDB(®) nodes (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## +replicaCount: 3 +## @param updateStrategy.type Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, +## this parameter will be applied on a deployment object. In other case it will be applied on a statefulset object +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## Example: +## updateStrategy: +## type: RollingUpdate +## rollingUpdate: +## maxSurge: 25% +## maxUnavailable: 25% +## +updateStrategy: + type: RollingUpdate +## @param podManagementPolicy Pod management policy for MongoDB(®) +## Should be initialized one by one when building the replicaset for the first time +## +podManagementPolicy: OrderedReady +## @param podAffinityPreset MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key MongoDB(®) Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values MongoDB(®) Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity MongoDB(®) Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector MongoDB(®) Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations MongoDB(®) Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param topologySpreadConstraints MongoDB(®) Spread Constraints for Pods +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## +topologySpreadConstraints: [] +## @param lifecycleHooks LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @param terminationGracePeriodSeconds MongoDB(®) Termination Grace Period +## +terminationGracePeriodSeconds: "" +## @param podLabels MongoDB(®) pod labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations MongoDB(®) Pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param priorityClassName Name of the existing priority class to be used by MongoDB(®) pod(s) +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param runtimeClassName Name of the runtime class to be used by MongoDB(®) pod(s) +## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ +## +runtimeClassName: "" +## MongoDB(®) pods' Security Context. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable MongoDB(®) pod(s)' Security Context +## @param podSecurityContext.fsGroup Group ID for the volumes of the MongoDB(®) pod(s) +## @param podSecurityContext.sysctls sysctl settings of the MongoDB(®) pod(s)' +## +podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] +## MongoDB(®) containers' Security Context (main and metrics container). +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enable MongoDB(®) container(s)' Security Context +## @param containerSecurityContext.runAsUser User ID for the MongoDB(®) container +## @param containerSecurityContext.runAsNonRoot Set MongoDB(®) container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true +## MongoDB(®) containers' resource requests and limits. +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for MongoDB(®) containers +## @param resources.requests The requested resources for MongoDB(®) containers +## +resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} +## @param containerPorts.mongodb MongoDB(®) container port +containerPorts: + mongodb: 27017 +## MongoDB(®) pods' liveness probe. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 +## MongoDB(®) pods' readiness probe. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## Slow starting containers can be protected through startup probes +## Startup probes are available in Kubernetes version 1.16 and above +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 30 +## @param customLivenessProbe Override default liveness probe for MongoDB(®) containers +## Ignored when livenessProbe.enabled=true +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe for MongoDB(®) containers +## Ignored when readinessProbe.enabled=true +## +customReadinessProbe: {} +## @param customStartupProbe Override default startup probe for MongoDB(®) containers +## Ignored when startupProbe.enabled=true +## +customStartupProbe: {} +## @param initContainers Add additional init containers for the hidden node pod(s) +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] +## @param sidecars Add additional sidecar containers for the MongoDB(®) pod(s) +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## This is an optional 'mongo-labeler' sidecar container that tracks replica-set for the primary mongodb pod +## and labels it dynamically with ' primary: "true" ' in order for an extra-deployed service to always expose +## and attach to the primary pod, this needs to be uncommented along with the suggested 'extraDeploy' example +## and the suggested rbac example for the pod to be allowed adding labels to mongo replica pods +## search 'mongo-labeler' through this file to find the sections that needs to be uncommented to make it work +## +## - name: mongo-labeler +## image: korenlev/k8s-mongo-labeler-sidecar +## imagePullPolicy: Always +## env: +## - name: LABEL_SELECTOR +## value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb" +## - name: NAMESPACE +## value: "the-mongodb-namespace" +## - name: DEBUG +## value: "true" +## +sidecars: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) +## Examples: +## extraVolumeMounts: +## - name: extras +## mountPath: /usr/share/extras +## readOnly: true +## +extraVolumeMounts: [] +## @param extraVolumes Optionally specify extra list of additional volumes to the MongoDB(®) statefulset +## extraVolumes: +## - name: extras +## emptyDir: {} +## +extraVolumes: [] +## MongoDB(®) Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) + ## + create: false + ## @param pdb.minAvailable Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction + ## + maxUnavailable: "" + +## @section Traffic exposure parameters +## + +## Service parameters +## +service: + ## @param service.nameOverride MongoDB(®) service name + ## + nameOverride: "" + ## @param service.type Kubernetes Service type (only for standalone architecture) + ## + type: ClusterIP + ## @param service.portName MongoDB(®) service port name (only for standalone architecture) + ## + portName: mongodb + ## @param service.ports.mongodb MongoDB(®) service port. + ## + ports: + mongodb: 27017 + ## @param service.nodePorts.mongodb Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + mongodb: "" + ## @param service.clusterIP MongoDB(®) service cluster IP (only for standalone architecture) + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## + externalIPs: [] + ## @param service.loadBalancerIP loadBalancerIP for MongoDB(®) Service (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + loadBalancerSourceRanges: [] + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations Provide any additional annotations that may be required + ## + annotations: {} + ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture) + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## External Access to MongoDB(®) nodes configuration +## +externalAccess: + ## @param externalAccess.enabled Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) + ## + enabled: false + ## External IPs auto-discovery configuration + ## An init container is used to auto-detect LB IPs or node ports by querying the K8s API + ## Note: RBAC might be required + ## + autoDiscovery: + ## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs by querying the K8s API + ## + enabled: false + ## Drycc Kubectl image + ## ref: https://hub.docker.com/r/drycc/kubectl/tags/ + ## @param externalAccess.autoDiscovery.image.registry Init container auto-discovery image registry + ## @param externalAccess.autoDiscovery.image.repository Init container auto-discovery image repository + ## @param externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended) + ## @param externalAccess.autoDiscovery.image.digest Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy + ## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets + ## + image: + registry: docker.io + repository: drycc/kubectl + tag: 1.25.2-debian-11-r2 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param externalAccess.autoDiscovery.resources.limits Init container auto-discovery resource limits + ## @param externalAccess.autoDiscovery.resources.requests Init container auto-discovery resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## Parameters to configure K8s service(s) used to externally access MongoDB(®) + ## A new service per broker will be created + ## + service: + ## @param externalAccess.service.type Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP + ## + type: LoadBalancer + ## @param externalAccess.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer + ## + portName: "mongodb" + ## @param externalAccess.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer + ## + ports: + mongodb: 27017 + ## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes + ## Example: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + loadBalancerIPs: [] + ## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param externalAccess.service.externalTrafficPolicy MongoDB(®) service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param externalAccess.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort + ## Example: + ## nodePorts: + ## - 30001 + ## - 30002 + ## + nodePorts: [] + ## @param externalAccess.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort + ## If not specified, the container will try to get the kubernetes node external IP + ## e.g: + ## domain: mydomain.com + ## + domain: "" + ## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param externalAccess.service.annotations Service annotations for external access + ## + annotations: {} + ## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param externalAccess.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## External Access to MongoDB(®) Hidden nodes configuration + ## + hidden: + ## @param externalAccess.hidden.enabled Enable Kubernetes external cluster access to MongoDB(®) hidden nodes + ## + enabled: false + ## Parameters to configure K8s service(s) used to externally access MongoDB(®) + ## A new service per broker will be created + ## + service: + ## @param externalAccess.hidden.service.type Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer + ## + type: LoadBalancer + ## @param externalAccess.hidden.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer + ## + portName: "mongodb" + ## @param externalAccess.hidden.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer + ## + ports: + mongodb: 27017 + ## @param externalAccess.hidden.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes + ## Example: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + loadBalancerIPs: [] + ## @param externalAccess.hidden.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param externalAccess.hidden.service.externalTrafficPolicy MongoDB(®) service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param externalAccess.hidden.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount + ## Example: + ## nodePorts: + ## - 30001 + ## - 30002 + ## + nodePorts: [] + ## @param externalAccess.hidden.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort + ## If not specified, the container will try to get the kubernetes node external IP + ## e.g: + ## domain: mydomain.com + ## + domain: "" + ## @param externalAccess.hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param externalAccess.hidden.service.annotations Service annotations for external access + ## + annotations: {} + ## @param externalAccess.hidden.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param externalAccess.hidden.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## @section Persistence parameters +## + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable MongoDB(®) data persistence using PVC + ## + enabled: true + ## @param persistence.medium Provide a medium for `emptyDir` volumes. + ## Requires persistence.enabled: false + ## + medium: "" + ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + ## Ignored when mongodb.architecture=replicaset + ## + existingClaim: "" + ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted + resourcePolicy: "" + ## @param persistence.storageClass PVC Storage Class for MongoDB(®) data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param persistence.accessModes PV Access Mode + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for MongoDB(®) data volume + ## + size: 8Gi + ## @param persistence.annotations PVC annotations + ## + annotations: {} + ## @param persistence.mountPath Path to mount the volume at + ## MongoDB(®) images. + ## + mountPath: /drycc/mongodb + ## @param persistence.subPath Subdirectory of the volume to mount at + ## and one PV for multiple services. + ## + subPath: "" + ## Fine tuning for volumeClaimTemplates + ## + volumeClaimTemplates: + ## @param persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) + ## A label query over volumes to consider for binding (e.g. when using local volumes) + ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details + ## + selector: {} + ## @param persistence.volumeClaimTemplates.requests Custom PVC requests attributes + ## Sometime cloud providers use additional requests attributes to provision custom storage instance + ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset + ## + requests: {} + ## @param persistence.volumeClaimTemplates.dataSource Add dataSource to the VolumeClaimTemplate + ## + dataSource: {} + +## @section RBAC parameters +## + +## ServiceAccount +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for MongoDB(®) pods + ## + create: true + ## @param serviceAccount.name Name of the created serviceAccount + ## If not set and create is true, a name is generated using the mongodb.fullname template + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: true +## Role Based Access +## ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## +rbac: + ## @param rbac.create Whether to create & use RBAC resources or not + ## binding MongoDB(®) ServiceAccount to a role + ## that allows MongoDB(®) pods querying the K8s API + ## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery + ## + create: false + ## @param rbac.rules Custom rules to create following the role specification + ## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## - watch + ## - update + ## + rules: [] +## PodSecurityPolicy configuration +## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created. +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later + ## + create: false + ## @param podSecurityPolicy.allowPrivilegeEscalation Enable privilege escalation + ## Either use predefined policy with some adjustments or use `podSecurityPolicy.spec` + ## + allowPrivilegeEscalation: false + ## @param podSecurityPolicy.privileged Allow privileged + ## + privileged: false + ## @param podSecurityPolicy.spec Specify the full spec to use for Pod Security Policy + ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + ## Defining a spec ignores the above values. + ## + spec: {} + ## Example: + ## allowPrivilegeEscalation: false + ## fsGroup: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## hostIPC: false + ## hostNetwork: false + ## hostPID: false + ## privileged: false + ## readOnlyRootFilesystem: false + ## requiredDropCapabilities: + ## - ALL + ## runAsUser: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## seLinux: + ## rule: 'RunAsAny' + ## supplementalGroups: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## volumes: + ## - 'configMap' + ## - 'secret' + ## - 'emptyDir' + ## - 'persistentVolumeClaim' + ## + +## @section Volume Permissions parameters +## +## Init Container parameters +## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component +## values from the securityContext section of the component +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` + ## + enabled: false + ## @param volumePermissions.image.registry Init container volume-permissions image registry + ## @param volumePermissions.image.repository Init container volume-permissions image repository + ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: drycc/drycc-shell + tag: 11-debian-11-r37 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param volumePermissions.resources.limits Init container volume-permissions resource limits + ## @param volumePermissions.resources.requests Init container volume-permissions resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## Init container Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false and shmVolume.chmod.enabled=false + ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container + ## + securityContext: + runAsUser: 0 + +## @section Arbiter parameters +## + +arbiter: + ## @param arbiter.enabled Enable deploying the arbiter + ## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/ + ## + enabled: false + ## @param arbiter.hostAliases Add deployment host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param arbiter.configuration Arbiter configuration file to be used + ## http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configuration: "" + ## @param arbiter.existingConfigmap Name of existing ConfigMap with Arbiter configuration + ## NOTE: When it's set the arbiter.configuration parameter is ignored + ## + existingConfigmap: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param arbiter.command Override default container command (useful when using custom images) + ## @param arbiter.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## @param arbiter.extraFlags Arbiter additional command line flags + ## Example: + ## extraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + extraFlags: [] + ## @param arbiter.extraEnvVars Extra environment variables to add to Arbiter pods + ## E.g: + ## extraEnvVars: + ## - name: FOO + ## value: BAR + ## + extraEnvVars: [] + ## @param arbiter.extraEnvVarsCM Name of existing ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param arbiter.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) + ## + extraEnvVarsSecret: "" + ## @param arbiter.annotations Additional labels to be added to the Arbiter statefulset + ## + annotations: {} + ## @param arbiter.labels Annotations to be added to the Arbiter statefulset + ## + labels: {} + ## @param arbiter.topologySpreadConstraints MongoDB(®) Spread Constraints for arbiter Pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + ## @param arbiter.lifecycleHooks LifecycleHook for the Arbiter container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param arbiter.terminationGracePeriodSeconds Arbiter Termination Grace Period + ## + terminationGracePeriodSeconds: "" + ## @param arbiter.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: RollingUpdate + ## @param arbiter.podManagementPolicy Pod management policy for MongoDB(®) + ## Should be initialized one by one when building the replicaset for the first time + ## + podManagementPolicy: OrderedReady + ## @param arbiter.schedulerName Name of the scheduler (other than default) to dispatch pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param arbiter.podAffinityPreset Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param arbiter.podAntiAffinityPreset Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param arbiter.nodeAffinityPreset.type Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param arbiter.nodeAffinityPreset.key Arbiter Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param arbiter.nodeAffinityPreset.values Arbiter Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param arbiter.affinity Arbiter Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: arbiter.podAffinityPreset, arbiter.podAntiAffinityPreset, and arbiter.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param arbiter.nodeSelector Arbiter Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param arbiter.tolerations Arbiter Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param arbiter.podLabels Arbiter pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param arbiter.podAnnotations Arbiter Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param arbiter.priorityClassName Name of the existing priority class to be used by Arbiter pod(s) + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param arbiter.runtimeClassName Name of the runtime class to be used by Arbiter pod(s) + ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ + ## + runtimeClassName: "" + ## MongoDB(®) Arbiter pods' Security Context. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param arbiter.podSecurityContext.enabled Enable Arbiter pod(s)' Security Context + ## @param arbiter.podSecurityContext.fsGroup Group ID for the volumes of the Arbiter pod(s) + ## @param arbiter.podSecurityContext.sysctls sysctl settings of the Arbiter pod(s)' + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] + ## MongoDB(®) Arbiter containers' Security Context (only main container). + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param arbiter.containerSecurityContext.enabled Enable Arbiter container(s)' Security Context + ## @param arbiter.containerSecurityContext.runAsUser User ID for the Arbiter container + ## @param arbiter.containerSecurityContext.runAsNonRoot Set Arbiter containers' Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## MongoDB(®) Arbiter containers' resource requests and limits. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param arbiter.resources.limits The resources limits for Arbiter containers + ## @param arbiter.resources.requests The requested resources for Arbiter containers + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port + ## + containerPorts: + mongodb: 27017 + ## MongoDB(®) Arbiter pods' liveness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.livenessProbe.enabled Enable livenessProbe + ## @param arbiter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param arbiter.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param arbiter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param arbiter.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param arbiter.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Arbiter pods' readiness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.readinessProbe.enabled Enable readinessProbe + ## @param arbiter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param arbiter.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param arbiter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param arbiter.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param arbiter.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Arbiter pods' startup probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.startupProbe.enabled Enable startupProbe + ## @param arbiter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param arbiter.startupProbe.periodSeconds Period seconds for startupProbe + ## @param arbiter.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param arbiter.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param arbiter.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param arbiter.customLivenessProbe Override default liveness probe for Arbiter containers + ## Ignored when arbiter.livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param arbiter.customReadinessProbe Override default readiness probe for Arbiter containers + ## Ignored when arbiter.readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param arbiter.customStartupProbe Override default startup probe for Arbiter containers + ## Ignored when arbiter.startupProbe.enabled=true + ## + customStartupProbe: {} + ## @param arbiter.initContainers Add additional init containers for the Arbiter pod(s) + ## Example: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + initContainers: [] + ## @param arbiter.sidecars Add additional sidecar containers for the Arbiter pod(s) + ## Example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param arbiter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Arbiter container(s) + ## Examples: + ## extraVolumeMounts: + ## - name: extras + ## mountPath: /usr/share/extras + ## readOnly: true + ## + extraVolumeMounts: [] + ## @param arbiter.extraVolumes Optionally specify extra list of additional volumes to the Arbiter statefulset + ## extraVolumes: + ## - name: extras + ## emptyDir: {} + ## + extraVolumes: [] + ## MongoDB(®) Arbiter Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + ## @param arbiter.pdb.create Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) + ## + create: false + ## @param arbiter.pdb.minAvailable Minimum number/percentage of Arbiter pods that should remain scheduled + ## + minAvailable: 1 + ## @param arbiter.pdb.maxUnavailable Maximum number/percentage of Arbiter pods that may be made unavailable + ## + maxUnavailable: "" + ## MongoDB(®) Arbiter service parameters + ## + service: + ## @param arbiter.service.nameOverride The arbiter service name + ## + nameOverride: "" + ## @param arbiter.service.ports.mongodb MongoDB(®) service port + ## + ports: + mongodb: 27017 + ## @param arbiter.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param arbiter.service.annotations Provide any additional annotations that may be required + ## + annotations: {} + +## @section Hidden Node parameters +## + +hidden: + ## @param hidden.enabled Enable deploying the hidden nodes + ## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/ + ## + enabled: false + ## @param hidden.hostAliases Add deployment host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param hidden.configuration Hidden node configuration file to be used + ## http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configuration: "" + ## @param hidden.existingConfigmap Name of existing ConfigMap with Hidden node configuration + ## NOTE: When it's set the hidden.configuration parameter is ignored + ## + existingConfigmap: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param hidden.command Override default container command (useful when using custom images) + ## @param hidden.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## @param hidden.extraFlags Hidden node additional command line flags + ## Example: + ## extraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + extraFlags: [] + ## @param hidden.extraEnvVars Extra environment variables to add to Hidden node pods + ## E.g: + ## extraEnvVars: + ## - name: FOO + ## value: BAR + ## + extraEnvVars: [] + ## @param hidden.extraEnvVarsCM Name of existing ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param hidden.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) + ## + extraEnvVarsSecret: "" + ## @param hidden.annotations Additional labels to be added to thehidden node statefulset + ## + annotations: {} + ## @param hidden.labels Annotations to be added to the hidden node statefulset + ## + labels: {} + ## @param hidden.topologySpreadConstraints MongoDB(®) Spread Constraints for hidden Pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + ## @param hidden.lifecycleHooks LifecycleHook for the Hidden container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param hidden.replicaCount Number of hidden nodes (only when `architecture=replicaset`) + ## Ignored when mongodb.architecture=standalone + ## + replicaCount: 1 + ## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period + ## + terminationGracePeriodSeconds: "" + ## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: RollingUpdate + ## @param hidden.podManagementPolicy Pod management policy for hidden node + ## + podManagementPolicy: OrderedReady + ## @param hidden.schedulerName Name of the scheduler (other than default) to dispatch pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param hidden.podAffinityPreset Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param hidden.podAntiAffinityPreset Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## Allowed values: soft, hard + ## + nodeAffinityPreset: + ## @param hidden.nodeAffinityPreset.type Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param hidden.nodeAffinityPreset.key Hidden Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param hidden.nodeAffinityPreset.values Hidden Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param hidden.affinity Hidden node Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param hidden.nodeSelector Hidden node Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param hidden.tolerations Hidden node Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param hidden.podLabels Hidden node pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param hidden.podAnnotations Hidden node Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param hidden.priorityClassName Name of the existing priority class to be used by hidden node pod(s) + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param hidden.runtimeClassName Name of the runtime class to be used by hidden node pod(s) + ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ + ## + runtimeClassName: "" + ## MongoDB(®) Hidden pods' Security Context. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param hidden.podSecurityContext.enabled Enable Hidden pod(s)' Security Context + ## @param hidden.podSecurityContext.fsGroup Group ID for the volumes of the Hidden pod(s) + ## @param hidden.podSecurityContext.sysctls sysctl settings of the Hidden pod(s)' + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] + ## MongoDB(®) Hidden containers' Security Context (only main container). + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param hidden.containerSecurityContext.enabled Enable Hidden container(s)' Security Context + ## @param hidden.containerSecurityContext.runAsUser User ID for the Hidden container + ## @param hidden.containerSecurityContext.runAsNonRoot Set Hidden containers' Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## MongoDB(®) Hidden containers' resource requests and limits. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param hidden.resources.limits The resources limits for hidden node containers + ## @param hidden.resources.requests The requested resources for hidden node containers + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param hidden.containerPorts.mongodb MongoDB(®) hidden container port + containerPorts: + mongodb: 27017 + ## MongoDB(®) Hidden pods' liveness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param hidden.livenessProbe.enabled Enable livenessProbe + ## @param hidden.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param hidden.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param hidden.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param hidden.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param hidden.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Hidden pods' readiness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param hidden.readinessProbe.enabled Enable readinessProbe + ## @param hidden.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param hidden.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param hidden.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param hidden.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param hidden.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## Slow starting containers can be protected through startup probes + ## Startup probes are available in Kubernetes version 1.16 and above + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes + ## @param hidden.startupProbe.enabled Enable startupProbe + ## @param hidden.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param hidden.startupProbe.periodSeconds Period seconds for startupProbe + ## @param hidden.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param hidden.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param hidden.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param hidden.customLivenessProbe Override default liveness probe for hidden node containers + ## Ignored when hidden.livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param hidden.customReadinessProbe Override default readiness probe for hidden node containers + ## Ignored when hidden.readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param hidden.customStartupProbe Override default startup probe for MongoDB(®) containers + ## Ignored when hidden.startupProbe.enabled=true + ## + customStartupProbe: {} + ## @param hidden.initContainers Add init containers to the MongoDB(®) Hidden pods. + ## Example: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + initContainers: [] + ## @param hidden.sidecars Add additional sidecar containers for the hidden node pod(s) + ## Example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param hidden.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the hidden node container(s) + ## Examples: + ## extraVolumeMounts: + ## - name: extras + ## mountPath: /usr/share/extras + ## readOnly: true + ## + extraVolumeMounts: [] + ## @param hidden.extraVolumes Optionally specify extra list of additional volumes to the hidden node statefulset + ## extraVolumes: + ## - name: extras + ## emptyDir: {} + ## + extraVolumes: [] + ## MongoDB(®) Hidden Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + ## @param hidden.pdb.create Enable/disable a Pod Disruption Budget creation for hidden node pod(s) + ## + create: false + ## @param hidden.pdb.minAvailable Minimum number/percentage of hidden node pods that should remain scheduled + ## + minAvailable: 1 + ## @param hidden.pdb.maxUnavailable Maximum number/percentage of hidden node pods that may be made unavailable + ## + maxUnavailable: "" + ## Enable persistence using Persistent Volume Claims + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param hidden.persistence.enabled Enable hidden node data persistence using PVC + ## + enabled: true + ## @param hidden.persistence.medium Provide a medium for `emptyDir` volumes. + ## Requires hidden.persistence.enabled: false + ## + medium: "" + ## @param hidden.persistence.storageClass PVC Storage Class for hidden node data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param hidden.persistence.accessModes PV Access Mode + ## + accessModes: + - ReadWriteOnce + ## @param hidden.persistence.size PVC Storage Request for hidden node data volume + ## + size: 8Gi + ## @param hidden.persistence.annotations PVC annotations + ## + annotations: {} + ## @param hidden.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB(®) images. + ## + mountPath: /drycc/mongodb + ## @param hidden.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: "" + ## Fine tuning for volumeClaimTemplates + ## + volumeClaimTemplates: + ## @param hidden.persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) + ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details + ## + selector: {} + ## @param hidden.persistence.volumeClaimTemplates.requests Custom PVC requests attributes + ## Sometime cloud providers use additional requests attributes to provision custom storage instance + ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset + ## + requests: {} + ## @param hidden.persistence.volumeClaimTemplates.dataSource Set volumeClaimTemplate dataSource + ## + dataSource: {} + service: + ## @param hidden.service.portName MongoDB(®) service port name + ## + portName: "mongodb" + ## @param hidden.service.ports.mongodb MongoDB(®) service port + ## + ports: + mongodb: 27017 + ## @param hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param hidden.service.annotations Provide any additional annotations that may be required + ## + annotations: {} + +## @section Metrics parameters +## + +metrics: + ## @param metrics.enabled Enable using a sidecar Prometheus exporter + ## + enabled: false + ## Drycc MongoDB(®) Promtheus Exporter image + ## ref: https://hub.docker.com/r/drycc/mongodb-exporter/tags/ + ## @param metrics.image.registry MongoDB(®) Prometheus exporter image registry + ## @param metrics.image.repository MongoDB(®) Prometheus exporter image repository + ## @param metrics.image.tag MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) + ## @param metrics.image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param metrics.image.pullPolicy MongoDB(®) Prometheus exporter image pull policy + ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: drycc/mongodb-exporter + tag: 0.34.0-debian-11-r19 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + ## @param metrics.username String with username for the metrics exporter + ## If undefined the root user will be used for the metrics exporter + username: "" + ## @param metrics.password String with password for the metrics exporter + ## If undefined but metrics.username is defined, a random password will be generated + password: "" + ## @param metrics.extraFlags String with extra flags to the metrics exporter + ## ref: https://github.com/percona/mongodb_exporter/blob/master/mongodb_exporter.go + ## + extraFlags: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param metrics.command Override default container command (useful when using custom images) + ## @param metrics.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## Metrics exporter container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param metrics.resources.limits The resources limits for Prometheus exporter containers + ## @param metrics.resources.requests The requested resources for Prometheus exporter containers + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param metrics.containerPort Port of the Prometheus metrics container + ## + containerPort: 9216 + ## Prometheus Exporter service configuration + ## + service: + ## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + prometheus.io/path: "/metrics" + ## @param metrics.service.type Type of the Prometheus metrics service + ## + type: ClusterIP + ## @param metrics.service.ports.metrics Port of the Prometheus metrics service + ## + ports: + metrics: 9216 + ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## Metrics exporter liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param metrics.livenessProbe.enabled Enable livenessProbe + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 5 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + ## Metrics exporter readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param metrics.readinessProbe.enabled Enable readinessProbe + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + ## Slow starting containers can be protected through startup probes + ## Startup probes are available in Kubernetes version 1.16 and above + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes + ## @param metrics.startupProbe.enabled Enable startupProbe + ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe + ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param metrics.customLivenessProbe Override default liveness probe for MongoDB(®) containers + ## Ignored when livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param metrics.customReadinessProbe Override default readiness probe for MongoDB(®) containers + ## Ignored when readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param metrics.customStartupProbe Override default startup probe for MongoDB(®) containers + ## Ignored when startupProbe.enabled=true + ## + customStartupProbe: {} + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion. + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + labels: {} + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/drycc/charts/tree/master/drycc/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## Custom PrometheusRule to be defined + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator + ## + enabled: false + ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.prometheusRule.namespace Namespace where prometheusRules resource should be created + ## + namespace: "" + ## @param metrics.prometheusRule.rules Rules to be created, check values for an example + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup + ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ + ## + ## This is an example of a rule, you should add the below code block under the "rules" param, removing the brackets + ## rules: + ## - alert: HighRequestLatency + ## expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5 + ## for: 10m + ## labels: + ## severity: page + ## annotations: + ## summary: High request latency + ## + rules: [] + +## Mongodb Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port Mongodb is listening + ## on. When true, Mongodb will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: diff --git a/addons/mongodb/7.0/meta.yaml b/addons/mongodb/7.0/meta.yaml new file mode 100644 index 00000000..99fea6d5 --- /dev/null +++ b/addons/mongodb/7.0/meta.yaml @@ -0,0 +1,21 @@ +name: mongodb +version: 7.0 +id: 383f7316-84f3-4955-8491-1d4b02b749c8 +description: "mongodb" +displayName: "mongodb" +metadata: + displayName: "mongodb" + provider: + name: drycc + supportURL: https://www.mongodb.com/docs/manual/ + documentationURL: https://www.mongodb.com/docs/manual/ +tags: mongodb +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "service.type" + required: false + description: "service type config for values.yaml" +archive: false \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml new file mode 100644 index 00000000..b70bcfb0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1c2g10" +id: 8e0ff3e6-f633-4c25-8ff1-6d25cdc2ed98 +description: "mongodb standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G " +displayName: "standard-1c2g10" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml new file mode 100644 index 00000000..2f543d11 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-1c2g10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 1000m + memory: 2Gi + requests: + cpu: 1000m + memory: 2Gi + +persistence: + size: 10Gi diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml index 6a7147c9..8c0770c7 100644 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml @@ -1,5 +1,5 @@ credential: -{{- if (eq .Values.router.service.type "LoadBalancer") }} +type - name: EXTRANET_HOST valueFrom: serviceRef: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 4dd6522d..c407603f 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -161,4 +161,6 @@ You can modify multiple content at once, there is no need to modify part of it e - Destroy service ``` # drycc resources:destroy `my_pg_001` -``` \ No newline at end of file +``` +# 修改pg在容器中分配的动态共享内存不足的问题 +https://www.cnblogs.com/daniel-hutao/p/17903993.html \ No newline at end of file From 7991bdde07850b5f1dae191673aba7170a9a3904 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 18 Apr 2024 17:52:48 +0800 Subject: [PATCH 070/176] chore(mongodb) add networkpolicy allownamespaces --- addons/mongodb/7.0/chart/mongodb/values.yaml | 4 ++-- addons/mongodb/7.0/meta.yaml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index 7731f190..3ffc0b04 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -308,7 +308,7 @@ enableJournal: true ## #replication: ## #replSetName: replicaset ## #enableMajorityReadConcern: true -## # process management options +## # process management optionsT ## processManagement: ## fork: false ## pidFilePath: /opt/drycc/mongodb/tmp/mongodb.pid @@ -2050,4 +2050,4 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: + allowNamespaces: [] diff --git a/addons/mongodb/7.0/meta.yaml b/addons/mongodb/7.0/meta.yaml index 99fea6d5..9bfe6bb4 100644 --- a/addons/mongodb/7.0/meta.yaml +++ b/addons/mongodb/7.0/meta.yaml @@ -18,4 +18,7 @@ allow_parameters: - name: "service.type" required: false description: "service type config for values.yaml" +- name: "networkPolicy.allowNamespaces" + required: false + description: "networkPolicy allowNamespaces config for values.yaml" archive: false \ No newline at end of file From d5c8be97976a0bd6c275f24953a9d09d5e79e24f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 29 Apr 2024 08:53:53 +0800 Subject: [PATCH 071/176] chore(addons):changes cluster role to role and clusterrolebinding to rolebinding --- .../templates/{clusterrole.yaml => role.yaml} | 17 +++++++++-------- ...clusterrolebinding.yaml => rolebinding.yaml} | 9 +++++---- .../prometheus/templates/_scrape_config.tpl | 3 --- .../server/{clusterrole.yaml => role.yaml} | 11 +++-------- ...clusterrolebinding.yaml => rolebinding.yaml} | 5 +++-- .../prometheus/2/chart/prometheus/values.yaml | 4 +--- ...clusterrolebinding.yaml => rolebinding.yaml} | 4 ++-- 7 files changed, 23 insertions(+), 30 deletions(-) rename addons/pmm/2.41/chart/pmm/templates/{clusterrole.yaml => role.yaml} (68%) rename addons/pmm/2.41/chart/pmm/templates/{clusterrolebinding.yaml => rolebinding.yaml} (84%) rename addons/prometheus/2/chart/prometheus/templates/server/{clusterrole.yaml => role.yaml} (89%) rename addons/prometheus/2/chart/prometheus/templates/server/{clusterrolebinding.yaml => rolebinding.yaml} (90%) rename template/CHART_NAME/templates/{clusterrolebinding.yaml => rolebinding.yaml} (94%) diff --git a/addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml b/addons/pmm/2.41/chart/pmm/templates/role.yaml similarity index 68% rename from addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml rename to addons/pmm/2.41/chart/pmm/templates/role.yaml index a470d4de..cbb6607c 100644 --- a/addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml +++ b/addons/pmm/2.41/chart/pmm/templates/role.yaml @@ -1,7 +1,8 @@ {{- if .Values.serviceAccount.create -}} apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: + namespace: {{ include "common.names.namespace" . | quote }} name: {{ include "pmm.fullname" . }} labels: {{- include "pmm.labels" . | nindent 4 }} @@ -9,10 +10,10 @@ rules: # standard RBAC - apiGroups: [""] # "" indicates the core API group resources: - - namespaces + # - namespaces - endpoints - services - - nodes + # - nodes - pods - secrets - serviceaccounts @@ -20,9 +21,9 @@ rules: - get - watch - list -- nonResourceURLs: - - /metrics - - /metrics/resources - verbs: - - get +# - nonResourceURLs: +# - /metrics +# - /metrics/resources +# verbs: +# - get {{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml b/addons/pmm/2.41/chart/pmm/templates/rolebinding.yaml similarity index 84% rename from addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml rename to addons/pmm/2.41/chart/pmm/templates/rolebinding.yaml index d82e4ccc..697e601b 100644 --- a/addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml +++ b/addons/pmm/2.41/chart/pmm/templates/rolebinding.yaml @@ -1,12 +1,13 @@ {{- if .Values.serviceAccount.create -}} {{- if .Values.pmmEnv.ENABLE_CLUSTER_ROLE_ADMIN -}} apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: + namespace: {{ include "common.names.namespace" . | quote }} name: {{ include "pmm.fullname" . }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: cluster-admin subjects: - kind: ServiceAccount @@ -14,12 +15,12 @@ subjects: namespace: {{ .Release.Namespace }} {{- else }} apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: name: {{ include "pmm.fullname" . }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: {{ include "pmm.fullname" . }} subjects: - kind: ServiceAccount diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index 14f45299..4e078fe8 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -94,9 +94,6 @@ kubernetes_sd_configs: own_namespace: true names: - {{ include "common.names.namespace" .context }} - {{- range .value }} - - {{ include "common.tplvalues.render" (dict "value" . "context" $) }} - {{- end }} relabel_configs: - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] diff --git a/addons/prometheus/2/chart/prometheus/templates/server/clusterrole.yaml b/addons/prometheus/2/chart/prometheus/templates/server/role.yaml similarity index 89% rename from addons/prometheus/2/chart/prometheus/templates/server/clusterrole.yaml rename to addons/prometheus/2/chart/prometheus/templates/server/role.yaml index 1793a0f6..ad20ad04 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/clusterrole.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/role.yaml @@ -4,9 +4,10 @@ SPDX-License-Identifier: APACHE-2.0 */}} {{- if .Values.server.rbac.create }} -kind: ClusterRole +kind: Role apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} metadata: + namespace: {{ include "common.names.namespace" . | quote }} name: {{ include "prometheus.server.fullname.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/part-of: prometheus @@ -19,14 +20,9 @@ rules: - apiGroups: - "" resources: - - nodes - - nodes/proxy - - nodes/metrics - services - endpoints - pods - - ingresses - - configmaps verbs: - get - list @@ -41,8 +37,7 @@ rules: - get - list - watch - - nonResourceURLs: - - "/metrics" + verbs: - get {{- if .Values.server.rbac.rules }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/clusterrolebinding.yaml b/addons/prometheus/2/chart/prometheus/templates/server/rolebinding.yaml similarity index 90% rename from addons/prometheus/2/chart/prometheus/templates/server/clusterrolebinding.yaml rename to addons/prometheus/2/chart/prometheus/templates/server/rolebinding.yaml index 3f767443..68bbee4c 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/clusterrolebinding.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/rolebinding.yaml @@ -3,9 +3,10 @@ Copyright Drycc Community. SPDX-License-Identifier: APACHE-2.0 */}} -kind: ClusterRoleBinding +kind: RoleBinding apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} metadata: + namespace: {{ include "common.names.namespace" . | quote }} name: {{ template "prometheus.server.fullname.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/part-of: prometheus @@ -15,7 +16,7 @@ metadata: {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: {{ template "prometheus.server.fullname.namespace" . }} subjects: - kind: ServiceAccount diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 55262846..0f497da7 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -636,7 +636,7 @@ server: {{- end }} {{- if .Values.scrapeAddons.enabled }} - job_name: addons - {{- include "addons.ds_scrape_config" (dict "value" .Values.scrapeNamespaces "context" $) | nindent 4 }} + {{- include "addons.ds_scrape_config" (dict "context" $) | nindent 4 }} {{- end }} {{- if .Values.server.extraScrapeConfigs}} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraScrapeConfigs "context" $) | nindent 2 }} @@ -654,8 +654,6 @@ server: static_configs: - targets: [ "{{ printf "%s.%s.svc.%s:%d" (include "prometheus.alertmanager.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain (int .Values.alertmanager.service.ports.http) }}" ] {{- end }} - rule_files: - - rules.yaml ## @param server.alertingRules Prometheus alerting rules. This content will be stored in the the rules.yaml file and the content can be a template. ## ref: diff --git a/template/CHART_NAME/templates/clusterrolebinding.yaml b/template/CHART_NAME/templates/rolebinding.yaml similarity index 94% rename from template/CHART_NAME/templates/clusterrolebinding.yaml rename to template/CHART_NAME/templates/rolebinding.yaml index 13245a56..ffb92c9e 100644 --- a/template/CHART_NAME/templates/clusterrolebinding.yaml +++ b/template/CHART_NAME/templates/rolebinding.yaml @@ -3,7 +3,7 @@ Copyright Drycc Community. SPDX-License-Identifier: APACHE-2.0 */}} -kind: ClusterRoleBinding +kind: RoleBinding apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} metadata: name: {{ template "common.names.fullname" . }} @@ -14,7 +14,7 @@ metadata: {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: {{ template "common.names.fullname" . }} subjects: - kind: ServiceAccount From 1bf6308220e6d74942189cda793a22a0e1ccc1bb Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 29 Apr 2024 10:40:13 +0800 Subject: [PATCH 072/176] megre(addons): megre upstream --- .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ 13 files changed, 156 deletions(-) delete mode 100644 addons/mysql-cluster/8.0/plans/standard-16c64g400/create-instance-schema.json~merged delete mode 100644 addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json~merged delete mode 100644 addons/mysql-cluster/8.0/plans/standard-2c4g20/create-instance-schema.json~merged delete mode 100644 addons/mysql-cluster/8.0/plans/standard-32c128g800/create-instance-schema.json~merged delete mode 100644 addons/mysql-cluster/8.0/plans/standard-4c16g100/create-instance-schema.json~merged delete mode 100644 addons/mysql-cluster/8.0/plans/standard-8c32g200/create-instance-schema.json~merged delete mode 100644 addons/postgresql-cluster/15/plans/standard-16c64g400/create-instance-schema.json~merged delete mode 100644 addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json~merged delete mode 100644 addons/postgresql-cluster/15/plans/standard-2c4g20/create-instance-schema.json~merged delete mode 100644 addons/postgresql-cluster/15/plans/standard-2c8g50/create-instance-schema.json~merged delete mode 100644 addons/postgresql-cluster/15/plans/standard-32c128g800/create-instance-schema.json~merged delete mode 100644 addons/postgresql-cluster/15/plans/standard-32c64g4000/create-instance-schema.json~merged delete mode 100644 addons/postgresql-cluster/15/plans/standard-4c16g100/create-instance-schema.json~merged diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/create-instance-schema.json~merged b/addons/mysql-cluster/8.0/plans/standard-16c64g400/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-16c64g400/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json~merged b/addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-2c4g20/create-instance-schema.json~merged b/addons/mysql-cluster/8.0/plans/standard-2c4g20/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-2c4g20/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/create-instance-schema.json~merged b/addons/mysql-cluster/8.0/plans/standard-32c128g800/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-32c128g800/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-4c16g100/create-instance-schema.json~merged b/addons/mysql-cluster/8.0/plans/standard-4c16g100/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-4c16g100/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/create-instance-schema.json~merged b/addons/mysql-cluster/8.0/plans/standard-8c32g200/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-8c32g200/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-16c64g400/create-instance-schema.json~merged b/addons/postgresql-cluster/15/plans/standard-16c64g400/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-16c64g400/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json~merged b/addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-2c4g20/create-instance-schema.json~merged b/addons/postgresql-cluster/15/plans/standard-2c4g20/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-2c4g20/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-2c8g50/create-instance-schema.json~merged b/addons/postgresql-cluster/15/plans/standard-2c8g50/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-2c8g50/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-32c128g800/create-instance-schema.json~merged b/addons/postgresql-cluster/15/plans/standard-32c128g800/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-32c128g800/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-32c64g4000/create-instance-schema.json~merged b/addons/postgresql-cluster/15/plans/standard-32c64g4000/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-32c64g4000/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-4c16g100/create-instance-schema.json~merged b/addons/postgresql-cluster/15/plans/standard-4c16g100/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-4c16g100/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file From f2312915b0e5e3b7d447283bb1099b4a4290f520 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 29 Apr 2024 10:44:09 +0800 Subject: [PATCH 073/176] chore(mysql-cluster) fix 1c3g10 bind typo --- addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml index 8c0770c7..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml @@ -1,5 +1,5 @@ credential: -type +{{- if (eq .Values.router.service.type "LoadBalancer") }} - name: EXTRANET_HOST valueFrom: serviceRef: From e04068618ef2cd5f33490de471e158be7e118446 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 29 Apr 2024 10:54:18 +0800 Subject: [PATCH 074/176] chore(addons):delete mongodb --- addons/mongodb/7.0/chart/mongodb/.helmignore | 21 - addons/mongodb/7.0/chart/mongodb/Chart.yaml | 29 - addons/mongodb/7.0/chart/mongodb/README.md | 787 ------- .../7.0/chart/mongodb/templates/NOTES.txt | 202 -- .../7.0/chart/mongodb/templates/_helpers.tpl | 432 ---- .../mongodb/templates/arbiter/configmap.yaml | 18 - .../templates/arbiter/headless-svc.yaml | 33 - .../chart/mongodb/templates/arbiter/pdb.yaml | 25 - .../templates/arbiter/statefulset.yaml | 279 --- .../mongodb/templates/common-scripts-cm.yaml | 104 - .../chart/mongodb/templates/configmap.yaml | 18 - .../chart/mongodb/templates/extra-list.yaml | 4 - .../mongodb/templates/hidden/configmap.yaml | 15 - .../templates/hidden/external-access-svc.yaml | 67 - .../templates/hidden/headless-svc.yaml | 34 - .../chart/mongodb/templates/hidden/pdb.yaml | 22 - .../mongodb/templates/hidden/statefulset.yaml | 533 ----- .../templates/initialization-configmap.yaml | 17 - .../chart/mongodb/templates/metrics-svc.yaml | 33 - .../mongodb/templates/networkpolicy.yaml | 44 - .../mongodb/templates/prometheusrule.yaml | 18 - .../7.0/chart/mongodb/templates/psp.yaml | 50 - .../templates/replicaset/access-svc.yaml | 32 - .../replicaset/external-access-svc.yaml | 67 - .../templates/replicaset/headless-svc.yaml | 34 - .../mongodb/templates/replicaset/pdb.yaml | 25 - .../replicaset/scripts-configmap.yaml | 301 --- .../templates/replicaset/statefulset.yaml | 543 ----- .../mongodb/templates/replicaset/svc.yaml | 43 - .../7.0/chart/mongodb/templates/role.yaml | 30 - .../chart/mongodb/templates/rolebinding.yaml | 19 - .../chart/mongodb/templates/secrets-ca.yaml | 37 - .../7.0/chart/mongodb/templates/secrets.yaml | 41 - .../mongodb/templates/serviceaccount.yaml | 23 - .../mongodb/templates/servicemonitor.yaml | 48 - .../mongodb/templates/standalone/dep-sts.yaml | 474 ---- .../mongodb/templates/standalone/pvc.yaml | 33 - .../mongodb/templates/standalone/svc.yaml | 58 - .../7.0/chart/mongodb/values.schema.json | 173 -- addons/mongodb/7.0/chart/mongodb/values.yaml | 2053 ----------------- addons/mongodb/7.0/meta.yaml | 24 - .../7.0/plans/standard-1c2g10/bind.yaml | 28 - .../create-instance-schema.json | 12 - .../7.0/plans/standard-1c2g10/meta.yaml | 6 - .../7.0/plans/standard-1c2g10/values.yaml | 23 - 45 files changed, 6912 deletions(-) delete mode 100644 addons/mongodb/7.0/chart/mongodb/.helmignore delete mode 100644 addons/mongodb/7.0/chart/mongodb/Chart.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/README.md delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/psp.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/role.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/values.schema.json delete mode 100644 addons/mongodb/7.0/chart/mongodb/values.yaml delete mode 100644 addons/mongodb/7.0/meta.yaml delete mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml delete mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json delete mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml delete mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/values.yaml diff --git a/addons/mongodb/7.0/chart/mongodb/.helmignore b/addons/mongodb/7.0/chart/mongodb/.helmignore deleted file mode 100644 index f0c13194..00000000 --- a/addons/mongodb/7.0/chart/mongodb/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/addons/mongodb/7.0/chart/mongodb/Chart.yaml b/addons/mongodb/7.0/chart/mongodb/Chart.yaml deleted file mode 100644 index 4d7cf00d..00000000 --- a/addons/mongodb/7.0/chart/mongodb/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - category: Database -apiVersion: v2 -appVersion: 7.0.8 -dependencies: - - name: common - repository: oci://registry.drycc.cc/charts - tags: - - drycc-common - version: ~1.1.2 -description: MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. -engine: gotpl -home: https://github.com/drycc/charts/tree/master/drycc/mongodb -icon: https://drycc.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png -keywords: - - mongodb - - database - - nosql - - cluster - - replicaset - - replication -maintainers: - - name: Drycc - url: https://github.com/drycc/charts -name: mongodb -sources: - - https://github.com/drycc/containers/tree/main/drycc/mongodb - - https://mongodb.org -version: 13.1.7 diff --git a/addons/mongodb/7.0/chart/mongodb/README.md b/addons/mongodb/7.0/chart/mongodb/README.md deleted file mode 100644 index 5a83118a..00000000 --- a/addons/mongodb/7.0/chart/mongodb/README.md +++ /dev/null @@ -1,787 +0,0 @@ - - -# MongoDB(R) packaged by Drycc - -MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. - -[Overview of MongoDB®](http://www.mongodb.org) - -Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from Drycc. - -## TL;DR - -```bash -$ helm repo add my-repo https://charts.drycc.com/drycc -$ helm install my-release my-repo/mongodb -``` - -## Introduction - -This chart bootstraps a [MongoDB(®)](https://github.com/drycc/containers/tree/main/drycc/mongodb) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Drycc charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install my-release my-repo/mongodb -``` - -The command deploys MongoDB(®) on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Architecture - -This chart allows installing MongoDB(®) using two different architecture setups: `standalone` or `replicaset`. Use the `architecture` parameter to choose the one to use: - -```console -architecture="standalone" -architecture="replicaset" -``` - -Refer to the [chart documentation for more information on each of these architectures](https://docs.drycc.com/kubernetes/infrastructure/mongodb/get-started/understand-architecture/). - -## Parameters - -### Global parameters - -| Name | Description | Value | -| -------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | -| `global.namespaceOverride` | Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------------------------- | --------------- | -| `nameOverride` | String to partially override mongodb.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override mongodb.fullname template | `""` | -| `namespaceOverride` | String to fully override common.names.namespace | `""` | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `commonLabels` | Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonAnnotations` | Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - - -### MongoDB(®) parameters - -| Name | Description | Value | -| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------- | -| `image.registry` | MongoDB(®) image registry | `docker.io` | -| `image.repository` | MongoDB(®) image registry | `drycc/mongodb` | -| `image.tag` | MongoDB(®) image tag (immutable tags are recommended) | `6.0.2-debian-11-r1` | -| `image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | MongoDB(®) image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Set to true if you would like to see extra information on logs | `false` | -| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | -| `architecture` | MongoDB(®) architecture (`standalone` or `replicaset`) | `standalone` | -| `useStatefulSet` | Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) | `false` | -| `auth.enabled` | Enable authentication | `true` | -| `auth.rootUser` | MongoDB(®) root user | `root` | -| `auth.rootPassword` | MongoDB(®) root password | `""` | -| `auth.usernames` | List of custom users to be created during the initialization | `[]` | -| `auth.passwords` | List of passwords for the custom users set at `auth.usernames` | `[]` | -| `auth.databases` | List of custom databases to be created during the initialization | `[]` | -| `auth.username` | DEPRECATED: use `auth.usernames` instead | `""` | -| `auth.password` | DEPRECATED: use `auth.passwords` instead | `""` | -| `auth.database` | DEPRECATED: use `auth.databases` instead | `""` | -| `auth.replicaSetKey` | Key used for authentication in the replicaset (only when `architecture=replicaset`) | `""` | -| `auth.existingSecret` | Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) | `""` | -| `tls.enabled` | Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes | `false` | -| `tls.autoGenerated` | Generate a custom CA and self-signed certificates | `true` | -| `tls.existingSecret` | Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) | `""` | -| `tls.caCert` | Custom CA certificated (base64 encoded) | `""` | -| `tls.caKey` | CA certificate private key (base64 encoded) | `""` | -| `tls.image.registry` | Init container TLS certs setup image registry | `docker.io` | -| `tls.image.repository` | Init container TLS certs setup image repository | `drycc/nginx` | -| `tls.image.tag` | Init container TLS certs setup image tag (immutable tags are recommended) | `1.23.1-debian-11-r26` | -| `tls.image.digest` | Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `tls.image.pullPolicy` | Init container TLS certs setup image pull policy | `IfNotPresent` | -| `tls.image.pullSecrets` | Init container TLS certs specify docker-registry secret names as an array | `[]` | -| `tls.extraDnsNames` | Add extra dns names to the CA, can solve x509 auth issue for pod clients | `[]` | -| `tls.mode` | Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) | `requireTLS` | -| `tls.resources.limits` | Init container generate-tls-certs resource limits | `{}` | -| `tls.resources.requests` | Init container generate-tls-certs resource requests | `{}` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `replicaSetName` | Name of the replica set (only when `architecture=replicaset`) | `rs0` | -| `replicaSetHostnames` | Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) | `true` | -| `enableIPv6` | Switch to enable/disable IPv6 on MongoDB(®) | `false` | -| `directoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB(®) | `false` | -| `systemLogVerbosity` | MongoDB(®) system log verbosity level | `0` | -| `disableSystemLog` | Switch to enable/disable MongoDB(®) system log | `false` | -| `disableJavascript` | Switch to enable/disable MongoDB(®) server-side JavaScript execution | `false` | -| `enableJournal` | Switch to enable/disable MongoDB(®) Journaling | `true` | -| `configuration` | MongoDB(®) configuration file to be used for Primary and Secondary nodes | `""` | - - -### replicaSetConfigurationSettings settings applied during runtime (not via configuration file) - -| Name | Description | Value | -| ----------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------- | -| `replicaSetConfigurationSettings.enabled` | Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings | `false` | -| `replicaSetConfigurationSettings.configuration` | run-time rs.conf settings | `{}` | -| `existingConfigmap` | Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes | `""` | -| `initdbScripts` | Dictionary of initdb scripts | `{}` | -| `initdbScriptsConfigMap` | Existing ConfigMap with custom initdb scripts | `""` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraFlags` | MongoDB(®) additional command line flags | `[]` | -| `extraEnvVars` | Extra environment variables to add to MongoDB(®) pods | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | - - -### MongoDB(®) statefulset parameters - -| Name | Description | Value | -| --------------------------------------- | --------------------------------------------------------------------------------------------------------------- | --------------- | -| `annotations` | Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | -| `labels` | Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | -| `replicaCount` | Number of MongoDB(®) nodes (only when `architecture=replicaset`) | `2` | -| `updateStrategy.type` | Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, | `RollingUpdate` | -| `podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | -| `podAffinityPreset` | MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | MongoDB(®) Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | MongoDB(®) Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | MongoDB(®) Affinity for pod assignment | `{}` | -| `nodeSelector` | MongoDB(®) Node labels for pod assignment | `{}` | -| `tolerations` | MongoDB(®) Tolerations for pod assignment | `[]` | -| `topologySpreadConstraints` | MongoDB(®) Spread Constraints for Pods | `[]` | -| `lifecycleHooks` | LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup | `{}` | -| `terminationGracePeriodSeconds` | MongoDB(®) Termination Grace Period | `""` | -| `podLabels` | MongoDB(®) pod labels | `{}` | -| `podAnnotations` | MongoDB(®) Pod annotations | `{}` | -| `priorityClassName` | Name of the existing priority class to be used by MongoDB(®) pod(s) | `""` | -| `runtimeClassName` | Name of the runtime class to be used by MongoDB(®) pod(s) | `""` | -| `podSecurityContext.enabled` | Enable MongoDB(®) pod(s)' Security Context | `true` | -| `podSecurityContext.fsGroup` | Group ID for the volumes of the MongoDB(®) pod(s) | `1001` | -| `podSecurityContext.sysctls` | sysctl settings of the MongoDB(®) pod(s)' | `[]` | -| `containerSecurityContext.enabled` | Enable MongoDB(®) container(s)' Security Context | `true` | -| `containerSecurityContext.runAsUser` | User ID for the MongoDB(®) container | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set MongoDB(®) container's Security Context runAsNonRoot | `true` | -| `resources.limits` | The resources limits for MongoDB(®) containers | `{}` | -| `resources.requests` | The requested resources for MongoDB(®) containers | `{}` | -| `containerPorts.mongodb` | MongoDB(®) container port | `27017` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `20` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `10` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | -| `customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | -| `customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | -| `initContainers` | Add additional init containers for the hidden node pod(s) | `[]` | -| `sidecars` | Add additional sidecar containers for the MongoDB(®) pod(s) | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) | `[]` | -| `extraVolumes` | Optionally specify extra list of additional volumes to the MongoDB(®) statefulset | `[]` | -| `pdb.create` | Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) | `false` | -| `pdb.minAvailable` | Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction | `1` | -| `pdb.maxUnavailable` | Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction | `""` | - - -### Traffic exposure parameters - -| Name | Description | Value | -| -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `service.nameOverride` | MongoDB(®) service name | `""` | -| `service.type` | Kubernetes Service type (only for standalone architecture) | `ClusterIP` | -| `service.portName` | MongoDB(®) service port name (only for standalone architecture) | `mongodb` | -| `service.ports.mongodb` | MongoDB(®) service port. | `27017` | -| `service.nodePorts.mongodb` | Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) | `""` | -| `service.clusterIP` | MongoDB(®) service cluster IP (only for standalone architecture) | `""` | -| `service.externalIPs` | Specify the externalIP value ClusterIP service type (only for standalone architecture) | `[]` | -| `service.loadBalancerIP` | loadBalancerIP for MongoDB(®) Service (only for standalone architecture) | `""` | -| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) | `[]` | -| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `service.annotations` | Provide any additional annotations that may be required | `{}` | -| `service.externalTrafficPolicy` | service external traffic policy (only for standalone architecture) | `Local` | -| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `externalAccess.enabled` | Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) | `false` | -| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs by querying the K8s API | `false` | -| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | -| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `drycc/kubectl` | -| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.2-debian-11-r2` | -| `externalAccess.autoDiscovery.image.digest` | Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | -| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | -| `externalAccess.autoDiscovery.resources.limits` | Init container auto-discovery resource limits | `{}` | -| `externalAccess.autoDiscovery.resources.requests` | Init container auto-discovery resource requests | `{}` | -| `externalAccess.service.type` | Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | -| `externalAccess.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | -| `externalAccess.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | -| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | -| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | -| `externalAccess.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | -| `externalAccess.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort | `[]` | -| `externalAccess.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | -| `externalAccess.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `externalAccess.service.annotations` | Service annotations for external access | `{}` | -| `externalAccess.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `externalAccess.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `externalAccess.hidden.enabled` | Enable Kubernetes external cluster access to MongoDB(®) hidden nodes | `false` | -| `externalAccess.hidden.service.type` | Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer | `LoadBalancer` | -| `externalAccess.hidden.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | -| `externalAccess.hidden.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | -| `externalAccess.hidden.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | -| `externalAccess.hidden.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | -| `externalAccess.hidden.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | -| `externalAccess.hidden.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount | `[]` | -| `externalAccess.hidden.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | -| `externalAccess.hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `externalAccess.hidden.service.annotations` | Service annotations for external access | `{}` | -| `externalAccess.hidden.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `externalAccess.hidden.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | - - -### Persistence parameters - -| Name | Description | Value | -| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `persistence.enabled` | Enable MongoDB(®) data persistence using PVC | `true` | -| `persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` | -| `persistence.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` | -| `persistence.storageClass` | PVC Storage Class for MongoDB(®) data volume | `""` | -| `persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | -| `persistence.size` | PVC Storage Request for MongoDB(®) data volume | `8Gi` | -| `persistence.annotations` | PVC annotations | `{}` | -| `persistence.mountPath` | Path to mount the volume at | `/drycc/mongodb` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | -| `persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | -| `persistence.volumeClaimTemplates.dataSource` | Add dataSource to the VolumeClaimTemplate | `{}` | - - -### RBAC parameters - -| Name | Description | Value | -| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `serviceAccount.create` | Enable creation of ServiceAccount for MongoDB(®) pods | `true` | -| `serviceAccount.name` | Name of the created serviceAccount | `""` | -| `serviceAccount.annotations` | Additional Service Account annotations | `{}` | -| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | -| `rbac.create` | Whether to create & use RBAC resources or not | `false` | -| `rbac.rules` | Custom rules to create following the role specification | `[]` | -| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | -| `podSecurityPolicy.allowPrivilegeEscalation` | Enable privilege escalation | `false` | -| `podSecurityPolicy.privileged` | Allow privileged | `false` | -| `podSecurityPolicy.spec` | Specify the full spec to use for Pod Security Policy | `{}` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `drycc/drycc-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r37` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | -| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | -| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions container | `0` | - - -### Arbiter parameters - -| Name | Description | Value | -| ----------------------------------------------- | ------------------------------------------------------------------------------------------------- | --------------- | -| `arbiter.enabled` | Enable deploying the arbiter | `true` | -| `arbiter.hostAliases` | Add deployment host aliases | `[]` | -| `arbiter.configuration` | Arbiter configuration file to be used | `""` | -| `arbiter.existingConfigmap` | Name of existing ConfigMap with Arbiter configuration | `""` | -| `arbiter.command` | Override default container command (useful when using custom images) | `[]` | -| `arbiter.args` | Override default container args (useful when using custom images) | `[]` | -| `arbiter.extraFlags` | Arbiter additional command line flags | `[]` | -| `arbiter.extraEnvVars` | Extra environment variables to add to Arbiter pods | `[]` | -| `arbiter.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `arbiter.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | -| `arbiter.annotations` | Additional labels to be added to the Arbiter statefulset | `{}` | -| `arbiter.labels` | Annotations to be added to the Arbiter statefulset | `{}` | -| `arbiter.topologySpreadConstraints` | MongoDB(®) Spread Constraints for arbiter Pods | `[]` | -| `arbiter.lifecycleHooks` | LifecycleHook for the Arbiter container to automate configuration before or after startup | `{}` | -| `arbiter.terminationGracePeriodSeconds` | Arbiter Termination Grace Period | `""` | -| `arbiter.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | -| `arbiter.podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | -| `arbiter.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | -| `arbiter.podAffinityPreset` | Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `arbiter.podAntiAffinityPreset` | Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `arbiter.nodeAffinityPreset.type` | Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `arbiter.nodeAffinityPreset.key` | Arbiter Node label key to match Ignored if `affinity` is set. | `""` | -| `arbiter.nodeAffinityPreset.values` | Arbiter Node label values to match. Ignored if `affinity` is set. | `[]` | -| `arbiter.affinity` | Arbiter Affinity for pod assignment | `{}` | -| `arbiter.nodeSelector` | Arbiter Node labels for pod assignment | `{}` | -| `arbiter.tolerations` | Arbiter Tolerations for pod assignment | `[]` | -| `arbiter.podLabels` | Arbiter pod labels | `{}` | -| `arbiter.podAnnotations` | Arbiter Pod annotations | `{}` | -| `arbiter.priorityClassName` | Name of the existing priority class to be used by Arbiter pod(s) | `""` | -| `arbiter.runtimeClassName` | Name of the runtime class to be used by Arbiter pod(s) | `""` | -| `arbiter.podSecurityContext.enabled` | Enable Arbiter pod(s)' Security Context | `true` | -| `arbiter.podSecurityContext.fsGroup` | Group ID for the volumes of the Arbiter pod(s) | `1001` | -| `arbiter.podSecurityContext.sysctls` | sysctl settings of the Arbiter pod(s)' | `[]` | -| `arbiter.containerSecurityContext.enabled` | Enable Arbiter container(s)' Security Context | `true` | -| `arbiter.containerSecurityContext.runAsUser` | User ID for the Arbiter container | `1001` | -| `arbiter.containerSecurityContext.runAsNonRoot` | Set Arbiter containers' Security Context runAsNonRoot | `true` | -| `arbiter.resources.limits` | The resources limits for Arbiter containers | `{}` | -| `arbiter.resources.requests` | The requested resources for Arbiter containers | `{}` | -| `arbiter.containerPorts.mongodb` | MongoDB(®) arbiter container port | `27017` | -| `arbiter.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `arbiter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `arbiter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `arbiter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | -| `arbiter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `arbiter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `arbiter.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `arbiter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `arbiter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | -| `arbiter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | -| `arbiter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `arbiter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `arbiter.startupProbe.enabled` | Enable startupProbe | `false` | -| `arbiter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `arbiter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `arbiter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `arbiter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | -| `arbiter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `arbiter.customLivenessProbe` | Override default liveness probe for Arbiter containers | `{}` | -| `arbiter.customReadinessProbe` | Override default readiness probe for Arbiter containers | `{}` | -| `arbiter.customStartupProbe` | Override default startup probe for Arbiter containers | `{}` | -| `arbiter.initContainers` | Add additional init containers for the Arbiter pod(s) | `[]` | -| `arbiter.sidecars` | Add additional sidecar containers for the Arbiter pod(s) | `[]` | -| `arbiter.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Arbiter container(s) | `[]` | -| `arbiter.extraVolumes` | Optionally specify extra list of additional volumes to the Arbiter statefulset | `[]` | -| `arbiter.pdb.create` | Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) | `false` | -| `arbiter.pdb.minAvailable` | Minimum number/percentage of Arbiter pods that should remain scheduled | `1` | -| `arbiter.pdb.maxUnavailable` | Maximum number/percentage of Arbiter pods that may be made unavailable | `""` | -| `arbiter.service.nameOverride` | The arbiter service name | `""` | -| `arbiter.service.ports.mongodb` | MongoDB(®) service port | `27017` | -| `arbiter.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `arbiter.service.annotations` | Provide any additional annotations that may be required | `{}` | - - -### Hidden Node parameters - -| Name | Description | Value | -| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------- | -| `hidden.enabled` | Enable deploying the hidden nodes | `false` | -| `hidden.hostAliases` | Add deployment host aliases | `[]` | -| `hidden.configuration` | Hidden node configuration file to be used | `""` | -| `hidden.existingConfigmap` | Name of existing ConfigMap with Hidden node configuration | `""` | -| `hidden.command` | Override default container command (useful when using custom images) | `[]` | -| `hidden.args` | Override default container args (useful when using custom images) | `[]` | -| `hidden.extraFlags` | Hidden node additional command line flags | `[]` | -| `hidden.extraEnvVars` | Extra environment variables to add to Hidden node pods | `[]` | -| `hidden.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `hidden.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | -| `hidden.annotations` | Additional labels to be added to thehidden node statefulset | `{}` | -| `hidden.labels` | Annotations to be added to the hidden node statefulset | `{}` | -| `hidden.topologySpreadConstraints` | MongoDB(®) Spread Constraints for hidden Pods | `[]` | -| `hidden.lifecycleHooks` | LifecycleHook for the Hidden container to automate configuration before or after startup | `{}` | -| `hidden.replicaCount` | Number of hidden nodes (only when `architecture=replicaset`) | `1` | -| `hidden.terminationGracePeriodSeconds` | Hidden Termination Grace Period | `""` | -| `hidden.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | -| `hidden.podManagementPolicy` | Pod management policy for hidden node | `OrderedReady` | -| `hidden.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | -| `hidden.podAffinityPreset` | Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `hidden.podAntiAffinityPreset` | Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `hidden.nodeAffinityPreset.type` | Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `hidden.nodeAffinityPreset.key` | Hidden Node label key to match Ignored if `affinity` is set. | `""` | -| `hidden.nodeAffinityPreset.values` | Hidden Node label values to match. Ignored if `affinity` is set. | `[]` | -| `hidden.affinity` | Hidden node Affinity for pod assignment | `{}` | -| `hidden.nodeSelector` | Hidden node Node labels for pod assignment | `{}` | -| `hidden.tolerations` | Hidden node Tolerations for pod assignment | `[]` | -| `hidden.podLabels` | Hidden node pod labels | `{}` | -| `hidden.podAnnotations` | Hidden node Pod annotations | `{}` | -| `hidden.priorityClassName` | Name of the existing priority class to be used by hidden node pod(s) | `""` | -| `hidden.runtimeClassName` | Name of the runtime class to be used by hidden node pod(s) | `""` | -| `hidden.podSecurityContext.enabled` | Enable Hidden pod(s)' Security Context | `true` | -| `hidden.podSecurityContext.fsGroup` | Group ID for the volumes of the Hidden pod(s) | `1001` | -| `hidden.podSecurityContext.sysctls` | sysctl settings of the Hidden pod(s)' | `[]` | -| `hidden.containerSecurityContext.enabled` | Enable Hidden container(s)' Security Context | `true` | -| `hidden.containerSecurityContext.runAsUser` | User ID for the Hidden container | `1001` | -| `hidden.containerSecurityContext.runAsNonRoot` | Set Hidden containers' Security Context runAsNonRoot | `true` | -| `hidden.resources.limits` | The resources limits for hidden node containers | `{}` | -| `hidden.resources.requests` | The requested resources for hidden node containers | `{}` | -| `hidden.containerPorts.mongodb` | MongoDB(®) hidden container port | `27017` | -| `hidden.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `hidden.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `hidden.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `hidden.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | -| `hidden.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `hidden.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `hidden.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `hidden.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `hidden.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | -| `hidden.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | -| `hidden.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `hidden.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `hidden.startupProbe.enabled` | Enable startupProbe | `false` | -| `hidden.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `hidden.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `hidden.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `hidden.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | -| `hidden.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `hidden.customLivenessProbe` | Override default liveness probe for hidden node containers | `{}` | -| `hidden.customReadinessProbe` | Override default readiness probe for hidden node containers | `{}` | -| `hidden.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | -| `hidden.initContainers` | Add init containers to the MongoDB(®) Hidden pods. | `[]` | -| `hidden.sidecars` | Add additional sidecar containers for the hidden node pod(s) | `[]` | -| `hidden.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the hidden node container(s) | `[]` | -| `hidden.extraVolumes` | Optionally specify extra list of additional volumes to the hidden node statefulset | `[]` | -| `hidden.pdb.create` | Enable/disable a Pod Disruption Budget creation for hidden node pod(s) | `false` | -| `hidden.pdb.minAvailable` | Minimum number/percentage of hidden node pods that should remain scheduled | `1` | -| `hidden.pdb.maxUnavailable` | Maximum number/percentage of hidden node pods that may be made unavailable | `""` | -| `hidden.persistence.enabled` | Enable hidden node data persistence using PVC | `true` | -| `hidden.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `hidden.persistence.storageClass` | PVC Storage Class for hidden node data volume | `""` | -| `hidden.persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | -| `hidden.persistence.size` | PVC Storage Request for hidden node data volume | `8Gi` | -| `hidden.persistence.annotations` | PVC annotations | `{}` | -| `hidden.persistence.mountPath` | The path the volume will be mounted at, useful when using different MongoDB(®) images. | `/drycc/mongodb` | -| `hidden.persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments | `""` | -| `hidden.persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | -| `hidden.persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | -| `hidden.persistence.volumeClaimTemplates.dataSource` | Set volumeClaimTemplate dataSource | `{}` | -| `hidden.service.portName` | MongoDB(®) service port name | `mongodb` | -| `hidden.service.ports.mongodb` | MongoDB(®) service port | `27017` | -| `hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `hidden.service.annotations` | Provide any additional annotations that may be required | `{}` | - - -### Metrics parameters - -| Name | Description | Value | -| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `metrics.enabled` | Enable using a sidecar Prometheus exporter | `false` | -| `metrics.image.registry` | MongoDB(®) Prometheus exporter image registry | `docker.io` | -| `metrics.image.repository` | MongoDB(®) Prometheus exporter image repository | `drycc/mongodb-exporter` | -| `metrics.image.tag` | MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) | `0.34.0-debian-11-r19` | -| `metrics.image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | MongoDB(®) Prometheus exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.username` | String with username for the metrics exporter | `""` | -| `metrics.password` | String with password for the metrics exporter | `""` | -| `metrics.extraFlags` | String with extra flags to the metrics exporter | `""` | -| `metrics.command` | Override default container command (useful when using custom images) | `[]` | -| `metrics.args` | Override default container args (useful when using custom images) | `[]` | -| `metrics.resources.limits` | The resources limits for Prometheus exporter containers | `{}` | -| `metrics.resources.requests` | The requested resources for Prometheus exporter containers | `{}` | -| `metrics.containerPort` | Port of the Prometheus metrics container | `9216` | -| `metrics.service.annotations` | Annotations for Prometheus Exporter pods. Evaluated as a template. | `{}` | -| `metrics.service.type` | Type of the Prometheus metrics service | `ClusterIP` | -| `metrics.service.ports.metrics` | Port of the Prometheus metrics service | `9216` | -| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.startupProbe.enabled` | Enable startupProbe | `false` | -| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | -| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `metrics.customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | -| `metrics.customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | -| `metrics.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | -| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricsRelabelConfigs to apply to samples before ingestion. | `[]` | -| `metrics.serviceMonitor.labels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | Namespace where prometheusRules resource should be created | `""` | -| `metrics.prometheusRule.rules` | Rules to be created, check values for an example | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install my-release \ - --set auth.rootPassword=secretpassword,auth.username=my-user,auth.password=my-password,auth.database=my-database \ - my-repo/mongodb -``` - -The above command sets the MongoDB(®) `root` account password to `secretpassword`. Additionally, it creates a standard database user named `my-user`, with the password `my-password`, who has access to a database named `my-database`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml my-repo/mongodb -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.drycc.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Drycc will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Customize a new MongoDB instance - -The [Drycc MongoDB(®) image](https://github.com/drycc/containers/tree/main/drycc/mongodb) supports the use of custom scripts to initialize a fresh instance. In order to execute the scripts, two options are available: - -* Specify them using the `initdbScripts` parameter as dict. -* Define an external Kubernetes ConfigMap with all the initialization scripts by setting the `initdbScriptsConfigMap` parameter. Note that this will override the previous option. - -The allowed script extensions are `.sh` and `.js`. - -### Replicaset: Access MongoDB(®) nodes from outside the cluster - -In order to access MongoDB(®) nodes from outside the cluster when using a replicaset architecture, a specific service per MongoDB(®) pod will be created. There are two ways of configuring external access: - -- Using LoadBalancer services -- Using NodePort services. - -Refer to the [chart documentation for more details and configuration examples](https://docs.drycc.com/kubernetes/infrastructure/mongodb/configuration/configure-external-access-replicaset/). - -### Add extra environment variables - -To add extra environment variables (useful for advanced operations like custom init scripts), use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: LOG_LEVEL - value: error -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` properties. - -### Use Sidecars and Init Containers - -If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. - -Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.drycc.com/kubernetes/infrastructure/mongodb/configuration/configure-sidecar-init-containers/). - -## Persistence - -The [Drycc MongoDB(®)](https://github.com/drycc/containers/tree/main/drycc/mongodb) image stores the MongoDB(®) data and configurations at the `/drycc/mongodb` path of the container. - -The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. - -If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.drycc.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). - -## Use custom Prometheus rules - -Custom Prometheus rules can be defined for the Prometheus Operator by using the `prometheusRule` parameter. - -Refer to the [chart documentation for an example of a custom rule](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/use-prometheus-rules/). - -## Enable SSL/TLS - -This chart supports enabling SSL/TLS between nodes in the cluster, as well as between MongoDB(®) clients and nodes, by setting the `MONGODB_EXTRA_FLAGS` and `MONGODB_CLIENT_EXTRA_FLAGS` container environment variables, together with the correct `MONGODB_ADVERTISED_HOSTNAME`. To enable full TLS encryption, set the `tls.enabled` parameter to `true`. - -Refer to the [chart documentation for more information on enabling TLS](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/enable-tls/). - -### Set Pod affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [drycc/common](https://github.com/drycc/charts/tree/master/drycc/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Drycc's Helm charts in [this troubleshooting guide](https://docs.drycc.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -If authentication is enabled, it's necessary to set the `auth.rootPassword` (also `auth.replicaSetKey` when using a replicaset architecture) when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Credentials' section. Please note down the password, and run the command below to upgrade your chart: - -```bash -$ helm upgrade my-release my-repo/mongodb --set auth.rootPassword=[PASSWORD] (--set auth.replicaSetKey=[REPLICASETKEY]) -``` - -> Note: you need to substitute the placeholders [PASSWORD] and [REPLICASETKEY] with the values obtained in the installation notes. - -### To 12.0.0 - -This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Drycc charts repository. - -Affected values: - -- `strategyType` is replaced by `updateStrategy` -- `service.port` is renamed to `service.ports.mongodb` -- `service.nodePort` is renamed to `service.nodePorts.mongodb` -- `externalAccess.service.port` is renamed to `externalAccess.hidden.service.ports.mongodb` -- `rbac.role.rules` is renamed to `rbac.rules` -- `externalAccess.hidden.service.port` is renamed ot `externalAccess.hidden.service.ports.mongodb` -- `hidden.strategyType` is replaced by `hidden.updateStrategy` -- `metrics.serviceMonitor.relabellings` is renamed to `metrics.serviceMonitor.relabelings`(typo fixed) -- `metrics.serviceMonitor.additionalLabels` is renamed to `metrics.serviceMonitor.labels` - -Additionally also updates the MongoDB image dependency to it newest major, 5.0 - -### To 11.0.0 - -In this version, the mongodb-exporter bundled as part of this Helm chart was updated to a new version which, even it is not a major change, can contain breaking changes (from `0.11.X` to `0.30.X`). -Please visit the release notes from the upstream project at https://github.com/percona/mongodb_exporter/releases - -### To 10.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/upgrade-helm3/). - -### To 9.0.0 - -MongoDB(®) container images were updated to `4.4.x` and it can affect compatibility with older versions of MongoDB(®). Refer to the following guides to upgrade your applications: - -- [Standalone](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-standalone/) -- [Replica Set](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-replica-set/) - -### To 8.0.0 - -- Architecture used to configure MongoDB(®) as a replicaset was completely refactored. Now, both primary and secondary nodes are part of the same statefulset. -- Chart labels were adapted to follow the Helm charts best practices. -- This version introduces `drycc/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/drycc/charts/tree/master/drycc/common#drycc-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. -- Several parameters were renamed or disappeared in favor of new ones on this major version. These are the most important ones: - - `replicas` is renamed to `replicaCount`. - - Authentication parameters are reorganized under the `auth.*` parameter: - - `usePassword` is renamed to `auth.enabled`. - - `mongodbRootPassword`, `mongodbUsername`, `mongodbPassword`, `mongodbDatabase`, and `replicaSet.key` are now `auth.rootPassword`, `auth.username`, `auth.password`, `auth.database`, and `auth.replicaSetKey` respectively. - - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. - - Parameters prefixed with `mongodb` are renamed removing the prefix. E.g. `mongodbEnableIPv6` is renamed to `enableIPv6`. - - Parameters affecting Arbiter nodes are reorganized under the `arbiter.*` parameter. - -Consequences: - -- Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MongoDB(®) chart, and migrate your data by creating a backup of the database, and restoring it on the new release. - -### To 7.0.0 - -From this version, the way of setting the ingress rules has changed. Instead of using `ingress.paths` and `ingress.hosts` as separate objects, you should now define the rules as objects inside the `ingress.hosts` value, for example: - -```yaml -ingress: - hosts: - - name: mongodb.local - path: / -``` - -### To 6.0.0 - -From this version, `mongodbEnableIPv6` is set to `false` by default in order to work properly in most k8s clusters, if you want to use IPv6 support, you need to set this variable to `true` by adding `--set mongodbEnableIPv6=true` to your `helm` command. -You can find more information in the [`drycc/mongodb` image README](https://github.com/drycc/containers/tree/main/drycc/mongodb#readme). - -### To 5.0.0 - -When enabling replicaset configuration, backwards compatibility is not guaranteed unless you modify the labels used on the chart's statefulsets. -Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is `my-release`: - -```console -$ kubectl delete statefulset my-release-mongodb-arbiter my-release-mongodb-primary my-release-mongodb-secondary --cascade=false -``` - -### Add extra deployment options - -To add extra deployments (useful for advanced features like sidecars), use the `extraDeploy` property. - -In the example below, you can find how to use a example here for a [MongoDB replica set pod labeler sidecar](https://github.com/combor/k8s-mongo-labeler-sidecar) to identify the primary pod and dynamically label it as the primary node: - -```yaml -extraDeploy: - - apiVersion: v1 - kind: Service - metadata: - name: mongodb-primary - namespace: default - labels: - app.kubernetes.io/component: mongodb - app.kubernetes.io/instance: mongodb - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: mongodb - spec: - type: NodePort - externalTrafficPolicy: Cluster - ports: - - name: mongodb-primary - port: 30001 - nodePort: 30001 - protocol: TCP - targetPort: mongodb - selector: - app.kubernetes.io/component: mongodb - app.kubernetes.io/instance: mongodb - app.kubernetes.io/name: mongodb - primary: "true" -``` - -## License - -Copyright © 2022 Drycc - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file diff --git a/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt b/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt deleted file mode 100644 index 2bb79222..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt +++ /dev/null @@ -1,202 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - - /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh - -{{- else }} - -{{- $replicaCount := int .Values.replicaCount }} -{{- $portNumber := int .Values.service.ports.mongodb }} -{{- $fullname := include "mongodb.fullname" . }} -{{- $releaseNamespace := include "mongodb.namespace" . }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} -{{- $mongoList := list }} -{{- range $e, $i := until $replicaCount }} -{{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} -{{- end }} - -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer") }} - -#################################################################################### -### ERROR: You enabled external access to MongoDB® nodes without specifying ### -### the array of load balancer IPs for MongoDB® nodes. ### -#################################################################################### - -This deployment will be incomplete until you configure the array of load balancer -IPs for MongoDB® nodes. To complete your deployment follow the steps below: - -1. Wait for the load balancer IPs (it may take a few minutes for them to be available): - - kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb" -w - -2. Obtain the load balancer IPs and upgrade your chart: - - {{- range $e, $i := until $replicaCount }} - LOAD_BALANCER_IP_{{ add $i 1 }}="$(kubectl get svc --namespace {{ $releaseNamespace }} {{ $fullname }}-{{ $i }}-external -o jsonpath='{.status.loadBalancer.ingress[0].ip}')" - {{- end }} - -3. Upgrade you chart: - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} my-repo/{{ .Chart.Name }} \ - --set mongodb.replicaCount={{ $replicaCount }} \ - --set mongodb.externalAccess.enabled=true \ - {{- range $i, $e := until $replicaCount }} - --set mongodb.externalAccess.service.loadBalancerIPs[{{ $i }}]=$LOAD_BALANCER_IP_{{ add $i 1 }} \ - {{- end }} - --set mongodb.externalAccess.service.type=LoadBalancer - -{{- else }} - -{{- if and (or (and (eq .Values.architecture "standalone") (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort"))) (and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled)) (not .Values.auth.enabled) }} -------------------------------------------------------------------------------- - WARNING - - By not enabling "mongodb.auth.enabled" you have most likely exposed the - MongoDB® service externally without any authentication mechanism. - - For security reasons, we strongly suggest that you enable authentiation - setting the "mongodb.auth.enabled" parameter to "true". - -------------------------------------------------------------------------------- -{{- end }} - -** Please be patient while the chart is being deployed ** - -MongoDB® can be accessed on the following DNS name(s) and ports from within your cluster: - -{{- if eq .Values.architecture "replicaset" }} -{{ join "\n" $mongoList | nindent 4 }} -{{- else }} - - {{ $fullname }}.{{ $releaseNamespace }}.svc.{{ .Values.clusterDomain }} - -{{- end }} - -{{- if .Values.auth.enabled }} - -To get the root password run: - - export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.secretName" . }} -o jsonpath="{.data.mongodb-root-password}" | base64 -d) - -{{- end }} -{{- $customUsers := include "mongodb.customUsers" . -}} -{{- $customDatabases := include "mongodb.customDatabases" . -}} -{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} -{{- $customUsersList := splitList "," $customUsers }} -{{- range $index, $user := $customUsersList }} - -To get the password for "{{ $user }}" run: - - export MONGODB_PASSWORD=$(kubectl get secret --namespace {{ include "mongodb.namespace" $ }} {{ include "mongodb.secretName" $ }} -o jsonpath="{.data.mongodb-passwords}" | base64 -d | awk -F',' '{print ${{ add 1 $index }}}') - -{{- end }} -{{- end }} - -To connect to your database, create a MongoDB® client container: - - kubectl run --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }}-client --rm --tty -i --restart='Never' --env="MONGODB_ROOT_PASSWORD=$MONGODB_ROOT_PASSWORD" --image {{ template "mongodb.image" . }} --command -- bash - -Then, run the following command: - - {{- if eq .Values.architecture "replicaset" }} - mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} - {{- else }} - mongosh admin --host "{{ template "mongodb.fullname" . }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} - {{- end }} - -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }} - -To connect to your database nodes from outside, you need to add both primary and secondary nodes hostnames/IPs to your Mongo client. To obtain them, follow the instructions below: - -{{- if eq "NodePort" .Values.externalAccess.service.type }} -{{- if .Values.externalAccess.service.domain }} - - MongoDB® nodes domain: Use your provided hostname to reach MongoDB® nodes, {{ .Values.externalAccess.service.domain }} - -{{- else }} - - MongoDB® nodes domain: you can reach MongoDB® nodes on any of the K8s nodes external IPs. - - kubectl get nodes -o wide - -{{- end }} - - MongoDB® nodes port: You will have a different node port for each MongoDB® node. You can get the list of configured node ports using the command below: - - echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].spec.ports[0].nodePort}' | tr ' ' '\n')" - -{{- else if contains "LoadBalancer" .Values.externalAccess.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IPs to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -w' - - MongoDB® nodes domain: You will have a different external IP for each MongoDB® node. You can get the list of external IPs using the command below: - - echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}' | tr ' ' '\n')" - - MongoDB® nodes port: {{ .Values.externalAccess.service.ports.mongodb }} - -{{- end }} - -{{- else if eq .Values.architecture "standalone" }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "mongodb.fullname" . }}) - mongo --host $NODE_IP --port $NODE_PORT {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ template "mongodb.namespace" . }} -w {{ template "mongodb.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - mongosh --host $SERVICE_IP --port {{ $portNumber }} {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ template "mongodb.namespace" . }} svc/{{ template "mongodb.fullname" . }} {{ $portNumber }}:{{ $portNumber }} & - mongosh --host 127.0.0.1 {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} - -{{- end }} -{{- end }} -{{- end }} - -{{- if .Values.metrics.enabled }} - -To access the MongoDB® Prometheus metrics, get the MongoDB® Prometheus URL by running: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "mongodb.fullname" . }}-metrics {{ .Values.metrics.service.ports.metrics }}:{{ .Values.metrics.service.ports.metrics }} & - echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.metrics.service.ports.metrics }}/metrics" - -Then, open the obtained URL in a browser. - -{{- end }} -{{- end }} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- include "common.warnings.rollingTag" .Values.externalAccess.autoDiscovery.image }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- include "common.warnings.rollingTag" .Values.tls.image }} - diff --git a/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl b/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl deleted file mode 100644 index 81f6889c..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl +++ /dev/null @@ -1,432 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mongodb.name" -}} -{{- include "common.names.name" . -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mongodb.fullname" -}} -{{- include "common.names.fullname" . -}} -{{- end -}} - -{{/* -Create a default mongo service name which can be overridden. -*/}} -{{- define "mongodb.service.nameOverride" -}} - {{- if and .Values.service .Values.service.nameOverride -}} - {{- print .Values.service.nameOverride -}} - {{- else -}} - {{- printf "%s-headless" (include "mongodb.fullname" .) -}} - {{- end }} -{{- end }} - -{{/* -Create a default mongo arbiter service name which can be overridden. -*/}} -{{- define "mongodb.arbiter.service.nameOverride" -}} - {{- if and .Values.arbiter.service .Values.arbiter.service.nameOverride -}} - {{- print .Values.arbiter.service.nameOverride -}} - {{- else -}} - {{- printf "%s-arbiter-headless" (include "mongodb.fullname" .) -}} - {{- end }} -{{- end }} - -{{/* -Return the proper MongoDB® image name -*/}} -{{- define "mongodb.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "mongodb.metrics.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "mongodb.volumePermissions.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container auto-discovery image) -*/}} -{{- define "mongodb.externalAccess.autoDiscovery.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the TLS Certs image) -*/}} -{{- define "mongodb.tls.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.tls.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "mongodb.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "mongodb.namespace" -}} - {{- if and .Values.global .Values.global.namespaceOverride -}} - {{- print .Values.global.namespaceOverride -}} - {{- else -}} - {{- print .Release.Namespace -}} - {{- end }} -{{- end -}} -{{- define "mongodb.serviceMonitor.namespace" -}} - {{- if .Values.metrics.serviceMonitor.namespace -}} - {{- print .Values.metrics.serviceMonitor.namespace -}} - {{- else -}} - {{- include "mongodb.namespace" . -}} - {{- end }} -{{- end -}} -{{- define "mongodb.prometheusRule.namespace" -}} - {{- if .Values.metrics.prometheusRule.namespace -}} - {{- print .Values.metrics.prometheusRule.namespace -}} - {{- else -}} - {{- include "mongodb.namespace" . -}} - {{- end }} -{{- end -}} - -{{/* -Returns the proper service account name depending if an explicit service account name is set -in the values file. If the name is not set it will default to either mongodb.fullname if serviceAccount.create -is true or default otherwise. -*/}} -{{- define "mongodb.serviceAccountName" -}} - {{- if .Values.serviceAccount.create -}} - {{- default (include "mongodb.fullname" .) (print .Values.serviceAccount.name) -}} - {{- else -}} - {{- default "default" (print .Values.serviceAccount.name) -}} - {{- end -}} -{{- end -}} - -{{/* -Return the list of custom users to create during the initialization (string format) -*/}} -{{- define "mongodb.customUsers" -}} - {{- $customUsers := list -}} - {{- if .Values.auth.username -}} - {{- $customUsers = append $customUsers .Values.auth.username }} - {{- end }} - {{- range .Values.auth.usernames }} - {{- $customUsers = append $customUsers . }} - {{- end }} - {{- printf "%s" (default "" (join "," $customUsers)) -}} -{{- end -}} - -{{/* -Return the list of passwords for the custom users (string format) -*/}} -{{- define "mongodb.customPasswords" -}} - {{- $customPasswords := list -}} - {{- if .Values.auth.password -}} - {{- $customPasswords = append $customPasswords .Values.auth.password }} - {{- end }} - {{- range .Values.auth.passwords }} - {{- $customPasswords = append $customPasswords . }} - {{- end }} - {{- printf "%s" (default "" (join "," $customPasswords)) -}} -{{- end -}} - -{{/* -Return the list of custom databases to create during the initialization (string format) -*/}} -{{- define "mongodb.customDatabases" -}} - {{- $customDatabases := list -}} - {{- if .Values.auth.database -}} - {{- $customDatabases = append $customDatabases .Values.auth.database }} - {{- end }} - {{- range .Values.auth.databases }} - {{- $customDatabases = append $customDatabases . }} - {{- end }} - {{- printf "%s" (default "" (join "," $customDatabases)) -}} -{{- end -}} - -{{/* -Return the configmap with the MongoDB® configuration -*/}} -{{- define "mongodb.configmapName" -}} -{{- if .Values.existingConfigmap -}} - {{- printf "%s" (tpl .Values.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MongoDB® -*/}} -{{- define "mongodb.createConfigmap" -}} -{{- if and .Values.configuration (not .Values.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret with MongoDB® credentials -*/}} -{{- define "mongodb.secretName" -}} - {{- if .Values.auth.existingSecret -}} - {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} - {{- else -}} - {{- printf "%s" (include "mongodb.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created for MongoDB® -*/}} -{{- define "mongodb.createSecret" -}} -{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "mongodb.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} -{{- printf "%s" .Values.initdbScriptsConfigMap -}} -{{- else -}} -{{- printf "%s-init-scripts" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if the Arbiter should be deployed -*/}} -{{- define "mongodb.arbiter.enabled" -}} -{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the configmap with the MongoDB® configuration for the Arbiter -*/}} -{{- define "mongodb.arbiter.configmapName" -}} -{{- if .Values.arbiter.existingConfigmap -}} - {{- printf "%s" (tpl .Values.arbiter.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-arbiter" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MongoDB® Arbiter -*/}} -{{- define "mongodb.arbiter.createConfigmap" -}} -{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled .Values.arbiter.configuration (not .Values.arbiter.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if the Hidden should be deployed -*/}} -{{- define "mongodb.hidden.enabled" -}} -{{- if and (eq .Values.architecture "replicaset") .Values.hidden.enabled }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the configmap with the MongoDB® configuration for the Hidden -*/}} -{{- define "mongodb.hidden.configmapName" -}} -{{- if .Values.hidden.existingConfigmap -}} - {{- printf "%s" (tpl .Values.hidden.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-hidden" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MongoDB® Hidden -*/}} -{{- define "mongodb.hidden.createConfigmap" -}} -{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.enabled .Values.hidden.configuration (not .Values.hidden.existingConfigmap) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "mongodb.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "mongodb.validateValues.pspAndRBAC" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.architecture" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBs" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBsLength" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.externalAccessServiceType" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.loadBalancerIPsListLength" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.nodePortListLength" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate RBAC is created when using PSP */}} -{{- define "mongodb.validateValues.pspAndRBAC" -}} -{{- if and (.Values.podSecurityPolicy.create) (not .Values.rbac.create) -}} -mongodb: podSecurityPolicy.create, rbac.create - Both podSecurityPolicy.create and rbac.create must be true, if you want - to create podSecurityPolicy -{{- end -}} -{{- end -}} - -{{/* Validate values of MongoDB® - must provide a valid architecture */}} -{{- define "mongodb.validateValues.architecture" -}} -{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replicaset") -}} -mongodb: architecture - Invalid architecture selected. Valid values are "standalone" and - "replicaset". Please set a valid architecture (--set mongodb.architecture="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - both auth.usernames and auth.databases are necessary -to create a custom user and database during 1st initialization -*/}} -{{- define "mongodb.validateValues.customUsersDBs" -}} -{{- $customUsers := include "mongodb.customUsers" . -}} -{{- $customDatabases := include "mongodb.customDatabases" . -}} -{{- if or (and (empty $customUsers) (not (empty $customDatabases))) (and (not (empty $customUsers)) (empty $customDatabases)) }} -mongodb: auth.usernames, auth.databases - Both auth.usernames and auth.databases must be provided to create - custom users and databases during 1st initialization. - Please set both of them (--set auth.usernames[0]="xxxx",auth.databases[0]="yyyy") -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - both auth.usernames and auth.databases arrays should have the same length -to create a custom user and database during 1st initialization -*/}} -{{- define "mongodb.validateValues.customUsersDBsLength" -}} -{{- if ne (len .Values.auth.usernames) (len .Values.auth.databases) }} -mongodb: auth.usernames, auth.databases - Both auth.usernames and auth.databases arrays should have the same length -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - service type for external access -*/}} -{{- define "mongodb.validateValues.externalAccessServiceType" -}} -{{- if and (eq .Values.architecture "replicaset") (not (eq .Values.externalAccess.service.type "NodePort")) (not (eq .Values.externalAccess.service.type "LoadBalancer")) (not (eq .Values.externalAccess.service.type "ClusterIP")) -}} -mongodb: externalAccess.service.type - Available service type for external access are NodePort, LoadBalancer or ClusterIP. -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - number of replicas must be the same than LoadBalancer IPs list -*/}} -{{- define "mongodb.validateValues.loadBalancerIPsListLength" -}} -{{- $replicaCount := int .Values.replicaCount }} -{{- $loadBalancerListLength := len .Values.externalAccess.service.loadBalancerIPs }} -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled ) (eq .Values.externalAccess.service.type "LoadBalancer") (not (eq $replicaCount $loadBalancerListLength )) -}} -mongodb: .Values.externalAccess.service.loadBalancerIPs - Number of replicas and loadBalancerIPs array length must be the same. -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - number of replicas must be the same than NodePort list -*/}} -{{- define "mongodb.validateValues.nodePortListLength" -}} -{{- $replicaCount := int .Values.replicaCount }} -{{- $nodePortListLength := len .Values.externalAccess.service.nodePorts }} -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "NodePort") (not (eq $replicaCount $nodePortListLength )) -}} -mongodb: .Values.externalAccess.service.nodePorts - Number of replicas and nodePorts array length must be the same. -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - RBAC should be enabled when autoDiscovery is enabled -*/}} -{{- define "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" -}} -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (not .Values.rbac.create ) }} -mongodb: rbac.create - By specifying "externalAccess.enabled=true" and "externalAccess.autoDiscovery.enabled=true" - an initContainer will be used to autodetect the external IPs/ports by querying the - K8s API. Please note this initContainer requires specific RBAC resources. You can create them - by specifying "--set rbac.create=true". -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® exporter URI string - auth.enabled and/or tls.enabled must be enabled or it defaults -*/}} -{{- define "mongodb.mongodb_exporter.uri" -}} - {{- $uriTlsArgs := ternary "tls=true&tlsCertificateKeyFile=/certs/mongodb.pem&tlsCAFile=/certs/mongodb-ca-cert" "" .Values.tls.enabled -}} - {{- if .Values.metrics.username }} - {{- $uriAuth := ternary "$(echo $MONGODB_METRICS_USERNAME | sed -r \"s/@/%40/g;s/:/%3A/g\"):$(echo $MONGODB_METRICS_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} - {{- printf "mongodb://%slocalhost:27017/admin?%s" $uriAuth $uriTlsArgs -}} - {{- else -}} - {{- $uriAuth := ternary "$MONGODB_ROOT_USER:$(echo $MONGODB_ROOT_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} - {{- printf "mongodb://%slocalhost:27017/admin?%s" $uriAuth $uriTlsArgs -}} - {{- end -}} -{{- end -}} - - -{{/* -Return the appropriate apiGroup for PodSecurityPolicy. -*/}} -{{- define "podSecurityPolicy.apiGroup" -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy" -}} -{{- else -}} -{{- print "extensions" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS secret object should be created -*/}} -{{- define "mongodb.createTlsSecret" -}} -{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret containing MongoDB® TLS certificates -*/}} -{{- define "mongodb.tlsSecretName" -}} -{{- $secretName := .Values.tls.existingSecret -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} -{{- else -}} - {{- printf "%s-ca" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml deleted file mode 100644 index 1aacbd79..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if (include "mongodb.arbiter.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ print "%s-arbiter" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: arbiter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - mongodb.conf: |- - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.configuration "context" $) | nindent 4 }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml deleted file mode 100644 index 2bc3658c..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if (include "mongodb.arbiter.enabled" .) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mongodb.arbiter.service.nameOverride" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: arbiter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.arbiter.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.arbiter.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: tcp-mongodb - port: {{ .Values.arbiter.service.ports.mongodb }} - targetPort: mongodb - {{- if .Values.arbiter.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: arbiter -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml deleted file mode 100644 index 6402f682..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (include "mongodb.arbiter.enabled" .) .Values.arbiter.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: arbiter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.arbiter.pdb.minAvailable }} - minAvailable: {{ .Values.arbiter.pdb.minAvailable }} - {{- end }} - {{- if .Values.arbiter.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.arbiter.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: arbiter -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml deleted file mode 100644 index a54b3575..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml +++ /dev/null @@ -1,279 +0,0 @@ -{{- if (include "mongodb.arbiter.enabled" .) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: arbiter - {{- if .Values.arbiter.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.labels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.arbiter.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.arbiter.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - serviceName: {{ include "mongodb.arbiter.service.nameOverride" . }} - podManagementPolicy: {{ .Values.arbiter.podManagementPolicy }} - {{- if .Values.arbiter.updateStrategy }} - updateStrategy: {{- toYaml .Values.arbiter.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: arbiter - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: arbiter - {{- if .Values.arbiter.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if or (include "mongodb.arbiter.createConfigmap" .) .Values.arbiter.podAnnotations }} - annotations: - {{- if (include "mongodb.arbiter.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/arbiter/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.arbiter.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "mongodb.imagePullSecrets" . | nindent 6 }} - {{- if .Values.arbiter.schedulerName }} - schedulerName: {{ .Values.arbiter.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "mongodb.serviceAccountName" . }} - {{- if .Values.arbiter.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAffinityPreset "component" "arbiter" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAntiAffinityPreset "component" "arbiter" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.arbiter.nodeAffinityPreset.type "key" .Values.arbiter.nodeAffinityPreset.key "values" .Values.arbiter.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.arbiter.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.arbiter.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.arbiter.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.arbiter.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.arbiter.priorityClassName }} - priorityClassName: {{ .Values.arbiter.priorityClassName }} - {{- end }} - {{- if .Values.arbiter.runtimeClassName }} - runtimeClassName: {{ .Values.arbiter.runtimeClassName }} - {{- end }} - {{- if .Values.arbiter.podSecurityContext.enabled }} - securityContext: {{- omit .Values.arbiter.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{ if .Values.arbiter.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.arbiter.terminationGracePeriodSeconds }} - {{- end }} - initContainers: - {{- if .Values.arbiter.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.tls.enabled .Values.arbiter.enabled }} - - name: generate-client - image: {{ include "mongodb.tls.image" . }} - imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - volumeMounts: - - name: certs-volume - mountPath: /certs/CAs - - name: certs - mountPath: /certs - - name: common-scripts - mountPath: /drycc/scripts - command: - - /drycc/scripts/generate-certs.sh - args: - - -s {{ include "mongodb.arbiter.service.nameOverride" . }} - {{- end }} - containers: - - name: mongodb-arbiter - image: {{ include "mongodb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.arbiter.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.arbiter.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.arbiter.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.arbiter.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.arbiter.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: K8S_SERVICE_NAME - value: "{{ include "mongodb.arbiter.service.nameOverride" . }}" - - name: MONGODB_REPLICA_SET_MODE - value: "arbiter" - - name: MONGODB_INITIAL_PRIMARY_HOST - value: {{ printf "%s-0.%s.$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) (include "mongodb.service.nameOverride" .) .Values.clusterDomain }} - - name: MONGODB_REPLICA_SET_NAME - value: {{ .Values.replicaSetName | quote }} - - name: MONGODB_ADVERTISED_HOSTNAME - value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" - - name: MONGODB_PORT_NUMBER - value: {{ .Values.arbiter.containerPorts.mongodb | quote }} - - name: MONGODB_ENABLE_IPV6 - value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} - {{- if .Values.auth.enabled }} - - name: MONGODB_INITIAL_PRIMARY_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - - name: MONGODB_REPLICA_SET_KEY - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-replica-set-key - {{- end }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - {{- $extraFlags := .Values.arbiter.extraFlags | join " " -}} - {{- if and .Values.tls.enabled .Values.arbiter.enabled }} - {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} - {{- end }} - {{- if ne $extraFlags "" }} - - name: MONGODB_EXTRA_FLAGS - value: {{ $extraFlags | quote }} - {{- end }} - {{- if and .Values.tls.enabled .Values.arbiter.enabled }} - - name: MONGODB_CLIENT_EXTRA_FLAGS - value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert - {{- end }} - {{- if .Values.arbiter.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.arbiter.extraEnvVarsCM .Values.arbiter.extraEnvVarsSecret }} - envFrom: - {{- if .Values.arbiter.extraEnvVarsCM }} - - configMapRef: - name: {{ tpl .Values.arbiter.extraEnvVarsCM . | quote }} - {{- end }} - {{- if .Values.arbiter.extraEnvVarsSecret }} - - secretRef: - name: {{ tpl .Values.arbiter.extraEnvVarsSecret . | quote }} - {{- end }} - {{- end }} - ports: - - containerPort: {{ .Values.arbiter.containerPorts.mongodb }} - name: mongodb - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.arbiter.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.arbiter.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: mongodb - {{- end }} - {{- if .Values.arbiter.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.arbiter.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.readinessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: mongodb - {{- end }} - {{- if .Values.arbiter.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.arbiter.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: mongodb - {{- end }} - {{- end }} - {{- if .Values.arbiter.resources }} - resources: {{- toYaml .Values.arbiter.resources | nindent 12 }} - {{- end }} - {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumeMounts .Values.tls.enabled }} - volumeMounts: - {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} - - name: config - mountPath: /opt/drycc/mongodb/conf/mongodb.conf - subPath: mongodb.conf - {{- end }} - {{- if and .Values.tls.enabled .Values.arbiter.enabled }} - - name: certs - mountPath: /certs - {{- end }} - {{- if .Values.arbiter.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.arbiter.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }} - volumes: - - name: common-scripts - configMap: - name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} - defaultMode: 0555 - {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} - - name: config - configMap: - name: {{ include "mongodb.arbiter.configmapName" . }} - {{- end }} - {{- if and .Values.tls.enabled .Values.arbiter.enabled }} - - name: certs - emptyDir: {} - - name: certs-volume - secret: - secretName: {{ template "mongodb.tlsSecretName" . }} - items: - - key: mongodb-ca-cert - path: mongodb-ca-cert - mode: 0600 - - key: mongodb-ca-key - path: mongodb-ca-key - mode: 0600 - {{- end }} - {{- if .Values.arbiter.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml b/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml deleted file mode 100644 index cb70b52f..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml +++ /dev/null @@ -1,104 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - startup-probe.sh: | - #!/bin/bash - {{- if .Values.tls.enabled }} - TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' - {{- end }} - mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true$' - readiness-probe.sh: | - #!/bin/bash - {{- if .Values.tls.enabled }} - TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' - {{- end }} - # Run the proper check depending on the version - [[ $(mongod -version | grep "db version") =~ ([0-9]+\.[0-9]+\.[0-9]+) ]] && VERSION=${BASH_REMATCH[1]} - . /opt/drycc/scripts/libversion.sh - VERSION_MAJOR="$(get_sematic_version "$VERSION" 1)" - VERSION_MINOR="$(get_sematic_version "$VERSION" 2)" - VERSION_PATCH="$(get_sematic_version "$VERSION" 3)" - if [[ ( "$VERSION_MAJOR" -ge 5 ) || ( "$VERSION_MAJOR" -ge 4 && "$VERSION_MINOR" -ge 4 && "$VERSION_PATCH" -ge 2 ) ]]; then - mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true$' - else - mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.isMaster().ismaster || db.isMaster().secondary' | grep -q 'true$' - fi - ping-mongodb.sh: | - #!/bin/bash - {{- if .Values.tls.enabled }} - TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' - {{- end }} - mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval "db.adminCommand('ping')" - {{- if .Values.tls.enabled }} - generate-certs.sh: | - #!/bin/bash - additional_ips=() - additional_names=() - while getopts "i:n:s:" flag - do - case "${flag}" in - i) read -a additional_ips <<< ${OPTARG//,/ } ;; - n) read -a additional_names <<< ${OPTARG//,/ } ;; - s) svc=${OPTARG// /} ;; - \?) exit 1 ;; - esac - done - - my_hostname=$(hostname) - cp /certs/CAs/* /certs/ - cat >/certs/openssl.cnf <>/certs/openssl.cnf <>/certs/openssl.cnf < /certs/mongodb.pem - cd /certs/ - shopt -s extglob - rm -rf !(mongodb-ca-cert|mongodb.pem|CAs|openssl.cnf) - chmod 0600 mongodb-ca-cert mongodb.pem - {{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml deleted file mode 100644 index 76608c4e..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if (include "mongodb.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - mongodb.conf: |- - {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 4 }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml b/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9e..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml deleted file mode 100644 index d7271f05..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if (include "mongodb.hidden.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: hidden - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -data: - mongodb.conf: |- - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.configuration "context" $) | nindent 4 }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml deleted file mode 100644 index d9bbdc8e..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- if and (include "mongodb.hidden.enabled" .) .Values.externalAccess.hidden.enabled }} -{{- $fullName := include "mongodb.fullname" . }} -{{- $replicaCount := .Values.hidden.replicaCount | int }} -{{- $root := . }} - -{{- range $i, $e := until $replicaCount }} -{{- $targetPod := printf "%s-hidden-%d" (printf "%s" $fullName) $i }} -{{- $_ := set $ "targetPod" $targetPod }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-hidden-%d-external" $fullName $i }} - namespace: {{ include "mongodb.namespace" $ }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: hidden - {{- if $root.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - pod: {{ $targetPod }} - {{- if or $root.Values.externalAccess.hidden.service.annotations $root.Values.commonAnnotations }} - annotations: - {{- if $root.Values.externalAccess.hidden.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.hidden.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if $root.Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ $root.Values.externalAccess.hidden.service.type }} - {{- if eq $root.Values.externalAccess.hidden.service.type "LoadBalancer" }} - {{- if not (empty $root.Values.externalAccess.hidden.service.loadBalancerIPs) }} - loadBalancerIP: {{ index $root.Values.externalAccess.hidden.service.loadBalancerIPs $i }} - {{- end }} - {{- if $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- end }} - {{- if (or (eq $root.Values.externalAccess.hidden.service.type "LoadBalancer") (eq $root.Values.externalAccess.hidden.service.type "NodePort")) }} - externalTrafficPolicy: {{ $root.Values.externalAccess.hidden.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if $root.Values.externalAccess.hidden.service.sessionAffinity }} - sessionAffinity: {{ $root.Values.externalAccess.hidden.service.sessionAffinity }} - {{- end }} - {{- if $root.Values.externalAccess.hidden.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ $root.Values.externalAccess.hidden.service.portName | quote }} - port: {{ $root.Values.externalAccess.hidden.service.ports.mongodb }} - {{- if not (empty $root.Values.externalAccess.hidden.service.nodePorts) }} - {{- $nodePort := index $root.Values.externalAccess.hidden.service.nodePorts $i }} - nodePort: {{ $nodePort }} - {{- else }} - nodePort: null - {{- end }} - targetPort: mongodb - {{- if $root.Values.externalAccess.hidden.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} - app.kubernetes.io/component: hidden - statefulset.kubernetes.io/pod-name: {{ $targetPod }} ---- -{{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml deleted file mode 100644 index 725e0256..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if (include "mongodb.hidden.enabled" .) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: hidden - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.hidden.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.hidden.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: {{ .Values.hidden.service.portName | quote }} - port: {{ .Values.hidden.service.ports.mongodb }} - targetPort: mongodb - {{- if .Values.hidden.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: hidden -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml deleted file mode 100644 index ce233db3..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ printf "%s-hidden" (include "mongodb.fullname" . )}} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: hidden - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.hidden.pdb.minAvailable }} - minAvailable: {{ .Values.hidden.pdb.minAvailable }} - {{- end }} - {{- if .Values.hidden.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.hidden.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: hidden -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml deleted file mode 100644 index 56ce237b..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml +++ /dev/null @@ -1,533 +0,0 @@ -{{- if (include "mongodb.hidden.enabled" .) }} -{{- $replicaCount := int .Values.hidden.replicaCount }} -{{- $loadBalancerIPListLength := len .Values.externalAccess.hidden.service.loadBalancerIPs }} -{{- if not (and .Values.externalAccess.hidden.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.hidden.service.type "LoadBalancer")) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: hidden - {{- if .Values.hidden.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.labels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.hidden.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - serviceName: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} - podManagementPolicy: {{ .Values.hidden.podManagementPolicy }} - replicas: {{ .Values.hidden.replicaCount }} - {{- if .Values.hidden.updateStrategy }} - updateStrategy: {{- toYaml .Values.hidden.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: hidden - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: hidden - {{- if .Values.hidden.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if or (include "mongodb.hidden.createConfigmap" .) .Values.hidden.podAnnotations }} - annotations: - {{- if (include "mongodb.hidden.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/hidden/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.hidden.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "mongodb.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hidden.schedulerName }} - schedulerName: {{ .Values.hidden.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "mongodb.serviceAccountName" . }} - {{- if .Values.hidden.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hidden.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAffinityPreset "component" "" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAntiAffinityPreset "component" "" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.hidden.nodeAffinityPreset.type "key" .Values.hidden.nodeAffinityPreset.key "values" .Values.hidden.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.hidden.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hidden.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hidden.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hidden.priorityClassName }} - priorityClassName: {{ .Values.hidden.priorityClassName }} - {{- end }} - {{- if .Values.hidden.runtimeClassName }} - runtimeClassName: {{ .Values.hidden.runtimeClassName }} - {{- end }} - {{- if .Values.hidden.podSecurityContext.enabled }} - securityContext: {{- omit .Values.hidden.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{ if .Values.hidden.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.hidden.terminationGracePeriodSeconds }} - {{- end }} - {{- if or .Values.hidden.initContainers (and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled) (and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} - initContainers: - {{- if .Values.hidden.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled }} - - name: volume-permissions - image: {{ include "mongodb.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} - find {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.hidden.persistence.mountPath }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: generate-tls-certs - image: {{ include "mongodb.tls.image" . }} - imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - volumeMounts: - - name: certs-volume - mountPath: /certs/CAs - - name: certs - mountPath: /certs - - name: common-scripts - mountPath: /drycc/scripts - command: - - /drycc/scripts/generate-certs.sh - args: - - -s {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} - {{- if .Values.externalAccess.hidden.service.loadBalancerIPs }} - - -i {{ join "," .Values.externalAccess.hidden.service.loadBalancerIPs }} - {{- end }} - {{- if .Values.tls.extraDnsNames }} - - -n {{ join "," .Values.tls.extraDnsNames }} - {{- end }} - {{- if .Values.tls.resources }} - resources: {{- toYaml .Values.tls.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} - - name: auto-discovery - image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} - imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} - command: - - /scripts/auto-discovery.sh - env: - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SHARED_FILE - value: "/shared/info.txt" - {{- if .Values.externalAccess.autoDiscovery.resources }} - resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: shared - mountPath: /shared - - name: scripts - mountPath: /scripts/auto-discovery.sh - subPath: auto-discovery.sh - {{- end }} - {{- end }} - containers: - - name: mongodb - image: {{ include "mongodb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.hidden.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.hidden.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.hidden.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.command "context" $) | nindent 12 }} - {{- else }} - command: - - /scripts/setup-hidden.sh - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.hidden.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.hidden.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} - - name: SHARED_FILE - value: "/shared/info.txt" - {{- end }} - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: K8S_SERVICE_NAME - value: "{{ include "mongodb.service.nameOverride" . }}" - - name: K8S_HIDDEN_NODE_SERVICE_NAME - value: "{{ include "mongodb.fullname" . }}-hidden-headless" - - name: MONGODB_REPLICA_SET_MODE - value: "hidden" - - name: MONGODB_INITIAL_PRIMARY_HOST - value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} - - name: MONGODB_REPLICA_SET_NAME - value: {{ .Values.replicaSetName | quote }} - {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.hidden.enabled) }} - - name: MONGODB_ADVERTISED_HOSTNAME - value: "$(MY_POD_NAME).$(K8S_HIDDEN_NODE_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" - {{- end }} - {{- $customUsers := include "mongodb.customUsers" . -}} - {{- $customDatabases := include "mongodb.customDatabases" . -}} - {{- if not (empty $customUsers) }} - - name: MONGODB_EXTRA_USERNAMES - value: {{ $customUsers | quote }} - {{- end }} - {{- if not (empty $customDatabases) }} - - name: MONGODB_EXTRA_DATABASES - value: {{ $customDatabases | quote }} - {{- end }} - {{- if .Values.auth.enabled }} - {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} - - name: MONGODB_EXTRA_PASSWORDS - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-passwords - {{- end }} - - name: MONGODB_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - - name: MONGODB_REPLICA_SET_KEY - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-replica-set-key - {{- end }} - {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} - - name: MONGODB_METRICS_USERNAME - value: {{ .Values.metrics.username | quote }} - {{- if .Values.auth.enabled }} - - name: MONGODB_METRICS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-metrics-password - {{- end }} - {{- end }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - - name: MONGODB_SYSTEM_LOG_VERBOSITY - value: {{ .Values.systemLogVerbosity | quote }} - - name: MONGODB_DISABLE_SYSTEM_LOG - value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} - - name: MONGODB_DISABLE_JAVASCRIPT - value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} - - name: MONGODB_ENABLE_JOURNAL - value: {{ ternary "yes" "no" .Values.enableJournal | quote }} - - name: MONGODB_PORT_NUMBER - value: {{ .Values.hidden.containerPorts.mongodb | quote }} - - name: MONGODB_ENABLE_IPV6 - value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} - - name: MONGODB_ENABLE_DIRECTORY_PER_DB - value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} - {{- $extraFlags := .Values.hidden.extraFlags | join " " -}} - {{- if .Values.tls.enabled }} - {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} - {{- end }} - {{- if ne $extraFlags "" }} - - name: MONGODB_EXTRA_FLAGS - value: {{ $extraFlags | quote }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: MONGODB_CLIENT_EXTRA_FLAGS - value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert - {{- end }} - {{- if .Values.hidden.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.hidden.extraEnvVarsCM .Values.hidden.extraEnvVarsSecret }} - envFrom: - {{- if .Values.hidden.extraEnvVarsCM }} - - configMapRef: - name: {{ tpl .Values.hidden.extraEnvVarsCM . | quote }} - {{- end }} - {{- if .Values.hidden.extraEnvVarsSecret }} - - secretRef: - name: {{ tpl .Values.hidden.extraEnvVarsSecret . | quote }} - {{- end }} - {{- end }} - ports: - - containerPort: {{ .Values.hidden.containerPorts.mongodb }} - name: mongodb - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.hidden.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.hidden.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.livenessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/ping-mongodb.sh - {{- end }} - {{- if .Values.hidden.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.hidden.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.readinessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/ping-mongodb.sh - {{- end }} - {{- if .Values.hidden.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.hidden.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.startupProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/startup-probe.sh - {{- end }} - {{- end }} - {{- if .Values.hidden.resources }} - resources: {{- toYaml .Values.hidden.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.hidden.persistence.mountPath }} - subPath: {{ .Values.hidden.persistence.subPath }} - - name: common-scripts - mountPath: /drycc/scripts - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d - {{- end }} - {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }} - - name: config - mountPath: /opt/drycc/mongodb/conf/mongodb.conf - subPath: mongodb.conf - {{- end }} - - name: scripts - mountPath: /scripts/setup-hidden.sh - subPath: setup-hidden.sh - {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} - - name: shared - mountPath: /shared - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /certs - {{- end }} - {{- if .Values.hidden.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "mongodb.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.metrics.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -ec - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.metrics.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} - {{- else }} - args: - - | - /bin/mongodb_exporter --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} - {{- end }} - env: - {{- if .Values.auth.enabled }} - {{- if not .Values.metrics.username }} - - name: MONGODB_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - {{- else }} - - name: MONGODB_METRICS_USERNAME - value: {{ .Values.metrics.username | quote }} - - name: MONGODB_METRICS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-metrics-password - {{- end }} - {{- end }} - volumeMounts: - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /certs - {{- end }} - ports: - - name: metrics - containerPort: 9216 - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.hidden.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: common-scripts - configMap: - name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} - defaultMode: 0555 - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "mongodb.initdbScriptsCM" . }} - {{- end }} - {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }} - - name: config - configMap: - name: {{ include "mongodb.hidden.configmapName" . }} - {{- end }} - {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} - - name: shared - emptyDir: {} - {{- end }} - - name: scripts - configMap: - name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} - defaultMode: 0755 - {{- if .Values.hidden.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - emptyDir: {} - - name: certs-volume - secret: - secretName: {{ template "mongodb.tlsSecretName" . }} - items: - - key: mongodb-ca-cert - path: mongodb-ca-cert - mode: 0600 - - key: mongodb-ca-key - path: mongodb-ca-key - mode: 0600 - {{- end }} - {{- if not .Values.hidden.persistence.enabled }} - - name: datadir - {{- if .Values.hidden.persistence.medium }} - emptyDir: - medium: {{ .Values.hidden.persistence.medium | quote }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: datadir - {{- if .Values.hidden.persistence.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.hidden.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.hidden.persistence.size | quote }} - {{- if .Values.hidden.persistence.volumeClaimTemplates.requests }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.hidden.persistence.volumeClaimTemplates.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.hidden.persistence.volumeClaimTemplates.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} - {{- end }} - {{ include "common.storage.class" (dict "persistence" .Values.hidden.persistence "global" .Values.global) }} - {{- end }} -{{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml deleted file mode 100644 index f3d023ab..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-init-scripts" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml deleted file mode 100644 index 2a36dfc8..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - ports: - - port: {{ .Values.metrics.service.ports.metrics }} - targetPort: metrics - protocol: TCP - name: http-metrics - {{- if .Values.metrics.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} - app.kubernetes.io/component: mongodb -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml deleted file mode 100644 index 26149ccb..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if eq .Values.service.type "ClusterIP" }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.service.ports.mongodb }} - {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} - from: - {{- if .Values.networkPolicy.allowCurrentNamespace }} - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: {{ .Release.Namespace }} - {{- end }} - {{- range $namespace := .Values.networkPolicy.allowNamespaces }} - {{- if $namespace }} - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: {{ $namespace }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if eq .Values.service.type "LoadBalancer" }} - ingress: - - {} - {{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml b/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml deleted file mode 100644 index 29d2ea46..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.prometheusRule.namespace" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.prometheusRule.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} - {{- end }} -spec: - groups: - - name: {{ include "mongodb.fullname" . }} - rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml b/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml deleted file mode 100644 index e9ef023b..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- if and $pspAvailable .Values.podSecurityPolicy.create }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: -{{- if .Values.podSecurityPolicy.spec }} -{{ include "common.tplvalues.render" ( dict "value" .Values.podSecurityPolicy.spec "context" $ ) | nindent 2 }} -{{- else }} - allowPrivilegeEscalation: {{ .Values.podSecurityPolicy.allowPrivilegeEscalation }} - fsGroup: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.podSecurityContext.fsGroup }} - max: {{ .Values.podSecurityContext.fsGroup }} - hostIPC: false - hostNetwork: false - hostPID: false - privileged: {{ .Values.podSecurityPolicy.privileged }} - readOnlyRootFilesystem: false - requiredDropCapabilities: - - ALL - runAsUser: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.containerSecurityContext.runAsUser }} - max: {{ .Values.containerSecurityContext.runAsUser }} - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.containerSecurityContext.runAsUser }} - max: {{ .Values.containerSecurityContext.runAsUser }} - volumes: - - 'configMap' - - 'secret' - - 'emptyDir' - - 'persistentVolumeClaim' -{{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml deleted file mode 100644 index caa15f36..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if (eq .Values.architecture "replicaset") }} -{{- $fullName := include "mongodb.fullname" . }} -{{- $replicaCount := .Values.replicaCount | int }} -{{- $root := . }} - -{{- range $i, $e := until $replicaCount }} -{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} -{{- $_ := set $ "targetPod" $targetPod }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-%d" $fullName $i }} - namespace: {{ include "mongodb.namespace" $ }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if $root.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - pod: {{ $targetPod }} -spec: - type: {{ $root.Values.service.type }} - publishNotReadyAddresses: true - ports: - - name: {{ $root.Values.service.portName | quote }} - port: {{ $root.Values.service.ports.mongodb }} - targetPort: mongodb - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} - app.kubernetes.io/component: mongodb - statefulset.kubernetes.io/pod-name: {{ $targetPod }} ---- -{{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml deleted file mode 100644 index f1acd6bf..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not (eq .Values.externalAccess.service.type "ClusterIP")) false}} -{{- $fullName := include "mongodb.fullname" . }} -{{- $replicaCount := .Values.replicaCount | int }} -{{- $root := . }} - -{{- range $i, $e := until $replicaCount }} -{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} -{{- $_ := set $ "targetPod" $targetPod }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-%d-external" $fullName $i }} - namespace: {{ include "mongodb.namespace" $ }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if $root.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - pod: {{ $targetPod }} - {{- if or $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations }} - annotations: - {{- if $root.Values.externalAccess.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if $root.Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ $root.Values.externalAccess.service.type }} - {{- if eq $root.Values.externalAccess.service.type "LoadBalancer" }} - {{- if not (empty $root.Values.externalAccess.service.loadBalancerIPs) }} - loadBalancerIP: {{ index $root.Values.externalAccess.service.loadBalancerIPs $i }} - {{- end }} - {{- if $root.Values.externalAccess.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- end }} - {{- if (or (eq $root.Values.externalAccess.service.type "LoadBalancer") (eq $root.Values.externalAccess.service.type "NodePort")) }} - externalTrafficPolicy: {{ $root.Values.externalAccess.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if $root.Values.externalAccess.service.sessionAffinity }} - sessionAffinity: {{ $root.Values.externalAccess.service.sessionAffinity }} - {{- end }} - {{- if $root.Values.externalAccess.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ $root.Values.externalAccess.service.portName | quote }} - port: {{ $root.Values.externalAccess.service.ports.mongodb }} - {{- if not (empty $root.Values.externalAccess.service.nodePorts) }} - {{- $nodePort := index $root.Values.externalAccess.service.nodePorts $i }} - nodePort: {{ $nodePort }} - {{- else }} - nodePort: null - {{- end }} - targetPort: mongodb - {{- if $root.Values.externalAccess.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} - app.kubernetes.io/component: mongodb - statefulset.kubernetes.io/pod-name: {{ $targetPod }} ---- -{{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml deleted file mode 100644 index 78f26ab9..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if eq .Values.architecture "replicaset" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mongodb.service.nameOverride" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: {{ .Values.service.portName | quote }} - port: {{ .Values.service.ports.mongodb }} - targetPort: mongodb - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: mongodb -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml deleted file mode 100644 index a2b6492f..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (eq .Values.architecture "replicaset") .Values.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: mongodb -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml deleted file mode 100644 index ed5a8627..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml +++ /dev/null @@ -1,301 +0,0 @@ -{{- if eq .Values.architecture "replicaset" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - {{- $fullname := include "mongodb.fullname" . }} - {{- $releaseNamespace := include "mongodb.namespace" . }} - {{- if and .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} - auto-discovery.sh: |- - #!/bin/bash - - SVC_NAME="${MY_POD_NAME}-external" - - # Auxiliary functions - retry_while() { - local -r cmd="${1:?cmd is missing}" - local -r retries="${2:-12}" - local -r sleep_time="${3:-5}" - local return_value=1 - - read -r -a command <<< "$cmd" - for ((i = 1 ; i <= retries ; i+=1 )); do - "${command[@]}" && return_value=0 && break - sleep "$sleep_time" - done - return $return_value - } - k8s_svc_lb_ip() { - local namespace=${1:?namespace is missing} - local service=${2:?service is missing} - local service_ip=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].ip}") - local service_hostname=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].hostname}") - - if [[ -n ${service_ip} ]]; then - echo "${service_ip}" - else - echo "${service_hostname}" - fi - } - k8s_svc_lb_ip_ready() { - local namespace=${1:?namespace is missing} - local service=${2:?service is missing} - [[ -n "$(k8s_svc_lb_ip "$namespace" "$service")" ]] - } - # Wait until LoadBalancer IP is ready - retry_while "k8s_svc_lb_ip_ready {{ $releaseNamespace }} $SVC_NAME" || exit 1 - # Obtain LoadBalancer external IP - k8s_svc_lb_ip "{{ $releaseNamespace }}" "$SVC_NAME" | tee "$SHARED_FILE" - {{- end }} - setup.sh: |- - #!/bin/bash - - . /opt/drycc/scripts/mongodb-env.sh - . /opt/drycc/scripts/libfs.sh - . /opt/drycc/scripts/liblog.sh - . /opt/drycc/scripts/libvalidations.sh - - {{- if .Values.externalAccess.enabled }} - {{- if eq .Values.externalAccess.service.type "LoadBalancer" }} - {{- if .Values.externalAccess.autoDiscovery.enabled }} - export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" - {{- else }} - ID="${MY_POD_NAME#"{{ $fullname }}-"}" - export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") - {{- end }} - {{- else if eq .Values.externalAccess.service.type "NodePort" }} - ID="${MY_POD_NAME#"{{ $fullname }}-"}" - export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") - {{- if .Values.externalAccess.service.domain }} - export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.service.domain }} - {{- else }} - export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP - {{- end }} - {{- end }} - {{- end }} - - {{- if .Values.replicaSetConfigurationSettings.enabled }} - # placed here before root password env is overwritten - # makes no assumption about starting state - # ensures that any stepDown or non-default starting state is handled - /scripts/replicaSetConfigurationSettings.sh & - {{- end }} - - if is_empty_value "$MONGODB_ADVERTISED_PORT_NUMBER"; then - export MONGODB_ADVERTISED_PORT_NUMBER="$MONGODB_PORT_NUMBER" - fi - - info "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME" - info "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER" - - # Check for existing replica set in case there is no data in the PVC - # This is for cases where the PVC is lost or for MongoDB caches without - # persistence - current_primary="" - if is_dir_empty "${MONGODB_DATA_DIR}/db"; then - info "Data dir empty, checking if the replica set already exists" - {{- $replicaCount := int .Values.replicaCount }} - {{- $portNumber := int .Values.service.ports.mongodb }} - {{- $fullname := include "mongodb.fullname" . }} - {{- $releaseNamespace := include "mongodb.namespace" . }} - {{- $clusterDomain := .Values.clusterDomain }} - {{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} - {{- $mongoList := list }} - {{- range $e, $i := until $replicaCount }} - {{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} - {{- end }} - current_primary=$(mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }}{{- if .Values.tls.enabled}} --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert{{- end }} --eval 'db.runCommand("ismaster")' | awk -F\' '/primary/ {print $2}') - - if ! is_empty_value "$current_primary"; then - info "Detected existing primary: ${current_primary}" - fi - fi - - if ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" == "$current_primary" ]]; then - info "Advertised name matches current primary, configuring node as a primary" - export MONGODB_REPLICA_SET_MODE="primary" - elif ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" != "$current_primary" ]]; then - info "Current primary is different from this node. Configuring the node as replica of ${current_primary}" - export MONGODB_REPLICA_SET_MODE="secondary" - export MONGODB_INITIAL_PRIMARY_HOST="${current_primary%:*}" - export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="${current_primary#*:}" - export MONGODB_SET_SECONDARY_OK="yes" - elif [[ "$MY_POD_NAME" = "{{ $fullname }}-0" ]]; then - info "Pod name matches initial primary pod name, configuring node as a primary" - export MONGODB_REPLICA_SET_MODE="primary" - else - info "Pod name doesn't match initial primary pod name, configuring node as a secondary" - export MONGODB_REPLICA_SET_MODE="secondary" - export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER" - fi - - if [[ "$MONGODB_REPLICA_SET_MODE" == "secondary" ]]; then - export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER" - export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" - export MONGODB_ROOT_PASSWORD="" - export MONGODB_EXTRA_USERNAMES="" - export MONGODB_EXTRA_DATABASES="" - export MONGODB_EXTRA_PASSWORDS="" - export MONGODB_ROOT_PASSWORD_FILE="" - export MONGODB_EXTRA_USERNAMES_FILE="" - export MONGODB_EXTRA_DATABASES_FILE="" - export MONGODB_EXTRA_PASSWORDS_FILE="" - fi - - exec /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh - setup-hidden.sh: |- - #!/bin/bash - - . /opt/drycc/scripts/mongodb-env.sh - - {{- if .Values.externalAccess.hidden.enabled }} - {{- if eq .Values.externalAccess.hidden.service.type "LoadBalancer" }} - {{- if .Values.externalAccess.autoDiscovery.enabled }} - export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" - {{- else }} - ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}" - export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.hidden.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") - {{- end }} - {{- else if eq .Values.externalAccess.hidden.service.type "NodePort" }} - ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}" - export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.hidden.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") - {{- if .Values.externalAccess.hidden.service.domain }} - export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.hidden.service.domain }} - {{- else }} - export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP - {{- end }} - {{- end }} - {{- end }} - - {{- if .Values.replicaSetConfigurationSettings.enabled }} - # placed here before root password env is overwritten - # makes no assumption about starting state - # ensures that any stepDown or non-default starting state is handled - /scripts/replicaSetConfigurationSettings.sh & - {{- end }} - - echo "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME" - echo "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER" - echo "Configuring node as a hidden node" - export MONGODB_REPLICA_SET_MODE="hidden" - export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER" - export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" - export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER" - export MONGODB_ROOT_PASSWORD="" - export MONGODB_EXTRA_USERNAMES="" - export MONGODB_EXTRA_DATABASES="" - export MONGODB_EXTRA_PASSWORDS="" - export MONGODB_ROOT_PASSWORD_FILE="" - export MONGODB_EXTRA_USERNAMES_FILE="" - export MONGODB_EXTRA_DATABASES_FILE="" - export MONGODB_EXTRA_PASSWORDS_FILE="" - exec /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh - {{- if .Values.replicaSetConfigurationSettings.enabled }} - replicaSetConfigurationSettings.sh: |- - #!/bin/bash - # This script to be called when pod starts. - # This script sets rs settings which can not be applied via conf file - - function logger () - #$1 is the line to be logged - { - echo "replicaSetConfigurationSettings.sh -- ${1}" >&1 - } - - SLEEP_PERIOD=10 - - {{- if and .Values.auth.enabled .Values.auth.rootPassword }} - usernameAndPassword="-u root -p ${MONGODB_ROOT_PASSWORD}" - {{- else }} - usernameAndPassword="" - {{- end }} - - # load Values.replicaSetConfigurationSettings.configuration into associtive array which makes iterating and string manipulation easy - declare -A desiredRsConf - {{ range $setting, $value := .Values.replicaSetConfigurationSettings.configuration -}} - {{ printf "desiredRsConf[%s]='%v'" $setting $value }} - {{ end }} - - rsConfWriteAttempts=0 - rs_conf_configured_ok=unknown - - while [[ "${rs_conf_configured_ok}" != "true" ]]; do - - # give the rs setup a chance to succeed before attempting to read or configure - sleep ${SLEEP_PERIOD} - - counter=0 - while ! mongosh ${usernameAndPassword} --eval 'rs.conf()'; do - counter=$((${counter} +1)) - logger "not yet able to read rs.conf settings from the currently running rs (after ${counter} attempts)" - sleep ${SLEEP_PERIOD} - done - counter=$((${counter} +1)) - logger "rs.conf settings have been read from the currently running rs (after ${counter} attempts)" - - # read rs.conf again and store it. settings format is '"" : ,' - currentRsConf=$(mongosh ${usernameAndPassword} --eval 'rs.conf()') - - desiredEqualsactual=unknown - settingsToConfigure="" - for key in ${!desiredRsConf[@]}; do - value=${desiredRsConf[$key]} - if ! $(echo "\"${currentRsConf}"\" | grep -q -e "${key}: ${value},"); then - logger "rs conf setting: ${key} value will be set to: ${value}" - settingsToConfigure="${settingsToConfigure}cfg.settings.${key} = ${value}; " - desiredEqualsactual=false - else - logger "rs conf: ${key} is already at desired value: ${value}" - fi - done - - if [[ "${desiredEqualsactual}" != "false" ]]; then - logger "replicaSetConfigurationSettings match the settings of the currently running rs" - desiredEqualsactual=true - rs_conf_configured_ok=true - logger "Current settings match desired settings (There have been ${rsConfWriteAttempts} attempts to write to mongoDB rs configuration)" - exit - fi - - # apply the settings only if this member is currently the mongo replicaset PRIMARY - # it might take a little time before any pod is PRIMARY - isMaster=unknown - if ! mongosh ${usernameAndPassword} --eval 'rs.isMaster()' | grep -q "ismaster: true"; then - isMaster=false - logger "This node is not yet PRIMARY - replicaSetConfigurationSettings will only be set on the member that is currently PRIMARY" - else - isMaster=true - logger "This node is PRIMARY" - fi - - if [[ "${isMaster}" == "true" ]]; then - logger "This node is currently PRIMARY - will apply rs.conf settings" - - # avoiding tricky string substitution with single quotes by making the eval string a set of vars - rsconf="cfg = rs.conf();" - rsreconf="rs.reconfig(cfg);" - rsCommand="${rsconf} ${settingsToConfigure} ${rsreconf}" - - mongosh ${usernameAndPassword} --eval "${rsCommand}" - if [ $? -ne 0 ]; then - logger "Failed to apply mongodb cfg.settings configuration" - else - logger "mongodb replicaset cfg.settings configuration applied" - logger "Will check rs conf" - # don't exit just yet - the settings will be checked in the next loop - fi - rsConfWriteAttempts=$((${rsConfWriteAttempts} + 1 )) - fi - done - {{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml deleted file mode 100644 index e7c0ff1c..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml +++ /dev/null @@ -1,543 +0,0 @@ -{{- if eq .Values.architecture "replicaset" }} -{{- $replicaCount := int .Values.replicaCount }} -{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} -{{- if not (and .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer")) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.labels "context" $) | nindent 4 }} - {{- end }} - {{- if or .Values.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - serviceName: {{ include "mongodb.service.nameOverride" . }} - podManagementPolicy: {{ .Values.podManagementPolicy }} - persistentVolumeClaimRetentionPolicy: - whenDeleted: Delete - whenScaled: Delete - replicas: {{ .Values.replicaCount }} - {{- if .Values.updateStrategy }} - updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: mongodb - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: mongodb - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} - annotations: - {{- if (include "mongodb.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "mongodb.imagePullSecrets" . | nindent 6 }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "mongodb.serviceAccountName" . }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.runtimeClassName }} - runtimeClassName: {{ .Values.runtimeClassName }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{ if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "mongodb.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} - find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: generate-tls-certs - image: {{ include "mongodb.tls.image" . }} - imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - volumeMounts: - - name: certs-volume - mountPath: /certs/CAs - - name: certs - mountPath: /certs - - name: common-scripts - mountPath: /drycc/scripts - command: - - /drycc/scripts/generate-certs.sh - args: - - -s {{ include "mongodb.service.nameOverride" . }} - {{- if .Values.externalAccess.service.loadBalancerIPs }} - - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} - {{- end }} - {{- if .Values.tls.extraDnsNames }} - - -n {{ join "," .Values.tls.extraDnsNames }} - {{- end }} - {{- if .Values.tls.resources }} - resources: {{- toYaml .Values.tls.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} - - name: auto-discovery - image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} - imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} - command: - - /scripts/auto-discovery.sh - env: - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SHARED_FILE - value: "/shared/info.txt" - {{- if .Values.externalAccess.autoDiscovery.resources }} - resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: shared - mountPath: /shared - - name: scripts - mountPath: /scripts/auto-discovery.sh - subPath: auto-discovery.sh - {{- end }} - {{- end }} - containers: - - name: mongodb - image: {{ include "mongodb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- else }} - command: - - /scripts/setup.sh - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: DRYCC_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} - - name: SHARED_FILE - value: "/shared/info.txt" - {{- end }} - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: K8S_SERVICE_NAME - value: "{{ include "mongodb.service.nameOverride" . }}" - - name: MONGODB_INITIAL_PRIMARY_HOST - value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} - - name: MONGODB_REPLICA_SET_NAME - value: {{ .Values.replicaSetName | quote }} - {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.enabled) }} - - name: MONGODB_ADVERTISED_HOSTNAME - value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" - {{- end }} - {{- $customUsers := include "mongodb.customUsers" . -}} - {{- $customDatabases := include "mongodb.customDatabases" . -}} - {{- if not (empty $customUsers) }} - - name: MONGODB_EXTRA_USERNAMES - value: {{ $customUsers | quote }} - {{- end }} - {{- if not (empty $customDatabases) }} - - name: MONGODB_EXTRA_DATABASES - value: {{ $customDatabases | quote }} - {{- end }} - {{- if .Values.auth.enabled }} - {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} - - name: MONGODB_EXTRA_PASSWORDS - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-passwords - {{- end }} - - name: MONGODB_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - - name: MONGODB_REPLICA_SET_KEY - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-replica-set-key - {{- end }} - {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} - - name: MONGODB_METRICS_USERNAME - value: {{ .Values.metrics.username | quote }} - {{- if .Values.auth.enabled }} - - name: MONGODB_METRICS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-metrics-password - {{- end }} - {{- end }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - - name: MONGODB_SYSTEM_LOG_VERBOSITY - value: {{ .Values.systemLogVerbosity | quote }} - - name: MONGODB_DISABLE_SYSTEM_LOG - value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} - - name: MONGODB_DISABLE_JAVASCRIPT - value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} - - name: MONGODB_ENABLE_JOURNAL - value: {{ ternary "yes" "no" .Values.enableJournal | quote }} - - name: MONGODB_PORT_NUMBER - value: {{ .Values.containerPorts.mongodb | quote }} - - name: MONGODB_ENABLE_IPV6 - value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} - - name: MONGODB_ENABLE_DIRECTORY_PER_DB - value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} - {{- $extraFlags := .Values.extraFlags | join " " -}} - {{- if .Values.tls.enabled }} - {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} - {{- end }} - {{- if ne $extraFlags "" }} - - name: MONGODB_EXTRA_FLAGS - value: {{ $extraFlags | quote }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: MONGODB_CLIENT_EXTRA_FLAGS - value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . | quote }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ tpl .Values.extraEnvVarsSecret . | quote }} - {{- end }} - {{- end }} - ports: - - name: mongodb - containerPort: {{ .Values.containerPorts.mongodb }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/ping-mongodb.sh - {{- end }} - {{- if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/readiness-probe.sh - {{- end }} - {{- if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/startup-probe.sh - {{- end }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - - name: common-scripts - mountPath: /drycc/scripts - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d - {{- end }} - {{- if or .Values.configuration .Values.existingConfigmap }} - - name: config - mountPath: /opt/drycc/mongodb/conf/mongodb.conf - subPath: mongodb.conf - {{- end }} - - name: scripts - mountPath: /scripts/setup.sh - subPath: setup.sh - {{ if .Values.replicaSetConfigurationSettings.enabled }} - - name: scripts - mountPath: /scripts/replicaSetConfigurationSettings.sh - subPath: replicaSetConfigurationSettings.sh - {{- end }} - {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} - - name: shared - mountPath: /shared - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /certs - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "mongodb.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.metrics.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -ec - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.metrics.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} - {{- else }} - args: - - | - /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} - {{- end }} - env: - {{- if .Values.auth.enabled }} - {{- if not .Values.metrics.username }} - - name: MONGODB_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - {{- else }} - - name: MONGODB_METRICS_USERNAME - value: {{ .Values.metrics.username | quote }} - - name: MONGODB_METRICS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-metrics-password - {{- end }} - {{- end }} - volumeMounts: - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /certs - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.metrics.containerPort }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: common-scripts - configMap: - name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} - defaultMode: 0550 - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "mongodb.initdbScriptsCM" . }} - {{- end }} - {{- if or .Values.configuration .Values.existingConfigmap }} - - name: config - configMap: - name: {{ include "mongodb.configmapName" . }} - {{- end }} - {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} - - name: shared - emptyDir: {} - {{- end }} - - name: scripts - configMap: - name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} - defaultMode: 0755 - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - emptyDir: {} - - name: certs-volume - secret: - secretName: {{ template "mongodb.tlsSecretName" . }} - items: - - key: mongodb-ca-cert - path: mongodb-ca-cert - mode: 0600 - - key: mongodb-ca-key - path: mongodb-ca-key - mode: 0600 - {{- end }} - {{- if not .Values.persistence.enabled }} - - name: datadir - {{- if .Values.persistence.medium }} - emptyDir: - medium: {{ .Values.persistence.medium | quote }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: datadir - {{- if .Values.persistence.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.volumeClaimTemplates.requests }} - {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.persistence.volumeClaimTemplates.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.persistence.volumeClaimTemplates.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} - {{- end }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} - {{- end }} -{{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml deleted file mode 100644 index 55c56b87..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }} - -{{- $fullName := include "mongodb.fullname" . }} -{{- $replicaCount := .Values.replicaCount | int }} -{{- $root := . }} - -{{- range $i, $e := until $replicaCount }} -{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} -{{- $_ := set $ "targetPod" $targetPod }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-%d" $fullName $i }} - namespace: {{ include "mongodb.namespace" $ }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if $root.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or $root.Values.service.annotations $root.Values.commonAnnotations }} - annotations: - {{- if $root.Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if $root.Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ $root.Values.externalAccess.service.type }} - ports: - - name: {{ $root.Values.service.portName | quote }} - port: {{ $root.Values.service.ports.mongodb }} - targetPort: mongodb - {{- if $root.Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" $root.Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} - app.kubernetes.io/component: mongodb - statefulset.kubernetes.io/pod-name: {{ $targetPod }} ---- -{{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/role.yaml b/addons/mongodb/7.0/chart/mongodb/templates/role.yaml deleted file mode 100644 index 56300431..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/role.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -{{- if .Values.rbac.rules }} -{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} -{{- end -}} -{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- if and $pspAvailable .Values.podSecurityPolicy.create }} - - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ include "mongodb.fullname" . }}] -{{- end -}} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml b/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml deleted file mode 100644 index 8950f8bb..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - kind: Role - name: {{ include "mongodb.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ include "mongodb.serviceAccountName" . }} - namespace: {{ include "mongodb.namespace" . | quote }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml b/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml deleted file mode 100644 index 1c4e76ff..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if (include "mongodb.createTlsSecret" .) }} -{{- $fullname := include "mongodb.fullname" . }} -{{- $releaseNamespace := .Release.Namespace }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $cn := printf "%s.%s.svc.%s" $fullname .Release.Namespace $clusterDomain }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "mongodb.tlsSecretName" . }} - namespace: {{ template "mongodb.namespace" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if or .Values.tls.caCert .Values.tls.caKey (not .Values.tls.autoGenerated) }} - {{- $ca := buildCustomCert (required "A valid .Values.tls.caCert is required!" .Values.tls.caCert) (required "A valid .Values.tls.caKey is required!" .Values.tls.caKey) }} - {{- $cert := genSignedCert $cn nil nil 3650 $ca }} - {{- $pem := printf "%s%s" $cert.Cert $cert.Key }} - mongodb-ca-cert: {{ b64enc $ca.Cert }} - mongodb-ca-key: {{ b64enc $ca.Key }} - client-pem: {{ b64enc $pem }} - {{- else }} - {{- $ca:= genCA "myMongo-ca" 3650 }} - {{- $cert := genSignedCert $cn nil nil 3650 $ca }} - {{- $pem := printf "%s%s" $cert.Cert $cert.Key }} - mongodb-ca-cert: {{ b64enc $ca.Cert }} - mongodb-ca-key: {{ b64enc $ca.Key }} - client-pem: {{ b64enc $pem }} - {{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml b/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml deleted file mode 100644 index acf8c483..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if (include "mongodb.createSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ template "mongodb.namespace" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - mongodb-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-root-password" "providedValues" (list "auth.rootPassword" ) "context" $) }} - {{- $customUsers := include "mongodb.customUsers" . -}} - {{- $customDatabases := include "mongodb.customDatabases" . -}} - {{- $customPasswords := include "mongodb.customPasswords" . -}} - {{- $passwordList := list -}} - {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) -}} - {{- if not (empty $customPasswords) -}} - {{- $passwordList = $customPasswords -}} - {{- else -}} - {{- $customUsersList := splitList "," $customUsers -}} - {{- $customPasswordsList := list -}} - {{- range $customUsersList -}} - {{- $customPasswordsList = append $customPasswordsList (randAlphaNum 10) -}} - {{- end -}} - {{- $passwordList = (join "," $customPasswordsList) -}} - {{- end }} - mongodb-passwords: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-passwords" "providedValues" (list "mongodbPasswords") "context" (set (deepCopy $) "Values" (dict "mongodbPasswords" $passwordList))) }} - {{- end }} - {{- if .Values.metrics.username }} - mongodb-metrics-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-metrics-password" "providedValues" (list "metrics.password" ) "context" $) }} - {{- end }} - {{- if eq .Values.architecture "replicaset" }} - mongodb-replica-set-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-replica-set-key" "providedValues" (list "auth.replicaSetKey" ) "context" $) }} - {{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml b/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml deleted file mode 100644 index f4aa81a5..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "mongodb.serviceAccountName" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.serviceAccount.annotations }} - {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -secrets: - - name: {{ template "mongodb.fullname" . }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml b/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml deleted file mode 100644 index 0a00f719..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.serviceMonitor.namespace" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - app.kubernetes.io/component: metrics - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - app.kubernetes.io/component: metrics - endpoints: - - port: http-metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - namespaceSelector: - matchNames: - - "{{ include "mongodb.namespace" . }}" -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml deleted file mode 100644 index ba3b74d2..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml +++ /dev/null @@ -1,474 +0,0 @@ -{{- if not (eq .Values.architecture "replicaset") }} -apiVersion: {{ if .Values.useStatefulSet }}{{ include "common.capabilities.statefulset.apiVersion" . }}{{- else }}{{ include "common.capabilities.deployment.apiVersion" . }}{{- end }} -kind: {{ if .Values.useStatefulSet }}StatefulSet{{- else }}Deployment{{- end }} -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.labels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - replicas: 1 - {{- if .Values.useStatefulSet }} - serviceName: {{ include "mongodb.fullname" . }} - {{- end }} - {{- if .Values.updateStrategy}} - {{- if .Values.useStatefulSet }} - updateStrategy: - {{- else }} - strategy: - {{- end }} - {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end}} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: mongodb - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: mongodb - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} - annotations: - {{- if (include "mongodb.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "mongodb.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "mongodb.serviceAccountName" . }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.runtimeClassName }} - runtimeClassName: {{ .Values.runtimeClassName }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{ if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.tls.enabled }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "mongodb.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} - find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: generate-tls-certs - image: {{ include "mongodb.tls.image" . }} - imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - volumeMounts: - - name: certs-volume - mountPath: /certs/CAs - - name: certs - mountPath: /certs - - name: common-scripts - mountPath: /drycc/scripts - command: - - /drycc/scripts/generate-certs.sh - args: - - -s {{ include "mongodb.service.nameOverride" . }} - {{- if .Values.externalAccess.service.loadBalancerIPs }} - - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} - {{- end }} - {{- if .Values.tls.extraDnsNames }} - - -n {{ join "," .Values.tls.extraDnsNames }} - {{- end }} - {{- if .Values.tls.resources }} - resources: {{- toYaml .Values.tls.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- end }} - containers: - - name: mongodb - image: {{ include "mongodb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- $customUsers := include "mongodb.customUsers" . -}} - {{- $customDatabases := include "mongodb.customDatabases" . -}} - {{- if not (empty $customUsers) }} - - name: MONGODB_EXTRA_USERNAMES - value: {{ $customUsers | quote }} - {{- end }} - {{- if not (empty $customDatabases) }} - - name: MONGODB_EXTRA_DATABASES - value: {{ $customDatabases | quote }} - {{- end }} - {{- if .Values.auth.enabled }} - {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} - - name: MONGODB_EXTRA_PASSWORDS - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-passwords - {{- end }} - - name: MONGODB_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - {{- end }} - {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} - - name: MONGODB_METRICS_USERNAME - value: {{ .Values.metrics.username | quote }} - {{- if .Values.auth.enabled }} - - name: MONGODB_METRICS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-metrics-password - {{- end }} - {{- end }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - - name: MONGODB_SYSTEM_LOG_VERBOSITY - value: {{ .Values.systemLogVerbosity | quote }} - - name: MONGODB_DISABLE_SYSTEM_LOG - value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} - - name: MONGODB_DISABLE_JAVASCRIPT - value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} - - name: MONGODB_ENABLE_JOURNAL - value: {{ ternary "yes" "no" .Values.enableJournal | quote }} - - name: MONGODB_PORT_NUMBER - value: {{ .Values.containerPorts.mongodb | quote }} - - name: MONGODB_ENABLE_IPV6 - value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} - - name: MONGODB_ENABLE_DIRECTORY_PER_DB - value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} - {{- $extraFlags := .Values.extraFlags | join " " -}} - {{- if .Values.tls.enabled }} - {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} - {{- end }} - {{- if ne $extraFlags "" }} - - name: MONGODB_EXTRA_FLAGS - value: {{ $extraFlags | quote }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: MONGODB_CLIENT_EXTRA_FLAGS - value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . | quote }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ tpl .Values.extraEnvVarsSecret . | quote }} - {{- end }} - {{- end }} - ports: - - name: mongodb - containerPort: {{ .Values.containerPorts.mongodb }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/ping-mongodb.sh - {{- end }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/readiness-probe.sh - {{- end }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/startup-probe.sh - {{- end }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - - name: common-scripts - mountPath: /drycc/scripts - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d - {{- end }} - {{- if or .Values.configuration .Values.existingConfigmap }} - - name: config - mountPath: /opt/drycc/mongodb/conf/mongodb.conf - subPath: mongodb.conf - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /certs - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "mongodb.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.metrics.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -ec - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.metrics.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} - {{- else }} - args: - - | - /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} - {{- end }} - env: - {{- if .Values.auth.enabled }} - {{- if not .Values.metrics.username }} - - name: MONGODB_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - {{- else }} - - name: MONGODB_METRICS_USERNAME - value: {{ .Values.metrics.username | quote }} - - name: MONGODB_METRICS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-metrics-password - {{- end }} - {{- end }} - volumeMounts: - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /certs - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.metrics.containerPort }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: common-scripts - configMap: - name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} - defaultMode: 0550 - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "mongodb.initdbScriptsCM" . }} - {{- end }} - {{- if or .Values.configuration .Values.existingConfigmap }} - - name: config - configMap: - name: {{ include "mongodb.configmapName" . }} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - emptyDir: {} - - name: certs-volume - secret: - secretName: {{ template "mongodb.tlsSecretName" . }} - items: - - key: mongodb-ca-cert - path: mongodb-ca-cert - mode: 0600 - - key: mongodb-ca-key - path: mongodb-ca-key - mode: 0600 - {{- end }} - {{- if not .Values.persistence.enabled }} - - name: datadir - {{- if .Values.persistence.medium }} - emptyDir: - medium: {{ .Values.persistence.medium | quote }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else if .Values.persistence.existingClaim }} - - name: datadir - persistentVolumeClaim: - claimName: {{ printf "%s" (tpl .Values.persistence.existingClaim .) }} - {{- else if not .Values.useStatefulSet }} - - name: datadir - persistentVolumeClaim: - claimName: {{ template "mongodb.fullname" . }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: datadir - {{- if .Values.persistence.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.volumeClaimTemplates.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} - {{- end }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} - {{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml deleted file mode 100644 index 7786de63..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (not (eq .Values.architecture "replicaset")) (not .Values.useStatefulSet) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.persistence.annotations .Values.commonAnnotations .Values.persistence.resourcePolicy }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.persistence.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.persistence.resourcePolicy }} - helm.sh/resource-policy: {{ .Values.persistence.resourcePolicy | quote }} - {{- end }} - {{- end }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml deleted file mode 100644 index 44255798..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if not (eq .Values.architecture "replicaset") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: {{ toYaml .Values.service.externalIPs | nindent 4 }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if .Values.service.sessionAffinity }} - sessionAffinity: {{ .Values.service.sessionAffinity }} - {{- end }} - {{- if .Values.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: {{ .Values.service.portName | quote }} - port: {{ .Values.service.ports.mongodb }} - targetPort: mongodb - {{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) .Values.service.nodePorts.mongodb }} - nodePort: {{ .Values.service.nodePorts.mongodb }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: mongodb -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/values.schema.json b/addons/mongodb/7.0/chart/mongodb/values.schema.json deleted file mode 100644 index be8e54b4..00000000 --- a/addons/mongodb/7.0/chart/mongodb/values.schema.json +++ /dev/null @@ -1,173 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "architecture": { - "type": "string", - "title": "MongoDB® architecture", - "form": true, - "description": "Allowed values: `standalone` or `replicaset`" - }, - "auth": { - "type": "object", - "title": "Authentication configuration", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Authentication", - "form": true - }, - "rootUser": { - "type": "string", - "title": "MongoDB® admin user", - "form": true, - "description": "Name of the admin user. Default is root" - }, - "rootPassword": { - "type": "string", - "title": "MongoDB® admin password", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set", - "hidden": { - "value": false, - "path": "auth/enabled" - } - }, - "database": { - "type": "string", - "title": "MongoDB® custom database", - "description": "Name of the custom database to be created during the 1st initialization of MongoDB®", - "form": true - }, - "username": { - "type": "string", - "title": "MongoDB® custom user", - "description": "Name of the custom user to be created during the 1st initialization of MongoDB®. This user only has permissions on the MongoDB® custom database", - "form": true - }, - "password": { - "type": "string", - "title": "Password for MongoDB® custom user", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set", - "hidden": { - "value": false, - "path": "auth/enabled" - } - }, - "replicaSetKey": { - "type": "string", - "title": "Key used for replica set authentication", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set", - "hidden": { - "value": "standalone", - "path": "architecture" - } - } - } - }, - "replicaCount": { - "type": "integer", - "form": true, - "title": "Number of MongoDB® replicas", - "hidden": { - "value": "standalone", - "path": "architecture" - } - }, - "configuration": { - "type": "string", - "title": "MongoDB® Custom Configuration", - "form": true, - "render": "textArea" - }, - "arbiter": { - "type": "object", - "title": "Arbiter configuration", - "form": true, - "properties": { - "configuration": { - "type": "string", - "title": "Arbiter Custom Configuration", - "form": true, - "render": "textArea", - "hidden": { - "value": "standalone", - "path": "architecture" - } - } - } - }, - "persistence": { - "type": "object", - "title": "Persistence configuration", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable persistence", - "description": "Enable persistence using Persistent Volume Claims" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "persistence/enabled" - } - } - } - }, - "volumePermissions": { - "type": "object", - "hidden": { - "value": false, - "path": "persistence/enabled" - }, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" - } - } - }, - "metrics": { - "type": "object", - "form": true, - "title": "Prometheus metrics details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus metrics exporter", - "description": "Create a side-car container to expose Prometheus metrics", - "form": true - }, - "serviceMonitor": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus Operator ServiceMonitor", - "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", - "form": true, - "hidden": { - "value": false, - "path": "metrics/enabled" - } - } - } - } - } - } - } -} diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml deleted file mode 100644 index 3ffc0b04..00000000 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ /dev/null @@ -1,2053 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## @param global.namespaceOverride Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - namespaceOverride: "" - -## @section Common parameters -## - -## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override mongodb.fullname template -## -fullnameOverride: "" -## @param namespaceOverride String to fully override common.names.namespace -## -namespaceOverride: "" -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param clusterDomain Default Kubernetes cluster domain -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## extraDeploy: -## This needs to be uncommented and added to 'extraDeploy' in order to use the replicaset 'mongo-labeler' sidecar -## for dynamically discovering the mongodb primary pod -## suggestion is to use a hard-coded and predictable TCP port for the primary mongodb pod (here is 30001, choose your own) -## - apiVersion: v1 -## kind: Service -## metadata: -## name: mongodb-primary -## namespace: the-mongodb-namespace -## labels: -## app.kubernetes.io/component: mongodb -## app.kubernetes.io/instance: mongodb -## app.kubernetes.io/managed-by: Helm -## app.kubernetes.io/name: mongodb -## spec: -## type: NodePort -## externalTrafficPolicy: Cluster -## ports: -## - name: mongodb -## port: 30001 -## nodePort: 30001 -## protocol: TCP -## targetPort: mongodb -## selector: -## app.kubernetes.io/component: mongodb -## app.kubernetes.io/instance: mongodb -## app.kubernetes.io/name: mongodb -## primary: "true" -## -extraDeploy: [] -## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} -## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} - -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity - -## @section MongoDB(®) parameters -## - -## Drycc MongoDB(®) image -## ref: https://hub.docker.com/r/drycc/mongodb/tags/ -## @param image.registry MongoDB(®) image registry -## @param image.repository MongoDB(®) image registry -## @param image.tag MongoDB(®) image tag (immutable tags are recommended) -## @param image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag -## @param image.pullPolicy MongoDB(®) image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Set to true if you would like to see extra information on logs -## -image: - registry: registry.drycc.cc - repository: drycc-addons/mongodb - tag: "7.0" - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false - -## @param schedulerName Name of the scheduler (other than default) to dispatch pods -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`) -## -architecture: replicaset -## @param useStatefulSet Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) -## -useStatefulSet: false -## MongoDB(®) Authentication parameters -## -auth: - ## @param auth.enabled Enable authentication - ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ - ## - enabled: true - ## @param auth.rootUser MongoDB(®) root user - ## - rootUser: root - ## @param auth.rootPassword MongoDB(®) root password - ## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#setting-the-root-user-and-password-on-first-run - ## - rootPassword: "" - ## MongoDB(®) custom users and databases - ## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#creating-a-user-and-database-on-first-run - ## @param auth.usernames List of custom users to be created during the initialization - ## @param auth.passwords List of passwords for the custom users set at `auth.usernames` - ## @param auth.databases List of custom databases to be created during the initialization - ## - usernames: [] - passwords: [] - databases: [] - ## @param auth.username DEPRECATED: use `auth.usernames` instead - ## @param auth.password DEPRECATED: use `auth.passwords` instead - ## @param auth.database DEPRECATED: use `auth.databases` instead - username: "" - password: "" - database: "" - ## @param auth.replicaSetKey Key used for authentication in the replicaset (only when `architecture=replicaset`) - ## - replicaSetKey: "" - ## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) - ## NOTE: When it's set the previous parameters are ignored. - ## - existingSecret: "" -tls: - ## @param tls.enabled Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes - ## - enabled: false - ## @param tls.autoGenerated Generate a custom CA and self-signed certificates - ## - autoGenerated: true - ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) - ## NOTE: When it's set it will disable certificate creation - ## - existingSecret: "" - ## Add Custom CA certificate - ## @param tls.caCert Custom CA certificated (base64 encoded) - ## @param tls.caKey CA certificate private key (base64 encoded) - ## - caCert: "" - caKey: "" - ## Drycc Nginx image - ## @param tls.image.registry Init container TLS certs setup image registry - ## @param tls.image.repository Init container TLS certs setup image repository - ## @param tls.image.tag Init container TLS certs setup image tag (immutable tags are recommended) - ## @param tls.image.digest Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param tls.image.pullPolicy Init container TLS certs setup image pull policy - ## @param tls.image.pullSecrets Init container TLS certs specify docker-registry secret names as an array - ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients - ## - image: - registry: docker.io - repository: drycc/nginx - tag: 1.23.1-debian-11-r26 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - - ## e.g: - ## extraDnsNames - ## "DNS.6": "$my_host" - ## "DNS.7": "$test" - ## - extraDnsNames: [] - ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) - ## - mode: requireTLS - ## Init Container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param tls.resources.limits Init container generate-tls-certs resource limits - ## @param tls.resources.requests Init container generate-tls-certs resource requests - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} -## @param hostAliases Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param replicaSetName Name of the replica set (only when `architecture=replicaset`) -## Ignored when mongodb.architecture=standalone -## -replicaSetName: rs0 -## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) -## Ignored when mongodb.architecture=standalone -## Ignored when externalAccess.enabled=true -## -replicaSetHostnames: true -## @param enableIPv6 Switch to enable/disable IPv6 on MongoDB(®) -## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#enablingdisabling-ipv6 -## -enableIPv6: false -## @param directoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB(®) -## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#enablingdisabling-directoryperdb -## -directoryPerDB: false -## MongoDB(®) System Log configuration -## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#configuring-system-log-verbosity-level -## @param systemLogVerbosity MongoDB(®) system log verbosity level -## @param disableSystemLog Switch to enable/disable MongoDB(®) system log -## -systemLogVerbosity: 0 -disableSystemLog: false -## @param disableJavascript Switch to enable/disable MongoDB(®) server-side JavaScript execution -## ref: https://docs.mongodb.com/manual/core/server-side-javascript/ -## -disableJavascript: false -## @param enableJournal Switch to enable/disable MongoDB(®) Journaling -## ref: https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-storage.journal.enabled -## -enableJournal: true -## @param configuration MongoDB(®) configuration file to be used for Primary and Secondary nodes -## For documentation of all options, see: http://docs.mongodb.org/manual/reference/configuration-options/ -## Example: -## configuration: |- -## # where and how to store data. -## storage: -## dbPath: /drycc/mongodb/data/db -## journal: -## enabled: true -## directoryPerDB: false -## # where to write logging data -## systemLog: -## destination: file -## quiet: false -## logAppend: true -## logRotate: reopen -## path: /opt/drycc/mongodb/logs/mongodb.log -## verbosity: 0 -## # network interfaces -## net: -## port: 27017 -## unixDomainSocket: -## enabled: true -## pathPrefix: /opt/drycc/mongodb/tmp -## ipv6: false -## bindIpAll: true -## # replica set options -## #replication: -## #replSetName: replicaset -## #enableMajorityReadConcern: true -## # process management optionsT -## processManagement: -## fork: false -## pidFilePath: /opt/drycc/mongodb/tmp/mongodb.pid -## # set parameter options -## setParameter: -## enableLocalhostAuthBypass: true -## # security options -## security: -## authorization: disabled -## #keyFile: /opt/drycc/mongodb/conf/keyfile -## -configuration: "" -## @section replicaSetConfigurationSettings settings applied during runtime (not via configuration file) -## If enabled, these are applied by a script which is called within setup.sh -## for documentation see https://docs.mongodb.com/manual/reference/replica-configuration/#replica-set-configuration-fields -## @param replicaSetConfigurationSettings.enabled Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings -## @param replicaSetConfigurationSettings.configuration run-time rs.conf settings -## -replicaSetConfigurationSettings: - enabled: false - configuration: {} -## chainingAllowed : false -## heartbeatTimeoutSecs : 10 -## heartbeatIntervalMillis : 2000 -## electionTimeoutMillis : 10000 -## catchUpTimeoutMillis : 30000 -## @param existingConfigmap Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes -## NOTE: When it's set the arbiter.configuration parameter is ignored -## -existingConfigmap: "" -## @param initdbScripts Dictionary of initdb scripts -## Specify dictionary of scripts to be run at first boot -## Example: -## initdbScripts: -## my_init_script.sh: | -## #!/bin/bash -## echo "Do something." -## -initdbScripts: {} -## @param initdbScriptsConfigMap Existing ConfigMap with custom initdb scripts -## -initdbScriptsConfigMap: "" -## Command and args for running the container (set to default if not set). Use array form -## @param command Override default container command (useful when using custom images) -## @param args Override default container args (useful when using custom images) -## -command: [] -args: [] -## @param extraFlags MongoDB(®) additional command line flags -## Example: -## extraFlags: -## - "--wiredTigerCacheSizeGB=2" -## -extraFlags: [] -## @param extraEnvVars Extra environment variables to add to MongoDB(®) pods -## E.g: -## extraEnvVars: -## - name: FOO -## value: BAR -## -extraEnvVars: [] -## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) -## -extraEnvVarsSecret: "" - -## @section MongoDB(®) statefulset parameters -## - -## @param annotations Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template -## -annotations: {} -## @param labels Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template -## -labels: {} -## @param replicaCount Number of MongoDB(®) nodes (only when `architecture=replicaset`) -## Ignored when mongodb.architecture=standalone -## -replicaCount: 3 -## @param updateStrategy.type Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, -## this parameter will be applied on a deployment object. In other case it will be applied on a statefulset object -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## Example: -## updateStrategy: -## type: RollingUpdate -## rollingUpdate: -## maxSurge: 25% -## maxUnavailable: 25% -## -updateStrategy: - type: RollingUpdate -## @param podManagementPolicy Pod management policy for MongoDB(®) -## Should be initialized one by one when building the replicaset for the first time -## -podManagementPolicy: OrderedReady -## @param podAffinityPreset MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key MongoDB(®) Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values MongoDB(®) Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity MongoDB(®) Affinity for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector MongoDB(®) Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations MongoDB(®) Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param topologySpreadConstraints MongoDB(®) Spread Constraints for Pods -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -## -topologySpreadConstraints: [] -## @param lifecycleHooks LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup -## -lifecycleHooks: {} -## @param terminationGracePeriodSeconds MongoDB(®) Termination Grace Period -## -terminationGracePeriodSeconds: "" -## @param podLabels MongoDB(®) pod labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations MongoDB(®) Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param priorityClassName Name of the existing priority class to be used by MongoDB(®) pod(s) -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" -## @param runtimeClassName Name of the runtime class to be used by MongoDB(®) pod(s) -## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ -## -runtimeClassName: "" -## MongoDB(®) pods' Security Context. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable MongoDB(®) pod(s)' Security Context -## @param podSecurityContext.fsGroup Group ID for the volumes of the MongoDB(®) pod(s) -## @param podSecurityContext.sysctls sysctl settings of the MongoDB(®) pod(s)' -## -podSecurityContext: - enabled: true - fsGroup: 1001 - ## sysctl settings - ## Example: - ## sysctls: - ## - name: net.core.somaxconn - ## value: "10000" - ## - sysctls: [] -## MongoDB(®) containers' Security Context (main and metrics container). -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable MongoDB(®) container(s)' Security Context -## @param containerSecurityContext.runAsUser User ID for the MongoDB(®) container -## @param containerSecurityContext.runAsNonRoot Set MongoDB(®) container's Security Context runAsNonRoot -## -containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true -## MongoDB(®) containers' resource requests and limits. -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for MongoDB(®) containers -## @param resources.requests The requested resources for MongoDB(®) containers -## -resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} -## @param containerPorts.mongodb MongoDB(®) container port -containerPorts: - mongodb: 27017 -## MongoDB(®) pods' liveness probe. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - successThreshold: 1 -## MongoDB(®) pods' readiness probe. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Slow starting containers can be protected through startup probes -## Startup probes are available in Kubernetes version 1.16 and above -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes -## @param startupProbe.enabled Enable startupProbe -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - initialDelaySeconds: 5 - periodSeconds: 20 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 30 -## @param customLivenessProbe Override default liveness probe for MongoDB(®) containers -## Ignored when livenessProbe.enabled=true -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe for MongoDB(®) containers -## Ignored when readinessProbe.enabled=true -## -customReadinessProbe: {} -## @param customStartupProbe Override default startup probe for MongoDB(®) containers -## Ignored when startupProbe.enabled=true -## -customStartupProbe: {} -## @param initContainers Add additional init containers for the hidden node pod(s) -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param sidecars Add additional sidecar containers for the MongoDB(®) pod(s) -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## This is an optional 'mongo-labeler' sidecar container that tracks replica-set for the primary mongodb pod -## and labels it dynamically with ' primary: "true" ' in order for an extra-deployed service to always expose -## and attach to the primary pod, this needs to be uncommented along with the suggested 'extraDeploy' example -## and the suggested rbac example for the pod to be allowed adding labels to mongo replica pods -## search 'mongo-labeler' through this file to find the sections that needs to be uncommented to make it work -## -## - name: mongo-labeler -## image: korenlev/k8s-mongo-labeler-sidecar -## imagePullPolicy: Always -## env: -## - name: LABEL_SELECTOR -## value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb" -## - name: NAMESPACE -## value: "the-mongodb-namespace" -## - name: DEBUG -## value: "true" -## -sidecars: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) -## Examples: -## extraVolumeMounts: -## - name: extras -## mountPath: /usr/share/extras -## readOnly: true -## -extraVolumeMounts: [] -## @param extraVolumes Optionally specify extra list of additional volumes to the MongoDB(®) statefulset -## extraVolumes: -## - name: extras -## emptyDir: {} -## -extraVolumes: [] -## MongoDB(®) Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## -pdb: - ## @param pdb.create Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) - ## - create: false - ## @param pdb.minAvailable Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction - ## - minAvailable: 1 - ## @param pdb.maxUnavailable Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction - ## - maxUnavailable: "" - -## @section Traffic exposure parameters -## - -## Service parameters -## -service: - ## @param service.nameOverride MongoDB(®) service name - ## - nameOverride: "" - ## @param service.type Kubernetes Service type (only for standalone architecture) - ## - type: ClusterIP - ## @param service.portName MongoDB(®) service port name (only for standalone architecture) - ## - portName: mongodb - ## @param service.ports.mongodb MongoDB(®) service port. - ## - ports: - mongodb: 27017 - ## @param service.nodePorts.mongodb Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePorts: - mongodb: "" - ## @param service.clusterIP MongoDB(®) service cluster IP (only for standalone architecture) - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips - ## - externalIPs: [] - ## @param service.loadBalancerIP loadBalancerIP for MongoDB(®) Service (only for standalone architecture) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - loadBalancerSourceRanges: [] - ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param service.annotations Provide any additional annotations that may be required - ## - annotations: {} - ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture) - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Local - ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/user-guide/services/ - ## - sessionAffinity: None - ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - -## External Access to MongoDB(®) nodes configuration -## -externalAccess: - ## @param externalAccess.enabled Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) - ## - enabled: false - ## External IPs auto-discovery configuration - ## An init container is used to auto-detect LB IPs or node ports by querying the K8s API - ## Note: RBAC might be required - ## - autoDiscovery: - ## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs by querying the K8s API - ## - enabled: false - ## Drycc Kubectl image - ## ref: https://hub.docker.com/r/drycc/kubectl/tags/ - ## @param externalAccess.autoDiscovery.image.registry Init container auto-discovery image registry - ## @param externalAccess.autoDiscovery.image.repository Init container auto-discovery image repository - ## @param externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended) - ## @param externalAccess.autoDiscovery.image.digest Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy - ## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets - ## - image: - registry: docker.io - repository: drycc/kubectl - tag: 1.25.2-debian-11-r2 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init Container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param externalAccess.autoDiscovery.resources.limits Init container auto-discovery resource limits - ## @param externalAccess.autoDiscovery.resources.requests Init container auto-discovery resource requests - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## Parameters to configure K8s service(s) used to externally access MongoDB(®) - ## A new service per broker will be created - ## - service: - ## @param externalAccess.service.type Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP - ## - type: LoadBalancer - ## @param externalAccess.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer - ## - portName: "mongodb" - ## @param externalAccess.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer - ## - ports: - mongodb: 27017 - ## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes - ## Example: - ## loadBalancerIPs: - ## - X.X.X.X - ## - Y.Y.Y.Y - ## - loadBalancerIPs: [] - ## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## Example: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param externalAccess.service.externalTrafficPolicy MongoDB(®) service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Local - ## @param externalAccess.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort - ## Example: - ## nodePorts: - ## - 30001 - ## - 30002 - ## - nodePorts: [] - ## @param externalAccess.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort - ## If not specified, the container will try to get the kubernetes node external IP - ## e.g: - ## domain: mydomain.com - ## - domain: "" - ## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param externalAccess.service.annotations Service annotations for external access - ## - annotations: {} - ## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/user-guide/services/ - ## - sessionAffinity: None - ## @param externalAccess.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## External Access to MongoDB(®) Hidden nodes configuration - ## - hidden: - ## @param externalAccess.hidden.enabled Enable Kubernetes external cluster access to MongoDB(®) hidden nodes - ## - enabled: false - ## Parameters to configure K8s service(s) used to externally access MongoDB(®) - ## A new service per broker will be created - ## - service: - ## @param externalAccess.hidden.service.type Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer - ## - type: LoadBalancer - ## @param externalAccess.hidden.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer - ## - portName: "mongodb" - ## @param externalAccess.hidden.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer - ## - ports: - mongodb: 27017 - ## @param externalAccess.hidden.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes - ## Example: - ## loadBalancerIPs: - ## - X.X.X.X - ## - Y.Y.Y.Y - ## - loadBalancerIPs: [] - ## @param externalAccess.hidden.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## Example: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param externalAccess.hidden.service.externalTrafficPolicy MongoDB(®) service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Local - ## @param externalAccess.hidden.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount - ## Example: - ## nodePorts: - ## - 30001 - ## - 30002 - ## - nodePorts: [] - ## @param externalAccess.hidden.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort - ## If not specified, the container will try to get the kubernetes node external IP - ## e.g: - ## domain: mydomain.com - ## - domain: "" - ## @param externalAccess.hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param externalAccess.hidden.service.annotations Service annotations for external access - ## - annotations: {} - ## @param externalAccess.hidden.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/user-guide/services/ - ## - sessionAffinity: None - ## @param externalAccess.hidden.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - -## @section Persistence parameters -## - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable MongoDB(®) data persistence using PVC - ## - enabled: true - ## @param persistence.medium Provide a medium for `emptyDir` volumes. - ## Requires persistence.enabled: false - ## - medium: "" - ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## Ignored when mongodb.architecture=replicaset - ## - existingClaim: "" - ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted - resourcePolicy: "" - ## @param persistence.storageClass PVC Storage Class for MongoDB(®) data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. - ## - storageClass: "" - ## @param persistence.accessModes PV Access Mode - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size PVC Storage Request for MongoDB(®) data volume - ## - size: 8Gi - ## @param persistence.annotations PVC annotations - ## - annotations: {} - ## @param persistence.mountPath Path to mount the volume at - ## MongoDB(®) images. - ## - mountPath: /drycc/mongodb - ## @param persistence.subPath Subdirectory of the volume to mount at - ## and one PV for multiple services. - ## - subPath: "" - ## Fine tuning for volumeClaimTemplates - ## - volumeClaimTemplates: - ## @param persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) - ## A label query over volumes to consider for binding (e.g. when using local volumes) - ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details - ## - selector: {} - ## @param persistence.volumeClaimTemplates.requests Custom PVC requests attributes - ## Sometime cloud providers use additional requests attributes to provision custom storage instance - ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset - ## - requests: {} - ## @param persistence.volumeClaimTemplates.dataSource Add dataSource to the VolumeClaimTemplate - ## - dataSource: {} - -## @section RBAC parameters -## - -## ServiceAccount -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Enable creation of ServiceAccount for MongoDB(®) pods - ## - create: true - ## @param serviceAccount.name Name of the created serviceAccount - ## If not set and create is true, a name is generated using the mongodb.fullname template - ## - name: "" - ## @param serviceAccount.annotations Additional Service Account annotations - ## - annotations: {} - ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created - ## Can be set to false if pods using this serviceAccount do not need to use K8s API - ## - automountServiceAccountToken: true -## Role Based Access -## ref: https://kubernetes.io/docs/admin/authorization/rbac/ -## -rbac: - ## @param rbac.create Whether to create & use RBAC resources or not - ## binding MongoDB(®) ServiceAccount to a role - ## that allows MongoDB(®) pods querying the K8s API - ## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery - ## - create: false - ## @param rbac.rules Custom rules to create following the role specification - ## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod: - ## rules: - ## - apiGroups: - ## - "" - ## resources: - ## - pods - ## verbs: - ## - get - ## - list - ## - watch - ## - update - ## - rules: [] -## PodSecurityPolicy configuration -## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created. -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later - ## - create: false - ## @param podSecurityPolicy.allowPrivilegeEscalation Enable privilege escalation - ## Either use predefined policy with some adjustments or use `podSecurityPolicy.spec` - ## - allowPrivilegeEscalation: false - ## @param podSecurityPolicy.privileged Allow privileged - ## - privileged: false - ## @param podSecurityPolicy.spec Specify the full spec to use for Pod Security Policy - ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - ## Defining a spec ignores the above values. - ## - spec: {} - ## Example: - ## allowPrivilegeEscalation: false - ## fsGroup: - ## rule: 'MustRunAs' - ## ranges: - ## - min: 1001 - ## max: 1001 - ## hostIPC: false - ## hostNetwork: false - ## hostPID: false - ## privileged: false - ## readOnlyRootFilesystem: false - ## requiredDropCapabilities: - ## - ALL - ## runAsUser: - ## rule: 'MustRunAs' - ## ranges: - ## - min: 1001 - ## max: 1001 - ## seLinux: - ## rule: 'RunAsAny' - ## supplementalGroups: - ## rule: 'MustRunAs' - ## ranges: - ## - min: 1001 - ## max: 1001 - ## volumes: - ## - 'configMap' - ## - 'secret' - ## - 'emptyDir' - ## - 'persistentVolumeClaim' - ## - -## @section Volume Permissions parameters -## -## Init Container parameters -## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component -## values from the securityContext section of the component -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: drycc/drycc-shell - tag: 11-debian-11-r37 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init Container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits Init container volume-permissions resource limits - ## @param volumePermissions.resources.requests Init container volume-permissions resource requests - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## Init container Security Context - ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false and shmVolume.chmod.enabled=false - ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container - ## - securityContext: - runAsUser: 0 - -## @section Arbiter parameters -## - -arbiter: - ## @param arbiter.enabled Enable deploying the arbiter - ## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/ - ## - enabled: false - ## @param arbiter.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param arbiter.configuration Arbiter configuration file to be used - ## http://docs.mongodb.org/manual/reference/configuration-options/ - ## - configuration: "" - ## @param arbiter.existingConfigmap Name of existing ConfigMap with Arbiter configuration - ## NOTE: When it's set the arbiter.configuration parameter is ignored - ## - existingConfigmap: "" - ## Command and args for running the container (set to default if not set). Use array form - ## @param arbiter.command Override default container command (useful when using custom images) - ## @param arbiter.args Override default container args (useful when using custom images) - ## - command: [] - args: [] - ## @param arbiter.extraFlags Arbiter additional command line flags - ## Example: - ## extraFlags: - ## - "--wiredTigerCacheSizeGB=2" - ## - extraFlags: [] - ## @param arbiter.extraEnvVars Extra environment variables to add to Arbiter pods - ## E.g: - ## extraEnvVars: - ## - name: FOO - ## value: BAR - ## - extraEnvVars: [] - ## @param arbiter.extraEnvVarsCM Name of existing ConfigMap containing extra env vars - ## - extraEnvVarsCM: "" - ## @param arbiter.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param arbiter.annotations Additional labels to be added to the Arbiter statefulset - ## - annotations: {} - ## @param arbiter.labels Annotations to be added to the Arbiter statefulset - ## - labels: {} - ## @param arbiter.topologySpreadConstraints MongoDB(®) Spread Constraints for arbiter Pods - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - topologySpreadConstraints: [] - ## @param arbiter.lifecycleHooks LifecycleHook for the Arbiter container to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param arbiter.terminationGracePeriodSeconds Arbiter Termination Grace Period - ## - terminationGracePeriodSeconds: "" - ## @param arbiter.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: RollingUpdate - ## @param arbiter.podManagementPolicy Pod management policy for MongoDB(®) - ## Should be initialized one by one when building the replicaset for the first time - ## - podManagementPolicy: OrderedReady - ## @param arbiter.schedulerName Name of the scheduler (other than default) to dispatch pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param arbiter.podAffinityPreset Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param arbiter.podAntiAffinityPreset Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param arbiter.nodeAffinityPreset.type Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param arbiter.nodeAffinityPreset.key Arbiter Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param arbiter.nodeAffinityPreset.values Arbiter Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param arbiter.affinity Arbiter Affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: arbiter.podAffinityPreset, arbiter.podAntiAffinityPreset, and arbiter.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param arbiter.nodeSelector Arbiter Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param arbiter.tolerations Arbiter Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param arbiter.podLabels Arbiter pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param arbiter.podAnnotations Arbiter Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param arbiter.priorityClassName Name of the existing priority class to be used by Arbiter pod(s) - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param arbiter.runtimeClassName Name of the runtime class to be used by Arbiter pod(s) - ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ - ## - runtimeClassName: "" - ## MongoDB(®) Arbiter pods' Security Context. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param arbiter.podSecurityContext.enabled Enable Arbiter pod(s)' Security Context - ## @param arbiter.podSecurityContext.fsGroup Group ID for the volumes of the Arbiter pod(s) - ## @param arbiter.podSecurityContext.sysctls sysctl settings of the Arbiter pod(s)' - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## sysctl settings - ## Example: - ## sysctls: - ## - name: net.core.somaxconn - ## value: "10000" - ## - sysctls: [] - ## MongoDB(®) Arbiter containers' Security Context (only main container). - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param arbiter.containerSecurityContext.enabled Enable Arbiter container(s)' Security Context - ## @param arbiter.containerSecurityContext.runAsUser User ID for the Arbiter container - ## @param arbiter.containerSecurityContext.runAsNonRoot Set Arbiter containers' Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## MongoDB(®) Arbiter containers' resource requests and limits. - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param arbiter.resources.limits The resources limits for Arbiter containers - ## @param arbiter.resources.requests The requested resources for Arbiter containers - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port - ## - containerPorts: - mongodb: 27017 - ## MongoDB(®) Arbiter pods' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param arbiter.livenessProbe.enabled Enable livenessProbe - ## @param arbiter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param arbiter.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param arbiter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param arbiter.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param arbiter.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - successThreshold: 1 - ## MongoDB(®) Arbiter pods' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param arbiter.readinessProbe.enabled Enable readinessProbe - ## @param arbiter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param arbiter.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param arbiter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param arbiter.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param arbiter.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - successThreshold: 1 - ## MongoDB(®) Arbiter pods' startup probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param arbiter.startupProbe.enabled Enable startupProbe - ## @param arbiter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param arbiter.startupProbe.periodSeconds Period seconds for startupProbe - ## @param arbiter.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param arbiter.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param arbiter.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 30 - ## @param arbiter.customLivenessProbe Override default liveness probe for Arbiter containers - ## Ignored when arbiter.livenessProbe.enabled=true - ## - customLivenessProbe: {} - ## @param arbiter.customReadinessProbe Override default readiness probe for Arbiter containers - ## Ignored when arbiter.readinessProbe.enabled=true - ## - customReadinessProbe: {} - ## @param arbiter.customStartupProbe Override default startup probe for Arbiter containers - ## Ignored when arbiter.startupProbe.enabled=true - ## - customStartupProbe: {} - ## @param arbiter.initContainers Add additional init containers for the Arbiter pod(s) - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param arbiter.sidecars Add additional sidecar containers for the Arbiter pod(s) - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param arbiter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Arbiter container(s) - ## Examples: - ## extraVolumeMounts: - ## - name: extras - ## mountPath: /usr/share/extras - ## readOnly: true - ## - extraVolumeMounts: [] - ## @param arbiter.extraVolumes Optionally specify extra list of additional volumes to the Arbiter statefulset - ## extraVolumes: - ## - name: extras - ## emptyDir: {} - ## - extraVolumes: [] - ## MongoDB(®) Arbiter Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param arbiter.pdb.create Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) - ## - create: false - ## @param arbiter.pdb.minAvailable Minimum number/percentage of Arbiter pods that should remain scheduled - ## - minAvailable: 1 - ## @param arbiter.pdb.maxUnavailable Maximum number/percentage of Arbiter pods that may be made unavailable - ## - maxUnavailable: "" - ## MongoDB(®) Arbiter service parameters - ## - service: - ## @param arbiter.service.nameOverride The arbiter service name - ## - nameOverride: "" - ## @param arbiter.service.ports.mongodb MongoDB(®) service port - ## - ports: - mongodb: 27017 - ## @param arbiter.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param arbiter.service.annotations Provide any additional annotations that may be required - ## - annotations: {} - -## @section Hidden Node parameters -## - -hidden: - ## @param hidden.enabled Enable deploying the hidden nodes - ## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/ - ## - enabled: false - ## @param hidden.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param hidden.configuration Hidden node configuration file to be used - ## http://docs.mongodb.org/manual/reference/configuration-options/ - ## - configuration: "" - ## @param hidden.existingConfigmap Name of existing ConfigMap with Hidden node configuration - ## NOTE: When it's set the hidden.configuration parameter is ignored - ## - existingConfigmap: "" - ## Command and args for running the container (set to default if not set). Use array form - ## @param hidden.command Override default container command (useful when using custom images) - ## @param hidden.args Override default container args (useful when using custom images) - ## - command: [] - args: [] - ## @param hidden.extraFlags Hidden node additional command line flags - ## Example: - ## extraFlags: - ## - "--wiredTigerCacheSizeGB=2" - ## - extraFlags: [] - ## @param hidden.extraEnvVars Extra environment variables to add to Hidden node pods - ## E.g: - ## extraEnvVars: - ## - name: FOO - ## value: BAR - ## - extraEnvVars: [] - ## @param hidden.extraEnvVarsCM Name of existing ConfigMap containing extra env vars - ## - extraEnvVarsCM: "" - ## @param hidden.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param hidden.annotations Additional labels to be added to thehidden node statefulset - ## - annotations: {} - ## @param hidden.labels Annotations to be added to the hidden node statefulset - ## - labels: {} - ## @param hidden.topologySpreadConstraints MongoDB(®) Spread Constraints for hidden Pods - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - topologySpreadConstraints: [] - ## @param hidden.lifecycleHooks LifecycleHook for the Hidden container to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param hidden.replicaCount Number of hidden nodes (only when `architecture=replicaset`) - ## Ignored when mongodb.architecture=standalone - ## - replicaCount: 1 - ## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period - ## - terminationGracePeriodSeconds: "" - ## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: RollingUpdate - ## @param hidden.podManagementPolicy Pod management policy for hidden node - ## - podManagementPolicy: OrderedReady - ## @param hidden.schedulerName Name of the scheduler (other than default) to dispatch pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param hidden.podAffinityPreset Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param hidden.podAntiAffinityPreset Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard - ## - nodeAffinityPreset: - ## @param hidden.nodeAffinityPreset.type Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param hidden.nodeAffinityPreset.key Hidden Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param hidden.nodeAffinityPreset.values Hidden Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param hidden.affinity Hidden node Affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param hidden.nodeSelector Hidden node Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param hidden.tolerations Hidden node Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param hidden.podLabels Hidden node pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param hidden.podAnnotations Hidden node Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param hidden.priorityClassName Name of the existing priority class to be used by hidden node pod(s) - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param hidden.runtimeClassName Name of the runtime class to be used by hidden node pod(s) - ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ - ## - runtimeClassName: "" - ## MongoDB(®) Hidden pods' Security Context. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param hidden.podSecurityContext.enabled Enable Hidden pod(s)' Security Context - ## @param hidden.podSecurityContext.fsGroup Group ID for the volumes of the Hidden pod(s) - ## @param hidden.podSecurityContext.sysctls sysctl settings of the Hidden pod(s)' - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## sysctl settings - ## Example: - ## sysctls: - ## - name: net.core.somaxconn - ## value: "10000" - ## - sysctls: [] - ## MongoDB(®) Hidden containers' Security Context (only main container). - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param hidden.containerSecurityContext.enabled Enable Hidden container(s)' Security Context - ## @param hidden.containerSecurityContext.runAsUser User ID for the Hidden container - ## @param hidden.containerSecurityContext.runAsNonRoot Set Hidden containers' Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## MongoDB(®) Hidden containers' resource requests and limits. - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param hidden.resources.limits The resources limits for hidden node containers - ## @param hidden.resources.requests The requested resources for hidden node containers - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## @param hidden.containerPorts.mongodb MongoDB(®) hidden container port - containerPorts: - mongodb: 27017 - ## MongoDB(®) Hidden pods' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param hidden.livenessProbe.enabled Enable livenessProbe - ## @param hidden.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param hidden.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param hidden.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param hidden.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param hidden.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - successThreshold: 1 - ## MongoDB(®) Hidden pods' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param hidden.readinessProbe.enabled Enable readinessProbe - ## @param hidden.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param hidden.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param hidden.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param hidden.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param hidden.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - successThreshold: 1 - ## Slow starting containers can be protected through startup probes - ## Startup probes are available in Kubernetes version 1.16 and above - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes - ## @param hidden.startupProbe.enabled Enable startupProbe - ## @param hidden.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param hidden.startupProbe.periodSeconds Period seconds for startupProbe - ## @param hidden.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param hidden.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param hidden.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 30 - ## @param hidden.customLivenessProbe Override default liveness probe for hidden node containers - ## Ignored when hidden.livenessProbe.enabled=true - ## - customLivenessProbe: {} - ## @param hidden.customReadinessProbe Override default readiness probe for hidden node containers - ## Ignored when hidden.readinessProbe.enabled=true - ## - customReadinessProbe: {} - ## @param hidden.customStartupProbe Override default startup probe for MongoDB(®) containers - ## Ignored when hidden.startupProbe.enabled=true - ## - customStartupProbe: {} - ## @param hidden.initContainers Add init containers to the MongoDB(®) Hidden pods. - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param hidden.sidecars Add additional sidecar containers for the hidden node pod(s) - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param hidden.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the hidden node container(s) - ## Examples: - ## extraVolumeMounts: - ## - name: extras - ## mountPath: /usr/share/extras - ## readOnly: true - ## - extraVolumeMounts: [] - ## @param hidden.extraVolumes Optionally specify extra list of additional volumes to the hidden node statefulset - ## extraVolumes: - ## - name: extras - ## emptyDir: {} - ## - extraVolumes: [] - ## MongoDB(®) Hidden Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param hidden.pdb.create Enable/disable a Pod Disruption Budget creation for hidden node pod(s) - ## - create: false - ## @param hidden.pdb.minAvailable Minimum number/percentage of hidden node pods that should remain scheduled - ## - minAvailable: 1 - ## @param hidden.pdb.maxUnavailable Maximum number/percentage of hidden node pods that may be made unavailable - ## - maxUnavailable: "" - ## Enable persistence using Persistent Volume Claims - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param hidden.persistence.enabled Enable hidden node data persistence using PVC - ## - enabled: true - ## @param hidden.persistence.medium Provide a medium for `emptyDir` volumes. - ## Requires hidden.persistence.enabled: false - ## - medium: "" - ## @param hidden.persistence.storageClass PVC Storage Class for hidden node data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. - ## - storageClass: "" - ## @param hidden.persistence.accessModes PV Access Mode - ## - accessModes: - - ReadWriteOnce - ## @param hidden.persistence.size PVC Storage Request for hidden node data volume - ## - size: 8Gi - ## @param hidden.persistence.annotations PVC annotations - ## - annotations: {} - ## @param hidden.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB(®) images. - ## - mountPath: /drycc/mongodb - ## @param hidden.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: "" - ## Fine tuning for volumeClaimTemplates - ## - volumeClaimTemplates: - ## @param hidden.persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) - ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details - ## - selector: {} - ## @param hidden.persistence.volumeClaimTemplates.requests Custom PVC requests attributes - ## Sometime cloud providers use additional requests attributes to provision custom storage instance - ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset - ## - requests: {} - ## @param hidden.persistence.volumeClaimTemplates.dataSource Set volumeClaimTemplate dataSource - ## - dataSource: {} - service: - ## @param hidden.service.portName MongoDB(®) service port name - ## - portName: "mongodb" - ## @param hidden.service.ports.mongodb MongoDB(®) service port - ## - ports: - mongodb: 27017 - ## @param hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param hidden.service.annotations Provide any additional annotations that may be required - ## - annotations: {} - -## @section Metrics parameters -## - -metrics: - ## @param metrics.enabled Enable using a sidecar Prometheus exporter - ## - enabled: false - ## Drycc MongoDB(®) Promtheus Exporter image - ## ref: https://hub.docker.com/r/drycc/mongodb-exporter/tags/ - ## @param metrics.image.registry MongoDB(®) Prometheus exporter image registry - ## @param metrics.image.repository MongoDB(®) Prometheus exporter image repository - ## @param metrics.image.tag MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) - ## @param metrics.image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param metrics.image.pullPolicy MongoDB(®) Prometheus exporter image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: drycc/mongodb-exporter - tag: 0.34.0-debian-11-r19 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - - ## @param metrics.username String with username for the metrics exporter - ## If undefined the root user will be used for the metrics exporter - username: "" - ## @param metrics.password String with password for the metrics exporter - ## If undefined but metrics.username is defined, a random password will be generated - password: "" - ## @param metrics.extraFlags String with extra flags to the metrics exporter - ## ref: https://github.com/percona/mongodb_exporter/blob/master/mongodb_exporter.go - ## - extraFlags: "" - ## Command and args for running the container (set to default if not set). Use array form - ## @param metrics.command Override default container command (useful when using custom images) - ## @param metrics.args Override default container args (useful when using custom images) - ## - command: [] - args: [] - ## Metrics exporter container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resources.limits The resources limits for Prometheus exporter containers - ## @param metrics.resources.requests The requested resources for Prometheus exporter containers - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## @param metrics.containerPort Port of the Prometheus metrics container - ## - containerPort: 9216 - ## Prometheus Exporter service configuration - ## - service: - ## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" - prometheus.io/path: "/metrics" - ## @param metrics.service.type Type of the Prometheus metrics service - ## - type: ClusterIP - ## @param metrics.service.ports.metrics Port of the Prometheus metrics service - ## - ports: - metrics: 9216 - ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## Metrics exporter liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## @param metrics.livenessProbe.enabled Enable livenessProbe - ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 5 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - ## Metrics exporter readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## @param metrics.readinessProbe.enabled Enable readinessProbe - ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## Slow starting containers can be protected through startup probes - ## Startup probes are available in Kubernetes version 1.16 and above - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes - ## @param metrics.startupProbe.enabled Enable startupProbe - ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe - ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 30 - ## @param metrics.customLivenessProbe Override default liveness probe for MongoDB(®) containers - ## Ignored when livenessProbe.enabled=true - ## - customLivenessProbe: {} - ## @param metrics.customReadinessProbe Override default readiness probe for MongoDB(®) containers - ## Ignored when readinessProbe.enabled=true - ## - customReadinessProbe: {} - ## @param metrics.customStartupProbe Override default startup probe for MongoDB(®) containers - ## Ignored when startupProbe.enabled=true - ## - customStartupProbe: {} - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended - ## e.g: - ## scrapeTimeout: 30s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. - ## - relabelings: [] - ## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion. - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - labels: {} - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/drycc/charts/tree/master/drycc/prometheus-operator#prometheus-configuration - ## - selector: {} - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - ## Custom PrometheusRule to be defined - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator - ## - enabled: false - ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus - ## - additionalLabels: {} - ## @param metrics.prometheusRule.namespace Namespace where prometheusRules resource should be created - ## - namespace: "" - ## @param metrics.prometheusRule.rules Rules to be created, check values for an example - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup - ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ - ## - ## This is an example of a rule, you should add the below code block under the "rules" param, removing the brackets - ## rules: - ## - alert: HighRequestLatency - ## expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5 - ## for: 10m - ## labels: - ## severity: page - ## annotations: - ## summary: High request latency - ## - rules: [] - -## Mongodb Nework Policy configuration -## -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - ## - enabled: true - ## @param networkPolicy.allowExternal The Policy model to apply. - ## When set to false, only pods with the correct - ## client label will have network access to the port Mongodb is listening - ## on. When true, Mongodb will accept connections from any source - ## (with the correct destination port). - ## - allowCurrentNamespace: true - allowNamespaces: [] diff --git a/addons/mongodb/7.0/meta.yaml b/addons/mongodb/7.0/meta.yaml deleted file mode 100644 index 9bfe6bb4..00000000 --- a/addons/mongodb/7.0/meta.yaml +++ /dev/null @@ -1,24 +0,0 @@ -name: mongodb -version: 7.0 -id: 383f7316-84f3-4955-8491-1d4b02b749c8 -description: "mongodb" -displayName: "mongodb" -metadata: - displayName: "mongodb" - provider: - name: drycc - supportURL: https://www.mongodb.com/docs/manual/ - documentationURL: https://www.mongodb.com/docs/manual/ -tags: mongodb -bindable: true -instances_retrievable: true -bindings_retrievable: true -plan_updateable: true -allow_parameters: -- name: "service.type" - required: false - description: "service type config for values.yaml" -- name: "networkPolicy.allowNamespaces" - required: false - description: "networkPolicy allowNamespaces config for values.yaml" -archive: false \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml deleted file mode 100644 index 13939fc0..00000000 --- a/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- $fullName := include "mongodb.fullname" . }} -{{- $replicaCount := .Values.replicaCount | int }} -credential: -{{- if (eq .Values.service.type "LoadBalancer") }} - {{- range $i, $e := until $replicaCount }} - - name: {{ printf "EXTRANET_HOST_%d" $i }} - valueFrom: - serviceRef: - name: {{ printf "%s-%d" $fullName $i }} - jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- end }} -{{- end }} -{{- range $i, $e := until $replicaCount }} - - name: {{ printf "HOSTNAME_%d" $i }} - valueFrom: - serviceRef: - name: {{ printf "%s-%d" $fullName $i }} - jsonpath: '{ .spec.clusterIP }' -{{- end }} - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.mongodb-root-password }' - - name: USERNAME - value: 'root' - - name: PORT - value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml deleted file mode 100644 index b70bcfb0..00000000 --- a/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-1c2g10" -id: 8e0ff3e6-f633-4c25-8ff1-6d25cdc2ed98 -description: "mongodb standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G " -displayName: "standard-1c2g10" -bindable: true -maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml deleted file mode 100644 index 2f543d11..00000000 --- a/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml +++ /dev/null @@ -1,23 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-mongo-cluster-standard-1c2g10 - -## MinIO® containers' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the MinIO® container -## @param resources.requests The requested resources for the MinIO® container -## -resources: - limits: - cpu: 1000m - memory: 2Gi - requests: - cpu: 1000m - memory: 2Gi - -persistence: - size: 10Gi From 50d373db36aa2c994267e5b2800db4bb9466ca84 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 29 Apr 2024 10:57:36 +0800 Subject: [PATCH 075/176] chore(addons): add mongodb --- addons/mongodb/7.0/chart/mongodb/.helmignore | 21 + addons/mongodb/7.0/chart/mongodb/Chart.yaml | 29 + addons/mongodb/7.0/chart/mongodb/README.md | 787 +++++++ .../7.0/chart/mongodb/templates/NOTES.txt | 202 ++ .../7.0/chart/mongodb/templates/_helpers.tpl | 432 ++++ .../mongodb/templates/arbiter/configmap.yaml | 18 + .../templates/arbiter/headless-svc.yaml | 33 + .../chart/mongodb/templates/arbiter/pdb.yaml | 25 + .../templates/arbiter/statefulset.yaml | 279 +++ .../mongodb/templates/common-scripts-cm.yaml | 104 + .../chart/mongodb/templates/configmap.yaml | 18 + .../chart/mongodb/templates/extra-list.yaml | 4 + .../mongodb/templates/hidden/configmap.yaml | 15 + .../templates/hidden/external-access-svc.yaml | 67 + .../templates/hidden/headless-svc.yaml | 34 + .../chart/mongodb/templates/hidden/pdb.yaml | 22 + .../mongodb/templates/hidden/statefulset.yaml | 533 +++++ .../templates/initialization-configmap.yaml | 17 + .../chart/mongodb/templates/metrics-svc.yaml | 33 + .../mongodb/templates/networkpolicy.yaml | 44 + .../mongodb/templates/prometheusrule.yaml | 18 + .../7.0/chart/mongodb/templates/psp.yaml | 50 + .../templates/replicaset/access-svc.yaml | 32 + .../replicaset/external-access-svc.yaml | 67 + .../templates/replicaset/headless-svc.yaml | 34 + .../mongodb/templates/replicaset/pdb.yaml | 25 + .../replicaset/scripts-configmap.yaml | 301 +++ .../templates/replicaset/statefulset.yaml | 543 +++++ .../mongodb/templates/replicaset/svc.yaml | 43 + .../7.0/chart/mongodb/templates/role.yaml | 30 + .../chart/mongodb/templates/rolebinding.yaml | 19 + .../chart/mongodb/templates/secrets-ca.yaml | 37 + .../7.0/chart/mongodb/templates/secrets.yaml | 41 + .../mongodb/templates/serviceaccount.yaml | 23 + .../mongodb/templates/servicemonitor.yaml | 48 + .../mongodb/templates/standalone/dep-sts.yaml | 474 ++++ .../mongodb/templates/standalone/pvc.yaml | 33 + .../mongodb/templates/standalone/svc.yaml | 58 + .../7.0/chart/mongodb/values.schema.json | 173 ++ addons/mongodb/7.0/chart/mongodb/values.yaml | 2053 +++++++++++++++++ addons/mongodb/7.0/meta.yaml | 24 + .../7.0/plans/standard-1c2g10/bind.yaml | 28 + .../create-instance-schema.json | 12 + .../7.0/plans/standard-1c2g10/meta.yaml | 6 + .../7.0/plans/standard-1c2g10/values.yaml | 23 + 45 files changed, 6912 insertions(+) create mode 100644 addons/mongodb/7.0/chart/mongodb/.helmignore create mode 100644 addons/mongodb/7.0/chart/mongodb/Chart.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/README.md create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/psp.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/role.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/values.schema.json create mode 100644 addons/mongodb/7.0/chart/mongodb/values.yaml create mode 100644 addons/mongodb/7.0/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/values.yaml diff --git a/addons/mongodb/7.0/chart/mongodb/.helmignore b/addons/mongodb/7.0/chart/mongodb/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/addons/mongodb/7.0/chart/mongodb/Chart.yaml b/addons/mongodb/7.0/chart/mongodb/Chart.yaml new file mode 100644 index 00000000..4d7cf00d --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/Chart.yaml @@ -0,0 +1,29 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 7.0.8 +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + tags: + - drycc-common + version: ~1.1.2 +description: MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. +engine: gotpl +home: https://github.com/drycc/charts/tree/master/drycc/mongodb +icon: https://drycc.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png +keywords: + - mongodb + - database + - nosql + - cluster + - replicaset + - replication +maintainers: + - name: Drycc + url: https://github.com/drycc/charts +name: mongodb +sources: + - https://github.com/drycc/containers/tree/main/drycc/mongodb + - https://mongodb.org +version: 13.1.7 diff --git a/addons/mongodb/7.0/chart/mongodb/README.md b/addons/mongodb/7.0/chart/mongodb/README.md new file mode 100644 index 00000000..5a83118a --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/README.md @@ -0,0 +1,787 @@ + + +# MongoDB(R) packaged by Drycc + +MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. + +[Overview of MongoDB®](http://www.mongodb.org) + +Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from Drycc. + +## TL;DR + +```bash +$ helm repo add my-repo https://charts.drycc.com/drycc +$ helm install my-release my-repo/mongodb +``` + +## Introduction + +This chart bootstraps a [MongoDB(®)](https://github.com/drycc/containers/tree/main/drycc/mongodb) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Drycc charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install my-release my-repo/mongodb +``` + +The command deploys MongoDB(®) on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Architecture + +This chart allows installing MongoDB(®) using two different architecture setups: `standalone` or `replicaset`. Use the `architecture` parameter to choose the one to use: + +```console +architecture="standalone" +architecture="replicaset" +``` + +Refer to the [chart documentation for more information on each of these architectures](https://docs.drycc.com/kubernetes/infrastructure/mongodb/get-started/understand-architecture/). + +## Parameters + +### Global parameters + +| Name | Description | Value | +| -------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.namespaceOverride` | Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------------------------- | --------------- | +| `nameOverride` | String to partially override mongodb.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override mongodb.fullname template | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `commonLabels` | Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template | `{}` | +| `commonAnnotations` | Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template | `{}` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + + +### MongoDB(®) parameters + +| Name | Description | Value | +| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------- | +| `image.registry` | MongoDB(®) image registry | `docker.io` | +| `image.repository` | MongoDB(®) image registry | `drycc/mongodb` | +| `image.tag` | MongoDB(®) image tag (immutable tags are recommended) | `6.0.2-debian-11-r1` | +| `image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | MongoDB(®) image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Set to true if you would like to see extra information on logs | `false` | +| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `architecture` | MongoDB(®) architecture (`standalone` or `replicaset`) | `standalone` | +| `useStatefulSet` | Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) | `false` | +| `auth.enabled` | Enable authentication | `true` | +| `auth.rootUser` | MongoDB(®) root user | `root` | +| `auth.rootPassword` | MongoDB(®) root password | `""` | +| `auth.usernames` | List of custom users to be created during the initialization | `[]` | +| `auth.passwords` | List of passwords for the custom users set at `auth.usernames` | `[]` | +| `auth.databases` | List of custom databases to be created during the initialization | `[]` | +| `auth.username` | DEPRECATED: use `auth.usernames` instead | `""` | +| `auth.password` | DEPRECATED: use `auth.passwords` instead | `""` | +| `auth.database` | DEPRECATED: use `auth.databases` instead | `""` | +| `auth.replicaSetKey` | Key used for authentication in the replicaset (only when `architecture=replicaset`) | `""` | +| `auth.existingSecret` | Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) | `""` | +| `tls.enabled` | Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes | `false` | +| `tls.autoGenerated` | Generate a custom CA and self-signed certificates | `true` | +| `tls.existingSecret` | Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) | `""` | +| `tls.caCert` | Custom CA certificated (base64 encoded) | `""` | +| `tls.caKey` | CA certificate private key (base64 encoded) | `""` | +| `tls.image.registry` | Init container TLS certs setup image registry | `docker.io` | +| `tls.image.repository` | Init container TLS certs setup image repository | `drycc/nginx` | +| `tls.image.tag` | Init container TLS certs setup image tag (immutable tags are recommended) | `1.23.1-debian-11-r26` | +| `tls.image.digest` | Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `tls.image.pullPolicy` | Init container TLS certs setup image pull policy | `IfNotPresent` | +| `tls.image.pullSecrets` | Init container TLS certs specify docker-registry secret names as an array | `[]` | +| `tls.extraDnsNames` | Add extra dns names to the CA, can solve x509 auth issue for pod clients | `[]` | +| `tls.mode` | Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) | `requireTLS` | +| `tls.resources.limits` | Init container generate-tls-certs resource limits | `{}` | +| `tls.resources.requests` | Init container generate-tls-certs resource requests | `{}` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `replicaSetName` | Name of the replica set (only when `architecture=replicaset`) | `rs0` | +| `replicaSetHostnames` | Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) | `true` | +| `enableIPv6` | Switch to enable/disable IPv6 on MongoDB(®) | `false` | +| `directoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB(®) | `false` | +| `systemLogVerbosity` | MongoDB(®) system log verbosity level | `0` | +| `disableSystemLog` | Switch to enable/disable MongoDB(®) system log | `false` | +| `disableJavascript` | Switch to enable/disable MongoDB(®) server-side JavaScript execution | `false` | +| `enableJournal` | Switch to enable/disable MongoDB(®) Journaling | `true` | +| `configuration` | MongoDB(®) configuration file to be used for Primary and Secondary nodes | `""` | + + +### replicaSetConfigurationSettings settings applied during runtime (not via configuration file) + +| Name | Description | Value | +| ----------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------- | +| `replicaSetConfigurationSettings.enabled` | Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings | `false` | +| `replicaSetConfigurationSettings.configuration` | run-time rs.conf settings | `{}` | +| `existingConfigmap` | Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes | `""` | +| `initdbScripts` | Dictionary of initdb scripts | `{}` | +| `initdbScriptsConfigMap` | Existing ConfigMap with custom initdb scripts | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `extraFlags` | MongoDB(®) additional command line flags | `[]` | +| `extraEnvVars` | Extra environment variables to add to MongoDB(®) pods | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | + + +### MongoDB(®) statefulset parameters + +| Name | Description | Value | +| --------------------------------------- | --------------------------------------------------------------------------------------------------------------- | --------------- | +| `annotations` | Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | +| `labels` | Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | +| `replicaCount` | Number of MongoDB(®) nodes (only when `architecture=replicaset`) | `2` | +| `updateStrategy.type` | Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, | `RollingUpdate` | +| `podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | +| `podAffinityPreset` | MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | MongoDB(®) Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | MongoDB(®) Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | MongoDB(®) Affinity for pod assignment | `{}` | +| `nodeSelector` | MongoDB(®) Node labels for pod assignment | `{}` | +| `tolerations` | MongoDB(®) Tolerations for pod assignment | `[]` | +| `topologySpreadConstraints` | MongoDB(®) Spread Constraints for Pods | `[]` | +| `lifecycleHooks` | LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup | `{}` | +| `terminationGracePeriodSeconds` | MongoDB(®) Termination Grace Period | `""` | +| `podLabels` | MongoDB(®) pod labels | `{}` | +| `podAnnotations` | MongoDB(®) Pod annotations | `{}` | +| `priorityClassName` | Name of the existing priority class to be used by MongoDB(®) pod(s) | `""` | +| `runtimeClassName` | Name of the runtime class to be used by MongoDB(®) pod(s) | `""` | +| `podSecurityContext.enabled` | Enable MongoDB(®) pod(s)' Security Context | `true` | +| `podSecurityContext.fsGroup` | Group ID for the volumes of the MongoDB(®) pod(s) | `1001` | +| `podSecurityContext.sysctls` | sysctl settings of the MongoDB(®) pod(s)' | `[]` | +| `containerSecurityContext.enabled` | Enable MongoDB(®) container(s)' Security Context | `true` | +| `containerSecurityContext.runAsUser` | User ID for the MongoDB(®) container | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set MongoDB(®) container's Security Context runAsNonRoot | `true` | +| `resources.limits` | The resources limits for MongoDB(®) containers | `{}` | +| `resources.requests` | The requested resources for MongoDB(®) containers | `{}` | +| `containerPorts.mongodb` | MongoDB(®) container port | `27017` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `20` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `10` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | +| `customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | +| `customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `initContainers` | Add additional init containers for the hidden node pod(s) | `[]` | +| `sidecars` | Add additional sidecar containers for the MongoDB(®) pod(s) | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) | `[]` | +| `extraVolumes` | Optionally specify extra list of additional volumes to the MongoDB(®) statefulset | `[]` | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) | `false` | +| `pdb.minAvailable` | Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction | `1` | +| `pdb.maxUnavailable` | Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction | `""` | + + +### Traffic exposure parameters + +| Name | Description | Value | +| -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `service.nameOverride` | MongoDB(®) service name | `""` | +| `service.type` | Kubernetes Service type (only for standalone architecture) | `ClusterIP` | +| `service.portName` | MongoDB(®) service port name (only for standalone architecture) | `mongodb` | +| `service.ports.mongodb` | MongoDB(®) service port. | `27017` | +| `service.nodePorts.mongodb` | Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) | `""` | +| `service.clusterIP` | MongoDB(®) service cluster IP (only for standalone architecture) | `""` | +| `service.externalIPs` | Specify the externalIP value ClusterIP service type (only for standalone architecture) | `[]` | +| `service.loadBalancerIP` | loadBalancerIP for MongoDB(®) Service (only for standalone architecture) | `""` | +| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) | `[]` | +| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `service.annotations` | Provide any additional annotations that may be required | `{}` | +| `service.externalTrafficPolicy` | service external traffic policy (only for standalone architecture) | `Local` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `externalAccess.enabled` | Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) | `false` | +| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs by querying the K8s API | `false` | +| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | +| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `drycc/kubectl` | +| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.2-debian-11-r2` | +| `externalAccess.autoDiscovery.image.digest` | Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | +| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | +| `externalAccess.autoDiscovery.resources.limits` | Init container auto-discovery resource limits | `{}` | +| `externalAccess.autoDiscovery.resources.requests` | Init container auto-discovery resource requests | `{}` | +| `externalAccess.service.type` | Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | +| `externalAccess.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | +| `externalAccess.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | +| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | +| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | +| `externalAccess.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort | `[]` | +| `externalAccess.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | +| `externalAccess.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `externalAccess.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `externalAccess.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `externalAccess.hidden.enabled` | Enable Kubernetes external cluster access to MongoDB(®) hidden nodes | `false` | +| `externalAccess.hidden.service.type` | Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer | `LoadBalancer` | +| `externalAccess.hidden.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | +| `externalAccess.hidden.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | +| `externalAccess.hidden.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | +| `externalAccess.hidden.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.hidden.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | +| `externalAccess.hidden.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount | `[]` | +| `externalAccess.hidden.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | +| `externalAccess.hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `externalAccess.hidden.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.hidden.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `externalAccess.hidden.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | + + +### Persistence parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `persistence.enabled` | Enable MongoDB(®) data persistence using PVC | `true` | +| `persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` | +| `persistence.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` | +| `persistence.storageClass` | PVC Storage Class for MongoDB(®) data volume | `""` | +| `persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | +| `persistence.size` | PVC Storage Request for MongoDB(®) data volume | `8Gi` | +| `persistence.annotations` | PVC annotations | `{}` | +| `persistence.mountPath` | Path to mount the volume at | `/drycc/mongodb` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | +| `persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | +| `persistence.volumeClaimTemplates.dataSource` | Add dataSource to the VolumeClaimTemplate | `{}` | + + +### RBAC parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable creation of ServiceAccount for MongoDB(®) pods | `true` | +| `serviceAccount.name` | Name of the created serviceAccount | `""` | +| `serviceAccount.annotations` | Additional Service Account annotations | `{}` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | +| `rbac.create` | Whether to create & use RBAC resources or not | `false` | +| `rbac.rules` | Custom rules to create following the role specification | `[]` | +| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | +| `podSecurityPolicy.allowPrivilegeEscalation` | Enable privilege escalation | `false` | +| `podSecurityPolicy.privileged` | Allow privileged | `false` | +| `podSecurityPolicy.spec` | Specify the full spec to use for Pod Security Policy | `{}` | + + +### Volume Permissions parameters + +| Name | Description | Value | +| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `drycc/drycc-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r37` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | +| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | +| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions container | `0` | + + +### Arbiter parameters + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------------------- | --------------- | +| `arbiter.enabled` | Enable deploying the arbiter | `true` | +| `arbiter.hostAliases` | Add deployment host aliases | `[]` | +| `arbiter.configuration` | Arbiter configuration file to be used | `""` | +| `arbiter.existingConfigmap` | Name of existing ConfigMap with Arbiter configuration | `""` | +| `arbiter.command` | Override default container command (useful when using custom images) | `[]` | +| `arbiter.args` | Override default container args (useful when using custom images) | `[]` | +| `arbiter.extraFlags` | Arbiter additional command line flags | `[]` | +| `arbiter.extraEnvVars` | Extra environment variables to add to Arbiter pods | `[]` | +| `arbiter.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `arbiter.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | +| `arbiter.annotations` | Additional labels to be added to the Arbiter statefulset | `{}` | +| `arbiter.labels` | Annotations to be added to the Arbiter statefulset | `{}` | +| `arbiter.topologySpreadConstraints` | MongoDB(®) Spread Constraints for arbiter Pods | `[]` | +| `arbiter.lifecycleHooks` | LifecycleHook for the Arbiter container to automate configuration before or after startup | `{}` | +| `arbiter.terminationGracePeriodSeconds` | Arbiter Termination Grace Period | `""` | +| `arbiter.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | +| `arbiter.podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | +| `arbiter.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `arbiter.podAffinityPreset` | Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `arbiter.podAntiAffinityPreset` | Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `arbiter.nodeAffinityPreset.type` | Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `arbiter.nodeAffinityPreset.key` | Arbiter Node label key to match Ignored if `affinity` is set. | `""` | +| `arbiter.nodeAffinityPreset.values` | Arbiter Node label values to match. Ignored if `affinity` is set. | `[]` | +| `arbiter.affinity` | Arbiter Affinity for pod assignment | `{}` | +| `arbiter.nodeSelector` | Arbiter Node labels for pod assignment | `{}` | +| `arbiter.tolerations` | Arbiter Tolerations for pod assignment | `[]` | +| `arbiter.podLabels` | Arbiter pod labels | `{}` | +| `arbiter.podAnnotations` | Arbiter Pod annotations | `{}` | +| `arbiter.priorityClassName` | Name of the existing priority class to be used by Arbiter pod(s) | `""` | +| `arbiter.runtimeClassName` | Name of the runtime class to be used by Arbiter pod(s) | `""` | +| `arbiter.podSecurityContext.enabled` | Enable Arbiter pod(s)' Security Context | `true` | +| `arbiter.podSecurityContext.fsGroup` | Group ID for the volumes of the Arbiter pod(s) | `1001` | +| `arbiter.podSecurityContext.sysctls` | sysctl settings of the Arbiter pod(s)' | `[]` | +| `arbiter.containerSecurityContext.enabled` | Enable Arbiter container(s)' Security Context | `true` | +| `arbiter.containerSecurityContext.runAsUser` | User ID for the Arbiter container | `1001` | +| `arbiter.containerSecurityContext.runAsNonRoot` | Set Arbiter containers' Security Context runAsNonRoot | `true` | +| `arbiter.resources.limits` | The resources limits for Arbiter containers | `{}` | +| `arbiter.resources.requests` | The requested resources for Arbiter containers | `{}` | +| `arbiter.containerPorts.mongodb` | MongoDB(®) arbiter container port | `27017` | +| `arbiter.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `arbiter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `arbiter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `arbiter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `arbiter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `arbiter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `arbiter.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `arbiter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `arbiter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | +| `arbiter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | +| `arbiter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `arbiter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `arbiter.startupProbe.enabled` | Enable startupProbe | `false` | +| `arbiter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `arbiter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `arbiter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `arbiter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `arbiter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `arbiter.customLivenessProbe` | Override default liveness probe for Arbiter containers | `{}` | +| `arbiter.customReadinessProbe` | Override default readiness probe for Arbiter containers | `{}` | +| `arbiter.customStartupProbe` | Override default startup probe for Arbiter containers | `{}` | +| `arbiter.initContainers` | Add additional init containers for the Arbiter pod(s) | `[]` | +| `arbiter.sidecars` | Add additional sidecar containers for the Arbiter pod(s) | `[]` | +| `arbiter.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Arbiter container(s) | `[]` | +| `arbiter.extraVolumes` | Optionally specify extra list of additional volumes to the Arbiter statefulset | `[]` | +| `arbiter.pdb.create` | Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) | `false` | +| `arbiter.pdb.minAvailable` | Minimum number/percentage of Arbiter pods that should remain scheduled | `1` | +| `arbiter.pdb.maxUnavailable` | Maximum number/percentage of Arbiter pods that may be made unavailable | `""` | +| `arbiter.service.nameOverride` | The arbiter service name | `""` | +| `arbiter.service.ports.mongodb` | MongoDB(®) service port | `27017` | +| `arbiter.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `arbiter.service.annotations` | Provide any additional annotations that may be required | `{}` | + + +### Hidden Node parameters + +| Name | Description | Value | +| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------- | +| `hidden.enabled` | Enable deploying the hidden nodes | `false` | +| `hidden.hostAliases` | Add deployment host aliases | `[]` | +| `hidden.configuration` | Hidden node configuration file to be used | `""` | +| `hidden.existingConfigmap` | Name of existing ConfigMap with Hidden node configuration | `""` | +| `hidden.command` | Override default container command (useful when using custom images) | `[]` | +| `hidden.args` | Override default container args (useful when using custom images) | `[]` | +| `hidden.extraFlags` | Hidden node additional command line flags | `[]` | +| `hidden.extraEnvVars` | Extra environment variables to add to Hidden node pods | `[]` | +| `hidden.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `hidden.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | +| `hidden.annotations` | Additional labels to be added to thehidden node statefulset | `{}` | +| `hidden.labels` | Annotations to be added to the hidden node statefulset | `{}` | +| `hidden.topologySpreadConstraints` | MongoDB(®) Spread Constraints for hidden Pods | `[]` | +| `hidden.lifecycleHooks` | LifecycleHook for the Hidden container to automate configuration before or after startup | `{}` | +| `hidden.replicaCount` | Number of hidden nodes (only when `architecture=replicaset`) | `1` | +| `hidden.terminationGracePeriodSeconds` | Hidden Termination Grace Period | `""` | +| `hidden.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | +| `hidden.podManagementPolicy` | Pod management policy for hidden node | `OrderedReady` | +| `hidden.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `hidden.podAffinityPreset` | Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `hidden.podAntiAffinityPreset` | Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `hidden.nodeAffinityPreset.type` | Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `hidden.nodeAffinityPreset.key` | Hidden Node label key to match Ignored if `affinity` is set. | `""` | +| `hidden.nodeAffinityPreset.values` | Hidden Node label values to match. Ignored if `affinity` is set. | `[]` | +| `hidden.affinity` | Hidden node Affinity for pod assignment | `{}` | +| `hidden.nodeSelector` | Hidden node Node labels for pod assignment | `{}` | +| `hidden.tolerations` | Hidden node Tolerations for pod assignment | `[]` | +| `hidden.podLabels` | Hidden node pod labels | `{}` | +| `hidden.podAnnotations` | Hidden node Pod annotations | `{}` | +| `hidden.priorityClassName` | Name of the existing priority class to be used by hidden node pod(s) | `""` | +| `hidden.runtimeClassName` | Name of the runtime class to be used by hidden node pod(s) | `""` | +| `hidden.podSecurityContext.enabled` | Enable Hidden pod(s)' Security Context | `true` | +| `hidden.podSecurityContext.fsGroup` | Group ID for the volumes of the Hidden pod(s) | `1001` | +| `hidden.podSecurityContext.sysctls` | sysctl settings of the Hidden pod(s)' | `[]` | +| `hidden.containerSecurityContext.enabled` | Enable Hidden container(s)' Security Context | `true` | +| `hidden.containerSecurityContext.runAsUser` | User ID for the Hidden container | `1001` | +| `hidden.containerSecurityContext.runAsNonRoot` | Set Hidden containers' Security Context runAsNonRoot | `true` | +| `hidden.resources.limits` | The resources limits for hidden node containers | `{}` | +| `hidden.resources.requests` | The requested resources for hidden node containers | `{}` | +| `hidden.containerPorts.mongodb` | MongoDB(®) hidden container port | `27017` | +| `hidden.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `hidden.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `hidden.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `hidden.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `hidden.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `hidden.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `hidden.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `hidden.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `hidden.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | +| `hidden.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | +| `hidden.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `hidden.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `hidden.startupProbe.enabled` | Enable startupProbe | `false` | +| `hidden.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `hidden.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `hidden.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `hidden.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `hidden.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `hidden.customLivenessProbe` | Override default liveness probe for hidden node containers | `{}` | +| `hidden.customReadinessProbe` | Override default readiness probe for hidden node containers | `{}` | +| `hidden.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `hidden.initContainers` | Add init containers to the MongoDB(®) Hidden pods. | `[]` | +| `hidden.sidecars` | Add additional sidecar containers for the hidden node pod(s) | `[]` | +| `hidden.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the hidden node container(s) | `[]` | +| `hidden.extraVolumes` | Optionally specify extra list of additional volumes to the hidden node statefulset | `[]` | +| `hidden.pdb.create` | Enable/disable a Pod Disruption Budget creation for hidden node pod(s) | `false` | +| `hidden.pdb.minAvailable` | Minimum number/percentage of hidden node pods that should remain scheduled | `1` | +| `hidden.pdb.maxUnavailable` | Maximum number/percentage of hidden node pods that may be made unavailable | `""` | +| `hidden.persistence.enabled` | Enable hidden node data persistence using PVC | `true` | +| `hidden.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `hidden.persistence.storageClass` | PVC Storage Class for hidden node data volume | `""` | +| `hidden.persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | +| `hidden.persistence.size` | PVC Storage Request for hidden node data volume | `8Gi` | +| `hidden.persistence.annotations` | PVC annotations | `{}` | +| `hidden.persistence.mountPath` | The path the volume will be mounted at, useful when using different MongoDB(®) images. | `/drycc/mongodb` | +| `hidden.persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments | `""` | +| `hidden.persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | +| `hidden.persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | +| `hidden.persistence.volumeClaimTemplates.dataSource` | Set volumeClaimTemplate dataSource | `{}` | +| `hidden.service.portName` | MongoDB(®) service port name | `mongodb` | +| `hidden.service.ports.mongodb` | MongoDB(®) service port | `27017` | +| `hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `hidden.service.annotations` | Provide any additional annotations that may be required | `{}` | + + +### Metrics parameters + +| Name | Description | Value | +| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `metrics.enabled` | Enable using a sidecar Prometheus exporter | `false` | +| `metrics.image.registry` | MongoDB(®) Prometheus exporter image registry | `docker.io` | +| `metrics.image.repository` | MongoDB(®) Prometheus exporter image repository | `drycc/mongodb-exporter` | +| `metrics.image.tag` | MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) | `0.34.0-debian-11-r19` | +| `metrics.image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | MongoDB(®) Prometheus exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.username` | String with username for the metrics exporter | `""` | +| `metrics.password` | String with password for the metrics exporter | `""` | +| `metrics.extraFlags` | String with extra flags to the metrics exporter | `""` | +| `metrics.command` | Override default container command (useful when using custom images) | `[]` | +| `metrics.args` | Override default container args (useful when using custom images) | `[]` | +| `metrics.resources.limits` | The resources limits for Prometheus exporter containers | `{}` | +| `metrics.resources.requests` | The requested resources for Prometheus exporter containers | `{}` | +| `metrics.containerPort` | Port of the Prometheus metrics container | `9216` | +| `metrics.service.annotations` | Annotations for Prometheus Exporter pods. Evaluated as a template. | `{}` | +| `metrics.service.type` | Type of the Prometheus metrics service | `ClusterIP` | +| `metrics.service.ports.metrics` | Port of the Prometheus metrics service | `9216` | +| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.startupProbe.enabled` | Enable startupProbe | `false` | +| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `metrics.customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | +| `metrics.customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | +| `metrics.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricsRelabelConfigs to apply to samples before ingestion. | `[]` | +| `metrics.serviceMonitor.labels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | Namespace where prometheusRules resource should be created | `""` | +| `metrics.prometheusRule.rules` | Rules to be created, check values for an example | `[]` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set auth.rootPassword=secretpassword,auth.username=my-user,auth.password=my-password,auth.database=my-database \ + my-repo/mongodb +``` + +The above command sets the MongoDB(®) `root` account password to `secretpassword`. Additionally, it creates a standard database user named `my-user`, with the password `my-password`, who has access to a database named `my-database`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install my-release -f values.yaml my-repo/mongodb +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling vs Immutable tags](https://docs.drycc.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Drycc will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Customize a new MongoDB instance + +The [Drycc MongoDB(®) image](https://github.com/drycc/containers/tree/main/drycc/mongodb) supports the use of custom scripts to initialize a fresh instance. In order to execute the scripts, two options are available: + +* Specify them using the `initdbScripts` parameter as dict. +* Define an external Kubernetes ConfigMap with all the initialization scripts by setting the `initdbScriptsConfigMap` parameter. Note that this will override the previous option. + +The allowed script extensions are `.sh` and `.js`. + +### Replicaset: Access MongoDB(®) nodes from outside the cluster + +In order to access MongoDB(®) nodes from outside the cluster when using a replicaset architecture, a specific service per MongoDB(®) pod will be created. There are two ways of configuring external access: + +- Using LoadBalancer services +- Using NodePort services. + +Refer to the [chart documentation for more details and configuration examples](https://docs.drycc.com/kubernetes/infrastructure/mongodb/configuration/configure-external-access-replicaset/). + +### Add extra environment variables + +To add extra environment variables (useful for advanced operations like custom init scripts), use the `extraEnvVars` property. + +```yaml +extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` properties. + +### Use Sidecars and Init Containers + +If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. + +Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.drycc.com/kubernetes/infrastructure/mongodb/configuration/configure-sidecar-init-containers/). + +## Persistence + +The [Drycc MongoDB(®)](https://github.com/drycc/containers/tree/main/drycc/mongodb) image stores the MongoDB(®) data and configurations at the `/drycc/mongodb` path of the container. + +The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. + +If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.drycc.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). + +## Use custom Prometheus rules + +Custom Prometheus rules can be defined for the Prometheus Operator by using the `prometheusRule` parameter. + +Refer to the [chart documentation for an example of a custom rule](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/use-prometheus-rules/). + +## Enable SSL/TLS + +This chart supports enabling SSL/TLS between nodes in the cluster, as well as between MongoDB(®) clients and nodes, by setting the `MONGODB_EXTRA_FLAGS` and `MONGODB_CLIENT_EXTRA_FLAGS` container environment variables, together with the correct `MONGODB_ADVERTISED_HOSTNAME`. To enable full TLS encryption, set the `tls.enabled` parameter to `true`. + +Refer to the [chart documentation for more information on enabling TLS](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/enable-tls/). + +### Set Pod affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [drycc/common](https://github.com/drycc/charts/tree/master/drycc/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Drycc's Helm charts in [this troubleshooting guide](https://docs.drycc.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +If authentication is enabled, it's necessary to set the `auth.rootPassword` (also `auth.replicaSetKey` when using a replicaset architecture) when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Credentials' section. Please note down the password, and run the command below to upgrade your chart: + +```bash +$ helm upgrade my-release my-repo/mongodb --set auth.rootPassword=[PASSWORD] (--set auth.replicaSetKey=[REPLICASETKEY]) +``` + +> Note: you need to substitute the placeholders [PASSWORD] and [REPLICASETKEY] with the values obtained in the installation notes. + +### To 12.0.0 + +This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Drycc charts repository. + +Affected values: + +- `strategyType` is replaced by `updateStrategy` +- `service.port` is renamed to `service.ports.mongodb` +- `service.nodePort` is renamed to `service.nodePorts.mongodb` +- `externalAccess.service.port` is renamed to `externalAccess.hidden.service.ports.mongodb` +- `rbac.role.rules` is renamed to `rbac.rules` +- `externalAccess.hidden.service.port` is renamed ot `externalAccess.hidden.service.ports.mongodb` +- `hidden.strategyType` is replaced by `hidden.updateStrategy` +- `metrics.serviceMonitor.relabellings` is renamed to `metrics.serviceMonitor.relabelings`(typo fixed) +- `metrics.serviceMonitor.additionalLabels` is renamed to `metrics.serviceMonitor.labels` + +Additionally also updates the MongoDB image dependency to it newest major, 5.0 + +### To 11.0.0 + +In this version, the mongodb-exporter bundled as part of this Helm chart was updated to a new version which, even it is not a major change, can contain breaking changes (from `0.11.X` to `0.30.X`). +Please visit the release notes from the upstream project at https://github.com/percona/mongodb_exporter/releases + +### To 10.0.0 + +[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +[Learn more about this change and related upgrade considerations](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/upgrade-helm3/). + +### To 9.0.0 + +MongoDB(®) container images were updated to `4.4.x` and it can affect compatibility with older versions of MongoDB(®). Refer to the following guides to upgrade your applications: + +- [Standalone](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-standalone/) +- [Replica Set](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-replica-set/) + +### To 8.0.0 + +- Architecture used to configure MongoDB(®) as a replicaset was completely refactored. Now, both primary and secondary nodes are part of the same statefulset. +- Chart labels were adapted to follow the Helm charts best practices. +- This version introduces `drycc/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/drycc/charts/tree/master/drycc/common#drycc-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. +- Several parameters were renamed or disappeared in favor of new ones on this major version. These are the most important ones: + - `replicas` is renamed to `replicaCount`. + - Authentication parameters are reorganized under the `auth.*` parameter: + - `usePassword` is renamed to `auth.enabled`. + - `mongodbRootPassword`, `mongodbUsername`, `mongodbPassword`, `mongodbDatabase`, and `replicaSet.key` are now `auth.rootPassword`, `auth.username`, `auth.password`, `auth.database`, and `auth.replicaSetKey` respectively. + - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. + - Parameters prefixed with `mongodb` are renamed removing the prefix. E.g. `mongodbEnableIPv6` is renamed to `enableIPv6`. + - Parameters affecting Arbiter nodes are reorganized under the `arbiter.*` parameter. + +Consequences: + +- Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MongoDB(®) chart, and migrate your data by creating a backup of the database, and restoring it on the new release. + +### To 7.0.0 + +From this version, the way of setting the ingress rules has changed. Instead of using `ingress.paths` and `ingress.hosts` as separate objects, you should now define the rules as objects inside the `ingress.hosts` value, for example: + +```yaml +ingress: + hosts: + - name: mongodb.local + path: / +``` + +### To 6.0.0 + +From this version, `mongodbEnableIPv6` is set to `false` by default in order to work properly in most k8s clusters, if you want to use IPv6 support, you need to set this variable to `true` by adding `--set mongodbEnableIPv6=true` to your `helm` command. +You can find more information in the [`drycc/mongodb` image README](https://github.com/drycc/containers/tree/main/drycc/mongodb#readme). + +### To 5.0.0 + +When enabling replicaset configuration, backwards compatibility is not guaranteed unless you modify the labels used on the chart's statefulsets. +Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is `my-release`: + +```console +$ kubectl delete statefulset my-release-mongodb-arbiter my-release-mongodb-primary my-release-mongodb-secondary --cascade=false +``` + +### Add extra deployment options + +To add extra deployments (useful for advanced features like sidecars), use the `extraDeploy` property. + +In the example below, you can find how to use a example here for a [MongoDB replica set pod labeler sidecar](https://github.com/combor/k8s-mongo-labeler-sidecar) to identify the primary pod and dynamically label it as the primary node: + +```yaml +extraDeploy: + - apiVersion: v1 + kind: Service + metadata: + name: mongodb-primary + namespace: default + labels: + app.kubernetes.io/component: mongodb + app.kubernetes.io/instance: mongodb + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: mongodb + spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - name: mongodb-primary + port: 30001 + nodePort: 30001 + protocol: TCP + targetPort: mongodb + selector: + app.kubernetes.io/component: mongodb + app.kubernetes.io/instance: mongodb + app.kubernetes.io/name: mongodb + primary: "true" +``` + +## License + +Copyright © 2022 Drycc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt b/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt new file mode 100644 index 00000000..2bb79222 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt @@ -0,0 +1,202 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + +{{- else }} + +{{- $replicaCount := int .Values.replicaCount }} +{{- $portNumber := int .Values.service.ports.mongodb }} +{{- $fullname := include "mongodb.fullname" . }} +{{- $releaseNamespace := include "mongodb.namespace" . }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- $mongoList := list }} +{{- range $e, $i := until $replicaCount }} +{{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} +{{- end }} + +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer") }} + +#################################################################################### +### ERROR: You enabled external access to MongoDB® nodes without specifying ### +### the array of load balancer IPs for MongoDB® nodes. ### +#################################################################################### + +This deployment will be incomplete until you configure the array of load balancer +IPs for MongoDB® nodes. To complete your deployment follow the steps below: + +1. Wait for the load balancer IPs (it may take a few minutes for them to be available): + + kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb" -w + +2. Obtain the load balancer IPs and upgrade your chart: + + {{- range $e, $i := until $replicaCount }} + LOAD_BALANCER_IP_{{ add $i 1 }}="$(kubectl get svc --namespace {{ $releaseNamespace }} {{ $fullname }}-{{ $i }}-external -o jsonpath='{.status.loadBalancer.ingress[0].ip}')" + {{- end }} + +3. Upgrade you chart: + + helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} my-repo/{{ .Chart.Name }} \ + --set mongodb.replicaCount={{ $replicaCount }} \ + --set mongodb.externalAccess.enabled=true \ + {{- range $i, $e := until $replicaCount }} + --set mongodb.externalAccess.service.loadBalancerIPs[{{ $i }}]=$LOAD_BALANCER_IP_{{ add $i 1 }} \ + {{- end }} + --set mongodb.externalAccess.service.type=LoadBalancer + +{{- else }} + +{{- if and (or (and (eq .Values.architecture "standalone") (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort"))) (and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled)) (not .Values.auth.enabled) }} +------------------------------------------------------------------------------- + WARNING + + By not enabling "mongodb.auth.enabled" you have most likely exposed the + MongoDB® service externally without any authentication mechanism. + + For security reasons, we strongly suggest that you enable authentiation + setting the "mongodb.auth.enabled" parameter to "true". + +------------------------------------------------------------------------------- +{{- end }} + +** Please be patient while the chart is being deployed ** + +MongoDB® can be accessed on the following DNS name(s) and ports from within your cluster: + +{{- if eq .Values.architecture "replicaset" }} +{{ join "\n" $mongoList | nindent 4 }} +{{- else }} + + {{ $fullname }}.{{ $releaseNamespace }}.svc.{{ .Values.clusterDomain }} + +{{- end }} + +{{- if .Values.auth.enabled }} + +To get the root password run: + + export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.secretName" . }} -o jsonpath="{.data.mongodb-root-password}" | base64 -d) + +{{- end }} +{{- $customUsers := include "mongodb.customUsers" . -}} +{{- $customDatabases := include "mongodb.customDatabases" . -}} +{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} +{{- $customUsersList := splitList "," $customUsers }} +{{- range $index, $user := $customUsersList }} + +To get the password for "{{ $user }}" run: + + export MONGODB_PASSWORD=$(kubectl get secret --namespace {{ include "mongodb.namespace" $ }} {{ include "mongodb.secretName" $ }} -o jsonpath="{.data.mongodb-passwords}" | base64 -d | awk -F',' '{print ${{ add 1 $index }}}') + +{{- end }} +{{- end }} + +To connect to your database, create a MongoDB® client container: + + kubectl run --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }}-client --rm --tty -i --restart='Never' --env="MONGODB_ROOT_PASSWORD=$MONGODB_ROOT_PASSWORD" --image {{ template "mongodb.image" . }} --command -- bash + +Then, run the following command: + + {{- if eq .Values.architecture "replicaset" }} + mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} + {{- else }} + mongosh admin --host "{{ template "mongodb.fullname" . }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} + {{- end }} + +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }} + +To connect to your database nodes from outside, you need to add both primary and secondary nodes hostnames/IPs to your Mongo client. To obtain them, follow the instructions below: + +{{- if eq "NodePort" .Values.externalAccess.service.type }} +{{- if .Values.externalAccess.service.domain }} + + MongoDB® nodes domain: Use your provided hostname to reach MongoDB® nodes, {{ .Values.externalAccess.service.domain }} + +{{- else }} + + MongoDB® nodes domain: you can reach MongoDB® nodes on any of the K8s nodes external IPs. + + kubectl get nodes -o wide + +{{- end }} + + MongoDB® nodes port: You will have a different node port for each MongoDB® node. You can get the list of configured node ports using the command below: + + echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].spec.ports[0].nodePort}' | tr ' ' '\n')" + +{{- else if contains "LoadBalancer" .Values.externalAccess.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IPs to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -w' + + MongoDB® nodes domain: You will have a different external IP for each MongoDB® node. You can get the list of external IPs using the command below: + + echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}' | tr ' ' '\n')" + + MongoDB® nodes port: {{ .Values.externalAccess.service.ports.mongodb }} + +{{- end }} + +{{- else if eq .Values.architecture "standalone" }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "mongodb.fullname" . }}) + mongo --host $NODE_IP --port $NODE_PORT {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ template "mongodb.namespace" . }} -w {{ template "mongodb.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + mongosh --host $SERVICE_IP --port {{ $portNumber }} {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ template "mongodb.namespace" . }} svc/{{ template "mongodb.fullname" . }} {{ $portNumber }}:{{ $portNumber }} & + mongosh --host 127.0.0.1 {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- end }} +{{- end }} +{{- end }} + +{{- if .Values.metrics.enabled }} + +To access the MongoDB® Prometheus metrics, get the MongoDB® Prometheus URL by running: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "mongodb.fullname" . }}-metrics {{ .Values.metrics.service.ports.metrics }}:{{ .Values.metrics.service.ports.metrics }} & + echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.metrics.service.ports.metrics }}/metrics" + +Then, open the obtained URL in a browser. + +{{- end }} +{{- end }} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "common.warnings.rollingTag" .Values.externalAccess.autoDiscovery.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "common.warnings.rollingTag" .Values.tls.image }} + diff --git a/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl b/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl new file mode 100644 index 00000000..81f6889c --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl @@ -0,0 +1,432 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mongodb.name" -}} +{{- include "common.names.name" . -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mongodb.fullname" -}} +{{- include "common.names.fullname" . -}} +{{- end -}} + +{{/* +Create a default mongo service name which can be overridden. +*/}} +{{- define "mongodb.service.nameOverride" -}} + {{- if and .Values.service .Values.service.nameOverride -}} + {{- print .Values.service.nameOverride -}} + {{- else -}} + {{- printf "%s-headless" (include "mongodb.fullname" .) -}} + {{- end }} +{{- end }} + +{{/* +Create a default mongo arbiter service name which can be overridden. +*/}} +{{- define "mongodb.arbiter.service.nameOverride" -}} + {{- if and .Values.arbiter.service .Values.arbiter.service.nameOverride -}} + {{- print .Values.arbiter.service.nameOverride -}} + {{- else -}} + {{- printf "%s-arbiter-headless" (include "mongodb.fullname" .) -}} + {{- end }} +{{- end }} + +{{/* +Return the proper MongoDB® image name +*/}} +{{- define "mongodb.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the metrics image) +*/}} +{{- define "mongodb.metrics.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "mongodb.volumePermissions.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container auto-discovery image) +*/}} +{{- define "mongodb.externalAccess.autoDiscovery.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the TLS Certs image) +*/}} +{{- define "mongodb.tls.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.tls.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "mongodb.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "mongodb.namespace" -}} + {{- if and .Values.global .Values.global.namespaceOverride -}} + {{- print .Values.global.namespaceOverride -}} + {{- else -}} + {{- print .Release.Namespace -}} + {{- end }} +{{- end -}} +{{- define "mongodb.serviceMonitor.namespace" -}} + {{- if .Values.metrics.serviceMonitor.namespace -}} + {{- print .Values.metrics.serviceMonitor.namespace -}} + {{- else -}} + {{- include "mongodb.namespace" . -}} + {{- end }} +{{- end -}} +{{- define "mongodb.prometheusRule.namespace" -}} + {{- if .Values.metrics.prometheusRule.namespace -}} + {{- print .Values.metrics.prometheusRule.namespace -}} + {{- else -}} + {{- include "mongodb.namespace" . -}} + {{- end }} +{{- end -}} + +{{/* +Returns the proper service account name depending if an explicit service account name is set +in the values file. If the name is not set it will default to either mongodb.fullname if serviceAccount.create +is true or default otherwise. +*/}} +{{- define "mongodb.serviceAccountName" -}} + {{- if .Values.serviceAccount.create -}} + {{- default (include "mongodb.fullname" .) (print .Values.serviceAccount.name) -}} + {{- else -}} + {{- default "default" (print .Values.serviceAccount.name) -}} + {{- end -}} +{{- end -}} + +{{/* +Return the list of custom users to create during the initialization (string format) +*/}} +{{- define "mongodb.customUsers" -}} + {{- $customUsers := list -}} + {{- if .Values.auth.username -}} + {{- $customUsers = append $customUsers .Values.auth.username }} + {{- end }} + {{- range .Values.auth.usernames }} + {{- $customUsers = append $customUsers . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customUsers)) -}} +{{- end -}} + +{{/* +Return the list of passwords for the custom users (string format) +*/}} +{{- define "mongodb.customPasswords" -}} + {{- $customPasswords := list -}} + {{- if .Values.auth.password -}} + {{- $customPasswords = append $customPasswords .Values.auth.password }} + {{- end }} + {{- range .Values.auth.passwords }} + {{- $customPasswords = append $customPasswords . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customPasswords)) -}} +{{- end -}} + +{{/* +Return the list of custom databases to create during the initialization (string format) +*/}} +{{- define "mongodb.customDatabases" -}} + {{- $customDatabases := list -}} + {{- if .Values.auth.database -}} + {{- $customDatabases = append $customDatabases .Values.auth.database }} + {{- end }} + {{- range .Values.auth.databases }} + {{- $customDatabases = append $customDatabases . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customDatabases)) -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration +*/}} +{{- define "mongodb.configmapName" -}} +{{- if .Values.existingConfigmap -}} + {{- printf "%s" (tpl .Values.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® +*/}} +{{- define "mongodb.createConfigmap" -}} +{{- if and .Values.configuration (not .Values.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret with MongoDB® credentials +*/}} +{{- define "mongodb.secretName" -}} + {{- if .Values.auth.existingSecret -}} + {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} + {{- else -}} + {{- printf "%s" (include "mongodb.fullname" .) -}} + {{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for MongoDB® +*/}} +{{- define "mongodb.createSecret" -}} +{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "mongodb.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if the Arbiter should be deployed +*/}} +{{- define "mongodb.arbiter.enabled" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration for the Arbiter +*/}} +{{- define "mongodb.arbiter.configmapName" -}} +{{- if .Values.arbiter.existingConfigmap -}} + {{- printf "%s" (tpl .Values.arbiter.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-arbiter" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® Arbiter +*/}} +{{- define "mongodb.arbiter.createConfigmap" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled .Values.arbiter.configuration (not .Values.arbiter.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if the Hidden should be deployed +*/}} +{{- define "mongodb.hidden.enabled" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.hidden.enabled }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration for the Hidden +*/}} +{{- define "mongodb.hidden.configmapName" -}} +{{- if .Values.hidden.existingConfigmap -}} + {{- printf "%s" (tpl .Values.hidden.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-hidden" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® Hidden +*/}} +{{- define "mongodb.hidden.createConfigmap" -}} +{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.enabled .Values.hidden.configuration (not .Values.hidden.existingConfigmap) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "mongodb.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "mongodb.validateValues.pspAndRBAC" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.architecture" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBs" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBsLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.externalAccessServiceType" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.loadBalancerIPsListLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.nodePortListLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate RBAC is created when using PSP */}} +{{- define "mongodb.validateValues.pspAndRBAC" -}} +{{- if and (.Values.podSecurityPolicy.create) (not .Values.rbac.create) -}} +mongodb: podSecurityPolicy.create, rbac.create + Both podSecurityPolicy.create and rbac.create must be true, if you want + to create podSecurityPolicy +{{- end -}} +{{- end -}} + +{{/* Validate values of MongoDB® - must provide a valid architecture */}} +{{- define "mongodb.validateValues.architecture" -}} +{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replicaset") -}} +mongodb: architecture + Invalid architecture selected. Valid values are "standalone" and + "replicaset". Please set a valid architecture (--set mongodb.architecture="xxxx") +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - both auth.usernames and auth.databases are necessary +to create a custom user and database during 1st initialization +*/}} +{{- define "mongodb.validateValues.customUsersDBs" -}} +{{- $customUsers := include "mongodb.customUsers" . -}} +{{- $customDatabases := include "mongodb.customDatabases" . -}} +{{- if or (and (empty $customUsers) (not (empty $customDatabases))) (and (not (empty $customUsers)) (empty $customDatabases)) }} +mongodb: auth.usernames, auth.databases + Both auth.usernames and auth.databases must be provided to create + custom users and databases during 1st initialization. + Please set both of them (--set auth.usernames[0]="xxxx",auth.databases[0]="yyyy") +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - both auth.usernames and auth.databases arrays should have the same length +to create a custom user and database during 1st initialization +*/}} +{{- define "mongodb.validateValues.customUsersDBsLength" -}} +{{- if ne (len .Values.auth.usernames) (len .Values.auth.databases) }} +mongodb: auth.usernames, auth.databases + Both auth.usernames and auth.databases arrays should have the same length +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - service type for external access +*/}} +{{- define "mongodb.validateValues.externalAccessServiceType" -}} +{{- if and (eq .Values.architecture "replicaset") (not (eq .Values.externalAccess.service.type "NodePort")) (not (eq .Values.externalAccess.service.type "LoadBalancer")) (not (eq .Values.externalAccess.service.type "ClusterIP")) -}} +mongodb: externalAccess.service.type + Available service type for external access are NodePort, LoadBalancer or ClusterIP. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - number of replicas must be the same than LoadBalancer IPs list +*/}} +{{- define "mongodb.validateValues.loadBalancerIPsListLength" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- $loadBalancerListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled ) (eq .Values.externalAccess.service.type "LoadBalancer") (not (eq $replicaCount $loadBalancerListLength )) -}} +mongodb: .Values.externalAccess.service.loadBalancerIPs + Number of replicas and loadBalancerIPs array length must be the same. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - number of replicas must be the same than NodePort list +*/}} +{{- define "mongodb.validateValues.nodePortListLength" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- $nodePortListLength := len .Values.externalAccess.service.nodePorts }} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "NodePort") (not (eq $replicaCount $nodePortListLength )) -}} +mongodb: .Values.externalAccess.service.nodePorts + Number of replicas and nodePorts array length must be the same. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - RBAC should be enabled when autoDiscovery is enabled +*/}} +{{- define "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (not .Values.rbac.create ) }} +mongodb: rbac.create + By specifying "externalAccess.enabled=true" and "externalAccess.autoDiscovery.enabled=true" + an initContainer will be used to autodetect the external IPs/ports by querying the + K8s API. Please note this initContainer requires specific RBAC resources. You can create them + by specifying "--set rbac.create=true". +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® exporter URI string - auth.enabled and/or tls.enabled must be enabled or it defaults +*/}} +{{- define "mongodb.mongodb_exporter.uri" -}} + {{- $uriTlsArgs := ternary "tls=true&tlsCertificateKeyFile=/certs/mongodb.pem&tlsCAFile=/certs/mongodb-ca-cert" "" .Values.tls.enabled -}} + {{- if .Values.metrics.username }} + {{- $uriAuth := ternary "$(echo $MONGODB_METRICS_USERNAME | sed -r \"s/@/%40/g;s/:/%3A/g\"):$(echo $MONGODB_METRICS_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} + {{- printf "mongodb://%slocalhost:27017/admin?%s" $uriAuth $uriTlsArgs -}} + {{- else -}} + {{- $uriAuth := ternary "$MONGODB_ROOT_USER:$(echo $MONGODB_ROOT_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} + {{- printf "mongodb://%slocalhost:27017/admin?%s" $uriAuth $uriTlsArgs -}} + {{- end -}} +{{- end -}} + + +{{/* +Return the appropriate apiGroup for PodSecurityPolicy. +*/}} +{{- define "podSecurityPolicy.apiGroup" -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "policy" -}} +{{- else -}} +{{- print "extensions" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS secret object should be created +*/}} +{{- define "mongodb.createTlsSecret" -}} +{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret containing MongoDB® TLS certificates +*/}} +{{- define "mongodb.tlsSecretName" -}} +{{- $secretName := .Values.tls.existingSecret -}} +{{- if $secretName -}} + {{- printf "%s" (tpl $secretName $) -}} +{{- else -}} + {{- printf "%s-ca" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml new file mode 100644 index 00000000..1aacbd79 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "mongodb.arbiter.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ print "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml new file mode 100644 index 00000000..2bc3658c --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml @@ -0,0 +1,33 @@ +{{- if (include "mongodb.arbiter.enabled" .) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.arbiter.service.nameOverride" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.arbiter.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.arbiter.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-mongodb + port: {{ .Values.arbiter.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.arbiter.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: arbiter +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml new file mode 100644 index 00000000..6402f682 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml @@ -0,0 +1,25 @@ +{{- if and (include "mongodb.arbiter.enabled" .) .Values.arbiter.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.arbiter.pdb.minAvailable }} + minAvailable: {{ .Values.arbiter.pdb.minAvailable }} + {{- end }} + {{- if .Values.arbiter.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.arbiter.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: arbiter +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml new file mode 100644 index 00000000..a54b3575 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml @@ -0,0 +1,279 @@ +{{- if (include "mongodb.arbiter.enabled" .) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.arbiter.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.arbiter.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.arbiter.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + serviceName: {{ include "mongodb.arbiter.service.nameOverride" . }} + podManagementPolicy: {{ .Values.arbiter.podManagementPolicy }} + {{- if .Values.arbiter.updateStrategy }} + updateStrategy: {{- toYaml .Values.arbiter.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: arbiter + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: arbiter + {{- if .Values.arbiter.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.arbiter.createConfigmap" .) .Values.arbiter.podAnnotations }} + annotations: + {{- if (include "mongodb.arbiter.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/arbiter/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.arbiter.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.arbiter.schedulerName }} + schedulerName: {{ .Values.arbiter.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.arbiter.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAffinityPreset "component" "arbiter" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAntiAffinityPreset "component" "arbiter" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.arbiter.nodeAffinityPreset.type "key" .Values.arbiter.nodeAffinityPreset.key "values" .Values.arbiter.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.arbiter.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.priorityClassName }} + priorityClassName: {{ .Values.arbiter.priorityClassName }} + {{- end }} + {{- if .Values.arbiter.runtimeClassName }} + runtimeClassName: {{ .Values.arbiter.runtimeClassName }} + {{- end }} + {{- if .Values.arbiter.podSecurityContext.enabled }} + securityContext: {{- omit .Values.arbiter.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.arbiter.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.arbiter.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if .Values.arbiter.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: generate-client + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.arbiter.service.nameOverride" . }} + {{- end }} + containers: + - name: mongodb-arbiter + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.arbiter.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.arbiter.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.arbiter.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.arbiter.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.arbiter.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.arbiter.service.nameOverride" . }}" + - name: MONGODB_REPLICA_SET_MODE + value: "arbiter" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.%s.$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) (include "mongodb.service.nameOverride" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + - name: MONGODB_PORT_NUMBER + value: {{ .Values.arbiter.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_INITIAL_PRIMARY_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + {{- $extraFlags := .Values.arbiter.extraFlags | join " " -}} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.arbiter.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.arbiter.extraEnvVarsCM .Values.arbiter.extraEnvVarsSecret }} + envFrom: + {{- if .Values.arbiter.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.arbiter.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.arbiter.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.arbiter.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.arbiter.containerPorts.mongodb }} + name: mongodb + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.arbiter.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- if .Values.arbiter.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.readinessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- if .Values.arbiter.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- end }} + {{- if .Values.arbiter.resources }} + resources: {{- toYaml .Values.arbiter.resources | nindent 12 }} + {{- end }} + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumeMounts .Values.tls.enabled }} + volumeMounts: + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.arbiter.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.arbiter.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0555 + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.arbiter.configmapName" . }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if .Values.arbiter.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml b/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml new file mode 100644 index 00000000..cb70b52f --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml @@ -0,0 +1,104 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + startup-probe.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true$' + readiness-probe.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + # Run the proper check depending on the version + [[ $(mongod -version | grep "db version") =~ ([0-9]+\.[0-9]+\.[0-9]+) ]] && VERSION=${BASH_REMATCH[1]} + . /opt/drycc/scripts/libversion.sh + VERSION_MAJOR="$(get_sematic_version "$VERSION" 1)" + VERSION_MINOR="$(get_sematic_version "$VERSION" 2)" + VERSION_PATCH="$(get_sematic_version "$VERSION" 3)" + if [[ ( "$VERSION_MAJOR" -ge 5 ) || ( "$VERSION_MAJOR" -ge 4 && "$VERSION_MINOR" -ge 4 && "$VERSION_PATCH" -ge 2 ) ]]; then + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true$' + else + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.isMaster().ismaster || db.isMaster().secondary' | grep -q 'true$' + fi + ping-mongodb.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval "db.adminCommand('ping')" + {{- if .Values.tls.enabled }} + generate-certs.sh: | + #!/bin/bash + additional_ips=() + additional_names=() + while getopts "i:n:s:" flag + do + case "${flag}" in + i) read -a additional_ips <<< ${OPTARG//,/ } ;; + n) read -a additional_names <<< ${OPTARG//,/ } ;; + s) svc=${OPTARG// /} ;; + \?) exit 1 ;; + esac + done + + my_hostname=$(hostname) + cp /certs/CAs/* /certs/ + cat >/certs/openssl.cnf <>/certs/openssl.cnf <>/certs/openssl.cnf < /certs/mongodb.pem + cd /certs/ + shopt -s extglob + rm -rf !(mongodb-ca-cert|mongodb.pem|CAs|openssl.cnf) + chmod 0600 mongodb-ca-cert mongodb.pem + {{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml new file mode 100644 index 00000000..76608c4e --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "mongodb.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml b/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml new file mode 100644 index 00000000..9ac65f9e --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml new file mode 100644 index 00000000..d7271f05 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml @@ -0,0 +1,15 @@ +{{- if (include "mongodb.hidden.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml new file mode 100644 index 00000000..d9bbdc8e --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml @@ -0,0 +1,67 @@ +{{- if and (include "mongodb.hidden.enabled" .) .Values.externalAccess.hidden.enabled }} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.hidden.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-hidden-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-hidden-%d-external" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} + {{- if or $root.Values.externalAccess.hidden.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.externalAccess.hidden.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.hidden.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.hidden.service.type }} + {{- if eq $root.Values.externalAccess.hidden.service.type "LoadBalancer" }} + {{- if not (empty $root.Values.externalAccess.hidden.service.loadBalancerIPs) }} + loadBalancerIP: {{ index $root.Values.externalAccess.hidden.service.loadBalancerIPs $i }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + {{- if (or (eq $root.Values.externalAccess.hidden.service.type "LoadBalancer") (eq $root.Values.externalAccess.hidden.service.type "NodePort")) }} + externalTrafficPolicy: {{ $root.Values.externalAccess.hidden.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.sessionAffinity }} + sessionAffinity: {{ $root.Values.externalAccess.hidden.service.sessionAffinity }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.externalAccess.hidden.service.portName | quote }} + port: {{ $root.Values.externalAccess.hidden.service.ports.mongodb }} + {{- if not (empty $root.Values.externalAccess.hidden.service.nodePorts) }} + {{- $nodePort := index $root.Values.externalAccess.hidden.service.nodePorts $i }} + nodePort: {{ $nodePort }} + {{- else }} + nodePort: null + {{- end }} + targetPort: mongodb + {{- if $root.Values.externalAccess.hidden.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: hidden + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml new file mode 100644 index 00000000..725e0256 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml @@ -0,0 +1,34 @@ +{{- if (include "mongodb.hidden.enabled" .) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.hidden.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.hidden.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: {{ .Values.hidden.service.portName | quote }} + port: {{ .Values.hidden.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.hidden.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: hidden +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml new file mode 100644 index 00000000..ce233db3 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml @@ -0,0 +1,22 @@ +{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" . )}} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.hidden.pdb.minAvailable }} + minAvailable: {{ .Values.hidden.pdb.minAvailable }} + {{- end }} + {{- if .Values.hidden.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.hidden.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: hidden +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml new file mode 100644 index 00000000..56ce237b --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml @@ -0,0 +1,533 @@ +{{- if (include "mongodb.hidden.enabled" .) }} +{{- $replicaCount := int .Values.hidden.replicaCount }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.hidden.service.loadBalancerIPs }} +{{- if not (and .Values.externalAccess.hidden.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.hidden.service.type "LoadBalancer")) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.hidden.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.hidden.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + serviceName: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + podManagementPolicy: {{ .Values.hidden.podManagementPolicy }} + replicas: {{ .Values.hidden.replicaCount }} + {{- if .Values.hidden.updateStrategy }} + updateStrategy: {{- toYaml .Values.hidden.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: hidden + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: hidden + {{- if .Values.hidden.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.hidden.createConfigmap" .) .Values.hidden.podAnnotations }} + annotations: + {{- if (include "mongodb.hidden.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/hidden/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.hidden.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hidden.schedulerName }} + schedulerName: {{ .Values.hidden.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.hidden.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAffinityPreset "component" "" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAntiAffinityPreset "component" "" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.hidden.nodeAffinityPreset.type "key" .Values.hidden.nodeAffinityPreset.key "values" .Values.hidden.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.hidden.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.priorityClassName }} + priorityClassName: {{ .Values.hidden.priorityClassName }} + {{- end }} + {{- if .Values.hidden.runtimeClassName }} + runtimeClassName: {{ .Values.hidden.runtimeClassName }} + {{- end }} + {{- if .Values.hidden.podSecurityContext.enabled }} + securityContext: {{- omit .Values.hidden.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.hidden.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.hidden.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.hidden.initContainers (and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled) (and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.hidden.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} + find {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.hidden.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + {{- if .Values.externalAccess.hidden.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.hidden.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: auto-discovery + image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} + imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} + command: + - /scripts/auto-discovery.sh + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SHARED_FILE + value: "/shared/info.txt" + {{- if .Values.externalAccess.autoDiscovery.resources }} + resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: shared + mountPath: /shared + - name: scripts + mountPath: /scripts/auto-discovery.sh + subPath: auto-discovery.sh + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.hidden.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.hidden.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.hidden.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.command "context" $) | nindent 12 }} + {{- else }} + command: + - /scripts/setup-hidden.sh + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.hidden.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.hidden.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: SHARED_FILE + value: "/shared/info.txt" + {{- end }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.service.nameOverride" . }}" + - name: K8S_HIDDEN_NODE_SERVICE_NAME + value: "{{ include "mongodb.fullname" . }}-hidden-headless" + - name: MONGODB_REPLICA_SET_MODE + value: "hidden" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.hidden.enabled) }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_HIDDEN_NODE_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + {{- end }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.hidden.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.hidden.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.hidden.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.hidden.extraEnvVarsCM .Values.hidden.extraEnvVarsSecret }} + envFrom: + {{- if .Values.hidden.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.hidden.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.hidden.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.hidden.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.hidden.containerPorts.mongodb }} + name: mongodb + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.hidden.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.hidden.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.hidden.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.hidden.resources }} + resources: {{- toYaml .Values.hidden.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.hidden.persistence.mountPath }} + subPath: {{ .Values.hidden.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + - name: scripts + mountPath: /scripts/setup-hidden.sh + subPath: setup-hidden.sh + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: shared + mountPath: /shared + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.hidden.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + /bin/mongodb_exporter --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: 9216 + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.hidden.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0555 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.hidden.configmapName" . }} + {{- end }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: shared + emptyDir: {} + {{- end }} + - name: scripts + configMap: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0755 + {{- if .Values.hidden.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.hidden.persistence.enabled }} + - name: datadir + {{- if .Values.hidden.persistence.medium }} + emptyDir: + medium: {{ .Values.hidden.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.hidden.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.hidden.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.hidden.persistence.size | quote }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.requests }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.hidden.persistence "global" .Values.global) }} + {{- end }} +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml new file mode 100644 index 00000000..f3d023ab --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-init-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml new file mode 100644 index 00000000..2a36dfc8 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml @@ -0,0 +1,33 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.metrics.service.type }} + ports: + - port: {{ .Values.metrics.service.ports.metrics }} + targetPort: metrics + protocol: TCP + name: http-metrics + {{- if .Values.metrics.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml new file mode 100644 index 00000000..26149ccb --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml @@ -0,0 +1,44 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.service.type "ClusterIP" }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.service.ports.mongodb }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + ingress: + - {} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml b/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml new file mode 100644 index 00000000..29d2ea46 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.prometheusRule.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "mongodb.fullname" . }} + rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml b/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml new file mode 100644 index 00000000..e9ef023b --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml @@ -0,0 +1,50 @@ +{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- if and $pspAvailable .Values.podSecurityPolicy.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: +{{- if .Values.podSecurityPolicy.spec }} +{{ include "common.tplvalues.render" ( dict "value" .Values.podSecurityPolicy.spec "context" $ ) | nindent 2 }} +{{- else }} + allowPrivilegeEscalation: {{ .Values.podSecurityPolicy.allowPrivilegeEscalation }} + fsGroup: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.podSecurityContext.fsGroup }} + max: {{ .Values.podSecurityContext.fsGroup }} + hostIPC: false + hostNetwork: false + hostPID: false + privileged: {{ .Values.podSecurityPolicy.privileged }} + readOnlyRootFilesystem: false + requiredDropCapabilities: + - ALL + runAsUser: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.containerSecurityContext.runAsUser }} + max: {{ .Values.containerSecurityContext.runAsUser }} + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.containerSecurityContext.runAsUser }} + max: {{ .Values.containerSecurityContext.runAsUser }} + volumes: + - 'configMap' + - 'secret' + - 'emptyDir' + - 'persistentVolumeClaim' +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml new file mode 100644 index 00000000..caa15f36 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml @@ -0,0 +1,32 @@ +{{- if (eq .Values.architecture "replicaset") }} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} +spec: + type: {{ $root.Values.service.type }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.service.portName | quote }} + port: {{ $root.Values.service.ports.mongodb }} + targetPort: mongodb + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml new file mode 100644 index 00000000..f1acd6bf --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml @@ -0,0 +1,67 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not (eq .Values.externalAccess.service.type "ClusterIP")) false}} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d-external" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} + {{- if or $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.externalAccess.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.service.type }} + {{- if eq $root.Values.externalAccess.service.type "LoadBalancer" }} + {{- if not (empty $root.Values.externalAccess.service.loadBalancerIPs) }} + loadBalancerIP: {{ index $root.Values.externalAccess.service.loadBalancerIPs $i }} + {{- end }} + {{- if $root.Values.externalAccess.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + {{- if (or (eq $root.Values.externalAccess.service.type "LoadBalancer") (eq $root.Values.externalAccess.service.type "NodePort")) }} + externalTrafficPolicy: {{ $root.Values.externalAccess.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if $root.Values.externalAccess.service.sessionAffinity }} + sessionAffinity: {{ $root.Values.externalAccess.service.sessionAffinity }} + {{- end }} + {{- if $root.Values.externalAccess.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.externalAccess.service.portName | quote }} + port: {{ $root.Values.externalAccess.service.ports.mongodb }} + {{- if not (empty $root.Values.externalAccess.service.nodePorts) }} + {{- $nodePort := index $root.Values.externalAccess.service.nodePorts $i }} + nodePort: {{ $nodePort }} + {{- else }} + nodePort: null + {{- end }} + targetPort: mongodb + {{- if $root.Values.externalAccess.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml new file mode 100644 index 00000000..78f26ab9 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml @@ -0,0 +1,34 @@ +{{- if eq .Values.architecture "replicaset" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.service.nameOverride" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: {{ .Values.service.portName | quote }} + port: {{ .Values.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml new file mode 100644 index 00000000..a2b6492f --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml @@ -0,0 +1,25 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml new file mode 100644 index 00000000..ed5a8627 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml @@ -0,0 +1,301 @@ +{{- if eq .Values.architecture "replicaset" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- $fullname := include "mongodb.fullname" . }} + {{- $releaseNamespace := include "mongodb.namespace" . }} + {{- if and .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + auto-discovery.sh: |- + #!/bin/bash + + SVC_NAME="${MY_POD_NAME}-external" + + # Auxiliary functions + retry_while() { + local -r cmd="${1:?cmd is missing}" + local -r retries="${2:-12}" + local -r sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<< "$cmd" + for ((i = 1 ; i <= retries ; i+=1 )); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value + } + k8s_svc_lb_ip() { + local namespace=${1:?namespace is missing} + local service=${2:?service is missing} + local service_ip=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].ip}") + local service_hostname=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].hostname}") + + if [[ -n ${service_ip} ]]; then + echo "${service_ip}" + else + echo "${service_hostname}" + fi + } + k8s_svc_lb_ip_ready() { + local namespace=${1:?namespace is missing} + local service=${2:?service is missing} + [[ -n "$(k8s_svc_lb_ip "$namespace" "$service")" ]] + } + # Wait until LoadBalancer IP is ready + retry_while "k8s_svc_lb_ip_ready {{ $releaseNamespace }} $SVC_NAME" || exit 1 + # Obtain LoadBalancer external IP + k8s_svc_lb_ip "{{ $releaseNamespace }}" "$SVC_NAME" | tee "$SHARED_FILE" + {{- end }} + setup.sh: |- + #!/bin/bash + + . /opt/drycc/scripts/mongodb-env.sh + . /opt/drycc/scripts/libfs.sh + . /opt/drycc/scripts/liblog.sh + . /opt/drycc/scripts/libvalidations.sh + + {{- if .Values.externalAccess.enabled }} + {{- if eq .Values.externalAccess.service.type "LoadBalancer" }} + {{- if .Values.externalAccess.autoDiscovery.enabled }} + export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" + {{- else }} + ID="${MY_POD_NAME#"{{ $fullname }}-"}" + export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- end }} + {{- else if eq .Values.externalAccess.service.type "NodePort" }} + ID="${MY_POD_NAME#"{{ $fullname }}-"}" + export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- if .Values.externalAccess.service.domain }} + export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.service.domain }} + {{- else }} + export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP + {{- end }} + {{- end }} + {{- end }} + + {{- if .Values.replicaSetConfigurationSettings.enabled }} + # placed here before root password env is overwritten + # makes no assumption about starting state + # ensures that any stepDown or non-default starting state is handled + /scripts/replicaSetConfigurationSettings.sh & + {{- end }} + + if is_empty_value "$MONGODB_ADVERTISED_PORT_NUMBER"; then + export MONGODB_ADVERTISED_PORT_NUMBER="$MONGODB_PORT_NUMBER" + fi + + info "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME" + info "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER" + + # Check for existing replica set in case there is no data in the PVC + # This is for cases where the PVC is lost or for MongoDB caches without + # persistence + current_primary="" + if is_dir_empty "${MONGODB_DATA_DIR}/db"; then + info "Data dir empty, checking if the replica set already exists" + {{- $replicaCount := int .Values.replicaCount }} + {{- $portNumber := int .Values.service.ports.mongodb }} + {{- $fullname := include "mongodb.fullname" . }} + {{- $releaseNamespace := include "mongodb.namespace" . }} + {{- $clusterDomain := .Values.clusterDomain }} + {{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} + {{- $mongoList := list }} + {{- range $e, $i := until $replicaCount }} + {{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} + {{- end }} + current_primary=$(mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }}{{- if .Values.tls.enabled}} --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert{{- end }} --eval 'db.runCommand("ismaster")' | awk -F\' '/primary/ {print $2}') + + if ! is_empty_value "$current_primary"; then + info "Detected existing primary: ${current_primary}" + fi + fi + + if ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" == "$current_primary" ]]; then + info "Advertised name matches current primary, configuring node as a primary" + export MONGODB_REPLICA_SET_MODE="primary" + elif ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" != "$current_primary" ]]; then + info "Current primary is different from this node. Configuring the node as replica of ${current_primary}" + export MONGODB_REPLICA_SET_MODE="secondary" + export MONGODB_INITIAL_PRIMARY_HOST="${current_primary%:*}" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="${current_primary#*:}" + export MONGODB_SET_SECONDARY_OK="yes" + elif [[ "$MY_POD_NAME" = "{{ $fullname }}-0" ]]; then + info "Pod name matches initial primary pod name, configuring node as a primary" + export MONGODB_REPLICA_SET_MODE="primary" + else + info "Pod name doesn't match initial primary pod name, configuring node as a secondary" + export MONGODB_REPLICA_SET_MODE="secondary" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER" + fi + + if [[ "$MONGODB_REPLICA_SET_MODE" == "secondary" ]]; then + export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER" + export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" + export MONGODB_ROOT_PASSWORD="" + export MONGODB_EXTRA_USERNAMES="" + export MONGODB_EXTRA_DATABASES="" + export MONGODB_EXTRA_PASSWORDS="" + export MONGODB_ROOT_PASSWORD_FILE="" + export MONGODB_EXTRA_USERNAMES_FILE="" + export MONGODB_EXTRA_DATABASES_FILE="" + export MONGODB_EXTRA_PASSWORDS_FILE="" + fi + + exec /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + setup-hidden.sh: |- + #!/bin/bash + + . /opt/drycc/scripts/mongodb-env.sh + + {{- if .Values.externalAccess.hidden.enabled }} + {{- if eq .Values.externalAccess.hidden.service.type "LoadBalancer" }} + {{- if .Values.externalAccess.autoDiscovery.enabled }} + export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" + {{- else }} + ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}" + export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.hidden.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- end }} + {{- else if eq .Values.externalAccess.hidden.service.type "NodePort" }} + ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}" + export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.hidden.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- if .Values.externalAccess.hidden.service.domain }} + export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.hidden.service.domain }} + {{- else }} + export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP + {{- end }} + {{- end }} + {{- end }} + + {{- if .Values.replicaSetConfigurationSettings.enabled }} + # placed here before root password env is overwritten + # makes no assumption about starting state + # ensures that any stepDown or non-default starting state is handled + /scripts/replicaSetConfigurationSettings.sh & + {{- end }} + + echo "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME" + echo "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER" + echo "Configuring node as a hidden node" + export MONGODB_REPLICA_SET_MODE="hidden" + export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER" + export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER" + export MONGODB_ROOT_PASSWORD="" + export MONGODB_EXTRA_USERNAMES="" + export MONGODB_EXTRA_DATABASES="" + export MONGODB_EXTRA_PASSWORDS="" + export MONGODB_ROOT_PASSWORD_FILE="" + export MONGODB_EXTRA_USERNAMES_FILE="" + export MONGODB_EXTRA_DATABASES_FILE="" + export MONGODB_EXTRA_PASSWORDS_FILE="" + exec /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + {{- if .Values.replicaSetConfigurationSettings.enabled }} + replicaSetConfigurationSettings.sh: |- + #!/bin/bash + # This script to be called when pod starts. + # This script sets rs settings which can not be applied via conf file + + function logger () + #$1 is the line to be logged + { + echo "replicaSetConfigurationSettings.sh -- ${1}" >&1 + } + + SLEEP_PERIOD=10 + + {{- if and .Values.auth.enabled .Values.auth.rootPassword }} + usernameAndPassword="-u root -p ${MONGODB_ROOT_PASSWORD}" + {{- else }} + usernameAndPassword="" + {{- end }} + + # load Values.replicaSetConfigurationSettings.configuration into associtive array which makes iterating and string manipulation easy + declare -A desiredRsConf + {{ range $setting, $value := .Values.replicaSetConfigurationSettings.configuration -}} + {{ printf "desiredRsConf[%s]='%v'" $setting $value }} + {{ end }} + + rsConfWriteAttempts=0 + rs_conf_configured_ok=unknown + + while [[ "${rs_conf_configured_ok}" != "true" ]]; do + + # give the rs setup a chance to succeed before attempting to read or configure + sleep ${SLEEP_PERIOD} + + counter=0 + while ! mongosh ${usernameAndPassword} --eval 'rs.conf()'; do + counter=$((${counter} +1)) + logger "not yet able to read rs.conf settings from the currently running rs (after ${counter} attempts)" + sleep ${SLEEP_PERIOD} + done + counter=$((${counter} +1)) + logger "rs.conf settings have been read from the currently running rs (after ${counter} attempts)" + + # read rs.conf again and store it. settings format is '"" : ,' + currentRsConf=$(mongosh ${usernameAndPassword} --eval 'rs.conf()') + + desiredEqualsactual=unknown + settingsToConfigure="" + for key in ${!desiredRsConf[@]}; do + value=${desiredRsConf[$key]} + if ! $(echo "\"${currentRsConf}"\" | grep -q -e "${key}: ${value},"); then + logger "rs conf setting: ${key} value will be set to: ${value}" + settingsToConfigure="${settingsToConfigure}cfg.settings.${key} = ${value}; " + desiredEqualsactual=false + else + logger "rs conf: ${key} is already at desired value: ${value}" + fi + done + + if [[ "${desiredEqualsactual}" != "false" ]]; then + logger "replicaSetConfigurationSettings match the settings of the currently running rs" + desiredEqualsactual=true + rs_conf_configured_ok=true + logger "Current settings match desired settings (There have been ${rsConfWriteAttempts} attempts to write to mongoDB rs configuration)" + exit + fi + + # apply the settings only if this member is currently the mongo replicaset PRIMARY + # it might take a little time before any pod is PRIMARY + isMaster=unknown + if ! mongosh ${usernameAndPassword} --eval 'rs.isMaster()' | grep -q "ismaster: true"; then + isMaster=false + logger "This node is not yet PRIMARY - replicaSetConfigurationSettings will only be set on the member that is currently PRIMARY" + else + isMaster=true + logger "This node is PRIMARY" + fi + + if [[ "${isMaster}" == "true" ]]; then + logger "This node is currently PRIMARY - will apply rs.conf settings" + + # avoiding tricky string substitution with single quotes by making the eval string a set of vars + rsconf="cfg = rs.conf();" + rsreconf="rs.reconfig(cfg);" + rsCommand="${rsconf} ${settingsToConfigure} ${rsreconf}" + + mongosh ${usernameAndPassword} --eval "${rsCommand}" + if [ $? -ne 0 ]; then + logger "Failed to apply mongodb cfg.settings configuration" + else + logger "mongodb replicaset cfg.settings configuration applied" + logger "Will check rs conf" + # don't exit just yet - the settings will be checked in the next loop + fi + rsConfWriteAttempts=$((${rsConfWriteAttempts} + 1 )) + fi + done + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml new file mode 100644 index 00000000..e7c0ff1c --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml @@ -0,0 +1,543 @@ +{{- if eq .Values.architecture "replicaset" }} +{{- $replicaCount := int .Values.replicaCount }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- if not (and .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer")) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.labels "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + serviceName: {{ include "mongodb.service.nameOverride" . }} + podManagementPolicy: {{ .Values.podManagementPolicy }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: Delete + whenScaled: Delete + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mongodb + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} + annotations: + {{- if (include "mongodb.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: {{ .Values.runtimeClassName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.service.nameOverride" . }} + {{- if .Values.externalAccess.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: auto-discovery + image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} + imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} + command: + - /scripts/auto-discovery.sh + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SHARED_FILE + value: "/shared/info.txt" + {{- if .Values.externalAccess.autoDiscovery.resources }} + resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: shared + mountPath: /shared + - name: scripts + mountPath: /scripts/auto-discovery.sh + subPath: auto-discovery.sh + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- else }} + command: + - /scripts/setup.sh + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: DRYCC_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: SHARED_FILE + value: "/shared/info.txt" + {{- end }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.service.nameOverride" . }}" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.enabled) }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + {{- end }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - name: mongodb + containerPort: {{ .Values.containerPorts.mongodb }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/readiness-probe.sh + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + - name: scripts + mountPath: /scripts/setup.sh + subPath: setup.sh + {{ if .Values.replicaSetConfigurationSettings.enabled }} + - name: scripts + mountPath: /scripts/replicaSetConfigurationSettings.sh + subPath: replicaSetConfigurationSettings.sh + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: shared + mountPath: /shared + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPort }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0550 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.configmapName" . }} + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: shared + emptyDir: {} + {{- end }} + - name: scripts + configMap: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0755 + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: datadir + {{- if .Values.persistence.medium }} + emptyDir: + medium: {{ .Values.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.volumeClaimTemplates.requests }} + {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.persistence.volumeClaimTemplates.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- end }} +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml new file mode 100644 index 00000000..55c56b87 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml @@ -0,0 +1,43 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }} + +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or $root.Values.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.service.type }} + ports: + - name: {{ $root.Values.service.portName | quote }} + port: {{ $root.Values.service.ports.mongodb }} + targetPort: mongodb + {{- if $root.Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/role.yaml b/addons/mongodb/7.0/chart/mongodb/templates/role.yaml new file mode 100644 index 00000000..56300431 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +{{- if .Values.rbac.rules }} +{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} +{{- end -}} +{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- if and $pspAvailable .Values.podSecurityPolicy.create }} + - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ include "mongodb.fullname" . }}] +{{- end -}} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml b/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml new file mode 100644 index 00000000..8950f8bb --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: Role + name: {{ include "mongodb.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "mongodb.serviceAccountName" . }} + namespace: {{ include "mongodb.namespace" . | quote }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml b/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml new file mode 100644 index 00000000..1c4e76ff --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml @@ -0,0 +1,37 @@ +{{- if (include "mongodb.createTlsSecret" .) }} +{{- $fullname := include "mongodb.fullname" . }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $cn := printf "%s.%s.svc.%s" $fullname .Release.Namespace $clusterDomain }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "mongodb.tlsSecretName" . }} + namespace: {{ template "mongodb.namespace" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if or .Values.tls.caCert .Values.tls.caKey (not .Values.tls.autoGenerated) }} + {{- $ca := buildCustomCert (required "A valid .Values.tls.caCert is required!" .Values.tls.caCert) (required "A valid .Values.tls.caKey is required!" .Values.tls.caKey) }} + {{- $cert := genSignedCert $cn nil nil 3650 $ca }} + {{- $pem := printf "%s%s" $cert.Cert $cert.Key }} + mongodb-ca-cert: {{ b64enc $ca.Cert }} + mongodb-ca-key: {{ b64enc $ca.Key }} + client-pem: {{ b64enc $pem }} + {{- else }} + {{- $ca:= genCA "myMongo-ca" 3650 }} + {{- $cert := genSignedCert $cn nil nil 3650 $ca }} + {{- $pem := printf "%s%s" $cert.Cert $cert.Key }} + mongodb-ca-cert: {{ b64enc $ca.Cert }} + mongodb-ca-key: {{ b64enc $ca.Key }} + client-pem: {{ b64enc $pem }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml b/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml new file mode 100644 index 00000000..acf8c483 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml @@ -0,0 +1,41 @@ +{{- if (include "mongodb.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ template "mongodb.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + mongodb-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-root-password" "providedValues" (list "auth.rootPassword" ) "context" $) }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- $customPasswords := include "mongodb.customPasswords" . -}} + {{- $passwordList := list -}} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) -}} + {{- if not (empty $customPasswords) -}} + {{- $passwordList = $customPasswords -}} + {{- else -}} + {{- $customUsersList := splitList "," $customUsers -}} + {{- $customPasswordsList := list -}} + {{- range $customUsersList -}} + {{- $customPasswordsList = append $customPasswordsList (randAlphaNum 10) -}} + {{- end -}} + {{- $passwordList = (join "," $customPasswordsList) -}} + {{- end }} + mongodb-passwords: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-passwords" "providedValues" (list "mongodbPasswords") "context" (set (deepCopy $) "Values" (dict "mongodbPasswords" $passwordList))) }} + {{- end }} + {{- if .Values.metrics.username }} + mongodb-metrics-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-metrics-password" "providedValues" (list "metrics.password" ) "context" $) }} + {{- end }} + {{- if eq .Values.architecture "replicaset" }} + mongodb-replica-set-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-replica-set-key" "providedValues" (list "auth.replicaSetKey" ) "context" $) }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml b/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml new file mode 100644 index 00000000..f4aa81a5 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml @@ -0,0 +1,23 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mongodb.serviceAccountName" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.serviceAccount.annotations }} + {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +secrets: + - name: {{ template "mongodb.fullname" . }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml b/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml new file mode 100644 index 00000000..0a00f719 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.serviceMonitor.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: metrics + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: metrics + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - "{{ include "mongodb.namespace" . }}" +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml new file mode 100644 index 00000000..ba3b74d2 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml @@ -0,0 +1,474 @@ +{{- if not (eq .Values.architecture "replicaset") }} +apiVersion: {{ if .Values.useStatefulSet }}{{ include "common.capabilities.statefulset.apiVersion" . }}{{- else }}{{ include "common.capabilities.deployment.apiVersion" . }}{{- end }} +kind: {{ if .Values.useStatefulSet }}StatefulSet{{- else }}Deployment{{- end }} +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.useStatefulSet }} + serviceName: {{ include "mongodb.fullname" . }} + {{- end }} + {{- if .Values.updateStrategy}} + {{- if .Values.useStatefulSet }} + updateStrategy: + {{- else }} + strategy: + {{- end }} + {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end}} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mongodb + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} + annotations: + {{- if (include "mongodb.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: {{ .Values.runtimeClassName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.service.nameOverride" . }} + {{- if .Values.externalAccess.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - name: mongodb + containerPort: {{ .Values.containerPorts.mongodb }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/readiness-probe.sh + {{- end }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPort }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0550 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.configmapName" . }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: datadir + {{- if .Values.persistence.medium }} + emptyDir: + medium: {{ .Values.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else if .Values.persistence.existingClaim }} + - name: datadir + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.persistence.existingClaim .) }} + {{- else if not .Values.useStatefulSet }} + - name: datadir + persistentVolumeClaim: + claimName: {{ template "mongodb.fullname" . }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml new file mode 100644 index 00000000..7786de63 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (not (eq .Values.architecture "replicaset")) (not .Values.useStatefulSet) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations .Values.persistence.resourcePolicy }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.resourcePolicy }} + helm.sh/resource-policy: {{ .Values.persistence.resourcePolicy | quote }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml new file mode 100644 index 00000000..44255798 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml @@ -0,0 +1,58 @@ +{{- if not (eq .Values.architecture "replicaset") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.externalIPs }} + externalIPs: {{ toYaml .Values.service.externalIPs | nindent 4 }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + ports: + - name: {{ .Values.service.portName | quote }} + port: {{ .Values.service.ports.mongodb }} + targetPort: mongodb + {{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) .Values.service.nodePorts.mongodb }} + nodePort: {{ .Values.service.nodePorts.mongodb }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/values.schema.json b/addons/mongodb/7.0/chart/mongodb/values.schema.json new file mode 100644 index 00000000..be8e54b4 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/values.schema.json @@ -0,0 +1,173 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "architecture": { + "type": "string", + "title": "MongoDB® architecture", + "form": true, + "description": "Allowed values: `standalone` or `replicaset`" + }, + "auth": { + "type": "object", + "title": "Authentication configuration", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Authentication", + "form": true + }, + "rootUser": { + "type": "string", + "title": "MongoDB® admin user", + "form": true, + "description": "Name of the admin user. Default is root" + }, + "rootPassword": { + "type": "string", + "title": "MongoDB® admin password", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": false, + "path": "auth/enabled" + } + }, + "database": { + "type": "string", + "title": "MongoDB® custom database", + "description": "Name of the custom database to be created during the 1st initialization of MongoDB®", + "form": true + }, + "username": { + "type": "string", + "title": "MongoDB® custom user", + "description": "Name of the custom user to be created during the 1st initialization of MongoDB®. This user only has permissions on the MongoDB® custom database", + "form": true + }, + "password": { + "type": "string", + "title": "Password for MongoDB® custom user", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": false, + "path": "auth/enabled" + } + }, + "replicaSetKey": { + "type": "string", + "title": "Key used for replica set authentication", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "replicaCount": { + "type": "integer", + "form": true, + "title": "Number of MongoDB® replicas", + "hidden": { + "value": "standalone", + "path": "architecture" + } + }, + "configuration": { + "type": "string", + "title": "MongoDB® Custom Configuration", + "form": true, + "render": "textArea" + }, + "arbiter": { + "type": "object", + "title": "Arbiter configuration", + "form": true, + "properties": { + "configuration": { + "type": "string", + "title": "Arbiter Custom Configuration", + "form": true, + "render": "textArea", + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "persistence": { + "type": "object", + "title": "Persistence configuration", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable persistence", + "description": "Enable persistence using Persistent Volume Claims" + }, + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi", + "hidden": { + "value": false, + "path": "persistence/enabled" + } + } + } + }, + "volumePermissions": { + "type": "object", + "hidden": { + "value": false, + "path": "persistence/enabled" + }, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" + } + } + }, + "metrics": { + "type": "object", + "form": true, + "title": "Prometheus metrics details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus metrics exporter", + "description": "Create a side-car container to expose Prometheus metrics", + "form": true + }, + "serviceMonitor": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus Operator ServiceMonitor", + "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", + "form": true, + "hidden": { + "value": false, + "path": "metrics/enabled" + } + } + } + } + } + } + } +} diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml new file mode 100644 index 00000000..3ffc0b04 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -0,0 +1,2053 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## @param global.namespaceOverride Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + namespaceOverride: "" + +## @section Common parameters +## + +## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override mongodb.fullname template +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## extraDeploy: +## This needs to be uncommented and added to 'extraDeploy' in order to use the replicaset 'mongo-labeler' sidecar +## for dynamically discovering the mongodb primary pod +## suggestion is to use a hard-coded and predictable TCP port for the primary mongodb pod (here is 30001, choose your own) +## - apiVersion: v1 +## kind: Service +## metadata: +## name: mongodb-primary +## namespace: the-mongodb-namespace +## labels: +## app.kubernetes.io/component: mongodb +## app.kubernetes.io/instance: mongodb +## app.kubernetes.io/managed-by: Helm +## app.kubernetes.io/name: mongodb +## spec: +## type: NodePort +## externalTrafficPolicy: Cluster +## ports: +## - name: mongodb +## port: 30001 +## nodePort: 30001 +## protocol: TCP +## targetPort: mongodb +## selector: +## app.kubernetes.io/component: mongodb +## app.kubernetes.io/instance: mongodb +## app.kubernetes.io/name: mongodb +## primary: "true" +## +extraDeploy: [] +## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template +## +commonLabels: {} +## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template +## +commonAnnotations: {} + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section MongoDB(®) parameters +## + +## Drycc MongoDB(®) image +## ref: https://hub.docker.com/r/drycc/mongodb/tags/ +## @param image.registry MongoDB(®) image registry +## @param image.repository MongoDB(®) image registry +## @param image.tag MongoDB(®) image tag (immutable tags are recommended) +## @param image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy MongoDB(®) image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Set to true if you would like to see extra information on logs +## +image: + registry: registry.drycc.cc + repository: drycc-addons/mongodb + tag: "7.0" + digest: "" + ## Specify a imagePullPolicy + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false + +## @param schedulerName Name of the scheduler (other than default) to dispatch pods +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`) +## +architecture: replicaset +## @param useStatefulSet Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) +## +useStatefulSet: false +## MongoDB(®) Authentication parameters +## +auth: + ## @param auth.enabled Enable authentication + ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ + ## + enabled: true + ## @param auth.rootUser MongoDB(®) root user + ## + rootUser: root + ## @param auth.rootPassword MongoDB(®) root password + ## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#setting-the-root-user-and-password-on-first-run + ## + rootPassword: "" + ## MongoDB(®) custom users and databases + ## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#creating-a-user-and-database-on-first-run + ## @param auth.usernames List of custom users to be created during the initialization + ## @param auth.passwords List of passwords for the custom users set at `auth.usernames` + ## @param auth.databases List of custom databases to be created during the initialization + ## + usernames: [] + passwords: [] + databases: [] + ## @param auth.username DEPRECATED: use `auth.usernames` instead + ## @param auth.password DEPRECATED: use `auth.passwords` instead + ## @param auth.database DEPRECATED: use `auth.databases` instead + username: "" + password: "" + database: "" + ## @param auth.replicaSetKey Key used for authentication in the replicaset (only when `architecture=replicaset`) + ## + replicaSetKey: "" + ## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) + ## NOTE: When it's set the previous parameters are ignored. + ## + existingSecret: "" +tls: + ## @param tls.enabled Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes + ## + enabled: false + ## @param tls.autoGenerated Generate a custom CA and self-signed certificates + ## + autoGenerated: true + ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) + ## NOTE: When it's set it will disable certificate creation + ## + existingSecret: "" + ## Add Custom CA certificate + ## @param tls.caCert Custom CA certificated (base64 encoded) + ## @param tls.caKey CA certificate private key (base64 encoded) + ## + caCert: "" + caKey: "" + ## Drycc Nginx image + ## @param tls.image.registry Init container TLS certs setup image registry + ## @param tls.image.repository Init container TLS certs setup image repository + ## @param tls.image.tag Init container TLS certs setup image tag (immutable tags are recommended) + ## @param tls.image.digest Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param tls.image.pullPolicy Init container TLS certs setup image pull policy + ## @param tls.image.pullSecrets Init container TLS certs specify docker-registry secret names as an array + ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients + ## + image: + registry: docker.io + repository: drycc/nginx + tag: 1.23.1-debian-11-r26 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + ## e.g: + ## extraDnsNames + ## "DNS.6": "$my_host" + ## "DNS.7": "$test" + ## + extraDnsNames: [] + ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) + ## + mode: requireTLS + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param tls.resources.limits Init container generate-tls-certs resource limits + ## @param tls.resources.requests Init container generate-tls-certs resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} +## @param hostAliases Add deployment host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param replicaSetName Name of the replica set (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## +replicaSetName: rs0 +## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## Ignored when externalAccess.enabled=true +## +replicaSetHostnames: true +## @param enableIPv6 Switch to enable/disable IPv6 on MongoDB(®) +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#enablingdisabling-ipv6 +## +enableIPv6: false +## @param directoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB(®) +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#enablingdisabling-directoryperdb +## +directoryPerDB: false +## MongoDB(®) System Log configuration +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#configuring-system-log-verbosity-level +## @param systemLogVerbosity MongoDB(®) system log verbosity level +## @param disableSystemLog Switch to enable/disable MongoDB(®) system log +## +systemLogVerbosity: 0 +disableSystemLog: false +## @param disableJavascript Switch to enable/disable MongoDB(®) server-side JavaScript execution +## ref: https://docs.mongodb.com/manual/core/server-side-javascript/ +## +disableJavascript: false +## @param enableJournal Switch to enable/disable MongoDB(®) Journaling +## ref: https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-storage.journal.enabled +## +enableJournal: true +## @param configuration MongoDB(®) configuration file to be used for Primary and Secondary nodes +## For documentation of all options, see: http://docs.mongodb.org/manual/reference/configuration-options/ +## Example: +## configuration: |- +## # where and how to store data. +## storage: +## dbPath: /drycc/mongodb/data/db +## journal: +## enabled: true +## directoryPerDB: false +## # where to write logging data +## systemLog: +## destination: file +## quiet: false +## logAppend: true +## logRotate: reopen +## path: /opt/drycc/mongodb/logs/mongodb.log +## verbosity: 0 +## # network interfaces +## net: +## port: 27017 +## unixDomainSocket: +## enabled: true +## pathPrefix: /opt/drycc/mongodb/tmp +## ipv6: false +## bindIpAll: true +## # replica set options +## #replication: +## #replSetName: replicaset +## #enableMajorityReadConcern: true +## # process management optionsT +## processManagement: +## fork: false +## pidFilePath: /opt/drycc/mongodb/tmp/mongodb.pid +## # set parameter options +## setParameter: +## enableLocalhostAuthBypass: true +## # security options +## security: +## authorization: disabled +## #keyFile: /opt/drycc/mongodb/conf/keyfile +## +configuration: "" +## @section replicaSetConfigurationSettings settings applied during runtime (not via configuration file) +## If enabled, these are applied by a script which is called within setup.sh +## for documentation see https://docs.mongodb.com/manual/reference/replica-configuration/#replica-set-configuration-fields +## @param replicaSetConfigurationSettings.enabled Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings +## @param replicaSetConfigurationSettings.configuration run-time rs.conf settings +## +replicaSetConfigurationSettings: + enabled: false + configuration: {} +## chainingAllowed : false +## heartbeatTimeoutSecs : 10 +## heartbeatIntervalMillis : 2000 +## electionTimeoutMillis : 10000 +## catchUpTimeoutMillis : 30000 +## @param existingConfigmap Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes +## NOTE: When it's set the arbiter.configuration parameter is ignored +## +existingConfigmap: "" +## @param initdbScripts Dictionary of initdb scripts +## Specify dictionary of scripts to be run at first boot +## Example: +## initdbScripts: +## my_init_script.sh: | +## #!/bin/bash +## echo "Do something." +## +initdbScripts: {} +## @param initdbScriptsConfigMap Existing ConfigMap with custom initdb scripts +## +initdbScriptsConfigMap: "" +## Command and args for running the container (set to default if not set). Use array form +## @param command Override default container command (useful when using custom images) +## @param args Override default container args (useful when using custom images) +## +command: [] +args: [] +## @param extraFlags MongoDB(®) additional command line flags +## Example: +## extraFlags: +## - "--wiredTigerCacheSizeGB=2" +## +extraFlags: [] +## @param extraEnvVars Extra environment variables to add to MongoDB(®) pods +## E.g: +## extraEnvVars: +## - name: FOO +## value: BAR +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) +## +extraEnvVarsSecret: "" + +## @section MongoDB(®) statefulset parameters +## + +## @param annotations Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template +## +annotations: {} +## @param labels Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template +## +labels: {} +## @param replicaCount Number of MongoDB(®) nodes (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## +replicaCount: 3 +## @param updateStrategy.type Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, +## this parameter will be applied on a deployment object. In other case it will be applied on a statefulset object +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## Example: +## updateStrategy: +## type: RollingUpdate +## rollingUpdate: +## maxSurge: 25% +## maxUnavailable: 25% +## +updateStrategy: + type: RollingUpdate +## @param podManagementPolicy Pod management policy for MongoDB(®) +## Should be initialized one by one when building the replicaset for the first time +## +podManagementPolicy: OrderedReady +## @param podAffinityPreset MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key MongoDB(®) Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values MongoDB(®) Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity MongoDB(®) Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector MongoDB(®) Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations MongoDB(®) Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param topologySpreadConstraints MongoDB(®) Spread Constraints for Pods +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## +topologySpreadConstraints: [] +## @param lifecycleHooks LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @param terminationGracePeriodSeconds MongoDB(®) Termination Grace Period +## +terminationGracePeriodSeconds: "" +## @param podLabels MongoDB(®) pod labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations MongoDB(®) Pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param priorityClassName Name of the existing priority class to be used by MongoDB(®) pod(s) +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param runtimeClassName Name of the runtime class to be used by MongoDB(®) pod(s) +## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ +## +runtimeClassName: "" +## MongoDB(®) pods' Security Context. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable MongoDB(®) pod(s)' Security Context +## @param podSecurityContext.fsGroup Group ID for the volumes of the MongoDB(®) pod(s) +## @param podSecurityContext.sysctls sysctl settings of the MongoDB(®) pod(s)' +## +podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] +## MongoDB(®) containers' Security Context (main and metrics container). +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enable MongoDB(®) container(s)' Security Context +## @param containerSecurityContext.runAsUser User ID for the MongoDB(®) container +## @param containerSecurityContext.runAsNonRoot Set MongoDB(®) container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true +## MongoDB(®) containers' resource requests and limits. +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for MongoDB(®) containers +## @param resources.requests The requested resources for MongoDB(®) containers +## +resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} +## @param containerPorts.mongodb MongoDB(®) container port +containerPorts: + mongodb: 27017 +## MongoDB(®) pods' liveness probe. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 +## MongoDB(®) pods' readiness probe. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## Slow starting containers can be protected through startup probes +## Startup probes are available in Kubernetes version 1.16 and above +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 30 +## @param customLivenessProbe Override default liveness probe for MongoDB(®) containers +## Ignored when livenessProbe.enabled=true +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe for MongoDB(®) containers +## Ignored when readinessProbe.enabled=true +## +customReadinessProbe: {} +## @param customStartupProbe Override default startup probe for MongoDB(®) containers +## Ignored when startupProbe.enabled=true +## +customStartupProbe: {} +## @param initContainers Add additional init containers for the hidden node pod(s) +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] +## @param sidecars Add additional sidecar containers for the MongoDB(®) pod(s) +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## This is an optional 'mongo-labeler' sidecar container that tracks replica-set for the primary mongodb pod +## and labels it dynamically with ' primary: "true" ' in order for an extra-deployed service to always expose +## and attach to the primary pod, this needs to be uncommented along with the suggested 'extraDeploy' example +## and the suggested rbac example for the pod to be allowed adding labels to mongo replica pods +## search 'mongo-labeler' through this file to find the sections that needs to be uncommented to make it work +## +## - name: mongo-labeler +## image: korenlev/k8s-mongo-labeler-sidecar +## imagePullPolicy: Always +## env: +## - name: LABEL_SELECTOR +## value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb" +## - name: NAMESPACE +## value: "the-mongodb-namespace" +## - name: DEBUG +## value: "true" +## +sidecars: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) +## Examples: +## extraVolumeMounts: +## - name: extras +## mountPath: /usr/share/extras +## readOnly: true +## +extraVolumeMounts: [] +## @param extraVolumes Optionally specify extra list of additional volumes to the MongoDB(®) statefulset +## extraVolumes: +## - name: extras +## emptyDir: {} +## +extraVolumes: [] +## MongoDB(®) Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) + ## + create: false + ## @param pdb.minAvailable Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction + ## + maxUnavailable: "" + +## @section Traffic exposure parameters +## + +## Service parameters +## +service: + ## @param service.nameOverride MongoDB(®) service name + ## + nameOverride: "" + ## @param service.type Kubernetes Service type (only for standalone architecture) + ## + type: ClusterIP + ## @param service.portName MongoDB(®) service port name (only for standalone architecture) + ## + portName: mongodb + ## @param service.ports.mongodb MongoDB(®) service port. + ## + ports: + mongodb: 27017 + ## @param service.nodePorts.mongodb Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + mongodb: "" + ## @param service.clusterIP MongoDB(®) service cluster IP (only for standalone architecture) + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## + externalIPs: [] + ## @param service.loadBalancerIP loadBalancerIP for MongoDB(®) Service (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + loadBalancerSourceRanges: [] + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations Provide any additional annotations that may be required + ## + annotations: {} + ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture) + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## External Access to MongoDB(®) nodes configuration +## +externalAccess: + ## @param externalAccess.enabled Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) + ## + enabled: false + ## External IPs auto-discovery configuration + ## An init container is used to auto-detect LB IPs or node ports by querying the K8s API + ## Note: RBAC might be required + ## + autoDiscovery: + ## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs by querying the K8s API + ## + enabled: false + ## Drycc Kubectl image + ## ref: https://hub.docker.com/r/drycc/kubectl/tags/ + ## @param externalAccess.autoDiscovery.image.registry Init container auto-discovery image registry + ## @param externalAccess.autoDiscovery.image.repository Init container auto-discovery image repository + ## @param externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended) + ## @param externalAccess.autoDiscovery.image.digest Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy + ## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets + ## + image: + registry: docker.io + repository: drycc/kubectl + tag: 1.25.2-debian-11-r2 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param externalAccess.autoDiscovery.resources.limits Init container auto-discovery resource limits + ## @param externalAccess.autoDiscovery.resources.requests Init container auto-discovery resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## Parameters to configure K8s service(s) used to externally access MongoDB(®) + ## A new service per broker will be created + ## + service: + ## @param externalAccess.service.type Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP + ## + type: LoadBalancer + ## @param externalAccess.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer + ## + portName: "mongodb" + ## @param externalAccess.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer + ## + ports: + mongodb: 27017 + ## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes + ## Example: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + loadBalancerIPs: [] + ## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param externalAccess.service.externalTrafficPolicy MongoDB(®) service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param externalAccess.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort + ## Example: + ## nodePorts: + ## - 30001 + ## - 30002 + ## + nodePorts: [] + ## @param externalAccess.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort + ## If not specified, the container will try to get the kubernetes node external IP + ## e.g: + ## domain: mydomain.com + ## + domain: "" + ## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param externalAccess.service.annotations Service annotations for external access + ## + annotations: {} + ## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param externalAccess.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## External Access to MongoDB(®) Hidden nodes configuration + ## + hidden: + ## @param externalAccess.hidden.enabled Enable Kubernetes external cluster access to MongoDB(®) hidden nodes + ## + enabled: false + ## Parameters to configure K8s service(s) used to externally access MongoDB(®) + ## A new service per broker will be created + ## + service: + ## @param externalAccess.hidden.service.type Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer + ## + type: LoadBalancer + ## @param externalAccess.hidden.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer + ## + portName: "mongodb" + ## @param externalAccess.hidden.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer + ## + ports: + mongodb: 27017 + ## @param externalAccess.hidden.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes + ## Example: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + loadBalancerIPs: [] + ## @param externalAccess.hidden.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param externalAccess.hidden.service.externalTrafficPolicy MongoDB(®) service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param externalAccess.hidden.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount + ## Example: + ## nodePorts: + ## - 30001 + ## - 30002 + ## + nodePorts: [] + ## @param externalAccess.hidden.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort + ## If not specified, the container will try to get the kubernetes node external IP + ## e.g: + ## domain: mydomain.com + ## + domain: "" + ## @param externalAccess.hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param externalAccess.hidden.service.annotations Service annotations for external access + ## + annotations: {} + ## @param externalAccess.hidden.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param externalAccess.hidden.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## @section Persistence parameters +## + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable MongoDB(®) data persistence using PVC + ## + enabled: true + ## @param persistence.medium Provide a medium for `emptyDir` volumes. + ## Requires persistence.enabled: false + ## + medium: "" + ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + ## Ignored when mongodb.architecture=replicaset + ## + existingClaim: "" + ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted + resourcePolicy: "" + ## @param persistence.storageClass PVC Storage Class for MongoDB(®) data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param persistence.accessModes PV Access Mode + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for MongoDB(®) data volume + ## + size: 8Gi + ## @param persistence.annotations PVC annotations + ## + annotations: {} + ## @param persistence.mountPath Path to mount the volume at + ## MongoDB(®) images. + ## + mountPath: /drycc/mongodb + ## @param persistence.subPath Subdirectory of the volume to mount at + ## and one PV for multiple services. + ## + subPath: "" + ## Fine tuning for volumeClaimTemplates + ## + volumeClaimTemplates: + ## @param persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) + ## A label query over volumes to consider for binding (e.g. when using local volumes) + ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details + ## + selector: {} + ## @param persistence.volumeClaimTemplates.requests Custom PVC requests attributes + ## Sometime cloud providers use additional requests attributes to provision custom storage instance + ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset + ## + requests: {} + ## @param persistence.volumeClaimTemplates.dataSource Add dataSource to the VolumeClaimTemplate + ## + dataSource: {} + +## @section RBAC parameters +## + +## ServiceAccount +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for MongoDB(®) pods + ## + create: true + ## @param serviceAccount.name Name of the created serviceAccount + ## If not set and create is true, a name is generated using the mongodb.fullname template + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: true +## Role Based Access +## ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## +rbac: + ## @param rbac.create Whether to create & use RBAC resources or not + ## binding MongoDB(®) ServiceAccount to a role + ## that allows MongoDB(®) pods querying the K8s API + ## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery + ## + create: false + ## @param rbac.rules Custom rules to create following the role specification + ## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## - watch + ## - update + ## + rules: [] +## PodSecurityPolicy configuration +## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created. +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later + ## + create: false + ## @param podSecurityPolicy.allowPrivilegeEscalation Enable privilege escalation + ## Either use predefined policy with some adjustments or use `podSecurityPolicy.spec` + ## + allowPrivilegeEscalation: false + ## @param podSecurityPolicy.privileged Allow privileged + ## + privileged: false + ## @param podSecurityPolicy.spec Specify the full spec to use for Pod Security Policy + ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + ## Defining a spec ignores the above values. + ## + spec: {} + ## Example: + ## allowPrivilegeEscalation: false + ## fsGroup: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## hostIPC: false + ## hostNetwork: false + ## hostPID: false + ## privileged: false + ## readOnlyRootFilesystem: false + ## requiredDropCapabilities: + ## - ALL + ## runAsUser: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## seLinux: + ## rule: 'RunAsAny' + ## supplementalGroups: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## volumes: + ## - 'configMap' + ## - 'secret' + ## - 'emptyDir' + ## - 'persistentVolumeClaim' + ## + +## @section Volume Permissions parameters +## +## Init Container parameters +## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component +## values from the securityContext section of the component +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` + ## + enabled: false + ## @param volumePermissions.image.registry Init container volume-permissions image registry + ## @param volumePermissions.image.repository Init container volume-permissions image repository + ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: drycc/drycc-shell + tag: 11-debian-11-r37 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param volumePermissions.resources.limits Init container volume-permissions resource limits + ## @param volumePermissions.resources.requests Init container volume-permissions resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## Init container Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false and shmVolume.chmod.enabled=false + ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container + ## + securityContext: + runAsUser: 0 + +## @section Arbiter parameters +## + +arbiter: + ## @param arbiter.enabled Enable deploying the arbiter + ## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/ + ## + enabled: false + ## @param arbiter.hostAliases Add deployment host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param arbiter.configuration Arbiter configuration file to be used + ## http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configuration: "" + ## @param arbiter.existingConfigmap Name of existing ConfigMap with Arbiter configuration + ## NOTE: When it's set the arbiter.configuration parameter is ignored + ## + existingConfigmap: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param arbiter.command Override default container command (useful when using custom images) + ## @param arbiter.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## @param arbiter.extraFlags Arbiter additional command line flags + ## Example: + ## extraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + extraFlags: [] + ## @param arbiter.extraEnvVars Extra environment variables to add to Arbiter pods + ## E.g: + ## extraEnvVars: + ## - name: FOO + ## value: BAR + ## + extraEnvVars: [] + ## @param arbiter.extraEnvVarsCM Name of existing ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param arbiter.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) + ## + extraEnvVarsSecret: "" + ## @param arbiter.annotations Additional labels to be added to the Arbiter statefulset + ## + annotations: {} + ## @param arbiter.labels Annotations to be added to the Arbiter statefulset + ## + labels: {} + ## @param arbiter.topologySpreadConstraints MongoDB(®) Spread Constraints for arbiter Pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + ## @param arbiter.lifecycleHooks LifecycleHook for the Arbiter container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param arbiter.terminationGracePeriodSeconds Arbiter Termination Grace Period + ## + terminationGracePeriodSeconds: "" + ## @param arbiter.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: RollingUpdate + ## @param arbiter.podManagementPolicy Pod management policy for MongoDB(®) + ## Should be initialized one by one when building the replicaset for the first time + ## + podManagementPolicy: OrderedReady + ## @param arbiter.schedulerName Name of the scheduler (other than default) to dispatch pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param arbiter.podAffinityPreset Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param arbiter.podAntiAffinityPreset Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param arbiter.nodeAffinityPreset.type Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param arbiter.nodeAffinityPreset.key Arbiter Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param arbiter.nodeAffinityPreset.values Arbiter Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param arbiter.affinity Arbiter Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: arbiter.podAffinityPreset, arbiter.podAntiAffinityPreset, and arbiter.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param arbiter.nodeSelector Arbiter Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param arbiter.tolerations Arbiter Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param arbiter.podLabels Arbiter pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param arbiter.podAnnotations Arbiter Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param arbiter.priorityClassName Name of the existing priority class to be used by Arbiter pod(s) + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param arbiter.runtimeClassName Name of the runtime class to be used by Arbiter pod(s) + ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ + ## + runtimeClassName: "" + ## MongoDB(®) Arbiter pods' Security Context. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param arbiter.podSecurityContext.enabled Enable Arbiter pod(s)' Security Context + ## @param arbiter.podSecurityContext.fsGroup Group ID for the volumes of the Arbiter pod(s) + ## @param arbiter.podSecurityContext.sysctls sysctl settings of the Arbiter pod(s)' + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] + ## MongoDB(®) Arbiter containers' Security Context (only main container). + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param arbiter.containerSecurityContext.enabled Enable Arbiter container(s)' Security Context + ## @param arbiter.containerSecurityContext.runAsUser User ID for the Arbiter container + ## @param arbiter.containerSecurityContext.runAsNonRoot Set Arbiter containers' Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## MongoDB(®) Arbiter containers' resource requests and limits. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param arbiter.resources.limits The resources limits for Arbiter containers + ## @param arbiter.resources.requests The requested resources for Arbiter containers + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port + ## + containerPorts: + mongodb: 27017 + ## MongoDB(®) Arbiter pods' liveness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.livenessProbe.enabled Enable livenessProbe + ## @param arbiter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param arbiter.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param arbiter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param arbiter.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param arbiter.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Arbiter pods' readiness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.readinessProbe.enabled Enable readinessProbe + ## @param arbiter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param arbiter.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param arbiter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param arbiter.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param arbiter.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Arbiter pods' startup probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.startupProbe.enabled Enable startupProbe + ## @param arbiter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param arbiter.startupProbe.periodSeconds Period seconds for startupProbe + ## @param arbiter.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param arbiter.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param arbiter.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param arbiter.customLivenessProbe Override default liveness probe for Arbiter containers + ## Ignored when arbiter.livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param arbiter.customReadinessProbe Override default readiness probe for Arbiter containers + ## Ignored when arbiter.readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param arbiter.customStartupProbe Override default startup probe for Arbiter containers + ## Ignored when arbiter.startupProbe.enabled=true + ## + customStartupProbe: {} + ## @param arbiter.initContainers Add additional init containers for the Arbiter pod(s) + ## Example: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + initContainers: [] + ## @param arbiter.sidecars Add additional sidecar containers for the Arbiter pod(s) + ## Example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param arbiter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Arbiter container(s) + ## Examples: + ## extraVolumeMounts: + ## - name: extras + ## mountPath: /usr/share/extras + ## readOnly: true + ## + extraVolumeMounts: [] + ## @param arbiter.extraVolumes Optionally specify extra list of additional volumes to the Arbiter statefulset + ## extraVolumes: + ## - name: extras + ## emptyDir: {} + ## + extraVolumes: [] + ## MongoDB(®) Arbiter Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + ## @param arbiter.pdb.create Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) + ## + create: false + ## @param arbiter.pdb.minAvailable Minimum number/percentage of Arbiter pods that should remain scheduled + ## + minAvailable: 1 + ## @param arbiter.pdb.maxUnavailable Maximum number/percentage of Arbiter pods that may be made unavailable + ## + maxUnavailable: "" + ## MongoDB(®) Arbiter service parameters + ## + service: + ## @param arbiter.service.nameOverride The arbiter service name + ## + nameOverride: "" + ## @param arbiter.service.ports.mongodb MongoDB(®) service port + ## + ports: + mongodb: 27017 + ## @param arbiter.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param arbiter.service.annotations Provide any additional annotations that may be required + ## + annotations: {} + +## @section Hidden Node parameters +## + +hidden: + ## @param hidden.enabled Enable deploying the hidden nodes + ## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/ + ## + enabled: false + ## @param hidden.hostAliases Add deployment host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param hidden.configuration Hidden node configuration file to be used + ## http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configuration: "" + ## @param hidden.existingConfigmap Name of existing ConfigMap with Hidden node configuration + ## NOTE: When it's set the hidden.configuration parameter is ignored + ## + existingConfigmap: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param hidden.command Override default container command (useful when using custom images) + ## @param hidden.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## @param hidden.extraFlags Hidden node additional command line flags + ## Example: + ## extraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + extraFlags: [] + ## @param hidden.extraEnvVars Extra environment variables to add to Hidden node pods + ## E.g: + ## extraEnvVars: + ## - name: FOO + ## value: BAR + ## + extraEnvVars: [] + ## @param hidden.extraEnvVarsCM Name of existing ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param hidden.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) + ## + extraEnvVarsSecret: "" + ## @param hidden.annotations Additional labels to be added to thehidden node statefulset + ## + annotations: {} + ## @param hidden.labels Annotations to be added to the hidden node statefulset + ## + labels: {} + ## @param hidden.topologySpreadConstraints MongoDB(®) Spread Constraints for hidden Pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + ## @param hidden.lifecycleHooks LifecycleHook for the Hidden container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param hidden.replicaCount Number of hidden nodes (only when `architecture=replicaset`) + ## Ignored when mongodb.architecture=standalone + ## + replicaCount: 1 + ## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period + ## + terminationGracePeriodSeconds: "" + ## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: RollingUpdate + ## @param hidden.podManagementPolicy Pod management policy for hidden node + ## + podManagementPolicy: OrderedReady + ## @param hidden.schedulerName Name of the scheduler (other than default) to dispatch pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param hidden.podAffinityPreset Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param hidden.podAntiAffinityPreset Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## Allowed values: soft, hard + ## + nodeAffinityPreset: + ## @param hidden.nodeAffinityPreset.type Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param hidden.nodeAffinityPreset.key Hidden Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param hidden.nodeAffinityPreset.values Hidden Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param hidden.affinity Hidden node Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param hidden.nodeSelector Hidden node Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param hidden.tolerations Hidden node Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param hidden.podLabels Hidden node pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param hidden.podAnnotations Hidden node Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param hidden.priorityClassName Name of the existing priority class to be used by hidden node pod(s) + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param hidden.runtimeClassName Name of the runtime class to be used by hidden node pod(s) + ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ + ## + runtimeClassName: "" + ## MongoDB(®) Hidden pods' Security Context. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param hidden.podSecurityContext.enabled Enable Hidden pod(s)' Security Context + ## @param hidden.podSecurityContext.fsGroup Group ID for the volumes of the Hidden pod(s) + ## @param hidden.podSecurityContext.sysctls sysctl settings of the Hidden pod(s)' + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] + ## MongoDB(®) Hidden containers' Security Context (only main container). + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param hidden.containerSecurityContext.enabled Enable Hidden container(s)' Security Context + ## @param hidden.containerSecurityContext.runAsUser User ID for the Hidden container + ## @param hidden.containerSecurityContext.runAsNonRoot Set Hidden containers' Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## MongoDB(®) Hidden containers' resource requests and limits. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param hidden.resources.limits The resources limits for hidden node containers + ## @param hidden.resources.requests The requested resources for hidden node containers + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param hidden.containerPorts.mongodb MongoDB(®) hidden container port + containerPorts: + mongodb: 27017 + ## MongoDB(®) Hidden pods' liveness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param hidden.livenessProbe.enabled Enable livenessProbe + ## @param hidden.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param hidden.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param hidden.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param hidden.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param hidden.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Hidden pods' readiness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param hidden.readinessProbe.enabled Enable readinessProbe + ## @param hidden.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param hidden.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param hidden.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param hidden.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param hidden.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## Slow starting containers can be protected through startup probes + ## Startup probes are available in Kubernetes version 1.16 and above + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes + ## @param hidden.startupProbe.enabled Enable startupProbe + ## @param hidden.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param hidden.startupProbe.periodSeconds Period seconds for startupProbe + ## @param hidden.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param hidden.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param hidden.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param hidden.customLivenessProbe Override default liveness probe for hidden node containers + ## Ignored when hidden.livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param hidden.customReadinessProbe Override default readiness probe for hidden node containers + ## Ignored when hidden.readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param hidden.customStartupProbe Override default startup probe for MongoDB(®) containers + ## Ignored when hidden.startupProbe.enabled=true + ## + customStartupProbe: {} + ## @param hidden.initContainers Add init containers to the MongoDB(®) Hidden pods. + ## Example: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + initContainers: [] + ## @param hidden.sidecars Add additional sidecar containers for the hidden node pod(s) + ## Example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param hidden.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the hidden node container(s) + ## Examples: + ## extraVolumeMounts: + ## - name: extras + ## mountPath: /usr/share/extras + ## readOnly: true + ## + extraVolumeMounts: [] + ## @param hidden.extraVolumes Optionally specify extra list of additional volumes to the hidden node statefulset + ## extraVolumes: + ## - name: extras + ## emptyDir: {} + ## + extraVolumes: [] + ## MongoDB(®) Hidden Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + ## @param hidden.pdb.create Enable/disable a Pod Disruption Budget creation for hidden node pod(s) + ## + create: false + ## @param hidden.pdb.minAvailable Minimum number/percentage of hidden node pods that should remain scheduled + ## + minAvailable: 1 + ## @param hidden.pdb.maxUnavailable Maximum number/percentage of hidden node pods that may be made unavailable + ## + maxUnavailable: "" + ## Enable persistence using Persistent Volume Claims + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param hidden.persistence.enabled Enable hidden node data persistence using PVC + ## + enabled: true + ## @param hidden.persistence.medium Provide a medium for `emptyDir` volumes. + ## Requires hidden.persistence.enabled: false + ## + medium: "" + ## @param hidden.persistence.storageClass PVC Storage Class for hidden node data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param hidden.persistence.accessModes PV Access Mode + ## + accessModes: + - ReadWriteOnce + ## @param hidden.persistence.size PVC Storage Request for hidden node data volume + ## + size: 8Gi + ## @param hidden.persistence.annotations PVC annotations + ## + annotations: {} + ## @param hidden.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB(®) images. + ## + mountPath: /drycc/mongodb + ## @param hidden.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: "" + ## Fine tuning for volumeClaimTemplates + ## + volumeClaimTemplates: + ## @param hidden.persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) + ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details + ## + selector: {} + ## @param hidden.persistence.volumeClaimTemplates.requests Custom PVC requests attributes + ## Sometime cloud providers use additional requests attributes to provision custom storage instance + ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset + ## + requests: {} + ## @param hidden.persistence.volumeClaimTemplates.dataSource Set volumeClaimTemplate dataSource + ## + dataSource: {} + service: + ## @param hidden.service.portName MongoDB(®) service port name + ## + portName: "mongodb" + ## @param hidden.service.ports.mongodb MongoDB(®) service port + ## + ports: + mongodb: 27017 + ## @param hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param hidden.service.annotations Provide any additional annotations that may be required + ## + annotations: {} + +## @section Metrics parameters +## + +metrics: + ## @param metrics.enabled Enable using a sidecar Prometheus exporter + ## + enabled: false + ## Drycc MongoDB(®) Promtheus Exporter image + ## ref: https://hub.docker.com/r/drycc/mongodb-exporter/tags/ + ## @param metrics.image.registry MongoDB(®) Prometheus exporter image registry + ## @param metrics.image.repository MongoDB(®) Prometheus exporter image repository + ## @param metrics.image.tag MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) + ## @param metrics.image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param metrics.image.pullPolicy MongoDB(®) Prometheus exporter image pull policy + ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: drycc/mongodb-exporter + tag: 0.34.0-debian-11-r19 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + ## @param metrics.username String with username for the metrics exporter + ## If undefined the root user will be used for the metrics exporter + username: "" + ## @param metrics.password String with password for the metrics exporter + ## If undefined but metrics.username is defined, a random password will be generated + password: "" + ## @param metrics.extraFlags String with extra flags to the metrics exporter + ## ref: https://github.com/percona/mongodb_exporter/blob/master/mongodb_exporter.go + ## + extraFlags: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param metrics.command Override default container command (useful when using custom images) + ## @param metrics.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## Metrics exporter container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param metrics.resources.limits The resources limits for Prometheus exporter containers + ## @param metrics.resources.requests The requested resources for Prometheus exporter containers + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param metrics.containerPort Port of the Prometheus metrics container + ## + containerPort: 9216 + ## Prometheus Exporter service configuration + ## + service: + ## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + prometheus.io/path: "/metrics" + ## @param metrics.service.type Type of the Prometheus metrics service + ## + type: ClusterIP + ## @param metrics.service.ports.metrics Port of the Prometheus metrics service + ## + ports: + metrics: 9216 + ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## Metrics exporter liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param metrics.livenessProbe.enabled Enable livenessProbe + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 5 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + ## Metrics exporter readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param metrics.readinessProbe.enabled Enable readinessProbe + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + ## Slow starting containers can be protected through startup probes + ## Startup probes are available in Kubernetes version 1.16 and above + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes + ## @param metrics.startupProbe.enabled Enable startupProbe + ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe + ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param metrics.customLivenessProbe Override default liveness probe for MongoDB(®) containers + ## Ignored when livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param metrics.customReadinessProbe Override default readiness probe for MongoDB(®) containers + ## Ignored when readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param metrics.customStartupProbe Override default startup probe for MongoDB(®) containers + ## Ignored when startupProbe.enabled=true + ## + customStartupProbe: {} + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion. + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + labels: {} + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/drycc/charts/tree/master/drycc/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## Custom PrometheusRule to be defined + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator + ## + enabled: false + ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.prometheusRule.namespace Namespace where prometheusRules resource should be created + ## + namespace: "" + ## @param metrics.prometheusRule.rules Rules to be created, check values for an example + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup + ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ + ## + ## This is an example of a rule, you should add the below code block under the "rules" param, removing the brackets + ## rules: + ## - alert: HighRequestLatency + ## expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5 + ## for: 10m + ## labels: + ## severity: page + ## annotations: + ## summary: High request latency + ## + rules: [] + +## Mongodb Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port Mongodb is listening + ## on. When true, Mongodb will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] diff --git a/addons/mongodb/7.0/meta.yaml b/addons/mongodb/7.0/meta.yaml new file mode 100644 index 00000000..9bfe6bb4 --- /dev/null +++ b/addons/mongodb/7.0/meta.yaml @@ -0,0 +1,24 @@ +name: mongodb +version: 7.0 +id: 383f7316-84f3-4955-8491-1d4b02b749c8 +description: "mongodb" +displayName: "mongodb" +metadata: + displayName: "mongodb" + provider: + name: drycc + supportURL: https://www.mongodb.com/docs/manual/ + documentationURL: https://www.mongodb.com/docs/manual/ +tags: mongodb +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "service.type" + required: false + description: "service type config for values.yaml" +- name: "networkPolicy.allowNamespaces" + required: false + description: "networkPolicy allowNamespaces config for values.yaml" +archive: false \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml new file mode 100644 index 00000000..b70bcfb0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1c2g10" +id: 8e0ff3e6-f633-4c25-8ff1-6d25cdc2ed98 +description: "mongodb standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G " +displayName: "standard-1c2g10" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml new file mode 100644 index 00000000..2f543d11 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-1c2g10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 1000m + memory: 2Gi + requests: + cpu: 1000m + memory: 2Gi + +persistence: + size: 10Gi From 455dc68e29a11ac5cebf410c5abad0bf2a2d4c8b Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 9 May 2024 14:21:44 +0800 Subject: [PATCH 076/176] chore(grafana): add plans --- .../{standard-5 => standard-1c1g5}/bind.yaml | 0 .../{standard-5 => standard-1c1g5}/meta.yaml | 0 .../values.yaml | 0 .../10/plans/standard-2c4g10/bind.yaml | 29 +++++++++++++++++++ .../10/plans/standard-2c4g10/meta.yaml | 6 ++++ .../10/plans/standard-2c4g10/values.yaml | 14 +++++++++ .../10/plans/standard-4c8g15/bind.yaml | 29 +++++++++++++++++++ .../10/plans/standard-4c8g15/meta.yaml | 6 ++++ .../10/plans/standard-4c8g15/values.yaml | 14 +++++++++ 9 files changed, 98 insertions(+) rename addons/grafana/10/plans/{standard-5 => standard-1c1g5}/bind.yaml (100%) rename addons/grafana/10/plans/{standard-5 => standard-1c1g5}/meta.yaml (100%) rename addons/grafana/10/plans/{standard-5 => standard-1c1g5}/values.yaml (100%) create mode 100644 addons/grafana/10/plans/standard-2c4g10/bind.yaml create mode 100644 addons/grafana/10/plans/standard-2c4g10/meta.yaml create mode 100644 addons/grafana/10/plans/standard-2c4g10/values.yaml create mode 100644 addons/grafana/10/plans/standard-4c8g15/bind.yaml create mode 100644 addons/grafana/10/plans/standard-4c8g15/meta.yaml create mode 100644 addons/grafana/10/plans/standard-4c8g15/values.yaml diff --git a/addons/grafana/10/plans/standard-5/bind.yaml b/addons/grafana/10/plans/standard-1c1g5/bind.yaml similarity index 100% rename from addons/grafana/10/plans/standard-5/bind.yaml rename to addons/grafana/10/plans/standard-1c1g5/bind.yaml diff --git a/addons/grafana/10/plans/standard-5/meta.yaml b/addons/grafana/10/plans/standard-1c1g5/meta.yaml similarity index 100% rename from addons/grafana/10/plans/standard-5/meta.yaml rename to addons/grafana/10/plans/standard-1c1g5/meta.yaml diff --git a/addons/grafana/10/plans/standard-5/values.yaml b/addons/grafana/10/plans/standard-1c1g5/values.yaml similarity index 100% rename from addons/grafana/10/plans/standard-5/values.yaml rename to addons/grafana/10/plans/standard-1c1g5/values.yaml diff --git a/addons/grafana/10/plans/standard-2c4g10/bind.yaml b/addons/grafana/10/plans/standard-2c4g10/bind.yaml new file mode 100644 index 00000000..ba4641b9 --- /dev/null +++ b/addons/grafana/10/plans/standard-2c4g10/bind.yaml @@ -0,0 +1,29 @@ +credential: + {{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.names.fullname" . }}-admin + jsonpath: '{ .data.GF_SECURITY_ADMIN_PASSWORD }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ include "common.names.fullname" . }}-admin + jsonpath: '{ .data.GF_SECURITY_ADMIN_USER }' + - name: PORT + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.ports[?(@.name=="http")].port }' + diff --git a/addons/grafana/10/plans/standard-2c4g10/meta.yaml b/addons/grafana/10/plans/standard-2c4g10/meta.yaml new file mode 100644 index 00000000..57ec73b0 --- /dev/null +++ b/addons/grafana/10/plans/standard-2c4g10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g10" +id: 837227d2-1522-45b9-abfe-7b631bd3bc91 +description: "grafana plan standard-2c4g10 which limit 2c4g ,default persistence size 10Gi." +displayName: "2c4g10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/grafana/10/plans/standard-2c4g10/values.yaml b/addons/grafana/10/plans/standard-2c4g10/values.yaml new file mode 100644 index 00000000..5c7adfbf --- /dev/null +++ b/addons/grafana/10/plans/standard-2c4g10/values.yaml @@ -0,0 +1,14 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-grafana-standard-10 + +resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi + +persistence: + size: 10Gi \ No newline at end of file diff --git a/addons/grafana/10/plans/standard-4c8g15/bind.yaml b/addons/grafana/10/plans/standard-4c8g15/bind.yaml new file mode 100644 index 00000000..ba4641b9 --- /dev/null +++ b/addons/grafana/10/plans/standard-4c8g15/bind.yaml @@ -0,0 +1,29 @@ +credential: + {{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.names.fullname" . }}-admin + jsonpath: '{ .data.GF_SECURITY_ADMIN_PASSWORD }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ include "common.names.fullname" . }}-admin + jsonpath: '{ .data.GF_SECURITY_ADMIN_USER }' + - name: PORT + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.ports[?(@.name=="http")].port }' + diff --git a/addons/grafana/10/plans/standard-4c8g15/meta.yaml b/addons/grafana/10/plans/standard-4c8g15/meta.yaml new file mode 100644 index 00000000..63abd120 --- /dev/null +++ b/addons/grafana/10/plans/standard-4c8g15/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c8g15" +id: bb2f6e62-b279-40a4-967b-20aa5c12e770 +description: "grafana plan standard-4c8g15 which limit 4c8g ,default persistence size 15Gi." +displayName: "4c8g15" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/grafana/10/plans/standard-4c8g15/values.yaml b/addons/grafana/10/plans/standard-4c8g15/values.yaml new file mode 100644 index 00000000..d92cd6ee --- /dev/null +++ b/addons/grafana/10/plans/standard-4c8g15/values.yaml @@ -0,0 +1,14 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-grafana-standard-15 + +resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 4000m + memory: 8Gi + +persistence: + size: 15Gi \ No newline at end of file From c02ad8ffe4b056e5b25f89f507715d76de88978f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 10 May 2024 11:14:58 +0800 Subject: [PATCH 077/176] chore(prometheus): add namespace containers base metrics --- .../prometheus/templates/networkpolicy.yaml | 6 +++ .../templates/server/configmap.yaml | 1 - .../templates/server/deployment.yaml | 1 - .../prometheus/2/chart/prometheus/values.yaml | 42 ++++++++----------- addons/prometheus/2/meta.yaml | 19 ++++++--- .../prometheus/2/plans/standard-10/meta.yaml | 6 --- .../2/plans/standard-10/values.yaml | 8 ---- .../prometheus/2/plans/standard-100/meta.yaml | 6 --- .../2/plans/standard-100/values.yaml | 8 ---- .../bind.yaml | 0 .../create-instance-schema.json | 0 .../meta.yaml | 4 +- .../2/plans/standard-16c32g500/values.yaml | 15 +++++++ .../bind.yaml | 0 .../create-instance-schema.json | 0 .../2/plans/standard-1c1g10/meta.yaml | 6 +++ .../2/plans/standard-1c1g10/values.yaml | 15 +++++++ .../2/plans/standard-200/values.yaml | 8 ---- .../bind.yaml | 0 .../create-instance-schema.json | 0 .../2/plans/standard-2c4g50/meta.yaml | 6 +++ .../values.yaml | 9 +++- .../bind.yaml | 0 .../create-instance-schema.json | 0 .../2/plans/standard-4c8g100/meta.yaml | 6 +++ .../2/plans/standard-4c8g100/values.yaml | 15 +++++++ .../prometheus/2/plans/standard-50/meta.yaml | 6 --- .../2/plans/standard-500/values.yaml | 8 ---- .../bind.yaml | 0 .../create-instance-schema.json | 0 .../meta.yaml | 4 +- .../2/plans/standard-8c16g200/values.yaml | 15 +++++++ 32 files changed, 126 insertions(+), 88 deletions(-) delete mode 100644 addons/prometheus/2/plans/standard-10/meta.yaml delete mode 100644 addons/prometheus/2/plans/standard-10/values.yaml delete mode 100644 addons/prometheus/2/plans/standard-100/meta.yaml delete mode 100644 addons/prometheus/2/plans/standard-100/values.yaml rename addons/prometheus/2/plans/{standard-100 => standard-16c32g500}/bind.yaml (100%) rename addons/prometheus/2/plans/{standard-10 => standard-16c32g500}/create-instance-schema.json (100%) rename addons/prometheus/2/plans/{standard-500 => standard-16c32g500}/meta.yaml (52%) create mode 100644 addons/prometheus/2/plans/standard-16c32g500/values.yaml rename addons/prometheus/2/plans/{standard-10 => standard-1c1g10}/bind.yaml (100%) rename addons/prometheus/2/plans/{standard-100 => standard-1c1g10}/create-instance-schema.json (100%) create mode 100644 addons/prometheus/2/plans/standard-1c1g10/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-1c1g10/values.yaml delete mode 100644 addons/prometheus/2/plans/standard-200/values.yaml rename addons/prometheus/2/plans/{standard-200 => standard-2c4g50}/bind.yaml (100%) rename addons/prometheus/2/plans/{standard-200 => standard-2c4g50}/create-instance-schema.json (100%) create mode 100644 addons/prometheus/2/plans/standard-2c4g50/meta.yaml rename addons/prometheus/2/plans/{standard-50 => standard-2c4g50}/values.yaml (56%) rename addons/prometheus/2/plans/{standard-50 => standard-4c8g100}/bind.yaml (100%) rename addons/prometheus/2/plans/{standard-50 => standard-4c8g100}/create-instance-schema.json (100%) create mode 100644 addons/prometheus/2/plans/standard-4c8g100/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-4c8g100/values.yaml delete mode 100644 addons/prometheus/2/plans/standard-50/meta.yaml delete mode 100644 addons/prometheus/2/plans/standard-500/values.yaml rename addons/prometheus/2/plans/{standard-500 => standard-8c16g200}/bind.yaml (100%) rename addons/prometheus/2/plans/{standard-500 => standard-8c16g200}/create-instance-schema.json (100%) rename addons/prometheus/2/plans/{standard-200 => standard-8c16g200}/meta.yaml (52%) create mode 100644 addons/prometheus/2/plans/standard-8c16g200/values.yaml diff --git a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml index 3b86d46e..51aa1a90 100644 --- a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml @@ -20,6 +20,7 @@ spec: podSelector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.server.service.type "ClusterIP" }} ingress: # Allow inbound connections - ports: @@ -44,4 +45,9 @@ spec: {{- end }} {{- end }} {{- end }} + {{- end }} + {{- if eq .Values.server.service.type "LoadBalancer" }} + ingress: + - {} + {{- end}} {{- end }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml index 8297025d..c2cf9d56 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml @@ -22,5 +22,4 @@ data: {{- include "common.tplvalues.render" (dict "value" .Values.server.webconfig "context" $) | toYaml | nindent 4 }} rules.yaml: {{- include "common.tplvalues.render" (dict "value" .Values.server.rules "context" $) | toYaml | nindent 4 }} - {{- end }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml index 83711fde..f1a5e88b 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml @@ -149,7 +149,6 @@ spec: args: - "--config.file=/opt/drycc/prometheus/conf/{{ include "prometheus.server.configmapKey" . }}" - "--storage.tsdb.path={{ .Values.server.persistence.mountPath }}" - - "--storage.tsdb.retention.time={{ .Values.server.retentionDays }}" - "--storage.tsdb.retention.size={{ .Values.server.retentionSize }}" - "--log.level={{ .Values.server.logLevel }}" - "--log.format={{ .Values.server.logFormat }}" diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 0f497da7..bf00f231 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -564,7 +564,10 @@ alertmanager: ## app: my-app ## selector: {} - +drycc: + token: xxxxx + url: xxxx + scheme: https ## @section Prometheus server Parameters ## ## Drycc Prometheus image @@ -577,8 +580,8 @@ alertmanager: ## @param server.image.pullSecrets Prometheus image pull secrets ## server: - username: admin - password: Sx3EIELCA + username: xxxx + password: xxxx image: registry: registry.drycc.cc repository: drycc-addons/prometheus @@ -658,26 +661,20 @@ server: ## @param server.alertingRules Prometheus alerting rules. This content will be stored in the the rules.yaml file and the content can be a template. ## ref: ## - rules: | - {{` - groups: - - name: PG数据库-监控告警 - rules: - - alert: PostgresqlDown - expr: pg_up == 0 - for: 0m - labels: - severity: critical - annotations: - summary: Postgresql down (instance {{ $labels.instance }}) - description: "Postgresql instance is down\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" - - `}} + rules: "" ## @param server.extraScrapeConfigs Promethus configuration, useful to declare new scrape_configs. This content will be merged with the 'server.configuration' value and stored in the the prometheus.yaml file. ## ref: ## - extraScrapeConfigs: [] + extraScrapeConfigs: + - job_name: 'containers' + scheme: '{{ .Values.drycc.scheme }}' + metrics_path: /v2/apps/{{ include "common.names.namespace" . }}/metrics + authorization: + type: Token + credentials: '{{ .Values.drycc.token }}' + static_configs: + - targets: [ '{{ .Values.drycc.url }}' ] ## @param server.replicaCount Number of Prometheus replicas to deploy ## @@ -1503,8 +1500,7 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: - - traefik + allowNamespaces: [] ## @section Init Container Parameters ## @@ -1557,10 +1553,6 @@ volumePermissions: scrapeAddons: enabled: true -scrapeNamespaces: - - xx1 - - xx2 - configmapReload: prometheus: ## If false, the configmap-reload container will not be deployed diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index a95995b0..c0047a1c 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -24,15 +24,22 @@ allow_parameters: - name: "alertmanager.enabled" required: false description: "alertmanager config for values.yaml" -- name: "server.retentionDays" +- name: "server.username" required: false - description: "retentionDays config for values.yaml default 15d" -- name: "server.retentionSize" + description: "prometheus administor username" +- name: "server.password" required: false - description: "retentionSize config for values.yaml default 0, unit MB, GB, TB" + description: "prometheus administor password" +- name: "drycc.token" + required: false + description: "drycc user token" +- name: "drycc.url" + required: false + description: "drycc url" +- name: "drycc.scheme" + required: false + description: "drycc scheme" - name: "server.rules" required: false description: "rules config for values.yaml" -- name: "scrapeNamespaces" - required: false archive: false diff --git a/addons/prometheus/2/plans/standard-10/meta.yaml b/addons/prometheus/2/plans/standard-10/meta.yaml deleted file mode 100644 index deb9b860..00000000 --- a/addons/prometheus/2/plans/standard-10/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-10" -id: c0a84136-5799-4267-b7bd-7b4398bcff72 -description: "Prometheus Cluster standard-10 plan persistence size 10Gi." -displayName: "10Gi" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-10/values.yaml b/addons/prometheus/2/plans/standard-10/values.yaml deleted file mode 100644 index 06e89f6a..00000000 --- a/addons/prometheus/2/plans/standard-10/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-prometheus-standard-10 - -server: - persistence: - size: 10Gi - # retentionSize: 8GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-100/meta.yaml b/addons/prometheus/2/plans/standard-100/meta.yaml deleted file mode 100644 index fdc3185e..00000000 --- a/addons/prometheus/2/plans/standard-100/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-100" -id: 118aada0-4826-4dba-83d8-989fbf47c55a -description: "Prometheus Cluster standard-100 plan persistence size 100Gi." -displayName: "100Gi" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-100/values.yaml b/addons/prometheus/2/plans/standard-100/values.yaml deleted file mode 100644 index 7e8b3d46..00000000 --- a/addons/prometheus/2/plans/standard-100/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-prometheus-standard-100 - -server: - persistence: - size: 100Gi - # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-100/bind.yaml b/addons/prometheus/2/plans/standard-16c32g500/bind.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-100/bind.yaml rename to addons/prometheus/2/plans/standard-16c32g500/bind.yaml diff --git a/addons/prometheus/2/plans/standard-10/create-instance-schema.json b/addons/prometheus/2/plans/standard-16c32g500/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plans/standard-10/create-instance-schema.json rename to addons/prometheus/2/plans/standard-16c32g500/create-instance-schema.json diff --git a/addons/prometheus/2/plans/standard-500/meta.yaml b/addons/prometheus/2/plans/standard-16c32g500/meta.yaml similarity index 52% rename from addons/prometheus/2/plans/standard-500/meta.yaml rename to addons/prometheus/2/plans/standard-16c32g500/meta.yaml index d58ee8e0..80b40ae3 100644 --- a/addons/prometheus/2/plans/standard-500/meta.yaml +++ b/addons/prometheus/2/plans/standard-16c32g500/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-500" +name: "standard-16c32g500" id: c28dc645-f17d-4304-a3f9-5dcaabad2a49 -description: "Prometheus Cluster standard-500 plan persistence size 500Gi." +description: "Prometheus server plan standard-16c32g500." displayName: "500Gi" bindable: true maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-16c32g500/values.yaml b/addons/prometheus/2/plans/standard-16c32g500/values.yaml new file mode 100644 index 00000000..dbb7f395 --- /dev/null +++ b/addons/prometheus/2/plans/standard-16c32g500/values.yaml @@ -0,0 +1,15 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-16c32g500 + +server: + resources: + limits: + cpu: 16000m + memory: 32Gi + requests: + cpu: 16000m + memory: 32Gi + persistence: + size: 500Gi + retentionSize: 498GB \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-10/bind.yaml b/addons/prometheus/2/plans/standard-1c1g10/bind.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-10/bind.yaml rename to addons/prometheus/2/plans/standard-1c1g10/bind.yaml diff --git a/addons/prometheus/2/plans/standard-100/create-instance-schema.json b/addons/prometheus/2/plans/standard-1c1g10/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plans/standard-100/create-instance-schema.json rename to addons/prometheus/2/plans/standard-1c1g10/create-instance-schema.json diff --git a/addons/prometheus/2/plans/standard-1c1g10/meta.yaml b/addons/prometheus/2/plans/standard-1c1g10/meta.yaml new file mode 100644 index 00000000..009714ad --- /dev/null +++ b/addons/prometheus/2/plans/standard-1c1g10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1c1g10" +id: c0a84136-5799-4267-b7bd-7b4398bcff72 +description: "Prometheus server plan standard-1c1g10." +displayName: "1c1g10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-1c1g10/values.yaml b/addons/prometheus/2/plans/standard-1c1g10/values.yaml new file mode 100644 index 00000000..b10bb91f --- /dev/null +++ b/addons/prometheus/2/plans/standard-1c1g10/values.yaml @@ -0,0 +1,15 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-1c1g10 + +server: + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 1000m + memory: 1Gi + persistence: + size: 10Gi + retentionSize: 8GB \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-200/values.yaml b/addons/prometheus/2/plans/standard-200/values.yaml deleted file mode 100644 index c5f2a7e5..00000000 --- a/addons/prometheus/2/plans/standard-200/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-prometheus-standard-200 - -server: - persistence: - size: 200Gi - # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-200/bind.yaml b/addons/prometheus/2/plans/standard-2c4g50/bind.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-200/bind.yaml rename to addons/prometheus/2/plans/standard-2c4g50/bind.yaml diff --git a/addons/prometheus/2/plans/standard-200/create-instance-schema.json b/addons/prometheus/2/plans/standard-2c4g50/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plans/standard-200/create-instance-schema.json rename to addons/prometheus/2/plans/standard-2c4g50/create-instance-schema.json diff --git a/addons/prometheus/2/plans/standard-2c4g50/meta.yaml b/addons/prometheus/2/plans/standard-2c4g50/meta.yaml new file mode 100644 index 00000000..1d46c14b --- /dev/null +++ b/addons/prometheus/2/plans/standard-2c4g50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g50" +id: eb7b3f73-dd94-4d05-8a48-63e7775f534d +description: "Prometheus server plan standard-2c4g50." +displayName: "2c4g50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-50/values.yaml b/addons/prometheus/2/plans/standard-2c4g50/values.yaml similarity index 56% rename from addons/prometheus/2/plans/standard-50/values.yaml rename to addons/prometheus/2/plans/standard-2c4g50/values.yaml index b59af0aa..31da543c 100644 --- a/addons/prometheus/2/plans/standard-50/values.yaml +++ b/addons/prometheus/2/plans/standard-2c4g50/values.yaml @@ -3,6 +3,13 @@ fullnameOverride: hb-prometheus-standard-50 server: + resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi persistence: size: 50Gi - # retentionSize: 48GBi \ No newline at end of file + retentionSize: 48GB \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-4c8g100/bind.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-50/bind.yaml rename to addons/prometheus/2/plans/standard-4c8g100/bind.yaml diff --git a/addons/prometheus/2/plans/standard-50/create-instance-schema.json b/addons/prometheus/2/plans/standard-4c8g100/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plans/standard-50/create-instance-schema.json rename to addons/prometheus/2/plans/standard-4c8g100/create-instance-schema.json diff --git a/addons/prometheus/2/plans/standard-4c8g100/meta.yaml b/addons/prometheus/2/plans/standard-4c8g100/meta.yaml new file mode 100644 index 00000000..3288c553 --- /dev/null +++ b/addons/prometheus/2/plans/standard-4c8g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c8g100" +id: 118aada0-4826-4dba-83d8-989fbf47c55a +description: "Prometheus server plan standard-4c8g100." +displayName: "100Gi" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-4c8g100/values.yaml b/addons/prometheus/2/plans/standard-4c8g100/values.yaml new file mode 100644 index 00000000..2aedee7d --- /dev/null +++ b/addons/prometheus/2/plans/standard-4c8g100/values.yaml @@ -0,0 +1,15 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-4c8g100 + +server: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 4000m + memory: 8Gi + persistence: + size: 100Gi + retentionSize: 98GB \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/meta.yaml b/addons/prometheus/2/plans/standard-50/meta.yaml deleted file mode 100644 index 0baaf0f9..00000000 --- a/addons/prometheus/2/plans/standard-50/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-50" -id: eb7b3f73-dd94-4d05-8a48-63e7775f534d -description: "Prometheus Cluster standard-50 plan persistence size 50Gi." -displayName: "50Gi" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-500/values.yaml b/addons/prometheus/2/plans/standard-500/values.yaml deleted file mode 100644 index 2b8e6318..00000000 --- a/addons/prometheus/2/plans/standard-500/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-prometheus-standard-500 - -server: - persistence: - size: 500Gi - # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-500/bind.yaml b/addons/prometheus/2/plans/standard-8c16g200/bind.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-500/bind.yaml rename to addons/prometheus/2/plans/standard-8c16g200/bind.yaml diff --git a/addons/prometheus/2/plans/standard-500/create-instance-schema.json b/addons/prometheus/2/plans/standard-8c16g200/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plans/standard-500/create-instance-schema.json rename to addons/prometheus/2/plans/standard-8c16g200/create-instance-schema.json diff --git a/addons/prometheus/2/plans/standard-200/meta.yaml b/addons/prometheus/2/plans/standard-8c16g200/meta.yaml similarity index 52% rename from addons/prometheus/2/plans/standard-200/meta.yaml rename to addons/prometheus/2/plans/standard-8c16g200/meta.yaml index ddc6523c..72baec3e 100644 --- a/addons/prometheus/2/plans/standard-200/meta.yaml +++ b/addons/prometheus/2/plans/standard-8c16g200/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-200" +name: "standard-8c16g200" id: be99a35d-dbb4-4e17-8b27-1f00c5bca057 -description: "Prometheus Cluster standard-200 plan persistence size 200Gi." +description: "Prometheus server plan standard-8c16g200." displayName: "200Gi" bindable: true maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-8c16g200/values.yaml b/addons/prometheus/2/plans/standard-8c16g200/values.yaml new file mode 100644 index 00000000..dfd0bf66 --- /dev/null +++ b/addons/prometheus/2/plans/standard-8c16g200/values.yaml @@ -0,0 +1,15 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-8c16g200 + +server: + resources: + limits: + cpu: 8000m + memory: 16Gi + requests: + cpu: 8000m + memory: 16Gi + persistence: + size: 200Gi + retentionSize: 198GB \ No newline at end of file From cdfb83fd6768ffc4370214e27d55e81c8ba312bd Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 14 May 2024 15:40:56 +0800 Subject: [PATCH 078/176] chore(grafana): add plans --- .../grafana/10/plans/standard-1c1g5/values.yaml | 15 ++++++++------- .../grafana/10/plans/standard-2c4g10/values.yaml | 16 ++++++++-------- .../grafana/10/plans/standard-4c8g15/values.yaml | 15 ++++++++------- 3 files changed, 24 insertions(+), 22 deletions(-) diff --git a/addons/grafana/10/plans/standard-1c1g5/values.yaml b/addons/grafana/10/plans/standard-1c1g5/values.yaml index ce943f14..f25675fc 100644 --- a/addons/grafana/10/plans/standard-1c1g5/values.yaml +++ b/addons/grafana/10/plans/standard-1c1g5/values.yaml @@ -2,13 +2,14 @@ ## fullnameOverride: hb-grafana-standard-5 -resources: - limits: - cpu: 1000m - memory: 1024Mi - requests: - cpu: 1000m - memory: 1024Mi +grafana: + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 1000m + memory: 1Gi persistence: size: 5Gi \ No newline at end of file diff --git a/addons/grafana/10/plans/standard-2c4g10/values.yaml b/addons/grafana/10/plans/standard-2c4g10/values.yaml index 5c7adfbf..8c60f5b9 100644 --- a/addons/grafana/10/plans/standard-2c4g10/values.yaml +++ b/addons/grafana/10/plans/standard-2c4g10/values.yaml @@ -1,14 +1,14 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## fullnameOverride: hb-grafana-standard-10 - -resources: - limits: - cpu: 2000m - memory: 4Gi - requests: - cpu: 2000m - memory: 4Gi +grafana: + resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi persistence: size: 10Gi \ No newline at end of file diff --git a/addons/grafana/10/plans/standard-4c8g15/values.yaml b/addons/grafana/10/plans/standard-4c8g15/values.yaml index d92cd6ee..33df72ff 100644 --- a/addons/grafana/10/plans/standard-4c8g15/values.yaml +++ b/addons/grafana/10/plans/standard-4c8g15/values.yaml @@ -2,13 +2,14 @@ ## fullnameOverride: hb-grafana-standard-15 -resources: - limits: - cpu: 4000m - memory: 8Gi - requests: - cpu: 4000m - memory: 8Gi +grafana: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 4000m + memory: 8Gi persistence: size: 15Gi \ No newline at end of file From 26980a26105c639ef752d60da58dc4c7aea4fe57 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 14 May 2024 15:41:20 +0800 Subject: [PATCH 079/176] chore(pmm): add plans --- .../2.41/plans/standard-2c2g10/values.yaml | 10 +++---- .../pmm/2.41/plans/standard-4c8g100/bind.yaml | 15 ++++++++++ .../create-instance-schema.json} | 0 .../pmm/2.41/plans/standard-4c8g100/meta.yaml | 6 ++++ .../2.41/plans/standard-4c8g100/values.yaml | 30 +++++++++++++++++++ .../2.41/plans/standard-8c16g200/bind.yaml | 15 ++++++++++ .../create-instance-schema.json | 12 ++++++++ .../2.41/plans/standard-8c16g200/meta.yaml | 6 ++++ .../2.41/plans/standard-8c16g200/values.yaml | 30 +++++++++++++++++++ 9 files changed, 119 insertions(+), 5 deletions(-) create mode 100644 addons/pmm/2.41/plans/standard-4c8g100/bind.yaml rename addons/pmm/2.41/plans/{standard-2c2g10/create-instance-schema.json~merged => standard-4c8g100/create-instance-schema.json} (100%) create mode 100644 addons/pmm/2.41/plans/standard-4c8g100/meta.yaml create mode 100644 addons/pmm/2.41/plans/standard-4c8g100/values.yaml create mode 100644 addons/pmm/2.41/plans/standard-8c16g200/bind.yaml create mode 100644 addons/pmm/2.41/plans/standard-8c16g200/create-instance-schema.json create mode 100644 addons/pmm/2.41/plans/standard-8c16g200/meta.yaml create mode 100644 addons/pmm/2.41/plans/standard-8c16g200/values.yaml diff --git a/addons/pmm/2.41/plans/standard-2c2g10/values.yaml b/addons/pmm/2.41/plans/standard-2c2g10/values.yaml index 676edb9d..dbca0885 100644 --- a/addons/pmm/2.41/plans/standard-2c2g10/values.yaml +++ b/addons/pmm/2.41/plans/standard-2c2g10/values.yaml @@ -1,6 +1,6 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: pmm-standard-10 +fullnameOverride: pmm-standard-2c2g10 ## MinIO® containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ @@ -13,12 +13,12 @@ fullnameOverride: pmm-standard-10 ## pmmResources: requests: - memory: "4Gi" - cpu: "4" + memory: "2Gi" + cpu: "2" hugepages-2Mi: 4Mi limits: - memory: "4Gi" - cpu: "4" + memory: "2Gi" + cpu: "2" hugepages-2Mi: 4Mi ## @section Persistence parameters diff --git a/addons/pmm/2.41/plans/standard-4c8g100/bind.yaml b/addons/pmm/2.41/plans/standard-4c8g100/bind.yaml new file mode 100644 index 00000000..973abc94 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-4c8g100/bind.yaml @@ -0,0 +1,15 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + value: 80 \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-2c2g10/create-instance-schema.json~merged b/addons/pmm/2.41/plans/standard-4c8g100/create-instance-schema.json similarity index 100% rename from addons/pmm/2.41/plans/standard-2c2g10/create-instance-schema.json~merged rename to addons/pmm/2.41/plans/standard-4c8g100/create-instance-schema.json diff --git a/addons/pmm/2.41/plans/standard-4c8g100/meta.yaml b/addons/pmm/2.41/plans/standard-4c8g100/meta.yaml new file mode 100644 index 00000000..a69cbf46 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-4c8g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c8g100" +id: f0056f40-4cf2-40f1-935c-9d7f6f98ea72 +description: "pmm standard-4c8g100G" +displayName: "standard-4c8g100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/pmm/2.41/plans/standard-4c8g100/values.yaml b/addons/pmm/2.41/plans/standard-4c8g100/values.yaml new file mode 100644 index 00000000..d38ab596 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-4c8g100/values.yaml @@ -0,0 +1,30 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: pmm-standard-4c8g100 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +pmmResources: + requests: + memory: "8Gi" + cpu: "4" + hugepages-2Mi: 4Mi + limits: + memory: "8Gi" + cpu: "4" + hugepages-2Mi: 4Mi + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +storage: + size: 100Gi diff --git a/addons/pmm/2.41/plans/standard-8c16g200/bind.yaml b/addons/pmm/2.41/plans/standard-8c16g200/bind.yaml new file mode 100644 index 00000000..973abc94 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-8c16g200/bind.yaml @@ -0,0 +1,15 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + value: 80 \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-8c16g200/create-instance-schema.json b/addons/pmm/2.41/plans/standard-8c16g200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-8c16g200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-8c16g200/meta.yaml b/addons/pmm/2.41/plans/standard-8c16g200/meta.yaml new file mode 100644 index 00000000..2830d4d4 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-8c16g200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c16g200" +id: 8059d78d-8ed1-4dd2-8f05-80dc63b321c3 +description: "pmm standard-8c16g200 " +displayName: "standard-8c16g200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/pmm/2.41/plans/standard-8c16g200/values.yaml b/addons/pmm/2.41/plans/standard-8c16g200/values.yaml new file mode 100644 index 00000000..b1f6f068 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-8c16g200/values.yaml @@ -0,0 +1,30 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: pmm-standard-8c16g200 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +pmmResources: + requests: + memory: "16Gi" + cpu: "8" + hugepages-2Mi: 4Mi + limits: + memory: "16Gi" + cpu: "8" + hugepages-2Mi: 4Mi + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +storage: + size: 200Gi From 51412a639becc7c4b9c1c8054f89158c8c3a0346 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 14 May 2024 15:41:47 +0800 Subject: [PATCH 080/176] chore(prometheus): add plans --- .../prometheus/templates/_scrape_config.tpl | 1 + .../prometheus/templates/networkpolicy.yaml | 2 +- .../prometheus/2/chart/prometheus/values.yaml | 37 +++++++++++++------ addons/prometheus/2/meta.yaml | 11 ++---- 4 files changed, 31 insertions(+), 20 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index 4e078fe8..d89b798e 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -60,6 +60,7 @@ relabel_configs: - __meta_kubernetes_service_name target_label: service - source_labels: + - __meta_kubernetes_pod_name target_label: pod - source_labels: diff --git a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml index 51aa1a90..3e5bd000 100644 --- a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml @@ -44,7 +44,7 @@ spec: kubernetes.io/metadata.name: {{ $namespace }} {{- end }} {{- end }} - {{- end }} + {{- end }} {{- end }} {{- if eq .Values.server.service.type "LoadBalancer" }} ingress: diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index bf00f231..87ff3e47 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -564,10 +564,12 @@ alertmanager: ## app: my-app ## selector: {} -drycc: + +containerScrape: token: xxxxx url: xxxx scheme: https + namespaces: [] ## @section Prometheus server Parameters ## ## Drycc Prometheus image @@ -641,6 +643,24 @@ server: - job_name: addons {{- include "addons.ds_scrape_config" (dict "context" $) | nindent 4 }} {{- end }} + + {{ $scheme := .Values.containerScrape.scheme }} + {{ $token := .Values.containerScrape.token }} + {{ $url := .Values.containerScrape.url }} + {{- range $namespace := .Values.containerScrape.namespaces }} + + {{- if $namespace }} + - job_name: 'jobns-%s {{ $namespace }}' + scheme: {{ $scheme }} + metrics_path: /v2/apps/{{ $namespace }}/metrics + authorization: + type: Token + credentials: {{ $token }} + static_configs: + - targets: [ {{ $url }} ] + {{- end }} + {{- end }} + {{- if .Values.server.extraScrapeConfigs}} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraScrapeConfigs "context" $) | nindent 2 }} {{- end }} @@ -657,7 +677,7 @@ server: static_configs: - targets: [ "{{ printf "%s.%s.svc.%s:%d" (include "prometheus.alertmanager.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain (int .Values.alertmanager.service.ports.http) }}" ] {{- end }} - + ## @param server.alertingRules Prometheus alerting rules. This content will be stored in the the rules.yaml file and the content can be a template. ## ref: ## @@ -666,16 +686,9 @@ server: ## @param server.extraScrapeConfigs Promethus configuration, useful to declare new scrape_configs. This content will be merged with the 'server.configuration' value and stored in the the prometheus.yaml file. ## ref: ## - extraScrapeConfigs: - - job_name: 'containers' - scheme: '{{ .Values.drycc.scheme }}' - metrics_path: /v2/apps/{{ include "common.names.namespace" . }}/metrics - authorization: - type: Token - credentials: '{{ .Values.drycc.token }}' - static_configs: - - targets: [ '{{ .Values.drycc.url }}' ] - + + extraScrapeConfigs: [] + ## @param server.replicaCount Number of Prometheus replicas to deploy ## replicaCount: 1 diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index c0047a1c..4b39707e 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -30,15 +30,12 @@ allow_parameters: - name: "server.password" required: false description: "prometheus administor password" -- name: "drycc.token" +- name: "containerScrape" required: false - description: "drycc user token" -- name: "drycc.url" + description: "container scrape" +- name: "extraScrapeConfigs" required: false - description: "drycc url" -- name: "drycc.scheme" - required: false - description: "drycc scheme" + description: "extra scrape configs" - name: "server.rules" required: false description: "rules config for values.yaml" From e85ba0c39d2d42b1c6027dadbc158ba75af05dcb Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 14 May 2024 16:09:55 +0800 Subject: [PATCH 081/176] chore(mongodb): enable metrics --- addons/index.yaml | 5 ++++- .../7.0/chart/mongodb/templates/hidden/statefulset.yaml | 2 +- .../chart/mongodb/templates/replicaset/statefulset.yaml | 2 +- .../7.0/chart/mongodb/templates/standalone/dep-sts.yaml | 2 +- addons/mongodb/7.0/chart/mongodb/values.yaml | 8 ++++---- 5 files changed, 11 insertions(+), 8 deletions(-) diff --git a/addons/index.yaml b/addons/index.yaml index 0ec08fc0..7fb5ca90 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -56,4 +56,7 @@ entries: description: "Percona Monitoring and Management: an open source database monitoring, observability and management tool ." mongodb: - version: 7.0 - description: "MongoDB is a document database designed for ease of application development and scaling." \ No newline at end of file + description: "MongoDB is a document database designed for ease of application development and scaling." + clickhouse: + - version: 24 + description: "ClickHouse is the fastest and most resource efficient open-source database for real-time apps and analytics." \ No newline at end of file diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml index 56ce237b..9373d937 100644 --- a/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml @@ -393,7 +393,7 @@ spec: {{- else }} args: - | - /bin/mongodb_exporter --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + mongodb_exporter --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} {{- end }} env: {{- if .Values.auth.enabled }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml index e7c0ff1c..6a385860 100644 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml @@ -403,7 +403,7 @@ spec: {{- else }} args: - | - /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} {{- end }} env: {{- if .Values.auth.enabled }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml index ba3b74d2..6ef4530c 100644 --- a/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml +++ b/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml @@ -341,7 +341,7 @@ spec: {{- else }} args: - | - /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} {{- end }} env: {{- if .Values.auth.enabled }} diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index 3ffc0b04..afb479ed 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -1822,7 +1822,7 @@ hidden: metrics: ## @param metrics.enabled Enable using a sidecar Prometheus exporter ## - enabled: false + enabled: true ## Drycc MongoDB(®) Promtheus Exporter image ## ref: https://hub.docker.com/r/drycc/mongodb-exporter/tags/ ## @param metrics.image.registry MongoDB(®) Prometheus exporter image registry @@ -1833,9 +1833,9 @@ metrics: ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array ## image: - registry: docker.io - repository: drycc/mongodb-exporter - tag: 0.34.0-debian-11-r19 + registry: registry.drycc.cc + repository: drycc-addons/mongodb_exporterr + tag: 0 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 4df630654885a6a2bd4840da5d2736308b767e53 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 14 May 2024 16:12:10 +0800 Subject: [PATCH 082/176] chore(mongodb): enable metrics --- addons/mongodb/7.0/chart/mongodb/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index afb479ed..b196cd90 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -1834,7 +1834,7 @@ metrics: ## image: registry: registry.drycc.cc - repository: drycc-addons/mongodb_exporterr + repository: drycc-addons/mongodb_exporter tag: 0 digest: "" pullPolicy: IfNotPresent From 3a1800986dabe25878a1d9b7330889bce17a29ae Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 14 May 2024 17:45:54 +0800 Subject: [PATCH 083/176] fix(mongodb): networkpolicy for exporter --- addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml | 1 + addons/mongodb/7.0/chart/mongodb/values.yaml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml index 26149ccb..91ca0aa1 100644 --- a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml +++ b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml @@ -21,6 +21,7 @@ spec: # Allow inbound connections - ports: - port: {{ .Values.service.ports.mongodb }} + - port: {{ .Values.metrics.service..ports.metrics }} {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index b196cd90..9068cec9 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -1834,7 +1834,7 @@ metrics: ## image: registry: registry.drycc.cc - repository: drycc-addons/mongodb_exporter + repository: drycc-addons/mongodb-exporter tag: 0 digest: "" pullPolicy: IfNotPresent From 42bce72945d7ef0f65a3854432b96a6f85b460ca Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 15 May 2024 09:05:10 +0800 Subject: [PATCH 084/176] megre(prometheus): megre upstream --- .../2/chart/prometheus/templates/networkpolicy.yaml | 4 ---- addons/prometheus/2/meta.yaml | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ 5 files changed, 52 deletions(-) delete mode 100644 addons/prometheus/2/plans/standard-16c32g500/create-instance-schema.json~merged delete mode 100644 addons/prometheus/2/plans/standard-1c1g10/create-instance-schema.json~merged delete mode 100644 addons/prometheus/2/plans/standard-2c4g50/create-instance-schema.json~merged diff --git a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml index 69c28664..3e5bd000 100644 --- a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml @@ -46,10 +46,6 @@ spec: {{- end }} {{- end }} {{- end }} -<<<<<<< HEAD -======= - {{- end }} ->>>>>>> 453a91857971275fb746127d5c3d9100c3c8215c {{- if eq .Values.server.service.type "LoadBalancer" }} ingress: - {} diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index 772c9ddb..4b39707e 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -30,24 +30,12 @@ allow_parameters: - name: "server.password" required: false description: "prometheus administor password" -<<<<<<< HEAD - name: "containerScrape" required: false description: "container scrape" - name: "extraScrapeConfigs" required: false description: "extra scrape configs" -======= -- name: "drycc.token" - required: false - description: "drycc user token" -- name: "drycc.url" - required: false - description: "drycc url" -- name: "drycc.scheme" - required: false - description: "drycc scheme" ->>>>>>> 453a91857971275fb746127d5c3d9100c3c8215c - name: "server.rules" required: false description: "rules config for values.yaml" diff --git a/addons/prometheus/2/plans/standard-16c32g500/create-instance-schema.json~merged b/addons/prometheus/2/plans/standard-16c32g500/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/prometheus/2/plans/standard-16c32g500/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-1c1g10/create-instance-schema.json~merged b/addons/prometheus/2/plans/standard-1c1g10/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/prometheus/2/plans/standard-1c1g10/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-2c4g50/create-instance-schema.json~merged b/addons/prometheus/2/plans/standard-2c4g50/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/prometheus/2/plans/standard-2c4g50/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file From b7e8456ba7707b5f1fb337e07f2ab533e5667694 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 15 May 2024 09:12:12 +0800 Subject: [PATCH 085/176] megre(mongodb): megre upstream --- addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml index 91ca0aa1..28b22388 100644 --- a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml +++ b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml @@ -21,7 +21,7 @@ spec: # Allow inbound connections - ports: - port: {{ .Values.service.ports.mongodb }} - - port: {{ .Values.metrics.service..ports.metrics }} + - port: {{ .Values.metrics.service.ports.metrics }} {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} From e9205e993716d594697942ad150c916cb6fc0b03 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 15 May 2024 10:34:56 +0800 Subject: [PATCH 086/176] chore(mongodb): add plans --- addons/mongodb/7.0/chart/mongodb/values.yaml | 18 ++++-------- .../7.0/plans/standard-16c64g400/bind.yaml | 28 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++ .../7.0/plans/standard-16c64g400/meta.yaml | 6 ++++ .../7.0/plans/standard-16c64g400/values.yaml | 23 +++++++++++++++ .../7.0/plans/standard-2c4g20/bind.yaml | 28 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++ .../7.0/plans/standard-2c4g20/meta.yaml | 6 ++++ .../7.0/plans/standard-2c4g20/values.yaml | 23 +++++++++++++++ .../7.0/plans/standard-2c8g50/bind.yaml | 28 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++ .../7.0/plans/standard-2c8g50/meta.yaml | 6 ++++ .../7.0/plans/standard-2c8g50/values.yaml | 23 +++++++++++++++ .../7.0/plans/standard-32c128g800/bind.yaml | 28 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++ .../7.0/plans/standard-32c128g800/meta.yaml | 6 ++++ .../7.0/plans/standard-32c128g800/values.yaml | 23 +++++++++++++++ .../7.0/plans/standard-4c16g100/bind.yaml | 28 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++ .../7.0/plans/standard-4c16g100/meta.yaml | 6 ++++ .../7.0/plans/standard-4c16g100/values.yaml | 23 +++++++++++++++ .../7.0/plans/standard-8c32g200/bind.yaml | 28 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++ .../7.0/plans/standard-8c32g200/meta.yaml | 6 ++++ .../7.0/plans/standard-8c32g200/values.yaml | 23 +++++++++++++++ 25 files changed, 420 insertions(+), 12 deletions(-) create mode 100644 addons/mongodb/7.0/plans/standard-16c64g400/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-16c64g400/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-16c64g400/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-16c64g400/values.yaml create mode 100644 addons/mongodb/7.0/plans/standard-2c4g20/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-2c4g20/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-2c4g20/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-2c4g20/values.yaml create mode 100644 addons/mongodb/7.0/plans/standard-2c8g50/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-2c8g50/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-2c8g50/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-2c8g50/values.yaml create mode 100644 addons/mongodb/7.0/plans/standard-32c128g800/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-32c128g800/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-32c128g800/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-32c128g800/values.yaml create mode 100644 addons/mongodb/7.0/plans/standard-4c16g100/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-4c16g100/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-4c16g100/values.yaml create mode 100644 addons/mongodb/7.0/plans/standard-8c32g200/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-8c32g200/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-8c32g200/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-8c32g200/values.yaml diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index 9068cec9..01e95fd8 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -1873,18 +1873,12 @@ metrics: ## @param metrics.resources.requests The requested resources for Prometheus exporter containers ## resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi ## @param metrics.containerPort Port of the Prometheus metrics container ## containerPort: 9216 diff --git a/addons/mongodb/7.0/plans/standard-16c64g400/bind.yaml b/addons/mongodb/7.0/plans/standard-16c64g400/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-16c64g400/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-16c64g400/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-16c64g400/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-16c64g400/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-16c64g400/meta.yaml b/addons/mongodb/7.0/plans/standard-16c64g400/meta.yaml new file mode 100644 index 00000000..22874e09 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-16c64g400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-16c64g400" +id: ae0a6495-8a57-4282-ba6c-7887078bc36a +description: "mongodb standard-16c64g400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G " +displayName: "standard-16c64g400" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml b/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml new file mode 100644 index 00000000..7e5e03a0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-16c64g400 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 16000m + memory: 64Gi + requests: + cpu: 16000m + memory: 64Gi + +persistence: + size: 400Gi diff --git a/addons/mongodb/7.0/plans/standard-2c4g20/bind.yaml b/addons/mongodb/7.0/plans/standard-2c4g20/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c4g20/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-2c4g20/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-2c4g20/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c4g20/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-2c4g20/meta.yaml b/addons/mongodb/7.0/plans/standard-2c4g20/meta.yaml new file mode 100644 index 00000000..d57e9ae5 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c4g20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g20" +id: 7a599bfe-42fe-45f0-a7e5-d706cceeb75a +description: "mongodb standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G " +displayName: "standard-2c4g20" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-2c4g20/values.yaml b/addons/mongodb/7.0/plans/standard-2c4g20/values.yaml new file mode 100644 index 00000000..9b7336ab --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c4g20/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-2c4g20 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi + +persistence: + size: 20Gi diff --git a/addons/mongodb/7.0/plans/standard-2c8g50/bind.yaml b/addons/mongodb/7.0/plans/standard-2c8g50/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c8g50/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-2c8g50/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-2c8g50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c8g50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-2c8g50/meta.yaml b/addons/mongodb/7.0/plans/standard-2c8g50/meta.yaml new file mode 100644 index 00000000..7e9d6bdc --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c8g50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c8g50" +id: 97810a15-2758-4c30-a758-fed359b3de90 +description: "mongodb standard-2c8g50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G " +displayName: "standard-2c8g50" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-2c8g50/values.yaml b/addons/mongodb/7.0/plans/standard-2c8g50/values.yaml new file mode 100644 index 00000000..e86171e5 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c8g50/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-2c8g50 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 2000m + memory: 8Gi + requests: + cpu: 2000m + memory: 8Gi + +persistence: + size: 50Gi diff --git a/addons/mongodb/7.0/plans/standard-32c128g800/bind.yaml b/addons/mongodb/7.0/plans/standard-32c128g800/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-32c128g800/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-32c128g800/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-32c128g800/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-32c128g800/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-32c128g800/meta.yaml b/addons/mongodb/7.0/plans/standard-32c128g800/meta.yaml new file mode 100644 index 00000000..f0003f6a --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-32c128g800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c128g800" +id: 3d08527b-4ed9-46e5-8f29-dd38a8b12513 +description: "mongodb standard-32c128g800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G " +displayName: "standard-32c128g800" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml b/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml new file mode 100644 index 00000000..c5074501 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-32c128g800 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 32000m + memory: 128Gi + requests: + cpu: 32000m + memory: 128Gi + +persistence: + size: 800Gi diff --git a/addons/mongodb/7.0/plans/standard-4c16g100/bind.yaml b/addons/mongodb/7.0/plans/standard-4c16g100/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-4c16g100/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-4c16g100/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-4c16g100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-4c16g100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml b/addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml new file mode 100644 index 00000000..b70bcfb0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1c2g10" +id: 8e0ff3e6-f633-4c25-8ff1-6d25cdc2ed98 +description: "mongodb standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G " +displayName: "standard-1c2g10" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-4c16g100/values.yaml b/addons/mongodb/7.0/plans/standard-4c16g100/values.yaml new file mode 100644 index 00000000..51c69c34 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-4c16g100/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-4c16g100 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 4000m + memory: 16Gi + requests: + cpu: 4000m + memory: 16Gi + +persistence: + size: 100Gi diff --git a/addons/mongodb/7.0/plans/standard-8c32g200/bind.yaml b/addons/mongodb/7.0/plans/standard-8c32g200/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-8c32g200/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-8c32g200/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-8c32g200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-8c32g200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-8c32g200/meta.yaml b/addons/mongodb/7.0/plans/standard-8c32g200/meta.yaml new file mode 100644 index 00000000..e2229462 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-8c32g200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c32g200" +id: 5d77eae9-03d4-4642-a583-964563d9b456 +description: "mongodb standard-8c32g200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G " +displayName: "standard-8c32g200" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml b/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml new file mode 100644 index 00000000..16158f0f --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-8c32g200 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 8000m + memory: 32Gi + requests: + cpu: 8000m + memory: 32Gi + +persistence: + size: 200Gi From 269a5b5a487ac757b9ac54e82968787f511388ce Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 16 May 2024 17:10:04 +0800 Subject: [PATCH 087/176] fix(mongodb): plan meta uuid and metrics probe --- addons/mongodb/7.0/chart/mongodb/values.yaml | 18 +++++++++--------- .../7.0/plans/standard-4c16g100/meta.yaml | 8 ++++---- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index 01e95fd8..e26c875e 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -1913,10 +1913,10 @@ metrics: ## livenessProbe: enabled: true - initialDelaySeconds: 15 - periodSeconds: 5 + initialDelaySeconds: 60 + periodSeconds: 30 timeoutSeconds: 5 - failureThreshold: 3 + failureThreshold: 5 successThreshold: 1 ## Metrics exporter readiness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) @@ -1929,10 +1929,10 @@ metrics: ## readinessProbe: enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 1 - failureThreshold: 3 + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 5 successThreshold: 1 ## Slow starting containers can be protected through startup probes ## Startup probes are available in Kubernetes version 1.16 and above @@ -1946,8 +1946,8 @@ metrics: ## startupProbe: enabled: false - initialDelaySeconds: 5 - periodSeconds: 10 + initialDelaySeconds: 60 + periodSeconds: 30 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 30 diff --git a/addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml b/addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml index b70bcfb0..ce086d84 100644 --- a/addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml +++ b/addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-1c2g10" -id: 8e0ff3e6-f633-4c25-8ff1-6d25cdc2ed98 -description: "mongodb standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G " -displayName: "standard-1c2g10" +name: "standard-4c16g100" +id: a7409cf8-dc92-42ff-95e8-8223d849afe4 +description: "mongodb standard-4c16g100 plan: Disk 100Gi ,vCPUs c , RAM 16G " +displayName: "standard-4c16g100" bindable: true maximum_polling_duration: 1800 \ No newline at end of file From b47a2be09d7a52fb335b6e9a20a9ed7da58f911d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 16 May 2024 17:39:01 +0800 Subject: [PATCH 088/176] chore(mongodb): add user for exporter --- addons/mongodb/7.0/chart/mongodb/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index e26c875e..ae599f98 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -1849,7 +1849,7 @@ metrics: ## @param metrics.username String with username for the metrics exporter ## If undefined the root user will be used for the metrics exporter - username: "" + username: "user_exporter" ## @param metrics.password String with password for the metrics exporter ## If undefined but metrics.username is defined, a random password will be generated password: "" From c4796d6ea71b830a38d245745bdd9dd860cd81c9 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 17 May 2024 09:12:20 +0800 Subject: [PATCH 089/176] chore(mysql): update images registry address --- .../8.0/chart/mysql-cluster/templates/cluster/job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml index aa9ecfed..19bc1f9e 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml @@ -27,7 +27,7 @@ spec: - {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.cluster.local initContainers: - name: init-wait - image: registry.uucin.com/drycc/python-dev:latest + image: registry.drycc.cc/drycc/python-dev:latest imagePullPolicy: {{.Values.imagePullPolicy}} args: - netcat From a69d6c9d6176d4bc13e8958b354de5148e6c8542 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 17 May 2024 09:23:55 +0800 Subject: [PATCH 090/176] chore(prometheus): support kubernetes services probe --- .../prometheus/templates/_scrape_config.tpl | 152 +++++++++++++++++- .../prometheus/2/chart/prometheus/values.yaml | 38 +++-- addons/prometheus/2/meta.yaml | 2 +- 3 files changed, 174 insertions(+), 18 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index d89b798e..cba7ac84 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -87,7 +87,7 @@ relabel_configs: action: keep {{- end -}} -{{- define "addons.ds_scrape_config" -}} +{{- define "addons.kubernetes-service-endpoints" -}} honor_labels: true kubernetes_sd_configs: - role: endpoints @@ -121,6 +121,8 @@ relabel_configs: replacement: __param_$1 - action: labelmap regex: __meta_kubernetes_service_label_(.+) + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) - source_labels: [__meta_kubernetes_namespace] action: replace target_label: namespace @@ -131,3 +133,151 @@ relabel_configs: action: replace target_label: node {{- end -}} + +{{- define "addons.kubernetes-service-endpoints-slow" -}} +honor_labels: true +scrape_interval: 5m +scrape_timeout: 30s +kubernetes_sd_configs: + - role: endpoints + namespaces: + own_namespace: true + names: + - {{ include "common.names.namespace" .context }} +relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node +{{- end -}} + +{{- define "addons.kubernetes-pods" -}} +honor_labels: true +kubernetes_sd_configs: + - role: pod + namespaces: + own_namespace: true + names: + - {{ include "common.names.namespace" .context }} + +relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] + action: replace + regex: (https?) + target_label: __scheme__ + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_ip] + action: replace + regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}) + replacement: '[$2]:$1' + target_label: __address__ + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_ip] + action: replace + regex: (\d+);((([0-9]+?)(\.|$)){4}) + replacement: $2:$1 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod + - source_labels: [__meta_kubernetes_pod_phase] + regex: Pending|Succeeded|Failed|Completed + action: drop + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node +{{- end -}} + +{{- define "addons.kubernetes-pods-slow" -}} +honor_labels: true +scrape_interval: 5m +scrape_timeout: 30s +kubernetes_sd_configs: + - role: pod + namespaces: + own_namespace: true + names: + - {{ include "common.names.namespace" .context }} + +relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] + action: replace + regex: (https?) + target_label: __scheme__ + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_ip] + action: replace + regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}) + replacement: '[$2]:$1' + target_label: __address__ + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_ip] + action: replace + regex: (\d+);((([0-9]+?)(\.|$)){4}) + replacement: $2:$1 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod + - source_labels: [__meta_kubernetes_pod_phase] + regex: Pending|Succeeded|Failed|Completed + action: drop + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node +{{- end -}} \ No newline at end of file diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 0b9f47ec..de5908bb 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -565,11 +565,11 @@ alertmanager: ## selector: {} -containerScrape: +drycc: token: xxxxx - url: xxxx - scheme: https - namespaces: [] + endpoint: drycc-controller-api.drycc.svc.cluster.local + scheme: http + apps: [] ## @section Prometheus server Parameters ## @@ -583,8 +583,8 @@ containerScrape: ## @param server.image.pullSecrets Prometheus image pull secrets ## server: - username: xxxx - password: xxxx + username: admin + password: admin image: registry: registry.drycc.cc repository: drycc-addons/prometheus @@ -641,24 +641,30 @@ server: {{- include "prometheus.scrape_config" (dict "component" "alertmanager" "context" $) | nindent 4 }} {{- end }} {{- if .Values.scrapeAddons.enabled }} - - job_name: addons - {{- include "addons.ds_scrape_config" (dict "context" $) | nindent 4 }} + - job_name: kubernetes-service-endpoints + {{- include "addons.kubernetes-service-endpoints" (dict "context" $) | nindent 4 }} + - job_name: kubernetes-service-endpoints-slow + {{- include "addons.kubernetes-service-endpoints-slow" (dict "context" $) | nindent 4 }} + - job_name: kubernetes-pods + {{- include "addons.kubernetes-pods" (dict "context" $) | nindent 4 }} + - job_name: kubernetes-pods-slow + {{- include "addons.kubernetes-pods-slow" (dict "context" $) | nindent 4 }} {{- end }} - {{ $scheme := .Values.containerScrape.scheme }} - {{ $token := .Values.containerScrape.token }} - {{ $url := .Values.containerScrape.url }} - {{- range $namespace := .Values.containerScrape.namespaces }} + {{ $scheme := .Values.drycc.scheme }} + {{ $token := .Values.drycc.token }} + {{ $endpoint := .Values.drycc.endpoint }} + {{- range $app := .Values.drycc.apps }} - {{- if $namespace }} - - job_name: 'jobns-%s {{ $namespace }}' + {{- if $app }} + - job_name: 'drycc-apps-{{ $app }}' scheme: {{ $scheme }} - metrics_path: /v2/apps/{{ $namespace }}/metrics + metrics_path: /v2/apps/{{ $app }}/metrics authorization: type: Token credentials: {{ $token }} static_configs: - - targets: [ {{ $url }} ] + - targets: [ {{ $endpoint }} ] {{- end }} {{- end }} diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index 4b39707e..215d939a 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -30,7 +30,7 @@ allow_parameters: - name: "server.password" required: false description: "prometheus administor password" -- name: "containerScrape" +- name: "drycc" required: false description: "container scrape" - name: "extraScrapeConfigs" From 3f6c508d31a3a0f641d6e84c29fb442e72f2aec0 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 17 May 2024 10:36:41 +0800 Subject: [PATCH 091/176] chore(postgresql-cluster): use shared memory --- .../postgresql-cluster/templates/statefulset.yaml | 13 ++++++++++++- .../15/chart/postgresql-cluster/values.yaml | 11 +++++++++++ .../15/plans/standard-16c64g400/values.yaml | 3 +++ .../15/plans/standard-1c2g10/values.yaml | 2 ++ .../15/plans/standard-2c4g20/values.yaml | 3 +++ .../15/plans/standard-2c8g50/values.yaml | 3 +++ .../15/plans/standard-32c128g800/values.yaml | 3 +++ .../15/plans/standard-32c64g4000/values.yaml | 3 +++ .../15/plans/standard-4c16g100/values.yaml | 3 +++ .../15/plans/standard-8c32g200/values.yaml | 3 +++ 10 files changed, 46 insertions(+), 1 deletion(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 61881313..d826952c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -109,6 +109,8 @@ spec: # readOnly: true - mountPath: "/opt/drycc/postgresql/backup/" name: backup-config + - name: dshm + mountPath: /dev/shm # readOnly: true resources: {{ toYaml .Values.resources | indent 10 }} @@ -196,7 +198,7 @@ spec: mountPath: "{{ .Values.persistentVolume.mountPath }}" - mountPath: "/opt/drycc/postgresql/backup/" name: backup-config - + {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} @@ -229,6 +231,15 @@ spec: - name: storage-volume emptyDir: {} {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + {{- if .Values.shmVolume.sizeLimit }} + sizeLimit: {{ .Values.shmVolume.sizeLimit }} + {{- end }} + {{- end }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} persistentVolumeClaimRetentionPolicy: whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index d1e7d72f..6e70ea24 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -316,6 +316,17 @@ resources: cpu: 100m memory: 512Mi +shmVolume: + ## @param shmVolume.enabled Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) + ## + enabled: true + ## @param shmVolume.sizeLimit Set this to enable a size limit on the shm tmpfs + ## Note: the size of the tmpfs counts against container's memory limit + ## e.g: + ## sizeLimit: 1Gi + ## + sizeLimit: "1Gi" + # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} diff --git a/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml index 0ead38b4..fe3f5cbf 100644 --- a/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml @@ -73,3 +73,6 @@ resources: persistentVolume: enabled: true size: 400Gi + +shmVolume: + sizeLimit: "32Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml b/addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml index adf735cd..80634ab3 100644 --- a/addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml @@ -74,3 +74,5 @@ persistentVolume: enabled: true size: 10Gi +shmVolume: + sizeLimit: "1Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml b/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml index b0f465d2..1f1b9a1b 100644 --- a/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml @@ -75,3 +75,6 @@ resources: persistentVolume: enabled: true size: 20Gi + +shmVolume: + sizeLimit: "2Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml b/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml index 5d12b83a..293a8a45 100644 --- a/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml @@ -74,3 +74,6 @@ resources: persistentVolume: enabled: true size: 50Gi + +shmVolume: + sizeLimit: "4Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml index 9ef5bde1..d9c9501e 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml @@ -73,3 +73,6 @@ resources: persistentVolume: enabled: true size: 800Gi + +shmVolume: + sizeLimit: "64Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml index ff1aab00..b4a6a7ee 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml @@ -73,3 +73,6 @@ resources: persistentVolume: enabled: true size: 4Ti + +shmVolume: + sizeLimit: "32Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml b/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml index 29e30b2e..a60c85ce 100644 --- a/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml @@ -74,3 +74,6 @@ resources: persistentVolume: enabled: true size: 100Gi + +shmVolume: + sizeLimit: "8Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml index 255f68a5..3d129faa 100644 --- a/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml @@ -73,3 +73,6 @@ resources: persistentVolume: enabled: true size: 200Gi + +shmVolume: + sizeLimit: "16Gi" \ No newline at end of file From c0568f10ab35d6d29a118f00bef5e72791fc444a Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 23 May 2024 11:50:06 +0800 Subject: [PATCH 092/176] fix(mysql-cluster): fix plans typo --- addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml index c8f45468..b06fc92b 100644 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml @@ -1,4 +1,4 @@ -name: "standard-1g2g10" +name: "standard-1c2g10" id: 2b455154-8725-482a-95b2-a193c180d9b5 description: "Mysql Cluster standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" displayName: "standard-1c2g10" From 551e5df23e95017e823433404bd56e6878592034 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 28 May 2024 16:01:25 +0800 Subject: [PATCH 093/176] fix(prometheus): add alertmanager config --- addons/prometheus/2/chart/prometheus/values.yaml | 3 +++ addons/prometheus/2/meta.yaml | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index de5908bb..c18a66fa 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -684,6 +684,9 @@ server: static_configs: - targets: [ "{{ printf "%s.%s.svc.%s:%d" (include "prometheus.alertmanager.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain (int .Values.alertmanager.service.ports.http) }}" ] {{- end }} + rule_files: + - "rules.yaml" + ## @param server.alertingRules Prometheus alerting rules. This content will be stored in the the rules.yaml file and the content can be a template. ## ref: diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index 215d939a..268f25a6 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -24,6 +24,9 @@ allow_parameters: - name: "alertmanager.enabled" required: false description: "alertmanager config for values.yaml" +- name: "alertmanager.configuration" + required: false + description: "alertmanager config for values.yaml" - name: "server.username" required: false description: "prometheus administor username" @@ -33,7 +36,7 @@ allow_parameters: - name: "drycc" required: false description: "container scrape" -- name: "extraScrapeConfigs" +- name: "server.extraScrapeConfigs" required: false description: "extra scrape configs" - name: "server.rules" From 9a3a04dc03a06fb9da734e9702e2c2c69282223e Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 14 Jun 2024 17:15:46 +0800 Subject: [PATCH 094/176] chore(mysql-cluster): add backup --- .../templates/cluster/cronjob.yaml | 96 +++++++++++++++++++ .../templates/networkpolicy.yaml | 2 + .../8.0/chart/mysql-cluster/values.yaml | 14 ++- addons/mysql-cluster/8.0/meta.yaml | 3 + 4 files changed, 113 insertions(+), 2 deletions(-) create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml new file mode 100644 index 00000000..6b51d3d7 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml @@ -0,0 +1,96 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- if .Values.backup.enabled }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "mysql.cluster.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + schedule: {{ .Values.backup.schedule| quote }} + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 1 + jobTemplate: + metadata: + spec: + template: + spec: + restartPolicy: OnFailure + initContainers: + - name: backup-wait + image: registry.drycc.cc/drycc/python-dev:latest + imagePullPolicy: {{.Values.imagePullPolicy}} + args: + - netcat + - -v + - -u + - mysql://$(MYSQL_HOST):$(MYSQL_PORT_NUMBER) + + env: + - name: MYSQL_HOST + value: {{ include "mysql.router.fullname" . }} + - name: MYSQL_PORT_NUMBER + value: {{ .Values.router.service.portro | quote }} + + containers: + - name: backup-cron + image: {{ include "cluster.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.primary.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 14 }} + {{- end }} + command: + - /bin/bash + - -ec + - | + # create file + echo " + import os + from datetime import datetime, timezone, timedelta + + now_utc = datetime.now(timezone.utc) + cst_timezone = timezone(timedelta(hours=8)) + now_cst = now_utc.astimezone(cst_timezone) + now_str = now_cst.strftime('%Y%m%d%H%M') + endpoint=os.getenv('AWS_ENDPOINT_URL') + bucket_name=os.getenv('AWS_BUCKET_NAME') + + util.dump_instance(now_str, {'s3BucketName': bucket_name, 's3EndpointOverride': endpoint, 'threads': 4, 'compatibility': ['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] ,'excludeSchemas': ['mysql_innodb_cluster_metadata','sys','information_schema','performance_schema','mondb'],'compatibility':['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] }) + " > /tmp/dump_instance.py + + mysqlsh --uri=${MYSQL_ROOT_USER}@${MYSQL_HOST}:${MYSQL_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} --py < /tmp/dump_instance.py + + env: + - name: MYSQL_HOST + value: {{ include "mysql.router.fullname" . }} + - name: MYSQL_PORT_NUMBER + value: {{ .Values.router.service.portro | quote }} + - name: MYSQL_ROOT_USER + value: "root" + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-root-password + - name: AWS_ENDPOINT_URL + value: {{ .Values.backup.s3.endpoint | quote }} + - name: AWS_BUCKET_NAME + value: {{ .Values.backup.s3.bucketName | quote }} + - name: AWS_ACCESS_KEY_ID + value: {{ .Values.backup.s3.accessKey | quote }} + - name: AWS_SECRET_ACCESS_KEY + value: {{ .Values.backup.s3.secretKey | quote }} + - name: AWS_DEFAULT_REGION + value: {{ .Values.backup.s3.region | quote }} +{{- end }} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index 7571e48b..916f06d5 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -28,6 +28,8 @@ spec: - port: {{ .Values.router.service.portro }} - port: 24901 - port: 33061 + - port: 6446 + - port: 6447 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.service.port }} {{- end }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 79c58704..bf95d6bf 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -592,8 +592,8 @@ cluster: image: registry: registry.drycc.cc - repository: drycc-addons/mysqlshell - tag: 8.0.34 + repository: drycc-addons/mysql-shell + tag: "8.0" digest: "" pullPolicy: IfNotPresent @@ -1245,3 +1245,13 @@ metrics: ## summary: MariaDB instance is down ## rules: [] + +backup: + enabled: false + schedule: "" + s3: + endpoint: "" + bucketName: "" + accessKey: "" + secretKey: "" + region: us-west-1 \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/meta.yaml b/addons/mysql-cluster/8.0/meta.yaml index 5c748c3b..df1189e4 100644 --- a/addons/mysql-cluster/8.0/meta.yaml +++ b/addons/mysql-cluster/8.0/meta.yaml @@ -24,4 +24,7 @@ allow_parameters: - name: "router.configuration" required: false description: "router config for values.yaml" +- name: "backup" + required: false + description: "backup config for values.yaml" archive: false \ No newline at end of file From c3452ce8f4e54ee5f69822937abbafb9ec9a192e Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 14 Jun 2024 17:23:24 +0800 Subject: [PATCH 095/176] chore(prometheus): add custom scrape --- addons/prometheus/2/meta.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index 268f25a6..50079cc3 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -42,4 +42,13 @@ allow_parameters: - name: "server.rules" required: false description: "rules config for values.yaml" +- name: "server.scrapeInterval" + required: false + description: "scrapeInterval values.yaml" +- name: "server.scrapeTimeout" + required: false + description: "scrapeTimeout values.yaml" +- name: "server.evaluationInterval" + required: false + description: "evaluationInterval values.yaml" archive: false From 9bf33fce110b7dd04fa86fa48e538b3f2b73cdbf Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 14 Jun 2024 17:27:59 +0800 Subject: [PATCH 096/176] chore(addons): add clickhouse --- .../24/chart/clickhouse/.helmignore | 21 + .../clickhouse/24/chart/clickhouse/Chart.yaml | 24 + .../clickhouse/24/chart/clickhouse/README.md | 478 +++++++++ .../24/chart/clickhouse/templates/NOTES.txt | 58 ++ .../chart/clickhouse/templates/_helpers.tpl | 201 ++++ .../clickhouse/templates/configmap-extra.yaml | 18 + .../chart/clickhouse/templates/configmap.yaml | 18 + .../clickhouse/templates/extra-list.yaml | 4 + .../templates/ingress-tls-secrets.yaml | 44 + .../chart/clickhouse/templates/ingress.yaml | 60 ++ .../templates/init-scripts-secret.yaml | 17 + .../24/chart/clickhouse/templates/secret.yaml | 18 + .../clickhouse/templates/service-account.yaml | 22 + .../templates/service-external-access.yaml | 114 ++ .../templates/service-headless.yaml | 55 + .../chart/clickhouse/templates/service.yaml | 112 ++ .../clickhouse/templates/servicemonitor.yaml | 49 + .../templates/start-scripts-secret.yaml | 17 + .../clickhouse/templates/statefulset.yaml | 362 +++++++ .../clickhouse/templates/tls-secret.yaml | 26 + .../24/chart/clickhouse/values.yaml | 973 ++++++++++++++++++ addons/clickhouse/24/meta.yaml | 24 + 22 files changed, 2715 insertions(+) create mode 100644 addons/clickhouse/24/chart/clickhouse/.helmignore create mode 100644 addons/clickhouse/24/chart/clickhouse/Chart.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/README.md create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/NOTES.txt create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml create mode 100755 addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/secret.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/service.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/values.yaml create mode 100644 addons/clickhouse/24/meta.yaml diff --git a/addons/clickhouse/24/chart/clickhouse/.helmignore b/addons/clickhouse/24/chart/clickhouse/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/addons/clickhouse/24/chart/clickhouse/Chart.yaml b/addons/clickhouse/24/chart/clickhouse/Chart.yaml new file mode 100644 index 00000000..5b3abe01 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 22.8.6 +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + tags: + - drycc-common + version: ~1.1.2 +description: ClickHouse is an open-source column-oriented OLAP database management system. Use it to boost your database performance while providing linear scalability and hardware efficiency. +home: https://clickhouse.com/ +icon: https://drycc.com/assets/stacks/clickhouse/img/clickhouse-stack-220x234.png +keywords: + - database + - sharding +maintainers: + - name: Drycc + url: https://github.com/drycc/charts +name: clickhouse +sources: + - https://github.com/drycc/containers/tree/main/drycc/clickhouse + - https://github.com/ClickHouse/ClickHouse +version: 24 diff --git a/addons/clickhouse/24/chart/clickhouse/README.md b/addons/clickhouse/24/chart/clickhouse/README.md new file mode 100644 index 00000000..caba5167 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/README.md @@ -0,0 +1,478 @@ + + +# ClickHouse packaged by Drycc + +ClickHouse is an open-source column-oriented OLAP database management system. Use it to boost your database performance while providing linear scalability and hardware efficiency. + +[Overview of ClickHouse](https://clickhouse.com/) + +Trademarks: This software listing is packaged by Drycc. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +$ helm repo add my-repo https://charts.drycc.com/drycc +$ helm install my-release my-repo/clickhouse +``` + +## Introduction + +Drycc charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. + +This chart bootstraps a [ClickHouse](https://github.com/clickhouse/clickhouse) Deployment in a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Drycc charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. + +[Learn more about the default configuration of the chart](https://docs.drycc.com/kubernetes/infrastructure/clickhouse/get-started/). + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release my-repo/clickhouse +``` + +The command deploys ClickHouse on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `nameOverride` | String to partially override common.names.name | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + + +### ClickHouse Parameters + +| Name | Description | Value | +| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- | +| `image.registry` | ClickHouse image registry | `docker.io` | +| `image.repository` | ClickHouse image repository | `drycc/clickhouse` | +| `image.tag` | ClickHouse image tag (immutable tags are recommended) | `22.8.6-debian-11-r0` | +| `image.digest` | ClickHouse image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | ClickHouse image pull policy | `IfNotPresent` | +| `image.pullSecrets` | ClickHouse image pull secrets | `[]` | +| `image.debug` | Enable ClickHouse image debug mode | `false` | +| `shards` | Number of ClickHouse shards to deploy | `2` | +| `replicaCount` | Number of ClickHouse replicas per shard to deploy | `2` | +| `containerPorts.http` | ClickHouse HTTP container port | `8123` | +| `containerPorts.tcp` | ClickHouse TCP container port | `9000` | +| `containerPorts.tcpSecure` | ClickHouse TCP container port | `9440` | +| `containerPorts.mysql` | ClickHouse MySQL container port | `9004` | +| `containerPorts.postgresql` | ClickHouse PostgreSQL container port | `9005` | +| `containerPorts.interserver` | ClickHouse Interserver container port | `9009` | +| `containerPorts.metrics` | ClickHouse metrics container port | `8001` | +| `livenessProbe.enabled` | Enable livenessProbe on ClickHouse containers | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe on ClickHouse containers | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe on ClickHouse containers | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `resources.limits` | The resources limits for the ClickHouse containers | `{}` | +| `resources.requests` | The requested resources for the ClickHouse containers | `{}` | +| `podSecurityContext.enabled` | Enabled ClickHouse pods' Security Context | `true` | +| `podSecurityContext.fsGroup` | Set ClickHouse pod's Security Context fsGroup | `1001` | +| `podSecurityContext.seccompProfile.type` | Set ClickHouse container's Security Context seccomp profile | `RuntimeDefault` | +| `containerSecurityContext.enabled` | Enabled ClickHouse containers' Security Context | `true` | +| `containerSecurityContext.runAsUser` | Set ClickHouse containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set ClickHouse containers' Security Context runAsNonRoot | `true` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set ClickHouse container's privilege escalation | `false` | +| `containerSecurityContext.capabilities.drop` | Set ClickHouse container's Security Context runAsNonRoot | `["ALL"]` | +| `auth.username` | ClickHouse Admin username | `default` | +| `auth.password` | ClickHouse Admin password | `""` | +| `auth.existingSecret` | Name of a secret containing the Admin password | `""` | +| `auth.existingSecretKey` | Name of the key inside the existing secret | `""` | +| `logLevel` | Logging level | `information` | +| `defaultConfigurationOverrides` | Default configuration overrides (evaluated as a template) | `""` | +| `existingOverridesConfigmap` | The name of an existing ConfigMap with your custom configuration for ClickHouse | `""` | +| `extraOverrides` | Extra configuration overrides (evaluated as a template) apart from the default | `""` | +| `extraOverridesConfigmap` | The name of an existing ConfigMap with extra configuration for ClickHouse | `""` | +| `extraOverridesSecret` | The name of an existing ConfigMap with your custom configuration for ClickHouse | `""` | +| `initdbScripts` | Dictionary of initdb scripts | `{}` | +| `initdbScriptsSecret` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | +| `startdbScripts` | Dictionary of startdb scripts | `{}` | +| `startdbScriptsSecret` | ConfigMap with the startdb scripts (Note: Overrides `startdbScripts`) | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `hostAliases` | ClickHouse pods host aliases | `[]` | +| `podLabels` | Extra labels for ClickHouse pods | `{}` | +| `podAnnotations` | Annotations for ClickHouse pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `affinity` | Affinity for ClickHouse pods assignment | `{}` | +| `nodeSelector` | Node labels for ClickHouse pods assignment | `{}` | +| `tolerations` | Tolerations for ClickHouse pods assignment | `[]` | +| `updateStrategy.type` | ClickHouse statefulset strategy type | `RollingUpdate` | +| `podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `Parallel` | +| `priorityClassName` | ClickHouse pods' priorityClassName | `""` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `schedulerName` | Name of the k8s scheduler (other than default) for ClickHouse pods | `""` | +| `terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `lifecycleHooks` | for the ClickHouse container(s) to automate configuration before or after startup | `{}` | +| `extraEnvVars` | Array with extra environment variables to add to ClickHouse nodes | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ClickHouse nodes | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ClickHouse nodes | `""` | +| `extraVolumes` | Optionally specify extra list of additional volumes for the ClickHouse pod(s) | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ClickHouse container(s) | `[]` | +| `sidecars` | Add additional sidecar containers to the ClickHouse pod(s) | `[]` | +| `initContainers` | Add additional init containers to the ClickHouse pod(s) | `[]` | +| `tls.enabled` | Enable TLS traffic support | `false` | +| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | +| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `""` | +| `tls.certFilename` | Certificate filename | `""` | +| `tls.certKeyFilename` | Certificate key filename | `""` | +| `tls.certCAFilename` | CA Certificate filename | `""` | + + +### Traffic Exposure Parameters + +| Name | Description | Value | +| ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `service.type` | ClickHouse service type | `ClusterIP` | +| `service.ports.http` | ClickHouse service HTTP port | `8123` | +| `service.ports.tcp` | ClickHouse service TCP port | `9000` | +| `service.ports.tcpSecure` | ClickHouse service TCP (secure) port | `9440` | +| `service.ports.mysql` | ClickHouse service MySQL port | `9004` | +| `service.ports.postgresql` | ClickHouse service PostgreSQL port | `9005` | +| `service.ports.interserver` | ClickHouse service Interserver port | `9009` | +| `service.ports.metrics` | ClickHouse service metrics port | `8001` | +| `service.nodePorts.http` | Node port for HTTP | `""` | +| `service.nodePorts.tcp` | Node port for TCP | `""` | +| `service.nodePorts.tcpSecure` | Node port for TCP (with TLS) | `""` | +| `service.nodePorts.mysql` | Node port for MySQL | `""` | +| `service.nodePorts.postgresql` | Node port for PostgreSQL | `""` | +| `service.nodePorts.interserver` | Node port for Interserver | `""` | +| `service.nodePorts.metrics` | Node port for metrics | `""` | +| `service.clusterIP` | ClickHouse service Cluster IP | `""` | +| `service.loadBalancerIP` | ClickHouse service Load Balancer IP | `""` | +| `service.loadBalancerSourceRanges` | ClickHouse service Load Balancer sources | `[]` | +| `service.externalTrafficPolicy` | ClickHouse service external traffic policy | `Cluster` | +| `service.annotations` | Additional custom annotations for ClickHouse service | `{}` | +| `service.extraPorts` | Extra ports to expose in ClickHouse service (normally used with the `sidecars` value) | `[]` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `externalAccess.enabled` | Enable Kubernetes external cluster access to ClickHouse | `false` | +| `externalAccess.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | +| `externalAccess.service.ports.http` | ClickHouse service HTTP port | `80` | +| `externalAccess.service.ports.tcp` | ClickHouse service TCP port | `9000` | +| `externalAccess.service.ports.tcpSecure` | ClickHouse service TCP (secure) port | `9440` | +| `externalAccess.service.ports.mysql` | ClickHouse service MySQL port | `9004` | +| `externalAccess.service.ports.postgresql` | ClickHouse service PostgreSQL port | `9005` | +| `externalAccess.service.ports.interserver` | ClickHouse service Interserver port | `9009` | +| `externalAccess.service.ports.metrics` | ClickHouse service metrics port | `8001` | +| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for each ClickHouse . Length must be the same as replicaCount | `[]` | +| `externalAccess.service.loadBalancerAnnotations` | Array of load balancer annotations for each ClickHouse . Length must be the same as replicaCount | `[]` | +| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.service.nodePorts.http` | Node port for HTTP | `[]` | +| `externalAccess.service.nodePorts.tcp` | Node port for TCP | `[]` | +| `externalAccess.service.nodePorts.tcpSecure` | Node port for TCP (with TLS) | `[]` | +| `externalAccess.service.nodePorts.mysql` | Node port for MySQL | `[]` | +| `externalAccess.service.nodePorts.postgresql` | Node port for PostgreSQL | `[]` | +| `externalAccess.service.nodePorts.interserver` | Node port for Interserver | `[]` | +| `externalAccess.service.nodePorts.metrics` | Node port for metrics | `[]` | +| `externalAccess.service.labels` | Service labels for external access | `{}` | +| `externalAccess.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.service.extraPorts` | Extra ports to expose in the ClickHouse external service | `[]` | +| `ingress.enabled` | Enable ingress record generation for ClickHouse | `false` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.hostname` | Default host for the ingress record | `clickhouse.local` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.path` | Default path for the ingress record | `/` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | +| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | +| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | +| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | +| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | + + +### Persistence Parameters + +| Name | Description | Value | +| -------------------------- | ---------------------------------------------------------------------- | ------------------- | +| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` | +| `persistence.storageClass` | Storage class of backing PVC | `""` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | +| `persistence.size` | Size of data volume | `8Gi` | +| `persistence.selector` | Selector to match an existing Persistent Volume for WordPress data PVC | `{}` | +| `persistence.dataSource` | Custom PVC data source | `{}` | + + +### Init Container Parameters + +| Name | Description | Value | +| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Drycc Shell image registry | `docker.io` | +| `volumePermissions.image.repository` | Drycc Shell image repository | `drycc/drycc-shell` | +| `volumePermissions.image.tag` | Drycc Shell image tag (immutable tags are recommended) | `11-debian-11-r37` | +| `volumePermissions.image.pullPolicy` | Drycc Shell image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Drycc Shell image pull secrets | `[]` | +| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | +| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | +| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | + + +### Other Parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `true` | +| `metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `metrics.podAnnotations` | Annotations for metrics scraping | `{}` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `metrics.serviceMonitor.annotations` | Additional custom annotations for the ServiceMonitor | `{}` | +| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | + + +### External Zookeeper paramaters + +| Name | Description | Value | +| --------------------------- | ----------------------------------------- | ------ | +| `externalZookeeper.servers` | List of external zookeeper servers to use | `[]` | +| `externalZookeeper.port` | Port of the Zookeeper servers | `2888` | + + +### Zookeeper subchart parameters + +| Name | Description | Value | +| -------------------------------- | ----------------------------- | ------ | +| `zookeeper.enabled` | Deploy Zookeeper subchart | `true` | +| `zookeeper.replicaCount` | Number of Zookeeper instances | `2` | +| `zookeeper.service.ports.client` | Zookeeper client port | `2181` | + + +See https://github.com/drycc-labs/readme-generator-for-helm to create the table + +The above parameters map to the env variables defined in [drycc/clickhouse](https://github.com/drycc/containers/tree/main/drycc/clickhouse). For more information please refer to the [drycc/clickhouse](https://github.com/drycc/containers/tree/main/drycc/clickhouse) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + --set auth.username=admin \ + --set auth.password=password \ + my-repo/clickhouse +``` + +The above command sets the ClickHouse administrator account username and password to `admin` and `password` respectively. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml my-repo/clickhouse +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.drycc.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Drycc will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### External Zookeeper support + +You may want to have ClickHouse connect to an external zookeeper rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalZookeeper` parameter](#parameters). You should also disable the Zookeeper installation with the `zookeeper.enabled` option. Here is an example: + +```console +zookeper.enabled=false +externalZookeeper.host=myexternalhost +externalZookeeper.user=myuser +externalZookeeper.password=mypassword +externalZookeeper.database=mydatabase +externalZookeeper.port=3306 +``` + +### TLS secrets + +The chart also facilitates the creation of TLS secrets for use with the Ingress controller, with different options for certificate management. [Learn more about TLS secrets](https://docs.drycc.com/kubernetes/apps/clickhouse/administration/enable-tls/). + +## Persistence + +The [Drycc ClickHouse](https://github.com/drycc/containers/tree/main/drycc/clickhouse) image stores the ClickHouse data and configurations at the `/drycc` path of the container. Persistent Volume Claims are used to keep the data across deployments. [Learn more about persistence in the chart documentation](https://docs.drycc.com/kubernetes/apps/clickhouse/configuration/chart-persistence/). + +### Additional environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +clickhouse: + extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Sidecars + +If additional containers are needed in the same pod as ClickHouse (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter. [Learn more about configuring and using sidecar containers](https://docs.drycc.com/kubernetes/apps/clickhouse/administration/configure-use-sidecars/). + +### Ingress without TLS + +For using ingress (example without TLS): + +```yaml +ingress: + ## If true, ClickHouse server Ingress will be created + ## + enabled: true + + ## ClickHouse server Ingress annotations + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: 'true' + + ## ClickHouse server Ingress hostnames + ## Must be provided if Ingress is enabled + ## + hosts: + - clickhouse.domain.com +``` + +### Ingress TLS + +If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [kube-lego](https://github.com/jetstack/kube-lego)), please refer to the documentation for that mechanism. + +To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret (named `clickhouse-server-tls` in this example) in the namespace. Include the secret's name, along with the desired hostnames, in the Ingress TLS section of your custom `values.yaml` file: + +```yaml +ingress: + ## If true, ClickHouse server Ingress will be created + ## + enabled: true + + ## ClickHouse server Ingress annotations + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: 'true' + + ## ClickHouse server Ingress hostnames + ## Must be provided if Ingress is enabled + ## + hosts: + - clickhouse.domain.com + + ## ClickHouse server Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: + - secretName: clickhouse-server-tls + hosts: + - clickhouse.domain.com +``` + +### Using custom scripts + +For advanced operations, the Drycc ClickHouse chart allows using custom init and start scripts that will be mounted in `/docker-entrypoint.initdb.d` and `/docker-entrypoint.startdb.d` . The `init` scripts will be run on the first boot whereas the `start` scripts will be run on every container start. For adding the scripts directly as values use the `initdbScripts` and `startdbScripts` values. For using Secrets use the `initdbScriptsSecret` and `startdbScriptsSecret`. + +```yaml +initdbScriptsSecret: init-scripts-secret +startdbScriptsSecret: start-scripts-secret +``` + +### Pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [drycc/common](https://github.com/drycc/charts/tree/master/drycc/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Drycc's Helm charts in [this troubleshooting guide](https://docs.drycc.com/general/how-to/troubleshoot-helm-chart-issues). + +## License + +Copyright © 2022 Drycc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/addons/clickhouse/24/chart/clickhouse/templates/NOTES.txt b/addons/clickhouse/24/chart/clickhouse/templates/NOTES.txt new file mode 100644 index 00000000..951446a3 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/NOTES.txt @@ -0,0 +1,58 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ include "common.names.namespace" . | quote }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/drycc/scripts/clickhouse/entrypoint.sh /opt/drycc/scripts/clickhouse/run.sh + +{{- else }} + +ClickHouse is available in the following address: + +{{- if .Values.externalAccess.enabled }} + +NOTE: It may take a few minutes for the LoadBalancer IP to be available. + + kubectl get svc --namespace {{ template "common.names.namespace" . }} -l "app.kubernetes.io/name={{ template "common.names.fullname" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=clickhouse" -w + +{{- else if (eq "LoadBalancer" .Values.service.type) }} + + export SERVICE_IP=$(kubectl get svc --namespace {{ template "common.names.namespace" . }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + +{{- else if (eq "NodePort" .Values.service.type)}} + + export NODE_IP=$(kubectl get nodes --namespace {{ template "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ template "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) + +{{- else if (eq "ClusterIP" .Values.service.type)}} + + kubectl port-forward --namespace {{ template "common.names.namespace" . }} svc/{{ template "common.names.fullname" . }} {{ .Values.service.ports.tcp }}:9000 & + +{{- end }} + +Credentials: + + echo "Username : {{ .Values.auth.username }}" + echo "Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "clickhouse.secretName" . }} -o jsonpath="{.data.{{ include "clickhouse.secretKey" .}}}" | base64 -d)" + +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "clickhouse.validateValues" . }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl b/addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl new file mode 100644 index 00000000..5d3b9dca --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl @@ -0,0 +1,201 @@ +{{/* +Return the proper ClickHouse image name +*/}} +{{- define "clickhouse.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "clickhouse.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "clickhouse.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Return true if a TLS credentials secret object should be created +*/}} +{{- define "clickhouse.createTlsSecret" -}} +{{- if and .Values.tls.autoGenerated (not .Values.tls.certificatesSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "clickhouse.tlsSecretName" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "%s-crt" (include "common.names.fullname" .) -}} +{{- else -}} + {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert file. +*/}} +{{- define "clickhouse.tlsCert" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/drycc/clickhouse/certs/tls.crt" -}} +{{- else -}} + {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/drycc/clickhouse/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert key file. +*/}} +{{- define "clickhouse.tlsCertKey" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/drycc/clickhouse/certs/tls.key" -}} +{{- else -}} +{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/drycc/clickhouse/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "clickhouse.tlsCACert" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/drycc/clickhouse/certs/ca.crt" -}} +{{- else -}} + {{- printf "/opt/drycc/clickhouse/certs/%s" .Values.tls.certCAFilename -}} +{{- end -}} +{{- end -}} + +{{/* +Get the ClickHouse configuration configmap. +*/}} +{{- define "clickhouse.configmapName" -}} +{{- if .Values.existingOverridesConfigmap -}} + {{- .Values.existingOverridesConfigmap -}} +{{- else }} + {{- printf "%s" (include "common.names.fullname" . ) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the ClickHouse configuration configmap. +*/}} +{{- define "clickhouse.extraConfigmapName" -}} +{{- if .Values.extraOverridesConfigmap -}} + {{- .Values.extraOverridesConfigmap -}} +{{- else }} + {{- printf "%s-extra" (include "common.names.fullname" . ) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the Clickhouse password secret name +*/}} +{{- define "clickhouse.secretName" -}} +{{- if .Values.auth.existingSecret -}} + {{- .Values.auth.existingSecret -}} +{{- else }} + {{- printf "%s" (include "common.names.fullname" . ) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the ClickHouse password key inside the secret +*/}} +{{- define "clickhouse.secretKey" -}} +{{- if .Values.auth.existingSecret -}} + {{- .Values.auth.existingSecretKey -}} +{{- else }} + {{- print "admin-password" -}} +{{- end -}} +{{- end -}} + +{{/* +Get the startialization scripts Secret name. +*/}} +{{- define "clickhouse.startdbScriptsSecret" -}} +{{- if .Values.startdbScriptsSecret -}} + {{- printf "%s" (tpl .Values.startdbScriptsSecret $) -}} +{{- else -}} + {{- printf "%s-start-scripts" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts Secret name. +*/}} +{{- define "clickhouse.initdbScriptsSecret" -}} +{{- if .Values.initdbScriptsSecret -}} + {{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} +{{- else -}} + {{- printf "%s-init-scripts" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "clickhouse.headlessServiceName" -}} +{{- printf "%s-headless" (include "common.names.fullname" .) -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "clickhouse.zookeeper.fullname" -}} +{{- include "common.names.dependency.fullname" (dict "chartName" "zookeeper" "chartValues" .Values.zookeeper "context" $) -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "clickhouse.zookeeper.headlessServiceName" -}} +{{- printf "%s-headless" (include "clickhouse.zookeeper.fullname" .) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "clickhouse.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "clickhouse.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "clickhouse.validateValues.zookeeper" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of ClickHouse - Zookeeper */}} +{{- define "clickhouse.validateValues.zookeeper" -}} +{{- if and .Values.zookeeper.enabled .Values.externalZookeeper.servers -}} +clickhouse: Multiple Zookeeper + You can only use one zookeeper + Please choose installing a Zookeeper chart (--set zookeeper.enabled=true) or + using an external instance (--set zookeeper.servers ) +{{- end -}} +{{- if and (not .Values.zookeeper.enabled) (not .Values.externalZookeeper.servers) (ne (int .Values.shards) 1) (ne (int .Values.replicaCount) 1) -}} +clickhouse: No Zookeeper + If you are deploying more than one ClickHouse instance, you need to enable Zookeeper. Please choose installing a Zookeeper chart (--set zookeeper.enabled=true) or + using an external instance (--set zookeeper.servers ) +{{- end -}} +{{- end -}} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml b/addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml new file mode 100644 index 00000000..f78a3aef --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.extraOverrides (not .Values.extraOverridesConfigmap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-extra" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + 01_extra_overrides.xml: | + {{- include "common.tplvalues.render" (dict "value" .Values.extraOverrides "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml b/addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml new file mode 100644 index 00000000..2a427dca --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml @@ -0,0 +1,18 @@ +{{- if not .Values.existingOverridesConfigmap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + 00_default_overrides.xml: | + {{- include "common.tplvalues.render" (dict "value" .Values.defaultConfigurationOverrides "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml b/addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml new file mode 100644 index 00000000..9ac65f9e --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml b/addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml new file mode 100644 index 00000000..cdab66cf --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml @@ -0,0 +1,44 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ $.Release.Namespace | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $ca := genCA "clickhouse-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls" .Values.ingress.hostname }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml b/addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml new file mode 100755 index 00000000..fa1b8db2 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml @@ -0,0 +1,60 @@ +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname | quote }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml new file mode 100644 index 00000000..96f83f61 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.initdbScripts (not .Values.initdbScriptsSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-init-scripts" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +stringData: +{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/secret.yaml new file mode 100644 index 00000000..89f58cee --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/secret.yaml @@ -0,0 +1,18 @@ +{{- if not .Values.auth.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + admin-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "admin-password" "providedValues" (list "auth.password") "context" $) }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml new file mode 100644 index 00000000..b3787391 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml @@ -0,0 +1,22 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "clickhouse.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml new file mode 100644 index 00000000..2af4abb2 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml @@ -0,0 +1,114 @@ +{{- if $.Values.externalAccess.enabled }} +{{- $shards := $.Values.shards | int }} +{{- $replicas := $.Values.replicaCount | int }} +{{- $totalNodes := mul $shards $replicas }} +{{- range $shard, $e := until $shards }} +{{- range $i, $_e := until $replicas }} +{{- $targetPod := printf "%s-shard%d-%d" (include "common.names.fullname" $) $shard $i }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-external" $targetPod | trunc 63 | trimSuffix "-" }} + namespace: {{ $.Release.Namespace | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: clickhouse + pod: {{ $targetPod }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.externalAccess.service.labels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.externalAccess.service.labels "context" $) | nindent 4 }} + {{- end }} + {{- if or $.Values.externalAccess.service.annotations $.Values.commonAnnotations $.Values.externalAccess.service.loadBalancerAnnotations }} + annotations: + {{- if and (not (empty $.Values.externalAccess.service.loadBalancerAnnotations)) (eq (len $.Values.externalAccess.service.loadBalancerAnnotations) $totalNodes) }} + {{ include "common.tplvalues.render" ( dict "value" (index $.Values.externalAccess.service.loadBalancerAnnotations $i) "context" $) | nindent 4 }} + {{- end }} + {{- if $.Values.externalAccess.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.externalAccess.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $.Values.externalAccess.service.type }} + {{- if eq $.Values.externalAccess.service.type "LoadBalancer" }} + {{- if and (not (empty $.Values.externalAccess.service.loadBalancerIPs)) (eq (len $.Values.externalAccess.service.loadBalancerIPs) $totalNodes) }} + loadBalancerIP: {{ index $.Values.externalAccess.service.loadBalancerIPs $i }} + {{- end }} + {{- if $.Values.externalAccess.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $.Values.externalAccess.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + ports: + - name: http + port: {{ $.Values.externalAccess.service.ports.http }} + targetPort: http + {{- if not (empty $.Values.externalAccess.service.nodePorts.http) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.http $i }} + {{- else }} + nodePort: null + {{- end }} + {{- if $.Values.metrics.enabled }} + - name: http-metrics + port: {{ $.Values.externalAccess.service.ports.metrics }} + targetPort: http-metrics + {{- if not (empty $.Values.externalAccess.service.nodePorts.metrics) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.metrics $i }} + {{- else }} + nodePort: null + {{- end }} + {{- end }} + - name: tcp + port: {{ $.Values.externalAccess.service.ports.tcp }} + targetPort: tcp + {{- if not (empty $.Values.externalAccess.service.nodePorts.tcp) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.tcp $i }} + {{- else }} + nodePort: null + {{- end }} + {{- if $.Values.tls.enabled }} + - name: tcp-secure + port: {{ $.Values.externalAccess.service.ports.tcpSecure }} + targetPort: tcp-secure + {{- if not (empty $.Values.externalAccess.service.nodePorts.tcpSecure) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.tcpSecure $i }} + {{- else }} + nodePort: null + {{- end }} + {{- end }} + - name: tcp-mysql + port: {{ $.Values.externalAccess.service.ports.mysql }} + targetPort: tcp-mysql + {{- if not (empty $.Values.externalAccess.service.nodePorts.mysql) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.mysql $i }} + {{- else }} + nodePort: null + {{- end }} + - name: tcp-postgresql + port: {{ $.Values.externalAccess.service.ports.postgresql }} + targetPort: tcp-postgresql + {{- if not (empty $.Values.externalAccess.service.nodePorts.postgresql) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.postgresql $i }} + {{- else }} + nodePort: null + {{- end }} + - name: tcp-intersrv + port: {{ $.Values.externalAccess.service.ports.interserver }} + targetPort: tcp-intersrv + {{- if not (empty $.Values.externalAccess.service.nodePorts.interserver) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.interserver $i }} + {{- else }} + nodePort: null + {{- end }} + {{- if $.Values.externalAccess.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $.Values.externalAccess.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: clickhouse + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml new file mode 100644 index 00000000..33f86ce1 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml @@ -0,0 +1,55 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "clickhouse.headlessServiceName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: http + targetPort: http + port: {{ .Values.service.ports.http }} + protocol: TCP + - name: tcp + targetPort: tcp + port: {{ .Values.service.ports.tcp }} + protocol: TCP + {{- if .Values.tls.enabled }} + - name: tcp-secure + targetPort: tcp-secure + port: {{ .Values.service.ports.tcpSecure }} + protocol: TCP + {{- end }} + - name: mysql + targetPort: mysql + port: {{ .Values.service.ports.mysql }} + protocol: TCP + - name: tcp-postgresql + targetPort: tcp-postgresql + port: {{ .Values.service.ports.postgresql }} + protocol: TCP + - name: http-intersrv + targetPort: http-intersrv + port: {{ .Values.service.ports.interserver }} + protocol: TCP + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: clickhouse diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service.yaml new file mode 100644 index 00000000..fe2dfc60 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/service.yaml @@ -0,0 +1,112 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + targetPort: http + port: {{ .Values.service.ports.http }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: tcp + targetPort: tcp + port: {{ .Values.service.ports.tcp }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.tcp)) }} + nodePort: {{ .Values.service.nodePorts.tcp }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.tls.enabled }} + - name: tcp-secure + targetPort: tcp-secure + port: {{ .Values.service.ports.tcpSecure }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.tcpSecure)) }} + nodePort: {{ .Values.service.nodePorts.tcpSecure }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + - name: tcp-mysql + targetPort: tcp-mysql + port: {{ .Values.service.ports.mysql }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.mysql)) }} + nodePort: {{ .Values.service.nodePorts.mysql }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: tcp-postgresql + targetPort: tcp-postgresql + port: {{ .Values.service.ports.postgresql }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.postgresql)) }} + nodePort: {{ .Values.service.nodePorts.postgresql }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: http-intersrv + targetPort: http-intersrv + port: {{ .Values.service.ports.interserver }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.interserver)) }} + nodePort: {{ .Values.service.nodePorts.interserver }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.metrics.enabled }} + - name: http-metrics + targetPort: http-metrics + port: {{ .Values.service.ports.metrics }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.metrics)) }} + nodePort: {{ .Values.service.nodePorts.metrics }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: clickhouse diff --git a/addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml b/addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml new file mode 100644 index 00000000..8477fc6e --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: http-metrics + path: "/metrics" + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml new file mode 100644 index 00000000..0239d702 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.startdbScripts (not .Values.startdbScriptsSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-start-scripts" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +stringData: +{{- include "common.tplvalues.render" (dict "value" .Values.startdbScripts "context" .) | nindent 2 }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml b/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml new file mode 100644 index 00000000..3c4ffa7a --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml @@ -0,0 +1,362 @@ +{{- $replicas := .Values.shards | int }} +{{- range $i, $e := until $replicas }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }} +kind: StatefulSet +metadata: + name: {{ printf "%s-shard%d" (include "common.names.fullname" $ ) $i }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ $.Values.replicaCount }} + podManagementPolicy: {{ $.Values.podManagementPolicy | quote }} + selector: + matchLabels: {{ include "common.labels.matchLabels" $ | nindent 6 }} + app.kubernetes.io/component: clickhouse + serviceName: {{ printf "%s-headless" (include "common.names.fullname" $) }} + {{- if $.Values.updateStrategy }} + updateStrategy: {{- toYaml $.Values.updateStrategy | nindent 4 }} + {{- end }} + template: + metadata: + {{- if or $.Values.podAnnotations (and $.Values.metrics.enabled $.Values.metrics.podAnnotations) }} + annotations: + {{- if $.Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" $.Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if and $.Values.metrics.enabled $.Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" $.Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + labels: {{- include "common.labels.standard" $ | nindent 8 }} + app.kubernetes.io/component: clickhouse + {{- if $.Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" $.Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "clickhouse.serviceAccountName" $ }} + {{- include "clickhouse.imagePullSecrets" $ | nindent 6 }} + {{- if $.Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" $.Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" $.Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAffinityPreset "component" "clickhouse" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAntiAffinityPreset "component" "clickhouse" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" $.Values.nodeAffinityPreset.type "key" $.Values.nodeAffinityPreset.key "values" $.Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if $.Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" $.Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" $.Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.priorityClassName }} + priorityClassName: {{ $.Values.priorityClassName | quote }} + {{- end }} + {{- if $.Values.schedulerName }} + schedulerName: {{ $.Values.schedulerName | quote }} + {{- end }} + {{- if $.Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" $.Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if $.Values.podSecurityContext.enabled }} + securityContext: {{- omit $.Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if $.Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if and $.Values.tls.enabled (not $.Values.volumePermissions.enabled) }} + - name: copy-certs + image: {{ include "clickhouse.volumePermissions.image" $ }} + imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} + {{- if $.Values.resources }} + resources: {{- toYaml $.Values.resources | nindent 12 }} + {{- end }} + # We don't require a privileged container in this case + {{- if $.Values.containerSecurityContext.enabled }} + securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -ec + - | + cp -L /tmp/certs/* /opt/drycc/clickhouse/certs/ + chmod 600 {{ include "clickhouse.tlsCertKey" $ }} + volumeMounts: + - name: raw-certificates + mountPath: /tmp/certs + - name: clickhouse-certificates + mountPath: /opt/drycc/clickhouse/certs + {{- else if and $.Values.volumePermissions.enabled $.Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "clickhouse.volumePermissions.image" $ }} + imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} + command: | + mkdir -p /drycc/clickhouse/data + chmod 700 /drycc/clickhouse/data + chown {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /drycc/clickhouse + find /drycc/clickhouse -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + xargs -r chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} + {{- if $.Values.tls.enabled }} + cp /tmp/certs/* /opt/drycc/clickhouse/certs/ + {{- if eq ( toString ( $.Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/drycc/clickhouse/certs/ + {{- else }} + chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /opt/drycc/clickhouse/certs/ + {{- end }} + chmod 600 {{ include "clickhouse.tlsCertKey" $ }} + {{- end }} + {{- if $.Values.containerSecurityContext.enabled }} + securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if $.Values.volumePermissions.resources }} + resources: {{- toYaml $.Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /drycc/clickhouse + - name: config + mountPath: /drycc/clickhouse/conf/default + {{- if $.Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: clickhouse-certificates + mountPath: /opt/drycc/clickhouse/certs + {{- end }} + {{- end }} + {{- if $.Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" $.Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: clickhouse + image: {{ template "clickhouse.image" $ }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- if $.Values.containerSecurityContext.enabled }} + securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if $.Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if $.Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" $.Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if $.Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if $.Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" $.Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: DRYCC_DEBUG + value: {{ ternary "true" "false" (or $.Values.image.debug $.Values.diagnosticMode.enabled) | quote }} + - name: CLICKHOUSE_HTTP_PORT + value: {{ $.Values.containerPorts.http | quote }} + - name: CLICKHOUSE_TCP_PORT + value: {{ $.Values.containerPorts.tcp | quote }} + - name: CLICKHOUSE_MYSQL_PORT + value: {{ $.Values.containerPorts.mysql | quote }} + - name: CLICKHOUSE_POSTGRESQL_PORT + value: {{ $.Values.containerPorts.postgresql | quote }} + - name: CLICKHOUSE_INTERSERVER_HTTP_PORT + value: {{ $.Values.containerPorts.interserver | quote }} + {{- if $.Values.tls.enabled }} + - name: CLICKHOUSE_TCP_SECURE_PORT + value: {{ $.Values.containerPorts.tcpSecure | quote }} + {{- end }} + {{- if $.Values.metrics.enabled }} + - name: CLICKHOUSE_METRICS_PORT + value: {{ $.Values.containerPorts.metrics | quote }} + {{- end }} + - name: CLICKHOUSE_ADMIN_USER + value: {{ $.Values.auth.username | quote }} + - name: CLICKHOUSE_SHARD_ID + value: {{ printf "shard%d" $i | quote }} + - name: CLICKHOUSE_REPLICA_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CLICKHOUSE_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "clickhouse.secretName" $ }} + key: {{ include "clickhouse.secretKey" $ }} + {{- if $.Values.tls.enabled }} + - name: CLICKHOUSE_TLS_CERT_FILE + value: {{ include "clickhouse.tlsCert" $ | quote}} + - name: CLICKHOUSE_TLS_KEY_FILE + value: {{ include "clickhouse.tlsCertKey" $ | quote }} + - name: CLICKHOUSE_TLS_CA_FILE + value: {{ include "clickhouse.tlsCACert" $ | quote }} + {{- end }} + {{- if $.Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if $.Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" $.Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if $.Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" $.Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if $.Values.resources }} + resources: {{- toYaml $.Values.resources | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ $.Values.containerPorts.http }} + - name: tcp + containerPort: {{ $.Values.containerPorts.tcp }} + {{- if $.Values.tls.enabled }} + - name: tcp-secure + containerPort: {{ $.Values.containerPorts.tcpSecure }} + {{- end }} + - name: tcp-postgresql + containerPort: {{ $.Values.containerPorts.postgresql }} + - name: tcp-mysql + containerPort: {{ $.Values.containerPorts.mysql }} + - name: http-intersrv + containerPort: {{ $.Values.containerPorts.interserver }} + {{- if $.Values.metrics.enabled }} + - name: http-metrics + containerPort: {{ $.Values.containerPorts.metrics }} + {{- end }} + {{- if not $.Values.diagnosticMode.enabled }} + {{- if $.Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if $.Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /ping + port: http + {{- end }} + {{- if $.Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if $.Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /ping + port: http + {{- end }} + {{- if $.Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if $.Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.startupProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /ping + port: http + {{- end }} + {{- end }} + {{- if $.Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /drycc/clickhouse + - name: config + mountPath: /drycc/clickhouse/etc/conf.d/default + {{- if or $.Values.extraOverridesConfigmap $.Values.extraOverrides }} + - name: extra-config + mountPath: /drycc/clickhouse/etc/conf.d/extra-configmap + {{- end }} + {{- if $.Values.extraOverridesSecret }} + - name: extra-secret + mountPath: /drycc/clickhouse/etc/conf.d/extra-secret + {{- end }} + {{- if $.Values.tls.enabled }} + - name: clickhouse-certificates + mountPath: /drycc/clickhouse/certs + {{- end }} + {{- if or $.Values.initdbScriptsSecret $.Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or $.Values.startdbScriptsSecret $.Values.startdbScripts }} + - name: custom-start-scripts + mountPath: /docker-entrypoint-startdb.d + {{- end }} + {{- if $.Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" $.Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if $.Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "clickhouse.configmapName" $ }} + {{- if or $.Values.initdbScriptsSecret $.Values.initdbScripts }} + - name: custom-init-scripts + secret: + secretName: {{ include "clickhouse.initdbScriptsSecret" $ }} + {{- end }} + {{- if or $.Values.startdbScriptsSecret $.Values.startdbScripts }} + - name: custom-start-scripts + secret: + secretName: {{ include "clickhouse.startdbScriptsSecret" $ }} + {{- end }} + {{- if or $.Values.extraOverridesConfigmap $.Values.extraOverrides }} + - name: extra-config + configMap: + name: {{ template "clickhouse.extraConfigmapName" $ }} + {{- end }} + {{- if $.Values.extraOverridesSecret }} + - name: extra-secret + secret: + secretName: {{ $.Values.extraOverridesSecret }} + {{- end }} + {{- if not $.Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- end }} + {{- if $.Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ include "clickhouse.tlsSecretName" $ }} + - name: clickhouse-certificates + emptyDir: {} + {{- end }} + {{- if $.Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" $.Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + annotations: + {{- if $.Values.persistence.annotations }} + {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + {{- include "common.tplvalues.render" (dict "value" $.Values.commonAnnotations "context" $) | nindent 10 }} + {{- end }} + {{- if $.Values.commonLabels }} + labels: {{- include "common.tplvalues.render" (dict "value" $.Values.commonLabels "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range $.Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ $.Values.persistence.size | quote }} + {{- if $.Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- if $.Values.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" $.Values.persistence "global" $.Values.global) | nindent 8 }} + {{- end }} +--- +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml new file mode 100644 index 00000000..2e443900 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml @@ -0,0 +1,26 @@ +{{- if (include "clickhouse.createTlsSecret" . ) }} +{{- $ca := genCA "clickhouse-ca" 365 }} +{{- $fullname := include "common.names.fullname" . }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $primaryHeadlessServiceName := printf "%s-headless" (include "common.names.fullname" .)}} +{{- $altNames := list (printf "*.%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) $fullname }} +{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-crt" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + ca.crt: {{ $ca.Cert | b64enc | quote }} + tls.crt: {{ $crt.Cert | b64enc | quote }} + tls.key: {{ $crt.Key | b64enc | quote }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml new file mode 100644 index 00000000..fc6fef0d --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -0,0 +1,973 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.name +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section ClickHouse Parameters +## + +## Drycc ClickHouse image +## ref: https://hub.docker.com/r/drycc/clickhouse/tags/ +## @param image.registry ClickHouse image registry +## @param image.repository ClickHouse image repository +## @param image.tag ClickHouse image tag (immutable tags are recommended) +## @param image.digest ClickHouse image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy ClickHouse image pull policy +## @param image.pullSecrets ClickHouse image pull secrets +## @param image.debug Enable ClickHouse image debug mode +## +image: + registry: registry.drycc.cc + repository: drycc-addons/clickhouse + tag: 24 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false +## @param shards Number of ClickHouse shards to deploy +## +shards: 2 + +## @param replicaCount Number of ClickHouse replicas per shard to deploy +## +replicaCount: 2 +## @param containerPorts.http ClickHouse HTTP container port +## @param containerPorts.tcp ClickHouse TCP container port +## @param containerPorts.tcpSecure ClickHouse TCP container port +## @param containerPorts.mysql ClickHouse MySQL container port +## @param containerPorts.postgresql ClickHouse PostgreSQL container port +## @param containerPorts.interserver ClickHouse Interserver container port +## @param containerPorts.metrics ClickHouse metrics container port +## +containerPorts: + http: 8123 + tcp: 9000 + tcpSecure: 9440 + mysql: 9004 + postgresql: 9005 + interserver: 9009 + metrics: 8001 +## Configure extra options for ClickHouse containers' liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe on ClickHouse containers +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 +## @param readinessProbe.enabled Enable readinessProbe on ClickHouse containers +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 +## @param startupProbe.enabled Enable startupProbe on ClickHouse containers +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 +## @param customLivenessProbe Custom livenessProbe that overrides the default one +## +customLivenessProbe: {} +## @param customReadinessProbe Custom readinessProbe that overrides the default one +## +customReadinessProbe: {} +## @param customStartupProbe Custom startupProbe that overrides the default one +## +customStartupProbe: {} +## ClickHouse resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## @param resources.limits The resources limits for the ClickHouse containers +## @param resources.requests The requested resources for the ClickHouse containers +## +resources: + limits: {} + requests: {} +## Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled ClickHouse pods' Security Context +## @param podSecurityContext.fsGroup Set ClickHouse pod's Security Context fsGroup +## @param podSecurityContext.seccompProfile.type Set ClickHouse container's Security Context seccomp profile +## +podSecurityContext: + enabled: true + fsGroup: 1001 + seccompProfile: + type: "RuntimeDefault" +## Configure Container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled ClickHouse containers' Security Context +## @param containerSecurityContext.runAsUser Set ClickHouse containers' Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set ClickHouse containers' Security Context runAsNonRoot +## @param containerSecurityContext.allowPrivilegeEscalation Set ClickHouse container's privilege escalation +## @param containerSecurityContext.capabilities.drop Set ClickHouse container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + +## Authentication +## @param auth.username ClickHouse Admin username +## @param auth.password ClickHouse Admin password +## @param auth.existingSecret Name of a secret containing the Admin password +## @param auth.existingSecretKey Name of the key inside the existing secret +## +auth: + username: default + password: "" + existingSecret: "" + existingSecretKey: "" + +## @param logLevel Logging level +## +logLevel: information + +## @param defaultConfigurationOverrides [string] Default configuration overrides (evaluated as a template) +## +defaultConfigurationOverrides: | + + + + + + {{ include "common.names.fullname" . }} + + + + {{ .Values.logLevel }} + + {{- if or (ne (int .Values.shards) 1) (ne (int .Values.replicaCount) 1)}} + + + + {{- $shards := $.Values.shards | int }} + {{- range $shard, $e := until $shards }} + + {{- $replicas := $.Values.replicaCount | int }} + {{- range $i, $_e := until $replicas }} + + {{ printf "%s-shard%d-%d.%s.%s.svc.%s" (include "common.names.fullname" $ ) $shard $i (include "clickhouse.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} + {{ $.Values.service.ports.tcp }} + + {{- end }} + + {{- end }} + + + {{- end }} + {{- if or .Values.zookeeper.enabled .Values.externalZookeeper.servers }} + + + {{- if .Values.zookeeper.enabled }} + {{/* Zookeeper configuration using the helm chart */}} + {{- $nodes := .Values.zookeeper.replicaCount | int }} + {{- range $node, $e := until $nodes }} + + {{ printf "%s-%d.%s.%s.svc.%s" (include "clickhouse.zookeeper.fullname" $ ) $node (include "clickhouse.zookeeper.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} + {{ $.Values.zookeeper.service.ports.client }} + + {{- end }} + {{- else if .Values.externalZookeeper.servers }} + {{/* Zookeeper configuration using an external instance */}} + {{- range $node :=.Values.externalZookeeper.servers }} + + {{ $node }} + {{ $.Values.externalZookeeper.port }} + + {{- end }} + {{- end }} + + {{- end }} + {{- if .Values.tls.enabled }} + + + + + {{- $certFileName := default "tls.crt" .Values.tls.certFilename }} + {{- $keyFileName := default "tls.key" .Values.tls.certKeyFilename }} + /drycc/clickhouse/certs/{{$certFileName}} + /drycc/clickhouse/certs/{{$keyFileName}} + none + true + sslv2,sslv3 + true + {{- if or .Values.tls.autoGenerated .Values.tls.certCAFilename }} + {{- $caFileName := default "ca.crt" .Values.tls.certFilename }} + /drycc/clickhouse/certs/{{$caFileName}} + {{- else }} + true + {{- end }} + + + true + true + sslv2,sslv3 + true + none + + AcceptCertificateHandler + + + + {{- end }} + {{- if .Values.metrics.enabled }} + + + /metrics + + true + true + true + + {{- end }} + + +## @param existingOverridesConfigmap The name of an existing ConfigMap with your custom configuration for ClickHouse +## +existingOverridesConfigmap: "" + +## @param extraOverrides Extra configuration overrides (evaluated as a template) apart from the default +## +extraOverrides: "" + +## @param extraOverridesConfigmap The name of an existing ConfigMap with extra configuration for ClickHouse +## +extraOverridesConfigmap: "" + +## @param extraOverridesSecret The name of an existing ConfigMap with your custom configuration for ClickHouse +## +extraOverridesSecret: "" + +## @param initdbScripts Dictionary of initdb scripts +## Specify dictionary of scripts to be run at first boot +## Example: +## initdbScripts: +## my_init_script.sh: | +## #!/bin/bash +## echo "Do something." +## +initdbScripts: {} +## @param initdbScriptsSecret ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) +## +initdbScriptsSecret: "" + +## @param startdbScripts Dictionary of startdb scripts +## Specify dictionary of scripts to be run on every start +## Example: +## startdbScripts: +## my_start_script.sh: | +## #!/bin/bash +## echo "Do something." +## +startdbScripts: {} +## @param startdbScriptsSecret ConfigMap with the startdb scripts (Note: Overrides `startdbScripts`) +## +startdbScriptsSecret: "" + +## @param command Override default container command (useful when using custom images) +## +command: [] +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param hostAliases ClickHouse pods host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param podLabels Extra labels for ClickHouse pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations Annotations for ClickHouse pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for ClickHouse pods assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for ClickHouse pods assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations Tolerations for ClickHouse pods assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param updateStrategy.type ClickHouse statefulset strategy type +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + +## @param podManagementPolicy Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join +## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies +## +podManagementPolicy: Parallel + +## @param priorityClassName ClickHouse pods' priorityClassName +## +priorityClassName: "" +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods +## +topologySpreadConstraints: [] +## @param schedulerName Name of the k8s scheduler (other than default) for ClickHouse pods +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +terminationGracePeriodSeconds: "" +## @param lifecycleHooks for the ClickHouse container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @param extraEnvVars Array with extra environment variables to add to ClickHouse nodes +## e.g: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for ClickHouse nodes +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for ClickHouse nodes +## +extraEnvVarsSecret: "" +## @param extraVolumes Optionally specify extra list of additional volumes for the ClickHouse pod(s) +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the ClickHouse container(s) +## +extraVolumeMounts: [] +## @param sidecars Add additional sidecar containers to the ClickHouse pod(s) +## e.g: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] +## @param initContainers Add additional init containers to the ClickHouse pod(s) +## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## e.g: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## command: ['sh', '-c', 'echo "hello world"'] +## +initContainers: [] + +## TLS configuration +## +tls: + ## @param tls.enabled Enable TLS traffic support + ## + enabled: false + ## @param tls.autoGenerated Generate automatically self-signed TLS certificates + ## + autoGenerated: false + ## @param tls.certificatesSecret Name of an existing secret that contains the certificates + ## + certificatesSecret: "" + ## @param tls.certFilename Certificate filename + ## + certFilename: "" + ## @param tls.certKeyFilename Certificate key filename + ## + certKeyFilename: "" + ## @param tls.certCAFilename CA Certificate filename + ## If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate + ## ref: https://www.postgresql.org/docs/9.6/auth-methods.html + ## + certCAFilename: "" + +## @section Traffic Exposure Parameters +## + +## ClickHouse service parameters +## +service: + ## @param service.type ClickHouse service type + ## + type: ClusterIP + ## @param service.ports.http ClickHouse service HTTP port + ## @param service.ports.tcp ClickHouse service TCP port + ## @param service.ports.tcpSecure ClickHouse service TCP (secure) port + ## @param service.ports.mysql ClickHouse service MySQL port + ## @param service.ports.postgresql ClickHouse service PostgreSQL port + ## @param service.ports.interserver ClickHouse service Interserver port + ## @param service.ports.metrics ClickHouse service metrics port + ## + ports: + http: 8123 + tcp: 9000 + tcpSecure: 9440 + mysql: 9004 + postgresql: 9005 + interserver: 9009 + metrics: 8001 + ## Node ports to expose + ## @param service.nodePorts.http Node port for HTTP + ## @param service.nodePorts.tcp Node port for TCP + ## @param service.nodePorts.tcpSecure Node port for TCP (with TLS) + ## @param service.nodePorts.mysql Node port for MySQL + ## @param service.nodePorts.postgresql Node port for PostgreSQL + ## @param service.nodePorts.interserver Node port for Interserver + ## @param service.nodePorts.metrics Node port for metrics + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + tcp: "" + tcpSecure: "" + mysql: "" + postgresql: "" + interserver: "" + metrics: "" + ## @param service.clusterIP ClickHouse service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP ClickHouse service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges ClickHouse service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy ClickHouse service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Additional custom annotations for ClickHouse service + ## + annotations: {} + ## @param service.extraPorts Extra ports to expose in ClickHouse service (normally used with the `sidecars` value) + ## + extraPorts: [] + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## External Access to ClickHouse configuration +## +externalAccess: + ## @param externalAccess.enabled Enable Kubernetes external cluster access to ClickHouse + ## + enabled: false + ## Parameters to configure K8s service(s) used to externally access ClickHouse + ## Note: A new service per will be created + ## + service: + ## @param externalAccess.service.type Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP + ## + type: LoadBalancer + ## @param externalAccess.service.ports.http ClickHouse service HTTP port + ## @param externalAccess.service.ports.tcp ClickHouse service TCP port + ## @param externalAccess.service.ports.tcpSecure ClickHouse service TCP (secure) port + ## @param externalAccess.service.ports.mysql ClickHouse service MySQL port + ## @param externalAccess.service.ports.postgresql ClickHouse service PostgreSQL port + ## @param externalAccess.service.ports.interserver ClickHouse service Interserver port + ## @param externalAccess.service.ports.metrics ClickHouse service metrics port + ## + ports: + http: 80 + tcp: 9000 + tcpSecure: 9440 + mysql: 9004 + postgresql: 9005 + interserver: 9009 + metrics: 8001 + ## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for each ClickHouse . Length must be the same as replicaCount + ## e.g: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + loadBalancerIPs: [] + ## @param externalAccess.service.loadBalancerAnnotations Array of load balancer annotations for each ClickHouse . Length must be the same as replicaCount + ## e.g: + ## loadBalancerAnnotations: + ## - external-dns.alpha.kubernetes.io/hostname: 1.external.example.com. + ## - external-dns.alpha.kubernetes.io/hostname: 2.external.example.com. + ## + loadBalancerAnnotations: [] + ## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param externalAccess.service.nodePorts.http Node port for HTTP + ## @param externalAccess.service.nodePorts.tcp Node port for TCP + ## @param externalAccess.service.nodePorts.tcpSecure Node port for TCP (with TLS) + ## @param externalAccess.service.nodePorts.mysql Node port for MySQL + ## @param externalAccess.service.nodePorts.postgresql Node port for PostgreSQL + ## @param externalAccess.service.nodePorts.interserver Node port for Interserver + ## @param externalAccess.service.nodePorts.metrics Node port for metrics + ## NOTE: choose port between <30000-32767> + ## e.g: + ## nodePorts: + ## tls: + ## - 30001 + ## - 30002 + ## + nodePorts: + http: [] + tcp: [] + tcpSecure: [] + mysql: [] + postgresql: [] + interserver: [] + metrics: [] + ## @param externalAccess.service.labels Service labels for external access + ## + labels: {} + ## @param externalAccess.service.annotations Service annotations for external access + ## + annotations: {} + ## @param externalAccess.service.extraPorts Extra ports to expose in the ClickHouse external service + ## + extraPorts: [] + +## ClickHouse ingress parameters +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress record generation for ClickHouse + ## + enabled: false + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.hostname Default host for the ingress record + ## + hostname: clickhouse.local + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + ## + path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: clickhouse.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - clickhouse.local + ## secretName: clickhouse.local-tls + ## + extraTls: [] + ## @param ingress.secrets Custom TLS certificates as secrets + ## NOTE: 'key' and 'certificate' are expected in PEM format + ## NOTE: 'name' should line up with a 'secretName' set further up + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## secrets: + ## - name: clickhouse.local-tls + ## key: |- + ## -----BEGIN RSA PRIVATE KEY----- + ## ... + ## -----END RSA PRIVATE KEY----- + ## certificate: |- + ## -----BEGIN CERTIFICATE----- + ## ... + ## -----END CERTIFICATE----- + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + +## @section Persistence Parameters +## + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable persistence using Persistent Volume Claims + ## + enabled: true + ## @param persistence.storageClass Storage class of backing PVC + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.annotations Persistent Volume Claim annotations + ## + annotations: {} + ## @param persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size Size of data volume + ## + size: 8Gi + ## @param persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC + ## If set, the PVC can't have a PV dynamically provisioned for it + ## E.g. + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param persistence.dataSource Custom PVC data source + ## + dataSource: {} +## @section Init Container Parameters +## + +## 'volumePermissions' init container parameters +## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values +## based on the *podSecurityContext/*containerSecurityContext parameters +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` + ## + enabled: false + ## Drycc Shell image + ## ref: https://hub.docker.com/r/drycc/drycc-shell/tags/ + ## @param volumePermissions.image.registry Drycc Shell image registry + ## @param volumePermissions.image.repository Drycc Shell image repository + ## @param volumePermissions.image.tag Drycc Shell image tag (immutable tags are recommended) + ## @param volumePermissions.image.pullPolicy Drycc Shell image pull policy + ## @param volumePermissions.image.pullSecrets Drycc Shell image pull secrets + ## + image: + registry: docker.io + repository: drycc/drycc-shell + tag: 11-debian-11-r37 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container's resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## @param volumePermissions.resources.limits The resources limits for the init container + ## @param volumePermissions.resources.requests The requested resources for the init container + ## + resources: + limits: {} + requests: {} + ## Init container Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser + ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the + ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) + ## + containerSecurityContext: + runAsUser: 0 + +## @section Other Parameters +## + +## ServiceAccount configuration +## +serviceAccount: + ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: true + +## Prometheus metrics +## +metrics: + ## @param metrics.enabled Enable the export of Prometheus metrics + ## + enabled: false + ## @param metrics.podAnnotations [object] Annotations for metrics scraping + ## + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.containerPorts.metrics }}" + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor + ## + annotations: {} + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/drycc/charts/tree/master/drycc/prometheus-operator#prometheus-configuration + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + +## @section External Zookeeper paramaters +## +externalZookeeper: + ## @param externalZookeeper.servers List of external zookeeper servers to use + ## @param externalZookeeper.port Port of the Zookeeper servers + ## + servers: [] + port: 2888 + +## @section Zookeeper subchart parameters +## +## @param zookeeper.enabled Deploy Zookeeper subchart +## @param zookeeper.replicaCount Number of Zookeeper instances +## @param zookeeper.service.ports.client Zookeeper client port +## +zookeeper: + enabled: true + replicaCount: 2 + service: + ports: + client: 2181 diff --git a/addons/clickhouse/24/meta.yaml b/addons/clickhouse/24/meta.yaml new file mode 100644 index 00000000..fccf62bb --- /dev/null +++ b/addons/clickhouse/24/meta.yaml @@ -0,0 +1,24 @@ +name: clickhouse +version: 23 +id: 5606a4c8-d0b6-4ad0-98d2-3e4fde3055f6 +description: "clickhouse" +displayName: "clickhouse" +metadata: + displayName: "clickhouse" + provider: + name: drycc + supportURL: http://clickhouse.io/ + documentationURL: https://github.com/drycc-addons/ +tags: clickhouse +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "networkPolicy.allowNamespaces" + required: false + description: "networkPolicy allowNamespaces config for values.yaml" +- name: "service.type" + required: false + description: "service type config for values.yaml" +archive: false From 2b32b73cbf789ca455d35f371bc682ec0da4b331 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 18 Jun 2024 17:03:19 +0800 Subject: [PATCH 097/176] chore(addons): modify cronjob images pull policy --- .../8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml index 6b51d3d7..f8f656e3 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml @@ -30,7 +30,7 @@ spec: initContainers: - name: backup-wait image: registry.drycc.cc/drycc/python-dev:latest - imagePullPolicy: {{.Values.imagePullPolicy}} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} args: - netcat - -v From 4b7ed95a636a26e46376b057cfc986a2cdb049fc Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 18 Jun 2024 17:07:59 +0800 Subject: [PATCH 098/176] chore(clickhouse): fix chart version --- addons/clickhouse/24/chart/clickhouse/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/clickhouse/24/chart/clickhouse/Chart.yaml b/addons/clickhouse/24/chart/clickhouse/Chart.yaml index 5b3abe01..05273a02 100644 --- a/addons/clickhouse/24/chart/clickhouse/Chart.yaml +++ b/addons/clickhouse/24/chart/clickhouse/Chart.yaml @@ -21,4 +21,4 @@ name: clickhouse sources: - https://github.com/drycc/containers/tree/main/drycc/clickhouse - https://github.com/ClickHouse/ClickHouse -version: 24 +version: 24.0 From 75ef7255b2d768339b859b134a081de8d8c2ad0f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 18 Jun 2024 17:15:29 +0800 Subject: [PATCH 099/176] chore(clickhouse): fix chart version --- addons/clickhouse/24/chart/clickhouse/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/clickhouse/24/chart/clickhouse/Chart.yaml b/addons/clickhouse/24/chart/clickhouse/Chart.yaml index 05273a02..ab3c1027 100644 --- a/addons/clickhouse/24/chart/clickhouse/Chart.yaml +++ b/addons/clickhouse/24/chart/clickhouse/Chart.yaml @@ -21,4 +21,4 @@ name: clickhouse sources: - https://github.com/drycc/containers/tree/main/drycc/clickhouse - https://github.com/ClickHouse/ClickHouse -version: 24.0 +version: 24.0.1 From b2669e8f847e5d7e1b06c77ec716d4eb85e89e00 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 21 Jun 2024 13:46:20 +0800 Subject: [PATCH 100/176] chore(mysql-cluster): change dump default theads to 1 for avoid use too many mem --- .../8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml index f8f656e3..0947721d 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml @@ -66,7 +66,7 @@ spec: endpoint=os.getenv('AWS_ENDPOINT_URL') bucket_name=os.getenv('AWS_BUCKET_NAME') - util.dump_instance(now_str, {'s3BucketName': bucket_name, 's3EndpointOverride': endpoint, 'threads': 4, 'compatibility': ['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] ,'excludeSchemas': ['mysql_innodb_cluster_metadata','sys','information_schema','performance_schema','mondb'],'compatibility':['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] }) + util.dump_instance(now_str, {'s3BucketName': bucket_name, 's3EndpointOverride': endpoint, 'threads': 1, 'compatibility': ['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] ,'excludeSchemas': ['mysql_innodb_cluster_metadata','sys','information_schema','performance_schema','mondb'],'compatibility':['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] }) " > /tmp/dump_instance.py mysqlsh --uri=${MYSQL_ROOT_USER}@${MYSQL_HOST}:${MYSQL_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} --py < /tmp/dump_instance.py From c0e9bec2fb0a809a451c69b15c131c8162cf556f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 21 Jun 2024 13:55:49 +0800 Subject: [PATCH 101/176] chore(clickhouse): add plans --- .../24/chart/clickhouse/values.yaml | 4 +-- .../24/plans/standard-2c4g20/bind.yaml | 26 +++++++++++++++++++ .../create-instance-schema.json | 12 +++++++++ .../24/plans/standard-2c4g20/meta.yaml | 6 +++++ .../24/plans/standard-2c4g20/values.yaml | 23 ++++++++++++++++ .../24/plans/standard-4c16g100/bind.yaml | 26 +++++++++++++++++++ .../create-instance-schema.json | 12 +++++++++ .../24/plans/standard-4c16g100/meta.yaml | 6 +++++ .../24/plans/standard-4c16g100/values.yaml | 23 ++++++++++++++++ 9 files changed, 136 insertions(+), 2 deletions(-) create mode 100644 addons/clickhouse/24/plans/standard-2c4g20/bind.yaml create mode 100644 addons/clickhouse/24/plans/standard-2c4g20/create-instance-schema.json create mode 100644 addons/clickhouse/24/plans/standard-2c4g20/meta.yaml create mode 100644 addons/clickhouse/24/plans/standard-2c4g20/values.yaml create mode 100644 addons/clickhouse/24/plans/standard-4c16g100/bind.yaml create mode 100644 addons/clickhouse/24/plans/standard-4c16g100/create-instance-schema.json create mode 100644 addons/clickhouse/24/plans/standard-4c16g100/meta.yaml create mode 100644 addons/clickhouse/24/plans/standard-4c16g100/values.yaml diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml index fc6fef0d..b1764c87 100644 --- a/addons/clickhouse/24/chart/clickhouse/values.yaml +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -212,7 +212,7 @@ containerSecurityContext: ## @param auth.existingSecretKey Name of the key inside the existing secret ## auth: - username: default + username: administrator password: "" existingSecret: "" existingSecretKey: "" @@ -898,7 +898,7 @@ serviceAccount: metrics: ## @param metrics.enabled Enable the export of Prometheus metrics ## - enabled: false + enabled: true ## @param metrics.podAnnotations [object] Annotations for metrics scraping ## podAnnotations: diff --git a/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml b/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml new file mode 100644 index 00000000..2f2ffbf1 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml @@ -0,0 +1,26 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: {{ printf "EXTRANET_HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: {{ printf "HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + value: 'administrator' + - name: TCP_PORT + value: 9000 + - name: HTTP_PORT + value: 8123 + - name: MYSQL_PORT + value: 9004 diff --git a/addons/clickhouse/24/plans/standard-2c4g20/create-instance-schema.json b/addons/clickhouse/24/plans/standard-2c4g20/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-2c4g20/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-2c4g20/meta.yaml b/addons/clickhouse/24/plans/standard-2c4g20/meta.yaml new file mode 100644 index 00000000..ca409ee7 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-2c4g20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g20" +id: 9866afb5-eeb1-4c89-a6d6-01197ff34bbc +description: "clickhouse standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G " +displayName: "standard-2c4g20" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-2c4g20/values.yaml b/addons/clickhouse/24/plans/standard-2c4g20/values.yaml new file mode 100644 index 00000000..254b4fea --- /dev/null +++ b/addons/clickhouse/24/plans/standard-2c4g20/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-clickhouse-cluster-standard-2c4g20 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi + +persistence: + size: 20Gi diff --git a/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml b/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml new file mode 100644 index 00000000..a66a7cd7 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml @@ -0,0 +1,26 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: {{ printf "EXTRANET_HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: {{ printf "HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + value: 'administrator' + - name: TCP_PORT + value: 9000 + - name: HTTP_PORT + value: 8123 + - name: MYSQL_PORT + value: 9004 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-4c16g100/create-instance-schema.json b/addons/clickhouse/24/plans/standard-4c16g100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-4c16g100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-4c16g100/meta.yaml b/addons/clickhouse/24/plans/standard-4c16g100/meta.yaml new file mode 100644 index 00000000..ed5ad077 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-4c16g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c16g100" +id: e30e5296-ce38-48cb-981c-9bb1c2e43833 +description: "clickhouse standard-4c16g100 plan: Disk 100Gi ,vCPUs c , RAM 16G " +displayName: "standard-4c16g100" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-4c16g100/values.yaml b/addons/clickhouse/24/plans/standard-4c16g100/values.yaml new file mode 100644 index 00000000..8b69f236 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-4c16g100/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-clickhouse-cluster-standard-4c16g100 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 4000m + memory: 16Gi + requests: + cpu: 4000m + memory: 16Gi + +persistence: + size: 100Gi From 1ddd319dc24c6207e2bdb8f4b688568aa782bd07 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 26 Jun 2024 16:20:55 +0800 Subject: [PATCH 102/176] chore(clickhouse): update use keeper --- .../chart/clickhouse/templates/_helpers.tpl | 34 +- .../clickhouse/templates/configmap-extra.yaml | 10 +- .../templates/configmap-users-extra.yaml | 20 + .../chart/clickhouse/templates/configmap.yaml | 10 +- .../clickhouse/templates/extra-list.yaml | 5 + .../templates/ingress-tls-secrets.yaml | 26 +- .../chart/clickhouse/templates/ingress.yaml | 21 +- .../templates/init-scripts-secret.yaml | 10 +- .../clickhouse/templates/networkpolicy.yaml | 135 ++++++ .../24/chart/clickhouse/templates/pdb.yaml | 34 ++ .../clickhouse/templates/prometheusrule.yaml | 24 + .../templates/scripts-configmap.yaml | 34 ++ .../24/chart/clickhouse/templates/secret.yaml | 10 +- .../clickhouse/templates/service-account.yaml | 19 +- .../templates/service-external-access.yaml | 59 ++- .../templates/service-headless.yaml | 56 ++- .../chart/clickhouse/templates/service.yaml | 66 ++- .../clickhouse/templates/servicemonitor.yaml | 28 +- .../templates/start-scripts-secret.yaml | 10 +- .../clickhouse/templates/statefulset.yaml | 209 ++++++--- .../clickhouse/templates/tls-secret.yaml | 21 +- .../24/chart/clickhouse/values.yaml | 420 ++++++++++++++---- addons/clickhouse/24/meta.yaml | 2 +- .../24/plans/standard-2c4g20/bind.yaml | 2 +- .../24/plans/standard-4c16g100/bind.yaml | 2 +- 25 files changed, 1005 insertions(+), 262 deletions(-) create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/configmap-users-extra.yaml mode change 100755 => 100644 addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/networkpolicy.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/pdb.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/prometheusrule.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/scripts-configmap.yaml diff --git a/addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl b/addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl index 5d3b9dca..64055c41 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl +++ b/addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* Return the proper ClickHouse image name */}} @@ -94,6 +99,18 @@ Get the ClickHouse configuration configmap. {{- end -}} {{- end -}} + +{{/* +Get the ClickHouse configuration users configmap. +*/}} +{{- define "clickhouse.usersExtraConfigmapName" -}} +{{- if .Values.usersExtraOverridesConfigmap -}} + {{- .Values.usersExtraOverridesConfigmap -}} +{{- else }} + {{- printf "%s-users-extra" (include "common.names.fullname" . ) -}} +{{- end -}} +{{- end -}} + {{/* Get the Clickhouse password secret name */}} @@ -185,17 +202,18 @@ Compile all warnings into a single message. {{- end -}} {{- end -}} -{{/* Validate values of ClickHouse - Zookeeper */}} +{{/* Validate values of ClickHouse - [Zoo]keeper */}} {{- define "clickhouse.validateValues.zookeeper" -}} -{{- if and .Values.zookeeper.enabled .Values.externalZookeeper.servers -}} -clickhouse: Multiple Zookeeper - You can only use one zookeeper - Please choose installing a Zookeeper chart (--set zookeeper.enabled=true) or +{{- if or (and .Values.keeper.enabled .Values.zookeeper.enabled) (and .Values.keeper.enabled .Values.externalZookeeper.servers) (and .Values.zookeeper.enabled .Values.externalZookeeper.servers) -}} +clickhouse: Multiple [Zoo]keeper + You can only use one [zoo]keeper + Please choose use ClickHouse keeper or + installing a Zookeeper chart (--set zookeeper.enabled=true) or using an external instance (--set zookeeper.servers ) {{- end -}} -{{- if and (not .Values.zookeeper.enabled) (not .Values.externalZookeeper.servers) (ne (int .Values.shards) 1) (ne (int .Values.replicaCount) 1) -}} -clickhouse: No Zookeeper - If you are deploying more than one ClickHouse instance, you need to enable Zookeeper. Please choose installing a Zookeeper chart (--set zookeeper.enabled=true) or +{{- if and (not .Values.keeper.enabled) (not .Values.zookeeper.enabled) (not .Values.externalZookeeper.servers) (ne (int .Values.shards) 1) (ne (int .Values.replicaCount) 1) -}} +clickhouse: No [Zoo]keeper + If you are deploying more than one ClickHouse instance, you need to enable [Zoo]keeper. Please choose installing a [Zoo]keeper (--set keeper.enabled=true) or (--set zookeeper.enabled=true) or using an external instance (--set zookeeper.servers ) {{- end -}} {{- end -}} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml b/addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml index f78a3aef..e0bffcd6 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml @@ -1,14 +1,16 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.extraOverrides (not .Values.extraOverridesConfigmap) }} apiVersion: v1 kind: ConfigMap metadata: name: {{ printf "%s-extra" (include "common.names.fullname" .) }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/configmap-users-extra.yaml b/addons/clickhouse/24/chart/clickhouse/templates/configmap-users-extra.yaml new file mode 100644 index 00000000..bd408b79 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/configmap-users-extra.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.usersExtraOverrides (not .Values.usersExtraOverridesConfigmap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-users-extra" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + 01_users_extra_overrides.xml: | + {{- include "common.tplvalues.render" (dict "value" .Values.usersExtraOverrides "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml b/addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml index 2a427dca..49cf3e33 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml @@ -1,14 +1,16 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if not .Values.existingOverridesConfigmap }} apiVersion: v1 kind: ConfigMap metadata: name: {{ template "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml b/addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml index 9ac65f9e..329f5c65 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- range .Values.extraDeploy }} --- {{ include "common.tplvalues.render" (dict "value" . "context" $) }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml b/addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml index cdab66cf..27c438cd 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.ingress.enabled }} {{- if .Values.ingress.secrets }} {{- range .Values.ingress.secrets }} @@ -6,12 +11,9 @@ kind: Secret metadata: name: {{ .name }} namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: kubernetes.io/tls data: @@ -21,24 +23,22 @@ data: {{- end }} {{- end }} {{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} {{- $ca := genCA "clickhouse-ca" 365 }} {{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} + name: {{ $secretName }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: kubernetes.io/tls data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml b/addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml old mode 100755 new mode 100644 index fa1b8db2..dbe543fa --- a/addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml @@ -1,20 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.ingress.enabled }} apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ include "common.names.fullname" . }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} spec: {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} ingressClassName: {{ .Values.ingress.ingressClassName | quote }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml index 96f83f61..f5b32fc0 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml @@ -1,14 +1,16 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.initdbScripts (not .Values.initdbScriptsSecret) }} apiVersion: v1 kind: Secret metadata: name: {{ printf "%s-init-scripts" (include "common.names.fullname" .) }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/networkpolicy.yaml b/addons/clickhouse/24/chart/clickhouse/templates/networkpolicy.yaml new file mode 100644 index 00000000..92cef548 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/networkpolicy.yaml @@ -0,0 +1,135 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: clickhouse + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to other cluster pods + - ports: + - port: {{ .Values.service.ports.http }} + {{- if .Values.tls.enabled }} + - port: {{ .Values.service.ports.https }} + {{- end }} + - port: {{ .Values.service.ports.tcp }} + {{- if .Values.tls.enabled }} + - port: {{ .Values.service.ports.tcpSecure }} + {{- end }} + {{- if .Values.keeper.enabled }} + - port: {{ .Values.service.ports.keeper }} + - port: {{ .Values.service.ports.keeperInter }} + {{- if .Values.tls.enabled }} + - port: {{ .Values.service.ports.keeperSecure }} + {{- end }} + {{- end }} + - port: {{ .Values.service.ports.mysql }} + - port: {{ .Values.service.ports.postgresql }} + - port: {{ .Values.service.ports.interserver }} + {{- if .Values.metrics.enabled }} + - port: {{ .Values.service.ports.metrics }} + {{- end }} + {{- if $.Values.externalAccess.enabled }} + - port: {{ $.Values.externalAccess.service.ports.http }} + {{- if $.Values.tls.enabled }} + - port: {{ $.Values.externalAccess.service.ports.https }} + {{- end }} + {{- if $.Values.metrics.enabled }} + - port: {{ $.Values.externalAccess.service.ports.metrics }} + {{- end }} + - port: {{ $.Values.externalAccess.service.ports.tcp }} + {{- if $.Values.tls.enabled }} + - port: {{ $.Values.externalAccess.service.ports.tcpSecure }} + {{- end }} + {{- if $.Values.keeper.enabled }} + - port: {{ $.Values.externalAccess.service.ports.keeper }} + - port: {{ $.Values.externalAccess.service.ports.keeperInter }} + {{- if $.Values.tls.enabled }} + - port: {{ $.Values.externalAccess.service.ports.keeperSecure }} + {{- end }} + {{- end }} + - port: {{ $.Values.externalAccess.service.ports.mysql }} + - port: {{ $.Values.externalAccess.service.ports.postgresql }} + - port: {{ $.Values.externalAccess.service.ports.interserver }} + {{- end }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + {{- if eq $.Values.service.type "ClusterIP" }} + ingress: + - ports: + - port: {{ $.Values.containerPorts.http }} + - port: {{ $.Values.containerPorts.tcp }} + - port: {{ $.Values.containerPorts.mysql }} + - port: {{ $.Values.containerPorts.postgresql }} + - port: {{ $.Values.containerPorts.interserver }} + {{- if $.Values.tls.enabled }} + - port: {{ $.Values.containerPorts.tcpSecure }} + - port: {{ $.Values.containerPorts.https }} + {{- end }} + {{- if $.Values.keeper.enabled }} + - port: {{ $.Values.containerPorts.keeper }} + - port: {{ $.Values.containerPorts.keeperInter }} + {{- if $.Values.tls.enabled }} + - port : {{ $.Values.containerPorts.keeperSecure }} + {{- end }} + {{- end }} + {{- if $.Values.metrics.enabled }} + - port: {{ $.Values.containerPorts.metrics }} + {{- end }} + + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + {{- if eq $.Values.service.type "LoadBalancer" }} + ingress: + - {} + {{- end }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/pdb.yaml b/addons/clickhouse/24/chart/clickhouse/templates/pdb.yaml new file mode 100644 index 00000000..b8de1224 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/pdb.yaml @@ -0,0 +1,34 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.pdb.create }} +{{- $shards := .Values.shards | int }} +{{- range $i, $e := until $shards }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" $ }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-shard%d" (include "common.names.fullname" $ ) $i }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: clickhouse + shard: {{ $i | quote }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if $.Values.pdb.minAvailable }} + minAvailable: {{ $.Values.pdb.minAvailable }} + {{- end }} + {{- if or $.Values.pdb.maxUnavailable (not $.Values.pdb.minAvailable) }} + maxUnavailable: {{ $.Values.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list $.Values.podLabels $.Values.commonLabels) "context" $) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: clickhouse + shard: {{ $i | quote }} +--- +{{- end }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/prometheusrule.yaml b/addons/clickhouse/24/chart/clickhouse/templates/prometheusrule.yaml new file mode 100644 index 00000000..5e499111 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/prometheusrule.yaml @@ -0,0 +1,24 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled .Values.metrics.prometheusRule.rules }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "common.names.fullname" . }} + rules: {{- toYaml .Values.metrics.prometheusRule.rules | nindent 8 }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/scripts-configmap.yaml b/addons/clickhouse/24/chart/clickhouse/templates/scripts-configmap.yaml new file mode 100644 index 00000000..80e64e8a --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/scripts-configmap.yaml @@ -0,0 +1,34 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + setup.sh: |- + #!/bin/bash + + # Execute entrypoint as usual after obtaining KEEPER_SERVER_ID + # check KEEPER_SERVER_ID in persistent volume via myid + # if not present, set based on POD hostname + if [[ -f "/drycc/clickhouse/keeper/data/myid" ]]; then + export KEEPER_SERVER_ID="$(cat /drycc/clickhouse/keeper/data/myid)" + else + HOSTNAME="$(hostname -s)" + if [[ $HOSTNAME =~ (.*)-([0-9]+)$ ]]; then + export KEEPER_SERVER_ID=${BASH_REMATCH[2]} + else + echo "Failed to get index from hostname $HOST" + exit 1 + fi + fi + exec /opt/drycc/scripts/clickhouse/entrypoint.sh /opt/drycc/scripts/clickhouse/run.sh -- --listen_host=0.0.0.0 diff --git a/addons/clickhouse/24/chart/clickhouse/templates/secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/secret.yaml index 89f58cee..7a1f961f 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/secret.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/secret.yaml @@ -1,14 +1,16 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if not .Values.auth.existingSecret }} apiVersion: v1 kind: Secret metadata: name: {{ template "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml index b3787391..58c3eeed 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml @@ -1,22 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "clickhouse.serviceAccountName" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml index 2af4abb2..5393a531 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml @@ -1,28 +1,30 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if $.Values.externalAccess.enabled }} {{- $shards := $.Values.shards | int }} {{- $replicas := $.Values.replicaCount | int }} {{- $totalNodes := mul $shards $replicas }} {{- range $shard, $e := until $shards }} {{- range $i, $_e := until $replicas }} +{{- $loadBalancerAnnotationPosOffset := mul $shard $replicas }} +{{- $loadBalancerAnnotationPosition := add $loadBalancerAnnotationPosOffset $i }} {{- $targetPod := printf "%s-shard%d-%d" (include "common.names.fullname" $) $shard $i }} apiVersion: v1 kind: Service metadata: name: {{ printf "%s-external" $targetPod | trunc 63 | trimSuffix "-" }} namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.externalAccess.service.labels $.Values.commonLabels ) "context" $ ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse pod: {{ $targetPod }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.externalAccess.service.labels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.externalAccess.service.labels "context" $) | nindent 4 }} - {{- end }} {{- if or $.Values.externalAccess.service.annotations $.Values.commonAnnotations $.Values.externalAccess.service.loadBalancerAnnotations }} annotations: {{- if and (not (empty $.Values.externalAccess.service.loadBalancerAnnotations)) (eq (len $.Values.externalAccess.service.loadBalancerAnnotations) $totalNodes) }} - {{ include "common.tplvalues.render" ( dict "value" (index $.Values.externalAccess.service.loadBalancerAnnotations $i) "context" $) | nindent 4 }} + {{ include "common.tplvalues.render" ( dict "value" (index $.Values.externalAccess.service.loadBalancerAnnotations $loadBalancerAnnotationPosition) "context" $) | nindent 4 }} {{- end }} {{- if $.Values.externalAccess.service.annotations }} {{- include "common.tplvalues.render" ( dict "value" $.Values.externalAccess.service.annotations "context" $) | nindent 4 }} @@ -50,6 +52,16 @@ spec: {{- else }} nodePort: null {{- end }} + {{- if $.Values.tls.enabled }} + - name: https + port: {{ $.Values.externalAccess.service.ports.https }} + targetPort: https + {{- if not (empty $.Values.externalAccess.service.nodePorts.https) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.https $i }} + {{- else }} + nodePort: null + {{- end }} + {{- end }} {{- if $.Values.metrics.enabled }} - name: http-metrics port: {{ $.Values.externalAccess.service.ports.metrics }} @@ -78,6 +90,34 @@ spec: nodePort: null {{- end }} {{- end }} + {{- if $.Values.keeper.enabled }} + - name: tcp-keeper + port: {{ $.Values.externalAccess.service.ports.keeper }} + targetPort: tcp-keeper + {{- if not (empty $.Values.externalAccess.service.nodePorts.keeper) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.keeper $i }} + {{- else }} + nodePort: null + {{- end }} + - name: tcp-keeperinter + port: {{ $.Values.externalAccess.service.ports.keeperInter }} + targetPort: tcp-keeperinter + {{- if not (empty $.Values.externalAccess.service.nodePorts.keeperInter) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.keeperInter $i }} + {{- else }} + nodePort: null + {{- end }} + {{- if $.Values.tls.enabled }} + - name: tcp-keepertls + port: {{ $.Values.externalAccess.service.ports.keeperSecure }} + targetPort: tcp-keepertls + {{- if not (empty $.Values.externalAccess.service.nodePorts.keeperSecure) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.keeperSecure $i }} + {{- else }} + nodePort: null + {{- end }} + {{- end }} + {{- end }} - name: tcp-mysql port: {{ $.Values.externalAccess.service.ports.mysql }} targetPort: tcp-mysql @@ -105,7 +145,8 @@ spec: {{- if $.Values.externalAccess.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" $.Values.externalAccess.service.extraPorts "context" $) | nindent 4 }} {{- end }} - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.podLabels $.Values.commonLabels ) "context" $ ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse statefulset.kubernetes.io/pod-name: {{ $targetPod }} --- diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml index 33f86ce1..23d4496a 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml @@ -1,21 +1,18 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: v1 kind: Service metadata: name: {{ include "clickhouse.headlessServiceName" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} + {{- if or .Values.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: type: ClusterIP @@ -24,32 +21,49 @@ spec: ports: - name: http targetPort: http - port: {{ .Values.service.ports.http }} + port: {{ .Values.containerPorts.http }} protocol: TCP - name: tcp targetPort: tcp - port: {{ .Values.service.ports.tcp }} + port: {{ .Values.containerPorts.tcp }} protocol: TCP {{- if .Values.tls.enabled }} - name: tcp-secure targetPort: tcp-secure - port: {{ .Values.service.ports.tcpSecure }} + port: {{ .Values.containerPorts.tcpSecure }} + protocol: TCP + {{- end }} + {{- if .Values.keeper.enabled }} + - name: tcp-keeper + targetPort: tcp-keeper + port: {{ .Values.containerPorts.keeper }} protocol: TCP + - name: tcp-keeperinter + targetPort: tcp-keeperinter + port: {{ .Values.containerPorts.keeperInter }} + protocol: TCP + {{- if .Values.tls.enabled }} + - name: tcp-keepertls + targetPort: tcp-keepertls + port: {{ .Values.containerPorts.keeperSecure }} + protocol: TCP + {{- end }} {{- end }} - - name: mysql - targetPort: mysql - port: {{ .Values.service.ports.mysql }} + - name: tcp-mysql + targetPort: tcp-mysql + port: {{ .Values.containerPorts.mysql }} protocol: TCP - name: tcp-postgresql targetPort: tcp-postgresql - port: {{ .Values.service.ports.postgresql }} + port: {{ .Values.containerPorts.postgresql }} protocol: TCP - name: http-intersrv targetPort: http-intersrv - port: {{ .Values.service.ports.interserver }} + port: {{ .Values.containerPorts.interserver }} protocol: TCP {{- if .Values.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service.yaml index fe2dfc60..3d3f3d7c 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/service.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/service.yaml @@ -1,21 +1,18 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: v1 kind: Service metadata: name: {{ template "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: type: {{ .Values.service.type }} @@ -32,7 +29,7 @@ spec: externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} {{- end }} {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} loadBalancerIP: {{ .Values.service.loadBalancerIP }} @@ -47,6 +44,17 @@ spec: {{- else if eq .Values.service.type "ClusterIP" }} nodePort: null {{- end }} + {{- if .Values.tls.enabled }} + - name: https + targetPort: https + port: {{ .Values.service.ports.https }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }} + nodePort: {{ .Values.service.nodePorts.https }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} - name: tcp targetPort: tcp port: {{ .Values.service.ports.tcp }} @@ -67,6 +75,37 @@ spec: nodePort: null {{- end }} {{- end }} + {{- if .Values.keeper.enabled }} + - name: tcp-keeper + targetPort: tcp-keeper + port: {{ .Values.service.ports.keeper }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.tcp)) }} + nodePort: {{ .Values.service.nodePorts.keeper }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: tcp-keeperinter + targetPort: tcp-keeperinter + port: {{ .Values.service.ports.keeperInter }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.tcp)) }} + nodePort: {{ .Values.service.nodePorts.keeperInter }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.tls.enabled }} + - name: tcp-keepertls + targetPort: tcp-keepertls + port: {{ .Values.service.ports.keeperSecure }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.tcpSecure)) }} + nodePort: {{ .Values.service.nodePorts.keeperSecure }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- end }} - name: tcp-mysql targetPort: tcp-mysql port: {{ .Values.service.ports.mysql }} @@ -108,5 +147,6 @@ spec: {{- if .Values.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse diff --git a/addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml b/addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml index 8477fc6e..7e611255 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml @@ -1,27 +1,25 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "common.names.fullname" . }} namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.annotations "context" $ ) | nindent 4 }} - {{- end }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if or .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} spec: jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} {{- if .Values.metrics.serviceMonitor.selector }} {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml index 0239d702..a35a1648 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml @@ -1,14 +1,16 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.startdbScripts (not .Values.startdbScriptsSecret) }} apiVersion: v1 kind: Secret metadata: name: {{ printf "%s-start-scripts" (include "common.names.fullname" .) }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml b/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml index 3c4ffa7a..a9ae7440 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml @@ -1,23 +1,32 @@ -{{- $replicas := .Values.shards | int }} -{{- range $i, $e := until $replicas }} +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- $shards := .Values.shards | int }} +{{- range $i, $e := until $shards }} apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }} kind: StatefulSet metadata: name: {{ printf "%s-shard%d" (include "common.names.fullname" $ ) $i }} namespace: {{ include "common.names.namespace" $ | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + shard: {{ $i | quote }} {{- if $.Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: + {{- if $.Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ $.Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ $.Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} replicas: {{ $.Values.replicaCount }} podManagementPolicy: {{ $.Values.podManagementPolicy | quote }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.podLabels $.Values.commonLabels ) "context" $ ) }} selector: - matchLabels: {{ include "common.labels.matchLabels" $ | nindent 6 }} + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: clickhouse serviceName: {{ printf "%s-headless" (include "common.names.fullname" $) }} {{- if $.Values.updateStrategy }} @@ -25,23 +34,23 @@ spec: {{- end }} template: metadata: - {{- if or $.Values.podAnnotations (and $.Values.metrics.enabled $.Values.metrics.podAnnotations) }} annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") $ | sha256sum }} + checksum/config-extra: {{ include (print $.Template.BasePath "/configmap-extra.yaml") $ | sha256sum }} + checksum/config-users-extra: {{ include (print $.Template.BasePath "/configmap-users-extra.yaml") $ | sha256sum }} {{- if $.Values.podAnnotations }} {{- include "common.tplvalues.render" (dict "value" $.Values.podAnnotations "context" $) | nindent 8 }} {{- end }} {{- if and $.Values.metrics.enabled $.Values.metrics.podAnnotations }} {{- include "common.tplvalues.render" (dict "value" $.Values.metrics.podAnnotations "context" $) | nindent 8 }} {{- end }} - {{- end }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} app.kubernetes.io/component: clickhouse - {{- if $.Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" $.Values.podLabels "context" $) | nindent 8 }} - {{- end }} + shard: {{ $i | quote }} spec: serviceAccountName: {{ template "clickhouse.serviceAccountName" $ }} {{- include "clickhouse.imagePullSecrets" $ | nindent 6 }} + automountServiceAccountToken: {{ $.Values.automountServiceAccountToken }} {{- if $.Values.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" $.Values.hostAliases "context" $) | nindent 8 }} {{- end }} @@ -49,8 +58,8 @@ spec: affinity: {{- include "common.tplvalues.render" ( dict "value" $.Values.affinity "context" $) | nindent 8 }} {{- else }} affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAffinityPreset "component" "clickhouse" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAntiAffinityPreset "component" "clickhouse" "context" $) | nindent 10 }} + podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAffinityPreset "component" "clickhouse" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAntiAffinityPreset "component" "clickhouse" "customLabels" $podLabels "extraPodAffinityTerms" (ternary (list (dict "extraMatchLabels" (dict "shard" $i) "topologyKey" "topology.kubernetes.io/zone")) (list) $.Values.distributeReplicasByZone) "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" $.Values.nodeAffinityPreset.type "key" $.Values.nodeAffinityPreset.key "values" $.Values.nodeAffinityPreset.values) | nindent 10 }} {{- end }} {{- if $.Values.nodeSelector }} @@ -66,10 +75,10 @@ spec: schedulerName: {{ $.Values.schedulerName | quote }} {{- end }} {{- if $.Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" $.Values.topologySpreadConstraints "context" .) | nindent 8 }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" $.Values.topologySpreadConstraints "context" $) | nindent 8 }} {{- end }} {{- if $.Values.podSecurityContext.enabled }} - securityContext: {{- omit $.Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + ssecurityContext: {{- omit $.Values.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{- if $.Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} @@ -81,9 +90,11 @@ spec: imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} {{- if $.Values.resources }} resources: {{- toYaml $.Values.resources | nindent 12 }} + {{- else if ne $.Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" $.Values.resourcesPreset) | nindent 12 }} {{- end }} - # We don't require a privileged container in this case {{- if $.Values.containerSecurityContext.enabled }} + # We don't require a privileged container in this case securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} command: @@ -97,36 +108,47 @@ spec: mountPath: /tmp/certs - name: clickhouse-certificates mountPath: /opt/drycc/clickhouse/certs + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- else if and $.Values.volumePermissions.enabled $.Values.persistence.enabled }} - name: volume-permissions image: {{ include "clickhouse.volumePermissions.image" $ }} imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} - command: | - mkdir -p /drycc/clickhouse/data - chmod 700 /drycc/clickhouse/data - chown {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /drycc/clickhouse - find /drycc/clickhouse -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ - xargs -r chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} - {{- if $.Values.tls.enabled }} - cp /tmp/certs/* /opt/drycc/clickhouse/certs/ - {{- if eq ( toString ( $.Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/drycc/clickhouse/certs/ - {{- else }} - chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /opt/drycc/clickhouse/certs/ - {{- end }} - chmod 600 {{ include "clickhouse.tlsCertKey" $ }} - {{- end }} - {{- if $.Values.containerSecurityContext.enabled }} - securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} + command: + - /bin/sh + - -ec + - | + mkdir -p /drycc/clickhouse/data + chmod 700 /drycc/clickhouse/data + {{- if $.Values.keeper.enabled }} + mkdir -p /drycc/clickhouse/keeper + chmod 700 /drycc/clickhouse/keeper + {{- end }} + chown {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /drycc/clickhouse + find /drycc/clickhouse -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + xargs -r chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} + {{- if $.Values.tls.enabled }} + cp /tmp/certs/* /opt/drycc/clickhouse/certs/ + {{- if eq ( toString ( $.Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/drycc/clickhouse/certs/ + {{- else }} + chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /opt/drycc/clickhouse/certs/ + {{- end }} + chmod 600 {{ include "clickhouse.tlsCertKey" $ }} + {{- end }} + securityContext: {{- include "common.tplvalues.render" (dict "value" $.Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }} {{- if $.Values.volumePermissions.resources }} resources: {{- toYaml $.Values.volumePermissions.resources | nindent 12 }} + {{- else if ne $.Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" $.Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data mountPath: /drycc/clickhouse - - name: config - mountPath: /drycc/clickhouse/conf/default + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- if $.Values.tls.enabled }} - name: raw-certificates mountPath: /tmp/certs @@ -155,7 +177,7 @@ spec: args: {{- include "common.tplvalues.render" (dict "value" $.Values.args "context" $) | nindent 12 }} {{- end }} env: - - name: DRYCC_DEBUG + - name: drycc_DEBUG value: {{ ternary "true" "false" (or $.Values.image.debug $.Values.diagnosticMode.enabled) | quote }} - name: CLICKHOUSE_HTTP_PORT value: {{ $.Values.containerPorts.http | quote }} @@ -170,6 +192,18 @@ spec: {{- if $.Values.tls.enabled }} - name: CLICKHOUSE_TCP_SECURE_PORT value: {{ $.Values.containerPorts.tcpSecure | quote }} + - name: CLICKHOUSE_HTTPS_PORT + value: {{ $.Values.containerPorts.https | quote }} + {{- end }} + {{- if $.Values.keeper.enabled }} + - name: CLICKHOUSE_KEEPER_PORT + value: {{ $.Values.containerPorts.keeper | quote }} + - name: CLICKHOUSE_KEEPER_INTER_PORT + value: {{ $.Values.containerPorts.keeperInter | quote }} + {{- if $.Values.tls.enabled }} + - name: CLICKHOUSE_KEEPER_SECURE_PORT + value: {{ $.Values.containerPorts.keeperSecure | quote }} + {{- end }} {{- end }} {{- if $.Values.metrics.enabled }} - name: CLICKHOUSE_METRICS_PORT @@ -196,9 +230,22 @@ spec: - name: CLICKHOUSE_TLS_CA_FILE value: {{ include "clickhouse.tlsCACert" $ | quote }} {{- end }} - {{- if $.Values.extraEnvVars }} + {{- if $.Values.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }} {{- end }} + {{- if $.Values.keeper.enabled }} + {{- $replicas := $.Values.replicaCount | int }} + {{- range $j, $r := until $replicas }} + - name: {{ printf "KEEPER_NODE_%d" $j }} + value: {{ printf "%s-shard%d-%d.%s.%s.svc.%s" (include "common.names.fullname" $ ) $i $j (include "clickhouse.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} + {{- end }} + {{- else if $.Values.zookeeper.enabled }} + {{- $replicas := $.Values.zookeeper.replicaCount | int }} + {{- range $j, $r := until $replicas }} + - name: {{ printf "KEEPER_NODE_%d" $j }} + value: {{ printf "%s-%d.%s.%s.svc.%s" (include "clickhouse.zookeeper.fullname" $ ) $j (include "clickhouse.zookeeper.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} + {{- end }} + {{- end }} envFrom: {{- if $.Values.extraEnvVarsCM }} - configMapRef: @@ -210,6 +257,8 @@ spec: {{- end }} {{- if $.Values.resources }} resources: {{- toYaml $.Values.resources | nindent 12 }} + {{- else if ne $.Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" $.Values.resourcesPreset) | nindent 12 }} {{- end }} ports: - name: http @@ -217,9 +266,21 @@ spec: - name: tcp containerPort: {{ $.Values.containerPorts.tcp }} {{- if $.Values.tls.enabled }} + - name: https + containerPort: {{ $.Values.containerPorts.https }} - name: tcp-secure containerPort: {{ $.Values.containerPorts.tcpSecure }} {{- end }} + {{- if $.Values.keeper.enabled }} + - name: tcp-keeper + containerPort: {{ $.Values.containerPorts.keeper }} + - name: tcp-keeperinter + containerPort: {{ $.Values.containerPorts.keeperInter }} + {{- if $.Values.tls.enabled }} + - name: tcp-keepertls + containerPort: {{ $.Values.containerPorts.keeperSecure }} + {{- end }} + {{- end }} - name: tcp-postgresql containerPort: {{ $.Values.containerPorts.postgresql }} - name: tcp-mysql @@ -235,8 +296,7 @@ spec: livenessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customLivenessProbe "context" $) | nindent 12 }} {{- else if $.Values.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ping + tcpSocket: port: http {{- end }} {{- if $.Values.customReadinessProbe }} @@ -260,6 +320,21 @@ spec: lifecycle: {{- include "common.tplvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /opt/drycc/clickhouse/etc + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/drycc/clickhouse/logs + subPath: app-logs-dir + - name: empty-dir + mountPath: /opt/drycc/clickhouse/tmp + subPath: app-tmp-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: scripts + mountPath: /scripts/setup.sh + subPath: setup.sh - name: data mountPath: /drycc/clickhouse - name: config @@ -268,10 +343,18 @@ spec: - name: extra-config mountPath: /drycc/clickhouse/etc/conf.d/extra-configmap {{- end }} + {{- if or $.Values.usersExtraOverridesConfigmap $.Values.usersExtraOverrides }} + - name: users-extra-config + mountPath: /drycc/clickhouse/etc/users.d/users-extra-configmap + {{- end }} {{- if $.Values.extraOverridesSecret }} - name: extra-secret mountPath: /drycc/clickhouse/etc/conf.d/extra-secret {{- end }} + {{- if $.Values.usersExtraOverridesSecret }} + - name: users-extra-secret + mountPath: /drycc/clickhouse/etc/users.d/users-extra-secret + {{- end }} {{- if $.Values.tls.enabled }} - name: clickhouse-certificates mountPath: /drycc/clickhouse/certs @@ -291,6 +374,12 @@ spec: {{- include "common.tplvalues.render" ( dict "value" $.Values.sidecars "context" $) | nindent 8 }} {{- end }} volumes: + - name: scripts + configMap: + name: {{ printf "%s-scripts" (include "common.names.fullname" $) }} + defaultMode: 0755 + - name: empty-dir + emptyDir: {} - name: config configMap: name: {{ template "clickhouse.configmapName" $ }} @@ -309,14 +398,28 @@ spec: configMap: name: {{ template "clickhouse.extraConfigmapName" $ }} {{- end }} + {{- if or $.Values.usersExtraOverridesConfigmap $.Values.usersExtraOverrides }} + - name: users-extra-config + configMap: + name: {{ template "clickhouse.usersExtraConfigmapName" $ }} + {{- end }} {{- if $.Values.extraOverridesSecret }} - name: extra-secret secret: secretName: {{ $.Values.extraOverridesSecret }} {{- end }} + {{- if $.Values.usersExtraOverridesSecret }} + - name: users-extra-secret + secret: + secretName: {{ $.Values.usersExtraOverridesSecret }} + {{- end }} {{- if not $.Values.persistence.enabled }} - name: data emptyDir: {} + {{- else if $.Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ tpl $.Values.persistence.existingClaim $ }} {{- end }} {{- if $.Values.tls.enabled }} - name: raw-certificates @@ -328,20 +431,18 @@ spec: {{- if $.Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" $.Values.extraVolumes "context" $) | nindent 8 }} {{- end }} - {{- if $.Values.persistence.enabled }} + {{- if or $.Values.extraVolumeClaimTemplates (and $.Values.persistence.enabled (not $.Values.persistence.existingClaim)) }} volumeClaimTemplates: + {{- if and $.Values.persistence.enabled (not $.Values.persistence.existingClaim) }} - metadata: name: data - annotations: - {{- if $.Values.persistence.annotations }} - {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" $.Values.commonAnnotations "context" $) | nindent 10 }} - {{- end }} - {{- if $.Values.commonLabels }} - labels: {{- include "common.tplvalues.render" (dict "value" $.Values.commonLabels "context" $) | nindent 10 }} + {{- if or $.Values.persistence.annotations $.Values.commonAnnotations }} + {{- $claimAnnotations := include "common.tplvalues.merge" ( dict "values" ( list $.Values.persistence.annotations $.Values.commonLabels ) "context" $ ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $ ) | nindent 10 }} {{- end }} + {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.persistence.labels $.Values.commonLabels ) "context" $ ) }} + labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} + app.kubernetes.io/component: clickhouse spec: accessModes: {{- range $.Values.persistence.accessModes }} @@ -357,6 +458,10 @@ spec: dataSource: {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.dataSource "context" $) | nindent 10 }} {{- end }} {{- include "common.storage.class" (dict "persistence" $.Values.persistence "global" $.Values.global) | nindent 8 }} + {{- end }} + {{- if $.Values.extraVolumeClaimTemplates }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.extraVolumeClaimTemplates "context" $) | nindent 4 }} + {{- end }} {{- end }} --- {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml index 2e443900..a85a09ad 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml @@ -1,26 +1,29 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if (include "clickhouse.createTlsSecret" . ) }} +{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} {{- $ca := genCA "clickhouse-ca" 365 }} {{- $fullname := include "common.names.fullname" . }} {{- $releaseNamespace := .Release.Namespace }} {{- $clusterDomain := .Values.clusterDomain }} {{- $primaryHeadlessServiceName := printf "%s-headless" (include "common.names.fullname" .)}} {{- $altNames := list (printf "*.%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-crt" (include "common.names.fullname" .) }} + name: {{ $secretName }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: kubernetes.io/tls data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml index b1764c87..a73682b5 100644 --- a/addons/clickhouse/24/chart/clickhouse/values.yaml +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -1,3 +1,6 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + ## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value @@ -16,7 +19,15 @@ global: ## imagePullSecrets: [] storageClass: "" - + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto ## @section Common parameters ## @@ -44,7 +55,6 @@ clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - ## Enable diagnostic mode in the deployment ## diagnosticMode: @@ -59,15 +69,14 @@ diagnosticMode: ## args: - infinity - ## @section ClickHouse Parameters ## -## Drycc ClickHouse image +## drycc ClickHouse image ## ref: https://hub.docker.com/r/drycc/clickhouse/tags/ -## @param image.registry ClickHouse image registry -## @param image.repository ClickHouse image repository -## @param image.tag ClickHouse image tag (immutable tags are recommended) +## @param image.registry [default: REGISTRY_NAME] ClickHouse image registry +## @param image.repository [default: REPOSITORY_NAME/clickhouse] ClickHouse image repository +## @skip image.tag ClickHouse image tag (immutable tags are recommended) ## @param image.digest ClickHouse image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param image.pullPolicy ClickHouse image pull policy ## @param image.pullSecrets ClickHouse image pull secrets @@ -80,7 +89,7 @@ image: digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -97,13 +106,20 @@ image: ## @param shards Number of ClickHouse shards to deploy ## shards: 2 - ## @param replicaCount Number of ClickHouse replicas per shard to deploy +## if keeper enable, same as keeper count, keeper cluster by shards. +## +replicaCount: 3 +## @param distributeReplicasByZone Schedules replicas of the same shard to different availability zones ## -replicaCount: 2 +distributeReplicasByZone: false ## @param containerPorts.http ClickHouse HTTP container port +## @param containerPorts.https ClickHouse HTTPS container port ## @param containerPorts.tcp ClickHouse TCP container port -## @param containerPorts.tcpSecure ClickHouse TCP container port +## @param containerPorts.tcpSecure ClickHouse TCP (secure) container port +## @param containerPorts.keeper ClickHouse keeper TCP container port +## @param containerPorts.keeperSecure ClickHouse keeper TCP (secure) container port +## @param containerPorts.keeperInter ClickHouse keeper interserver TCP container port ## @param containerPorts.mysql ClickHouse MySQL container port ## @param containerPorts.postgresql ClickHouse PostgreSQL container port ## @param containerPorts.interserver ClickHouse Interserver container port @@ -111,8 +127,12 @@ replicaCount: 2 ## containerPorts: http: 8123 + https: 8443 tcp: 9000 tcpSecure: 9440 + keeper: 2181 + keeperSecure: 3181 + keeperInter: 9444 mysql: 9004 postgresql: 9005 interserver: 9009 @@ -171,40 +191,63 @@ customReadinessProbe: {} ## customStartupProbe: {} ## ClickHouse resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## @param resources.limits The resources limits for the ClickHouse containers -## @param resources.requests The requested resources for the ClickHouse containers +## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/drycc/charts/blob/main/drycc/common/templates/_resources.tpl#L15 ## -resources: - limits: {} - requests: {} +resourcesPreset: "small" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enabled ClickHouse pods' Security Context +## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups ## @param podSecurityContext.fsGroup Set ClickHouse pod's Security Context fsGroup -## @param podSecurityContext.seccompProfile.type Set ClickHouse container's Security Context seccomp profile +## If you are using Kubernetes 1.18, the following code needs to be commented out. ## podSecurityContext: enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] fsGroup: 1001 - seccompProfile: - type: "RuntimeDefault" ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled ClickHouse containers' Security Context -## @param containerSecurityContext.runAsUser Set ClickHouse containers' Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot Set ClickHouse containers' Security Context runAsNonRoot -## @param containerSecurityContext.allowPrivilegeEscalation Set ClickHouse container's privilege escalation -## @param containerSecurityContext.capabilities.drop Set ClickHouse container's Security Context runAsNonRoot +## @param containerSecurityContext.enabled Enable containers' Security Context +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container +## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup +## @param containerSecurityContext.runAsNonRoot Set containers' Security Context runAsNonRoot +## @param containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's +## @param containerSecurityContext.privileged Set contraller container's Security Context privileged +## @param containerSecurityContext.allowPrivilegeEscalation Set contraller container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.capabilities.drop List of capabilities to be droppedn +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true + seLinuxOptions: {} runAsUser: 1001 + runAsGroup: 1001 runAsNonRoot: true + privileged: false allowPrivilegeEscalation: false + readOnlyRootFilesystem: true capabilities: drop: ["ALL"] - + seccompProfile: + type: "RuntimeDefault" ## Authentication ## @param auth.username ClickHouse Admin username ## @param auth.password ClickHouse Admin password @@ -212,15 +255,18 @@ containerSecurityContext: ## @param auth.existingSecretKey Name of the key inside the existing secret ## auth: - username: administrator + username: default password: "" existingSecret: "" existingSecretKey: "" - ## @param logLevel Logging level ## logLevel: information - +## @section ClickHouse keeper configuration parameters +## @param keeper.enabled Deploy ClickHouse keeper. Support is experimental. +## +keeper: + enabled: true ## @param defaultConfigurationOverrides [string] Default configuration overrides (evaluated as a template) ## defaultConfigurationOverrides: | @@ -247,6 +293,8 @@ defaultConfigurationOverrides: | {{ printf "%s-shard%d-%d.%s.%s.svc.%s" (include "common.names.fullname" $ ) $shard $i (include "clickhouse.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} {{ $.Values.service.ports.tcp }} + + {{- end }} @@ -254,15 +302,53 @@ defaultConfigurationOverrides: | {{- end }} - {{- if or .Values.zookeeper.enabled .Values.externalZookeeper.servers }} + {{- if .Values.keeper.enabled }} + + + {{/*ClickHouse keeper configuration using the helm chart */}} + {{ $.Values.containerPorts.keeper }} + {{- if .Values.tls.enabled }} + {{ $.Values.containerPorts.keeperSecure }} + {{- end }} + + /drycc/clickhouse/keeper/coordination/log + /drycc/clickhouse/keeper/coordination/snapshots + + + 10000 + 30000 + trace + + + + {{- $nodes := .Values.replicaCount | int }} + {{- range $node, $e := until $nodes }} + + {{ $node | int }} + + {{ $.Values.service.ports.keeperInter }} + + {{- end }} + + + {{- end }} + {{- if or .Values.keeper.enabled .Values.zookeeper.enabled .Values.externalZookeeper.servers }} - {{- if .Values.zookeeper.enabled }} + {{- if or .Values.keeper.enabled }} + {{- $nodes := .Values.replicaCount | int }} + {{- range $node, $e := until $nodes }} + + + {{ $.Values.service.ports.keeper }} + + {{- end }} + {{- else if .Values.zookeeper.enabled }} {{/* Zookeeper configuration using the helm chart */}} {{- $nodes := .Values.zookeeper.replicaCount | int }} {{- range $node, $e := until $nodes }} - {{ printf "%s-%d.%s.%s.svc.%s" (include "clickhouse.zookeeper.fullname" $ ) $node (include "clickhouse.zookeeper.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} + {{ $.Values.zookeeper.service.ports.client }} {{- end }} @@ -280,6 +366,7 @@ defaultConfigurationOverrides: | {{- if .Values.tls.enabled }} + {{- $certFileName := default "tls.crt" .Values.tls.certFilename }} @@ -291,7 +378,7 @@ defaultConfigurationOverrides: | sslv2,sslv3 true {{- if or .Values.tls.autoGenerated .Values.tls.certCAFilename }} - {{- $caFileName := default "ca.crt" .Values.tls.certFilename }} + {{- $caFileName := default "ca.crt" .Values.tls.certCAFilename }} /drycc/clickhouse/certs/{{$caFileName}} {{- else }} true @@ -320,23 +407,27 @@ defaultConfigurationOverrides: | {{- end }} - ## @param existingOverridesConfigmap The name of an existing ConfigMap with your custom configuration for ClickHouse ## existingOverridesConfigmap: "" - ## @param extraOverrides Extra configuration overrides (evaluated as a template) apart from the default ## extraOverrides: "" - ## @param extraOverridesConfigmap The name of an existing ConfigMap with extra configuration for ClickHouse ## extraOverridesConfigmap: "" - ## @param extraOverridesSecret The name of an existing ConfigMap with your custom configuration for ClickHouse ## extraOverridesSecret: "" - +## @param usersExtraOverrides Users extra configuration overrides (evaluated as a template) apart from the default +## +usersExtraOverrides: "" +## @param usersExtraOverridesConfigmap The name of an existing ConfigMap with users extra configuration for ClickHouse +## +usersExtraOverridesConfigmap: "" +## @param usersExtraOverridesSecret The name of an existing ConfigMap with your custom users configuration for ClickHouse +## +usersExtraOverridesSecret: "" ## @param initdbScripts Dictionary of initdb scripts ## Specify dictionary of scripts to be run at first boot ## Example: @@ -349,7 +440,6 @@ initdbScripts: {} ## @param initdbScriptsSecret ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) ## initdbScriptsSecret: "" - ## @param startdbScripts Dictionary of startdb scripts ## Specify dictionary of scripts to be run on every start ## Example: @@ -362,13 +452,16 @@ startdbScripts: {} ## @param startdbScriptsSecret ConfigMap with the startdb scripts (Note: Overrides `startdbScripts`) ## startdbScriptsSecret: "" - ## @param command Override default container command (useful when using custom images) ## -command: [] +command: + - /scripts/setup.sh ## @param args Override default container args (useful when using custom images) ## args: [] +## @param automountServiceAccountToken Mount Service Account token in pod +## +automountServiceAccountToken: false ## @param hostAliases ClickHouse pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## @@ -412,7 +505,7 @@ nodeAffinityPreset: ## affinity: {} ## @param nodeSelector Node labels for ClickHouse pods assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param tolerations Tolerations for ClickHouse pods assignment @@ -427,12 +520,10 @@ updateStrategy: ## Can be set to RollingUpdate or OnDelete ## type: RollingUpdate - ## @param podManagementPolicy Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies ## podManagementPolicy: Parallel - ## @param priorityClassName ClickHouse pods' priorityClassName ## priorityClassName: "" @@ -470,6 +561,9 @@ extraVolumes: [] ## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the ClickHouse container(s) ## extraVolumeMounts: [] +## @param extraVolumeClaimTemplates Optionally specify extra list of additional volumeClaimTemplates for the ClickHouse container(s) +## +extraVolumeClaimTemplates: [] ## @param sidecars Add additional sidecar containers to the ClickHouse pod(s) ## e.g: ## sidecars: @@ -491,7 +585,16 @@ sidecars: [] ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - +## Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb +## @param pdb.create Enable/disable a Pod Disruption Budget creation +## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled +## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty. +## +pdb: + create: true + minAvailable: "" + maxUnavailable: "" ## TLS configuration ## tls: @@ -515,7 +618,6 @@ tls: ## ref: https://www.postgresql.org/docs/9.6/auth-methods.html ## certCAFilename: "" - ## @section Traffic Exposure Parameters ## @@ -526,8 +628,12 @@ service: ## type: ClusterIP ## @param service.ports.http ClickHouse service HTTP port + ## @param service.ports.https ClickHouse service HTTPS port ## @param service.ports.tcp ClickHouse service TCP port ## @param service.ports.tcpSecure ClickHouse service TCP (secure) port + ## @param service.ports.keeper ClickHouse keeper TCP container port + ## @param service.ports.keeperSecure ClickHouse keeper TCP (secure) container port + ## @param service.ports.keeperInter ClickHouse keeper interserver TCP container port ## @param service.ports.mysql ClickHouse service MySQL port ## @param service.ports.postgresql ClickHouse service PostgreSQL port ## @param service.ports.interserver ClickHouse service Interserver port @@ -535,16 +641,24 @@ service: ## ports: http: 8123 + https: 443 tcp: 9000 tcpSecure: 9440 + keeper: 2181 + keeperSecure: 3181 + keeperInter: 9444 mysql: 9004 postgresql: 9005 interserver: 9009 metrics: 8001 ## Node ports to expose ## @param service.nodePorts.http Node port for HTTP + ## @param service.nodePorts.https Node port for HTTPS ## @param service.nodePorts.tcp Node port for TCP ## @param service.nodePorts.tcpSecure Node port for TCP (with TLS) + ## @param service.nodePorts.keeper ClickHouse keeper TCP container port + ## @param service.nodePorts.keeperSecure ClickHouse keeper TCP (secure) container port + ## @param service.nodePorts.keeperInter ClickHouse keeper interserver TCP container port ## @param service.nodePorts.mysql Node port for MySQL ## @param service.nodePorts.postgresql Node port for PostgreSQL ## @param service.nodePorts.interserver Node port for Interserver @@ -553,8 +667,12 @@ service: ## nodePorts: http: "" + https: "" tcp: "" tcpSecure: "" + keeper: "" + keeperSecure: "" + keeperInter: "" mysql: "" postgresql: "" interserver: "" @@ -587,7 +705,7 @@ service: extraPorts: [] ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/user-guide/services/ + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ ## sessionAffinity: None ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity @@ -596,7 +714,12 @@ service: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} - + ## Headless service properties + ## + headless: + ## @param service.headless.annotations Annotations for the headless service. + ## + annotations: {} ## External Access to ClickHouse configuration ## externalAccess: @@ -611,8 +734,12 @@ externalAccess: ## type: LoadBalancer ## @param externalAccess.service.ports.http ClickHouse service HTTP port + ## @param externalAccess.service.ports.https ClickHouse service HTTPS port ## @param externalAccess.service.ports.tcp ClickHouse service TCP port ## @param externalAccess.service.ports.tcpSecure ClickHouse service TCP (secure) port + ## @param externalAccess.service.ports.keeper ClickHouse keeper TCP container port + ## @param externalAccess.service.ports.keeperSecure ClickHouse keeper TCP (secure) container port + ## @param externalAccess.service.ports.keeperInter ClickHouse keeper interserver TCP container port ## @param externalAccess.service.ports.mysql ClickHouse service MySQL port ## @param externalAccess.service.ports.postgresql ClickHouse service PostgreSQL port ## @param externalAccess.service.ports.interserver ClickHouse service Interserver port @@ -620,8 +747,12 @@ externalAccess: ## ports: http: 80 + https: 443 tcp: 9000 tcpSecure: 9440 + keeper: 2181 + keeperSecure: 3181 + keeperInter: 9444 mysql: 9004 postgresql: 9005 interserver: 9009 @@ -633,7 +764,7 @@ externalAccess: ## - Y.Y.Y.Y ## loadBalancerIPs: [] - ## @param externalAccess.service.loadBalancerAnnotations Array of load balancer annotations for each ClickHouse . Length must be the same as replicaCount + ## @param externalAccess.service.loadBalancerAnnotations Array of load balancer annotations for each ClickHouse . Length must be the same as shards multiplied by replicaCount ## e.g: ## loadBalancerAnnotations: ## - external-dns.alpha.kubernetes.io/hostname: 1.external.example.com. @@ -648,8 +779,12 @@ externalAccess: ## loadBalancerSourceRanges: [] ## @param externalAccess.service.nodePorts.http Node port for HTTP + ## @param externalAccess.service.nodePorts.https Node port for HTTPS ## @param externalAccess.service.nodePorts.tcp Node port for TCP ## @param externalAccess.service.nodePorts.tcpSecure Node port for TCP (with TLS) + ## @param externalAccess.service.nodePorts.keeper ClickHouse keeper TCP container port + ## @param externalAccess.service.nodePorts.keeperSecure ClickHouse keeper TCP container port (with TLS) + ## @param externalAccess.service.nodePorts.keeperInter ClickHouse keeper interserver TCP container port ## @param externalAccess.service.nodePorts.mysql Node port for MySQL ## @param externalAccess.service.nodePorts.postgresql Node port for PostgreSQL ## @param externalAccess.service.nodePorts.interserver Node port for Interserver @@ -663,8 +798,12 @@ externalAccess: ## nodePorts: http: [] + https: [] tcp: [] tcpSecure: [] + keeper: [] + keeperSecure: [] + keeperInter: [] mysql: [] postgresql: [] interserver: [] @@ -678,9 +817,8 @@ externalAccess: ## @param externalAccess.service.extraPorts Extra ports to expose in the ClickHouse external service ## extraPorts: [] - ## ClickHouse ingress parameters -## ref: http://kubernetes.io/docs/user-guide/ingress/ +## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: ## @param ingress.enabled Enable ingress record generation for ClickHouse @@ -783,17 +921,19 @@ ingress: ## name: http ## extraRules: [] - ## @section Persistence Parameters ## ## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## persistence: ## @param persistence.enabled Enable persistence using Persistent Volume Claims ## enabled: true + ## @param persistence.existingClaim Name of an existing PVC to use + ## + existingClaim: "" ## @param persistence.storageClass Storage class of backing PVC ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning @@ -802,6 +942,9 @@ persistence: ## GKE, AWS & OpenStack) ## storageClass: "" + ## @param persistence.labels Persistent Volume Claim labels + ## + labels: {} ## @param persistence.annotations Persistent Volume Claim annotations ## annotations: {} @@ -812,7 +955,7 @@ persistence: ## @param persistence.size Size of data volume ## size: 8Gi - ## @param persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC + ## @param persistence.selector Selector to match an existing Persistent Volume for ClickHouse data PVC ## If set, the PVC can't have a PV dynamically provisioned for it ## E.g. ## selector: @@ -826,6 +969,16 @@ persistence: ## @section Init Container Parameters ## +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete + ## 'volumePermissions' init container parameters ## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values ## based on the *podSecurityContext/*containerSecurityContext parameters @@ -834,18 +987,18 @@ volumePermissions: ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` ## enabled: false - ## Drycc Shell image - ## ref: https://hub.docker.com/r/drycc/drycc-shell/tags/ - ## @param volumePermissions.image.registry Drycc Shell image registry - ## @param volumePermissions.image.repository Drycc Shell image repository - ## @param volumePermissions.image.tag Drycc Shell image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Drycc Shell image pull policy - ## @param volumePermissions.image.pullSecrets Drycc Shell image pull secrets + ## OS Shell + Utility image + ## ref: https://hub.docker.com/r/drycc/os-shell/tags/ + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository + ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) + ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy + ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets ## image: registry: docker.io - repository: drycc/drycc-shell - tag: 11-debian-11-r37 + repository: drycc/os-shell + tag: 12-debian-12-r22 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -856,23 +1009,33 @@ volumePermissions: ## pullSecrets: [] ## Init container's resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param volumePermissions.resources.limits The resources limits for the init container - ## @param volumePermissions.resources.requests The requested resources for the init container + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/drycc/charts/blob/main/drycc/common/templates/_resources.tpl#L15 ## - resources: - limits: {} - requests: {} + resourcesPreset: "nano" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Init container Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) ## containerSecurityContext: + seLinuxOptions: {} runAsUser: 0 - ## @section Other Parameters ## @@ -891,8 +1054,7 @@ serviceAccount: annotations: {} ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account ## - automountServiceAccountToken: true - + automountServiceAccountToken: false ## Prometheus metrics ## metrics: @@ -944,12 +1106,32 @@ metrics: ## relabelings: [] ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/drycc/charts/tree/master/drycc/prometheus-operator#prometheus-configuration + ## ref: https://github.com/drycc/charts/tree/main/drycc/prometheus-operator#prometheus-configuration ## selector: ## prometheus: my-prometheus ## selector: {} - + ## Prometheus Operator PrometheusRule configuration + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Create a PrometheusRule for Prometheus Operator + ## + enabled: false + ## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.prometheusRule.rules PrometheusRule definitions + ## - alert: ClickhouseServerRestart + ## annotations: + ## message: Clickhouse-server started recently + ## expr: ClickHouseAsyncMetrics_Uptime > 1 < 180 + ## for: 5m + ## labels: + ## severity: warning + rules: [] ## @section External Zookeeper paramaters ## externalZookeeper: @@ -958,7 +1140,6 @@ externalZookeeper: ## servers: [] port: 2888 - ## @section Zookeeper subchart parameters ## ## @param zookeeper.enabled Deploy Zookeeper subchart @@ -966,8 +1147,93 @@ externalZookeeper: ## @param zookeeper.service.ports.client Zookeeper client port ## zookeeper: - enabled: true - replicaCount: 2 + enabled: false + ## Override zookeeper default image as 3.9 is not supported https://github.com/ClickHouse/ClickHouse/issues/53749 + ## ref: https://github.com/drycc/containers/tree/main/drycc/zookeeper + ## @param zookeeper.image.registry [default: REGISTRY_NAME] Zookeeper image registry + ## @param zookeeper.image.repository [default: REPOSITORY_NAME/zookeeper] Zookeeper image repository + ## @skip zookeeper.image.tag Zookeeper image tag (immutable tags are recommended) + ## @param zookeeper.image.pullPolicy Zookeeper image pull policy + image: + registry: docker.io + repository: drycc/zookeeper + tag: 3.8.4-debian-12-r7 + pullPolicy: IfNotPresent + replicaCount: 3 service: ports: client: 2181 + ## ZooKeeper resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param zookeeper.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). + ## More information: https://github.com/drycc/charts/blob/main/drycc/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "micro" + ## @param zookeeper.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} +## @section Network Policies +## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports Clickhouse is listening + ## on. When true, Clickhouse will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + allowCurrentNamespace: true + allowNamespaces: \ No newline at end of file diff --git a/addons/clickhouse/24/meta.yaml b/addons/clickhouse/24/meta.yaml index fccf62bb..708a52ba 100644 --- a/addons/clickhouse/24/meta.yaml +++ b/addons/clickhouse/24/meta.yaml @@ -1,5 +1,5 @@ name: clickhouse -version: 23 +version: 24 id: 5606a4c8-d0b6-4ad0-98d2-3e4fde3055f6 description: "clickhouse" displayName: "clickhouse" diff --git a/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml b/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml index 2f2ffbf1..33dab895 100644 --- a/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml +++ b/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml @@ -17,7 +17,7 @@ credential: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.admin-password }' - name: USERNAME - value: 'administrator' + value: '{{ .Values.auth.username }}' - name: TCP_PORT value: 9000 - name: HTTP_PORT diff --git a/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml b/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml index a66a7cd7..e11ae81d 100644 --- a/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml +++ b/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml @@ -17,7 +17,7 @@ credential: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.admin-password }' - name: USERNAME - value: 'administrator' + value: '{{ .Values.auth.username }}' - name: TCP_PORT value: 9000 - name: HTTP_PORT From 4ccc78ac3734a5b149960c50802b29f2ff8124bb Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 1 Jul 2024 09:44:07 +0800 Subject: [PATCH 103/176] chore(clickhouse): change to use shard0 keeper cluster --- .../clickhouse/24/chart/clickhouse/README.md | 5 +++- .../clickhouse/templates/statefulset.yaml | 2 ++ .../24/chart/clickhouse/values.yaml | 6 ++--- addons/clickhouse/24/meta.yaml | 6 +++++ .../24/plans/standard-16c64g1000/bind.yaml | 24 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++++ .../24/plans/standard-16c64g1000/meta.yaml | 6 +++++ .../24/plans/standard-16c64g1000/values.yaml | 23 ++++++++++++++++++ .../24/plans/standard-2c4g20/bind.yaml | 2 -- .../24/plans/standard-4c16g100/bind.yaml | 4 +--- .../24/plans/standard-4c16g100/meta.yaml | 2 +- .../24/plans/standard-8c32g500/bind.yaml | 24 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++++ .../24/plans/standard-8c32g500/meta.yaml | 6 +++++ .../24/plans/standard-8c32g500/values.yaml | 23 ++++++++++++++++++ 15 files changed, 147 insertions(+), 10 deletions(-) create mode 100644 addons/clickhouse/24/plans/standard-16c64g1000/bind.yaml create mode 100644 addons/clickhouse/24/plans/standard-16c64g1000/create-instance-schema.json create mode 100644 addons/clickhouse/24/plans/standard-16c64g1000/meta.yaml create mode 100644 addons/clickhouse/24/plans/standard-16c64g1000/values.yaml create mode 100644 addons/clickhouse/24/plans/standard-8c32g500/bind.yaml create mode 100644 addons/clickhouse/24/plans/standard-8c32g500/create-instance-schema.json create mode 100644 addons/clickhouse/24/plans/standard-8c32g500/meta.yaml create mode 100644 addons/clickhouse/24/plans/standard-8c32g500/values.yaml diff --git a/addons/clickhouse/24/chart/clickhouse/README.md b/addons/clickhouse/24/chart/clickhouse/README.md index caba5167..95466d70 100644 --- a/addons/clickhouse/24/chart/clickhouse/README.md +++ b/addons/clickhouse/24/chart/clickhouse/README.md @@ -475,4 +475,7 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file +limitations under the License. + + +https://github.com/ClickHouse/ClickHouse/pull/62366/ \ No newline at end of file diff --git a/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml b/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml index a9ae7440..2e1071c5 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml @@ -238,6 +238,8 @@ spec: {{- range $j, $r := until $replicas }} - name: {{ printf "KEEPER_NODE_%d" $j }} value: {{ printf "%s-shard%d-%d.%s.%s.svc.%s" (include "common.names.fullname" $ ) $i $j (include "clickhouse.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} + - name: {{ printf "ZOOKEEPER_NODE_%d" $j }} + value: {{ printf "%s-shard%d-%d.%s.%s.svc.%s" (include "common.names.fullname" $ ) 0 $j (include "clickhouse.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} {{- end }} {{- else if $.Values.zookeeper.enabled }} {{- $replicas := $.Values.zookeeper.replicaCount | int }} diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml index a73682b5..4bae1fe9 100644 --- a/addons/clickhouse/24/chart/clickhouse/values.yaml +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -284,7 +284,7 @@ defaultConfigurationOverrides: | {{- if or (ne (int .Values.shards) 1) (ne (int .Values.replicaCount) 1)}} - + {{- $shards := $.Values.shards | int }} {{- range $shard, $e := until $shards }} @@ -299,7 +299,7 @@ defaultConfigurationOverrides: | {{- end }} {{- end }} - + {{- end }} {{- if .Values.keeper.enabled }} @@ -339,7 +339,7 @@ defaultConfigurationOverrides: | {{- $nodes := .Values.replicaCount | int }} {{- range $node, $e := until $nodes }} - + {{ $.Values.service.ports.keeper }} {{- end }} diff --git a/addons/clickhouse/24/meta.yaml b/addons/clickhouse/24/meta.yaml index 708a52ba..5dacdb78 100644 --- a/addons/clickhouse/24/meta.yaml +++ b/addons/clickhouse/24/meta.yaml @@ -21,4 +21,10 @@ allow_parameters: - name: "service.type" required: false description: "service type config for values.yaml" +- name: "shards" + required: false + description: "service type config for values.yaml" +- name: "replicaCount" + required: false + description: "service type config for values.yaml" archive: false diff --git a/addons/clickhouse/24/plans/standard-16c64g1000/bind.yaml b/addons/clickhouse/24/plans/standard-16c64g1000/bind.yaml new file mode 100644 index 00000000..8cddaa51 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-16c64g1000/bind.yaml @@ -0,0 +1,24 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: {{ printf "EXTRANET_HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: {{ printf "HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + value: '{{ .Values.auth.username }}' + - name: TCP_PORT + value: 9000 + - name: HTTP_PORT + value: 8123 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-16c64g1000/create-instance-schema.json b/addons/clickhouse/24/plans/standard-16c64g1000/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-16c64g1000/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-16c64g1000/meta.yaml b/addons/clickhouse/24/plans/standard-16c64g1000/meta.yaml new file mode 100644 index 00000000..7873429a --- /dev/null +++ b/addons/clickhouse/24/plans/standard-16c64g1000/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-16c64g1000" +id: 6447a8c0-ab6c-4afd-8d1b-fe3be3ecfa3f +description: "clickhouse standard-16c64g1000 plan: Disk 1000Gi ,vCPUs 16 , RAM 64G " +displayName: "standard-16c64g1000" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml b/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml new file mode 100644 index 00000000..60735b83 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-clickhouse-cluster-standard-16c64g1000 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 16000m + memory: 64Gi + requests: + cpu: 16000m + memory: 64Gi + +persistence: + size: 1000Gi \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml b/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml index 33dab895..090f1bb1 100644 --- a/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml +++ b/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml @@ -22,5 +22,3 @@ credential: value: 9000 - name: HTTP_PORT value: 8123 - - name: MYSQL_PORT - value: 9004 diff --git a/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml b/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml index e11ae81d..8cddaa51 100644 --- a/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml +++ b/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml @@ -21,6 +21,4 @@ credential: - name: TCP_PORT value: 9000 - name: HTTP_PORT - value: 8123 - - name: MYSQL_PORT - value: 9004 \ No newline at end of file + value: 8123 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-4c16g100/meta.yaml b/addons/clickhouse/24/plans/standard-4c16g100/meta.yaml index ed5ad077..2cd181eb 100644 --- a/addons/clickhouse/24/plans/standard-4c16g100/meta.yaml +++ b/addons/clickhouse/24/plans/standard-4c16g100/meta.yaml @@ -1,6 +1,6 @@ name: "standard-4c16g100" id: e30e5296-ce38-48cb-981c-9bb1c2e43833 -description: "clickhouse standard-4c16g100 plan: Disk 100Gi ,vCPUs c , RAM 16G " +description: "clickhouse standard-4c16g100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G " displayName: "standard-4c16g100" bindable: true maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-8c32g500/bind.yaml b/addons/clickhouse/24/plans/standard-8c32g500/bind.yaml new file mode 100644 index 00000000..8cddaa51 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-8c32g500/bind.yaml @@ -0,0 +1,24 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: {{ printf "EXTRANET_HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: {{ printf "HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + value: '{{ .Values.auth.username }}' + - name: TCP_PORT + value: 9000 + - name: HTTP_PORT + value: 8123 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-8c32g500/create-instance-schema.json b/addons/clickhouse/24/plans/standard-8c32g500/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-8c32g500/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-8c32g500/meta.yaml b/addons/clickhouse/24/plans/standard-8c32g500/meta.yaml new file mode 100644 index 00000000..7f0eef62 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-8c32g500/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c32g500" +id: 1bca5bdf-0bdc-406b-b3d0-865bdec9184c +description: "clickhouse standard-8c32g500 plan: Disk 500Gi ,vCPUs 8 , RAM 32G " +displayName: "standard-8c32g500" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-8c32g500/values.yaml b/addons/clickhouse/24/plans/standard-8c32g500/values.yaml new file mode 100644 index 00000000..3d1c8a1e --- /dev/null +++ b/addons/clickhouse/24/plans/standard-8c32g500/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-clickhouse-cluster-standard-8c32g500 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 8000m + memory: 32Gi + requests: + cpu: 8000m + memory: 32Gi + +persistence: + size: 500Gi \ No newline at end of file From 258b2a48f23faad2a601a7063cc8941c5e6ff9b8 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 4 Jul 2024 15:09:12 +0800 Subject: [PATCH 104/176] chore(fluentbit): add java_multiline --- .../fluentbit/2/chart/fluentbit/values.yaml | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/addons/fluentbit/2/chart/fluentbit/values.yaml b/addons/fluentbit/2/chart/fluentbit/values.yaml index c19117a5..8779aa78 100644 --- a/addons/fluentbit/2/chart/fluentbit/values.yaml +++ b/addons/fluentbit/2/chart/fluentbit/values.yaml @@ -195,12 +195,13 @@ daemonset: call append_tag code function append_tag(tag, timestamp, record) new_record = record local namespace, pod_name, container_name, container_id = string.match(tag, "kubernetes%.([^%.]+)%.([^%.]+)%.([^%.]+)%.(.+)") if namespace and pod_name and container_name and container_id then new_record["pod_name"] = pod_name new_record["namespace"] = namespace new_record["container_name"] = container_name new_record["container_id"] = container_id end return 1, timestamp, new_record end - # [FILTER] - # name multiline - # match kubernetes.* - # multiline.parser python_multiline,java_multiline,go_multiline - # multiline.key_content log - # buffer on + [FILTER] + name multiline + match kubernetes.* + multiline.parser python_multiline,java_multiline,go_multiline + multiline.key_content log + buffer on + ## https://docs.fluentbit.io/manual/pipeline/outputs outputs: | [OUTPUT] @@ -241,10 +242,11 @@ daemonset: Type regex Flush_Timeout 1000 key_content log - Rule "start_state" "/^Exception in thread /" "cont" - Rule "start_state" "/^java\./" "cont" - Rule "cont" "/^\s+at /" "cont" - Rule "cont" "/^Caused by: /" "cont" + Rule "start_state" "/^\d{4}-\d{2}-\d{2}/" "cont" + Rule "cont" "/^\s+at /" "cont" + Rule "cont" "/^[a-z]/" "cont" + Rule "cont" "/^[A-Z]/" "cont" + Rule "cont" "/^\s+/" "cont" [MULTILINE_PARSER] Name go_multiline From 0684b66c3f9387413913a6e4233fd9acfc823ecc Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 8 Jul 2024 08:50:54 +0800 Subject: [PATCH 105/176] chore(fluentbit): optimize java_multiline --- addons/fluentbit/2/chart/fluentbit/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/fluentbit/2/chart/fluentbit/values.yaml b/addons/fluentbit/2/chart/fluentbit/values.yaml index 8779aa78..ae35e42b 100644 --- a/addons/fluentbit/2/chart/fluentbit/values.yaml +++ b/addons/fluentbit/2/chart/fluentbit/values.yaml @@ -245,7 +245,7 @@ daemonset: Rule "start_state" "/^\d{4}-\d{2}-\d{2}/" "cont" Rule "cont" "/^\s+at /" "cont" Rule "cont" "/^[a-z]/" "cont" - Rule "cont" "/^[A-Z]/" "cont" + Rule "cont" "/^Caused by:/" "cont" Rule "cont" "/^\s+/" "cont" [MULTILINE_PARSER] From 4e64db6c8a76ba9074df0edf3e68ac98204ae4c5 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 10 Jul 2024 09:03:45 +0800 Subject: [PATCH 106/176] chore(fluentbit): add plans --- addons/fluentbit/2/plans/standard-1000m/values.yaml | 2 +- addons/fluentbit/2/plans/standard-200m/values.yaml | 2 +- addons/fluentbit/2/plans/standard-500m/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/addons/fluentbit/2/plans/standard-1000m/values.yaml b/addons/fluentbit/2/plans/standard-1000m/values.yaml index a1d9a39f..24d90b7d 100644 --- a/addons/fluentbit/2/plans/standard-1000m/values.yaml +++ b/addons/fluentbit/2/plans/standard-1000m/values.yaml @@ -1,6 +1,6 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: hb-fluentbit-standard-5 +fullnameOverride: hb-fluentbit-standard-1000m ## Fluentbit® containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ diff --git a/addons/fluentbit/2/plans/standard-200m/values.yaml b/addons/fluentbit/2/plans/standard-200m/values.yaml index 75711b02..88f7e0bb 100644 --- a/addons/fluentbit/2/plans/standard-200m/values.yaml +++ b/addons/fluentbit/2/plans/standard-200m/values.yaml @@ -1,6 +1,6 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: hb-fluentbit-standard-5 +fullnameOverride: hb-fluentbit-standard-200m ## Fluentbit® containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ diff --git a/addons/fluentbit/2/plans/standard-500m/values.yaml b/addons/fluentbit/2/plans/standard-500m/values.yaml index 45231abd..3d351ba8 100644 --- a/addons/fluentbit/2/plans/standard-500m/values.yaml +++ b/addons/fluentbit/2/plans/standard-500m/values.yaml @@ -1,6 +1,6 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: hb-fluentbit-standard-5 +fullnameOverride: hb-fluentbit-standard-500m ## Fluentbit® containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ From 7aa0ec00a9998aeb0c441bcd1dadaa879dfe1018 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 30 Jul 2024 10:24:32 +0800 Subject: [PATCH 107/176] chore(fluentbit):add plans --- addons/fluentbit/2/plans/standard-1000m/meta.yaml | 2 +- addons/fluentbit/2/plans/standard-200m/meta.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/addons/fluentbit/2/plans/standard-1000m/meta.yaml b/addons/fluentbit/2/plans/standard-1000m/meta.yaml index fb546c4f..7e076852 100644 --- a/addons/fluentbit/2/plans/standard-1000m/meta.yaml +++ b/addons/fluentbit/2/plans/standard-1000m/meta.yaml @@ -1,6 +1,6 @@ name: "standard-1000m" id: ac2300db-f5ac-413e-a663-dd13da2034b0 -description: "Fluentbit standard-100m plan: vCPUs 1000m, RAM 1G" +description: "Fluentbit standard-1000m plan: vCPUs 1000m, RAM 1G" displayName: "standard-1000m" bindable: true maximum_polling_duration: 1800 diff --git a/addons/fluentbit/2/plans/standard-200m/meta.yaml b/addons/fluentbit/2/plans/standard-200m/meta.yaml index fed6fd15..2061ce90 100644 --- a/addons/fluentbit/2/plans/standard-200m/meta.yaml +++ b/addons/fluentbit/2/plans/standard-200m/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-5" +name: "standard-200m" id: 1b3968b6-ea84-4f34-b1d9-b51e65d01b1c -description: "Fluentbit standard-5 plan: vCPUs 100m, RAM 128M" -displayName: "standard-5" +description: "Fluentbit standard-200m plan: vCPUs 200m, RAM 128M" +displayName: "standard-200m" bindable: true maximum_polling_duration: 1800 From bc151935e66234079db5ccced48344ae3c078992 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 30 Jul 2024 11:27:03 +0800 Subject: [PATCH 108/176] megre(addons) --- addons/fluentbit/2/plans/standard-1000m/meta.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/addons/fluentbit/2/plans/standard-1000m/meta.yaml b/addons/fluentbit/2/plans/standard-1000m/meta.yaml index 50af71b2..7e076852 100644 --- a/addons/fluentbit/2/plans/standard-1000m/meta.yaml +++ b/addons/fluentbit/2/plans/standard-1000m/meta.yaml @@ -1,10 +1,6 @@ name: "standard-1000m" id: ac2300db-f5ac-413e-a663-dd13da2034b0 -<<<<<<< HEAD description: "Fluentbit standard-1000m plan: vCPUs 1000m, RAM 1G" -======= -description: "Fluentbit standard-100m plan: vCPUs 1000m, RAM 1G" ->>>>>>> ad5012ff6d6a918f761d03fc082781f8a8e170de displayName: "standard-1000m" bindable: true maximum_polling_duration: 1800 From bb9727a99f04aeea92f74c5ce6cd347758d1f9ce Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 30 Jul 2024 14:29:00 +0800 Subject: [PATCH 109/176] chore(mysql-cluster): add router resources limits --- .../chart/mysql-cluster/templates/cluster/cronjob.yaml | 2 +- .../8.0/plans/standard-16c64g400/values.yaml | 10 +++++++++- .../8.0/plans/standard-32c128g800/values.yaml | 10 +++++++++- .../8.0/plans/standard-4c16g100/values.yaml | 8 ++++++++ .../8.0/plans/standard-8c32g200/values.yaml | 8 ++++++++ 5 files changed, 35 insertions(+), 3 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml index 0947721d..87bba064 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml @@ -66,7 +66,7 @@ spec: endpoint=os.getenv('AWS_ENDPOINT_URL') bucket_name=os.getenv('AWS_BUCKET_NAME') - util.dump_instance(now_str, {'s3BucketName': bucket_name, 's3EndpointOverride': endpoint, 'threads': 1, 'compatibility': ['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] ,'excludeSchemas': ['mysql_innodb_cluster_metadata','sys','information_schema','performance_schema','mondb'],'compatibility':['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] }) + util.dump_instance(now_str, {'s3BucketName': bucket_name, 's3EndpointOverride': endpoint, 'threads': 1, 'maxRate': '8M', 'compatibility': ['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] ,'excludeSchemas': ['mysql_innodb_cluster_metadata','sys','information_schema','performance_schema','mondb'],'compatibility':['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] }) " > /tmp/dump_instance.py mysqlsh --uri=${MYSQL_ROOT_USER}@${MYSQL_HOST}:${MYSQL_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} --py < /tmp/dump_instance.py diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml index 2cc0d06e..6871d366 100644 --- a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml @@ -20,7 +20,15 @@ primary: requests: cpu: 16000m memory: 64Gi - + +router: + resources: + limits: + cpu: 1600m + memory: 2Gi + requests: + cpu: 1600m + memory: 2Gi ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml index 82a515d7..1818b84a 100644 --- a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml @@ -20,7 +20,15 @@ primary: requests: cpu: 32000m memory: 128Gi - + +router: + resources: + limits: + cpu: 3200m + memory: 4Gi + requests: + cpu: 3200m + memory: 4Gi ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml index 1c6b865b..da0cbee1 100644 --- a/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml @@ -21,6 +21,14 @@ primary: cpu: 4000m memory: 16Gi +router: + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 500m + memory: 512Mi ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml index baf7e8a9..8ad37aa4 100644 --- a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml @@ -21,6 +21,14 @@ primary: cpu: 8000m memory: 32Gi +router: + resources: + limits: + cpu: 800m + memory: 1024Mi + requests: + cpu: 800m + memory: 1024Mi ## @section Persistence parameters From 8fcc8ea940edf80fc584769cc6b5a46201fae641 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 30 Jul 2024 16:28:34 +0800 Subject: [PATCH 110/176] chore(mysql-cluster): add metrics collects --- addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index bf95d6bf..876e51cb 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -1104,8 +1104,14 @@ metrics: ## - --collect.heartbeat.database ## - --collect.heartbeat.table ## + + extraArgs: - primary: [] + primary: + - --collect.info_schema.processlist + - --collect.perf_schema.replication_group_members + - --collect.perf_schema.replication_group_member_stats + - --collect.perf_schema.replication_applier_status_by_worker secondary: [] ## Mysqld Prometheus exporter resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ From 5ed42816684606a2bfe58903005c5a338779c00e Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 1 Aug 2024 09:49:51 +0800 Subject: [PATCH 111/176] chore(prometheus): scrape mysql metrics with params --- .../prometheus/templates/_scrape_config.tpl | 73 +++++++++++++++++++ .../prometheus/2/chart/prometheus/values.yaml | 2 + 2 files changed, 75 insertions(+) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index cba7ac84..261b68d6 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -132,6 +132,10 @@ relabel_configs: - source_labels: [__meta_kubernetes_pod_node_name] action: replace target_label: node + - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] + separator: ; + regex: mysql + action: drop {{- end -}} {{- define "addons.kubernetes-service-endpoints-slow" -}} @@ -175,6 +179,10 @@ relabel_configs: - source_labels: [__meta_kubernetes_pod_node_name] action: replace target_label: node + - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] + separator: ; + regex: mysql + action: drop {{- end -}} {{- define "addons.kubernetes-pods" -}} @@ -228,6 +236,10 @@ relabel_configs: - source_labels: [__meta_kubernetes_pod_node_name] action: replace target_label: node + - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] + separator: ; + regex: mysql + action: drop {{- end -}} {{- define "addons.kubernetes-pods-slow" -}} @@ -280,4 +292,65 @@ relabel_configs: - source_labels: [__meta_kubernetes_pod_node_name] action: replace target_label: node + - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] + separator: ; + regex: mysql + action: drop +{{- end -}} + +{{- define "addons.mysql-metrics" -}} +honor_labels: true +kubernetes_sd_configs: + - role: endpoints + namespaces: + own_namespace: true + names: + - {{ include "common.names.namespace" .context }} +params: + collect[]: + - informationSchema.processlist + - performanceSchema.replication_group_members + - performanceSchema.replication_group_member_stats + - performanceSchema.replication_applier_status_by_worker + +relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node + - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] + separator: ; + regex: mysql + action: keep {{- end -}} \ No newline at end of file diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index c18a66fa..d93277a7 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -649,6 +649,8 @@ server: {{- include "addons.kubernetes-pods" (dict "context" $) | nindent 4 }} - job_name: kubernetes-pods-slow {{- include "addons.kubernetes-pods-slow" (dict "context" $) | nindent 4 }} + - job_name: mysql-metrics + {{- include "addons.mysql-metrics" (dict "context" $) | nindent 4 }} {{- end }} {{ $scheme := .Values.drycc.scheme }} From bd6434545ea420f7504f8c78d468f8d3c35c5a1b Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 2 Aug 2024 11:42:14 +0800 Subject: [PATCH 112/176] chore(prometheus): modify mysql scrape params --- .../prometheus/2/chart/prometheus/templates/_scrape_config.tpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index 261b68d6..ab64d3c6 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -312,6 +312,8 @@ params: - performanceSchema.replication_group_members - performanceSchema.replication_group_member_stats - performanceSchema.replication_applier_status_by_worker + - auto_increment.columns + - binlog_size relabel_configs: - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] From 4226cd550e61da02c7c4dcc58b01880cddd19848 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 2 Aug 2024 14:29:22 +0800 Subject: [PATCH 113/176] chore(fluentbit): add gateway multiline --- addons/fluentbit/2/chart/fluentbit/values.yaml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/addons/fluentbit/2/chart/fluentbit/values.yaml b/addons/fluentbit/2/chart/fluentbit/values.yaml index ae35e42b..844a93a9 100644 --- a/addons/fluentbit/2/chart/fluentbit/values.yaml +++ b/addons/fluentbit/2/chart/fluentbit/values.yaml @@ -198,7 +198,7 @@ daemonset: [FILTER] name multiline match kubernetes.* - multiline.parser python_multiline,java_multiline,go_multiline + multiline.parser python_multiline,java_multiline,go_multiline,gateway_multiline multiline.key_content log buffer on @@ -247,6 +247,7 @@ daemonset: Rule "cont" "/^[a-z]/" "cont" Rule "cont" "/^Caused by:/" "cont" Rule "cont" "/^\s+/" "cont" + Rule "cont" "/^(?!\d{4}-\d{2}-\d{2})/" "cont" [MULTILINE_PARSER] Name go_multiline @@ -257,6 +258,14 @@ daemonset: Rule "cont" "/^\s+/" "cont" Rule "cont" "/^goroutine /" "cont" + [MULTILINE_PARSER] + Name gateway_multiline + Type regex + Flush_Timeout 1000 + key_content log + Rule "start_state" "/^\[\d{4}-\d{2}-\d{2}/" "cont" + Rule "cont" "/^(?!\[\d{4}-\d{2}-\d{2})/" "cont" + ## @section deployment Parameters ## From 9454a3423436b3f4d2ccc9f962563ab1edf2ed35 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 14 Aug 2024 14:40:49 +0800 Subject: [PATCH 114/176] chore(clickhouse): add timezone --- addons/clickhouse/24/chart/clickhouse/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml index 4b6737ad..6f9bc87e 100644 --- a/addons/clickhouse/24/chart/clickhouse/values.yaml +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -271,6 +271,7 @@ keeper: ## defaultConfigurationOverrides: | + Asia/Shanghai From 24b036f39d54150d43c3716fecdf96aedba3ca77 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 14 Aug 2024 16:38:58 +0800 Subject: [PATCH 115/176] chore(fluentbit): add multiline config --- .../24/chart/clickhouse/values.yaml | 8 +++++- .../fluentbit/2/chart/fluentbit/values.yaml | 28 ++++++++----------- addons/fluentbit/2/meta.yaml | 6 ++++ 3 files changed, 24 insertions(+), 18 deletions(-) diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml index 6f9bc87e..d14ffc82 100644 --- a/addons/clickhouse/24/chart/clickhouse/values.yaml +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -206,7 +206,13 @@ resourcesPreset: "small" ## cpu: 3 ## memory: 1024Mi ## -resources: {} +resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enabled ClickHouse pods' Security Context diff --git a/addons/fluentbit/2/chart/fluentbit/values.yaml b/addons/fluentbit/2/chart/fluentbit/values.yaml index 77826998..1a52a920 100644 --- a/addons/fluentbit/2/chart/fluentbit/values.yaml +++ b/addons/fluentbit/2/chart/fluentbit/values.yaml @@ -165,6 +165,7 @@ daemonset: flush: 1 ## https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/configuration-file config: + multilines : python_multiline,java_multiline,go_multiline,gateway_multiline service: | [SERVICE] Flush {{ .Values.daemonset.flush }} @@ -198,7 +199,7 @@ daemonset: [FILTER] name multiline match kubernetes.* - multiline.parser python_multiline,java_multiline,go_multiline,gateway_multiline + multiline.parser {{ .Values.daemonset.config.multilines }} multiline.key_content log buffer on @@ -257,6 +258,15 @@ daemonset: Rule "start_state" "/^panic: /" "cont" Rule "cont" "/^\s+/" "cont" Rule "cont" "/^goroutine /" "cont" + + [MULTILINE_PARSER] + Name gateway_multiline + Type regex + Flush_Timeout 1000 + key_content log + Rule "start_state" "/^\[\d{4}-\d{2}-\d{2}/" "cont" + Rule "cont" "/^(?!\[\d{4}-\d{2}-\d{2})/" "cont" + ## @param daemonset.extraEnvVars Array with extra environment variables to add to daemonset nodes ## e.g: ## extraEnvVars: @@ -271,22 +281,6 @@ daemonset: ## extraEnvVarsSecret: "" - [MULTILINE_PARSER] - Name gateway_multiline - Type regex - Flush_Timeout 1000 - key_content log - Rule "start_state" "/^\[\d{4}-\d{2}-\d{2}/" "cont" - Rule "cont" "/^(?!\[\d{4}-\d{2}-\d{2})/" "cont" - - [MULTILINE_PARSER] - Name gateway_multiline - Type regex - Flush_Timeout 1000 - key_content log - Rule "start_state" "/^\[\d{4}-\d{2}-\d{2}/" "cont" - Rule "cont" "/^(?!\[\d{4}-\d{2}-\d{2})/" "cont" - ## @section deployment Parameters ## diff --git a/addons/fluentbit/2/meta.yaml b/addons/fluentbit/2/meta.yaml index 137edce7..ca1598cf 100644 --- a/addons/fluentbit/2/meta.yaml +++ b/addons/fluentbit/2/meta.yaml @@ -21,4 +21,10 @@ allow_parameters: - name: "daemonset.config.outputs" required: true description: "destinations for your data: databases, cloud services and more" +- name: "daemonset.config.multilines" + equired: false + description: "destinations multilines" +- name: "daemonset.config.parsers" + equired: false + description: "destinations parsers" archive: false From 8351affc0906dec60dbb8b29f52751f5f20cfbde Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 11 Sep 2024 16:50:12 +0800 Subject: [PATCH 116/176] chore(postgresql-cluster): add postgresql-logicalbackup --- .../postgresql-cluster/templates/_helpers.tpl | 10 +++ .../templates/cm-backup.yaml | 1 - .../templates/cm-logicalbackup .yaml | 19 +++++ ...cm -postgresql.yaml => cm-postgresql.yaml} | 0 .../templates/logicalbackup-cronjob.yaml | 69 +++++++++++++++++++ .../15/chart/postgresql-cluster/values.yaml | 58 ++++++++++++++++ addons/postgresql-cluster/15/meta.yaml | 3 + 7 files changed, 159 insertions(+), 1 deletion(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-logicalbackup .yaml rename addons/postgresql-cluster/15/chart/postgresql-cluster/templates/{cm -postgresql.yaml => cm-postgresql.yaml} (100%) create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/logicalbackup-cronjob.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index bb67a496..d5876632 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -52,6 +52,16 @@ Return true if a cronjob object should be created for Postgresql HA patroni ## T {{- end -}} {{- end -}} +{{/* +Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature +*/}} +{{- define "patroni.createLogicalBackupCronJob" -}} +{{- if and .Values.logicalbackup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + {{/* Return true if a configmap object should be created for Postgresql HA patroni */}} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml index 62cb7596..fdc62197 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml @@ -14,4 +14,3 @@ metadata: data: backup.env: |- {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} - diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-logicalbackup .yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-logicalbackup .yaml new file mode 100644 index 00000000..8de61100 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-logicalbackup .yaml @@ -0,0 +1,19 @@ +{{- if (include "patroni.createLogicalBackupCronJob" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-logicalbackup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + logicalbackup.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.logicalbackupScript "context" $ ) | nindent 4 }} + +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-postgresql.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-postgresql.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/logicalbackup-cronjob.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/logicalbackup-cronjob.yaml new file mode 100644 index 00000000..071b9bd9 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/logicalbackup-cronjob.yaml @@ -0,0 +1,69 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- if (include "patroni.createLogicalBackupCronJob" .) }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "patroni.fullname" . }}-logicalbackup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + schedule: "{{ .Values.logicalbackup.scheduleCronJob }}" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ .Chart.Name }}-logicalbackup + image: "{{ .Values.logicalbackupImages.repository }}:{{ .Values.logicalbackupImages.tag }}" + imagePullPolicy: {{ .Values.logicalbackupImages.pullPolicy | quote }} + command: + - /usr/bin/env + - bash + - -c + - | + sh /opt/drycc/logicalbackup/logicalbackup.sh + env: + - name: PGHOST + value: {{ include "patroni.fullname" . }}-repl + - name: PGPORT + value: "5432" + - name: PGUSER + value: postgres + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: MINIO_BUCKET + value: {{ .Values.logicalbackup.minio.bucket }} + - name: MINIO_HOST + value: {{ .Values.logicalbackup.minio.endpoint }} + - name: MINIO_ACCESS_KEY + value: {{ .Values.logicalbackup.minio.access_key }} + - name: MINIO_SECRET_KEY + value: {{ .Values.logicalbackup.minio.secret_key }} + + volumeMounts: + - mountPath: "/opt/drycc/logicalbackup/" + name: logicalbackup-config + + volumes: + - name: logicalbackup-config + configMap: + name: {{ template "common.names.fullname" . }}-logicalbackup +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 6e70ea24..13582f6c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -13,6 +13,12 @@ image: # IfNotPresent , Always pullPolicy: 'IfNotPresent' +logicalbackupImages: + repository: registry.drycc.cc/drycc-addons/postgresql-logicalbackup + tag: 15 + # IfNotPresent , Always + pullPolicy: 'IfNotPresent' + # Credentials used by Patroni , passwd # https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql # https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst @@ -147,6 +153,42 @@ backupEnv: | export AWS_S3_FORCE_PATH_STYLE={{ .Values.backup.s3.awsS3ForcePathStyle | quote }} export AWS_REGION={{ .Values.backup.s3.awsRegion | quote }} +logicalbackupScript: | + #!/bin/bash + + # PostgreSQL 设置 + # POSTGRES_USER="postgres" + # POSTGRES_HOST="127.0.0.1" + + # MinIO 设置 + # MINIO_BUCKET="pgbackup" + # MINIO_HOST="http://localhost:9000" + # MINIO_ACCESS_KEY="admin123" + # MINIO_SECRET_KEY="admin123" + + # 设置 MinIO 客户端别名 + mc alias set myminio $MINIO_HOST $MINIO_ACCESS_KEY $MINIO_SECRET_KEY + + # 创建以当前日期和时间命名的备份目录 + BACKUP_DIR="$(date +%Y%m%d%H%M)" + MINIO_PATH="myminio/$MINIO_BUCKET/$BACKUP_DIR" + + # 备份全局对象 + echo "Backing up global objects to $MINIO_PATH/roles_globals.sql.gz" + pg_dumpall -g -U "$POSTGRES_USER" -h "$POSTGRES_HOST" | pigz | mc pipe "$MINIO_PATH/roles_globals.sql.gz" + + # 获取所有非模板数据库的列表 + DATABASES=$(psql -U "$POSTGRES_USER" -h "$POSTGRES_HOST" -t -c "SELECT datname FROM pg_database WHERE datistemplate = false;") + + # 为每个数据库执行备份 + for DB in $DATABASES; do + echo "Backing up $DB to $MINIO_PATH/$DB.sql.gz" + pg_dump -U "$POSTGRES_USER" -h "$POSTGRES_HOST" "$DB" | pigz | mc pipe "$MINIO_PATH/$DB.sql.gz" + done + + echo "Backup process completed!" + + postgresql: config: |- log_min_duration_statement = 1000 @@ -255,6 +297,19 @@ metrics: requests: cpu: 100m memory: 512Mi + +logicalbackup: + enabled: false + scheduleCronJob: "22 0 * * 0" + minio: + used: true + buckect: "s3://xx" + access_key: "" + secret_key: "" + endpoint: "http://xxxx:9000" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 + backup: # Specifies whether Wal-G should be enabled enabled: false @@ -279,6 +334,9 @@ backup: awsS3ForcePathStyle: "true" awsRegion: dx-1 +logicalBackup: + enabled: false + ## persistentVolumeClaimRetentionPolicy ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention ## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index 0da415d6..44f38ea7 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -24,4 +24,7 @@ allow_parameters: - name: "backup" required: false description: "Whether to use S3 for backup your data. default false . ps: Make sure there is a available S3 " +- name: "logicalbackup" + required: false + description: "Whether to use S3 for logical backup your data. default false . ps: Make sure there is a available S3 " archive: false \ No newline at end of file From 1de88ce9e690f4bb61f3c706d28178a2c50406f9 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 11 Sep 2024 17:30:33 +0800 Subject: [PATCH 117/176] fix(prometheus): scrape mysql --- .../2/chart/prometheus/templates/_scrape_config.tpl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index 9fefe75c..7bfe50c1 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -133,9 +133,9 @@ relabel_configs: action: replace target_label: node - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] - separator: ; - regex: mysql - action: drop + separator: ; + regex: mysql + action: drop {{- end -}} {{- define "addons.kubernetes-service-endpoints-slow" -}} @@ -180,9 +180,9 @@ relabel_configs: action: replace target_label: node - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] - separator: ; - regex: mysql - action: drop + separator: ; + regex: mysql + action: drop {{- end -}} {{- define "addons.kubernetes-pods" -}} From 7d6fbc438374064b18b3966b682630e38eb29d8c Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 12 Sep 2024 09:06:28 +0800 Subject: [PATCH 118/176] chore(addons): modify plans requests --- addons/mongodb/7.0/plans/standard-16c64g400/values.yaml | 4 ++-- addons/mongodb/7.0/plans/standard-32c128g800/values.yaml | 4 ++-- addons/mongodb/7.0/plans/standard-8c32g200/values.yaml | 4 ++-- addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml | 4 ++-- .../mysql-cluster/8.0/plans/standard-32c128g800/values.yaml | 4 ++-- addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml | 4 ++-- .../15/plans/standard-16c64g400/values.yaml | 4 ++-- .../15/plans/standard-32c128g800/values.yaml | 4 ++-- .../15/plans/standard-32c64g4000/values.yaml | 4 ++-- .../postgresql-cluster/15/plans/standard-8c32g200/values.yaml | 4 ++-- 10 files changed, 20 insertions(+), 20 deletions(-) diff --git a/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml b/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml index 7e5e03a0..9ef94dff 100644 --- a/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml +++ b/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 16000m memory: 64Gi requests: - cpu: 16000m - memory: 64Gi + cpu: 8000m + memory: 32Gi persistence: size: 400Gi diff --git a/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml b/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml index c5074501..4c339766 100644 --- a/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml +++ b/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 32000m memory: 128Gi requests: - cpu: 32000m - memory: 128Gi + cpu: 16000m + memory: 64Gi persistence: size: 800Gi diff --git a/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml b/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml index 16158f0f..442f087d 100644 --- a/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml +++ b/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 8000m memory: 32Gi requests: - cpu: 8000m - memory: 32Gi + cpu: 4000m + memory: 16Gi persistence: size: 200Gi diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml index 6871d366..78f05cfe 100644 --- a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml @@ -18,8 +18,8 @@ primary: cpu: 16000m memory: 64Gi requests: - cpu: 16000m - memory: 64Gi + cpu: 8000m + memory: 32Gi router: resources: diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml index 1818b84a..ead2abb1 100644 --- a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml @@ -18,8 +18,8 @@ primary: cpu: 32000m memory: 128Gi requests: - cpu: 32000m - memory: 128Gi + cpu: 16000m + memory: 64Gi router: resources: diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml index 8ad37aa4..2b3d28e7 100644 --- a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml @@ -18,8 +18,8 @@ primary: cpu: 8000m memory: 32Gi requests: - cpu: 8000m - memory: 32Gi + cpu: 4000m + memory: 16Gi router: resources: diff --git a/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml index fe3f5cbf..a14f012e 100644 --- a/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml @@ -67,8 +67,8 @@ resources: memory: 64Gi hugepages-2Mi: 40Mi requests: - cpu: 16000m - memory: 64Gi + cpu: 8000m + memory: 32Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml index d9c9501e..c0ed7230 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml @@ -67,8 +67,8 @@ resources: memory: 128Gi hugepages-2Mi: 80Mi requests: - cpu: 32000m - memory: 128Gi + cpu: 16000m + memory: 64Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml index b4a6a7ee..2c9a48e3 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml @@ -67,8 +67,8 @@ resources: memory: 64Gi hugepages-2Mi: 80Mi requests: - cpu: 32000m - memory: 64Gi + cpu: 16000m + memory: 32Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml index 3d129faa..08d777be 100644 --- a/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml @@ -67,8 +67,8 @@ resources: memory: 32Gi hugepages-2Mi: 60Mi requests: - cpu: 8000m - memory: 32Gi + cpu: 4000m + memory: 16Gi persistentVolume: enabled: true From f631bc3ffe7256c85e9b70cd6e1b8cdd61385bdb Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 14 Oct 2024 15:49:22 +0800 Subject: [PATCH 119/176] fix(mysql-cluster): router limits --- .../8.0/plans/standard-16c64g400/values.yaml | 18 +++++++++--------- .../8.0/plans/standard-32c128g800/values.yaml | 17 ++++++++--------- .../8.0/plans/standard-4c16g100/values.yaml | 18 +++++++++--------- .../8.0/plans/standard-8c32g200/values.yaml | 18 +++++++++--------- 4 files changed, 35 insertions(+), 36 deletions(-) diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml index 78f05cfe..f346d776 100644 --- a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml @@ -21,15 +21,6 @@ primary: cpu: 8000m memory: 32Gi -router: - resources: - limits: - cpu: 1600m - memory: 2Gi - requests: - cpu: 1600m - memory: 2Gi - ## @section Persistence parameters ## Enable persistence using Persistent Volume Claims @@ -67,3 +58,12 @@ router: ## app: my-app ## selector: {} + +router: + resources: + limits: + cpu: 1600m + memory: 2Gi + requests: + cpu: 1600m + memory: 2Gi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml index ead2abb1..c25affff 100644 --- a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml @@ -21,15 +21,6 @@ primary: cpu: 16000m memory: 64Gi -router: - resources: - limits: - cpu: 3200m - memory: 4Gi - requests: - cpu: 3200m - memory: 4Gi - ## @section Persistence parameters ## Enable persistence using Persistent Volume Claims @@ -67,3 +58,11 @@ router: ## app: my-app ## selector: {} +router: + resources: + limits: + cpu: 3200m + memory: 4Gi + requests: + cpu: 3200m + memory: 4Gi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml index da0cbee1..68412b31 100644 --- a/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml @@ -21,15 +21,6 @@ primary: cpu: 4000m memory: 16Gi -router: - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 500m - memory: 512Mi - ## @section Persistence parameters ## Enable persistence using Persistent Volume Claims @@ -67,3 +58,12 @@ router: ## app: my-app ## selector: {} + +router: + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 500m + memory: 512Mi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml index 2b3d28e7..4061331e 100644 --- a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml @@ -20,15 +20,6 @@ primary: requests: cpu: 4000m memory: 16Gi - -router: - resources: - limits: - cpu: 800m - memory: 1024Mi - requests: - cpu: 800m - memory: 1024Mi ## @section Persistence parameters @@ -67,3 +58,12 @@ router: ## app: my-app ## selector: {} + +router: + resources: + limits: + cpu: 800m + memory: 1024Mi + requests: + cpu: 800m + memory: 1024Mi \ No newline at end of file From 86f877e15f9ee6ff6f056884c1fe8fdf487c07aa Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 14 Oct 2024 18:12:30 +0800 Subject: [PATCH 120/176] fix(mysql-cluster): router limits --- .../8.0/plans/standard-16c64g400/values.yaml | 12 ------------ .../8.0/plans/standard-32c128g800/values.yaml | 12 ------------ .../8.0/plans/standard-8c32g200/values.yaml | 12 ------------ 3 files changed, 36 deletions(-) diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml index 2faf05c2..f346d776 100644 --- a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml @@ -20,18 +20,6 @@ primary: requests: cpu: 8000m memory: 32Gi -<<<<<<< HEAD -======= - -router: - resources: - limits: - cpu: 1600m - memory: 2Gi - requests: - cpu: 1600m - memory: 2Gi ->>>>>>> f6c0e1df94a939481eea0c5348f8b611e035180b ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml index ed50c098..c25affff 100644 --- a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml @@ -20,18 +20,6 @@ primary: requests: cpu: 16000m memory: 64Gi -<<<<<<< HEAD -======= - -router: - resources: - limits: - cpu: 3200m - memory: 4Gi - requests: - cpu: 3200m - memory: 4Gi ->>>>>>> f6c0e1df94a939481eea0c5348f8b611e035180b ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml index a545ed67..4061331e 100644 --- a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml @@ -20,18 +20,6 @@ primary: requests: cpu: 4000m memory: 16Gi -<<<<<<< HEAD -======= - -router: - resources: - limits: - cpu: 800m - memory: 1024Mi - requests: - cpu: 800m - memory: 1024Mi ->>>>>>> f6c0e1df94a939481eea0c5348f8b611e035180b ## @section Persistence parameters From 6fad48789b0273c10d0d96b0419635b4136e1638 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 16 Oct 2024 16:52:55 +0800 Subject: [PATCH 121/176] fix(mysql-cluster): remove metrics probe --- addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 01eb06e9..f0eb3a45 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -1112,6 +1112,9 @@ metrics: - --collect.perf_schema.replication_group_members - --collect.perf_schema.replication_group_member_stats - --collect.perf_schema.replication_applier_status_by_worker + - --collect.auto_increment.columns + - --collect.binlog_size + - --collect.engine_innodb_status secondary: [] ## Mysqld Prometheus exporter resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ @@ -1158,7 +1161,7 @@ metrics: ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: - enabled: true + enabled: false initialDelaySeconds: 120 periodSeconds: 10 timeoutSeconds: 10 @@ -1174,7 +1177,7 @@ metrics: ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: - enabled: true + enabled: false initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 10 From 12ef7d704f7151854d14e97586cf84d67267c286 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 21 Oct 2024 18:01:40 +0800 Subject: [PATCH 122/176] chore(mysql-cluster): optimisation metrics --- addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index f0eb3a45..34a406b2 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -1112,9 +1112,7 @@ metrics: - --collect.perf_schema.replication_group_members - --collect.perf_schema.replication_group_member_stats - --collect.perf_schema.replication_applier_status_by_worker - - --collect.auto_increment.columns - - --collect.binlog_size - - --collect.engine_innodb_status + secondary: [] ## Mysqld Prometheus exporter resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ From 72496293903cf1192552d30de994db9196c3a554 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 22 Oct 2024 09:00:40 +0800 Subject: [PATCH 123/176] chore(prometheus): drop mysql metrics --- .../prometheus/templates/_scrape_config.tpl | 58 ------------------- .../prometheus/2/chart/prometheus/values.yaml | 2 - 2 files changed, 60 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index 7bfe50c1..059dc2ec 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -132,10 +132,6 @@ relabel_configs: - source_labels: [__meta_kubernetes_pod_node_name] action: replace target_label: node - - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] - separator: ; - regex: mysql - action: drop {{- end -}} {{- define "addons.kubernetes-service-endpoints-slow" -}} @@ -179,10 +175,6 @@ relabel_configs: - source_labels: [__meta_kubernetes_pod_node_name] action: replace target_label: node - - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] - separator: ; - regex: mysql - action: drop {{- end -}} {{- define "addons.kubernetes-pods" -}} @@ -236,10 +228,6 @@ relabel_configs: - source_labels: [__meta_kubernetes_pod_node_name] action: replace target_label: node - - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] - separator: ; - regex: mysql - action: drop {{- end -}} {{- define "addons.kubernetes-pods-slow" -}} @@ -292,10 +280,6 @@ relabel_configs: - source_labels: [__meta_kubernetes_pod_node_name] action: replace target_label: node - - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] - separator: ; - regex: mysql - action: drop {{- end -}} {{- define "addons.mysql-metrics" -}} @@ -315,45 +299,3 @@ params: - auto_increment.columns - binlog_size - -relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] - action: drop - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: (.+?)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) - replacement: __param_$1 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: service - - source_labels: [__meta_kubernetes_pod_node_name] - action: replace - target_label: node - - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] - separator: ; - regex: mysql - action: keep -{{- end -}} \ No newline at end of file diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index d93277a7..c18a66fa 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -649,8 +649,6 @@ server: {{- include "addons.kubernetes-pods" (dict "context" $) | nindent 4 }} - job_name: kubernetes-pods-slow {{- include "addons.kubernetes-pods-slow" (dict "context" $) | nindent 4 }} - - job_name: mysql-metrics - {{- include "addons.mysql-metrics" (dict "context" $) | nindent 4 }} {{- end }} {{ $scheme := .Values.drycc.scheme }} From 80a4c64a998ebe1e07fedf44da752ca2b94c0d58 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 22 Oct 2024 10:25:27 +0800 Subject: [PATCH 124/176] fix(prometheus): Remove redundant code --- .../prometheus/templates/_scrape_config.tpl | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index 059dc2ec..3dc59c11 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -282,20 +282,4 @@ relabel_configs: target_label: node {{- end -}} -{{- define "addons.mysql-metrics" -}} -honor_labels: true -kubernetes_sd_configs: - - role: endpoints - namespaces: - own_namespace: true - names: - - {{ include "common.names.namespace" .context }} -params: - collect[]: - - informationSchema.processlist - - performanceSchema.replication_group_members - - performanceSchema.replication_group_member_stats - - performanceSchema.replication_applier_status_by_worker - - auto_increment.columns - - binlog_size From de619ea495544304e63ddad5af9820c571bf5c7e Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 22 Oct 2024 11:08:26 +0800 Subject: [PATCH 125/176] fix(prometheus): configmap-reload images address --- addons/prometheus/2/chart/prometheus/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index c18a66fa..a114035b 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -1589,8 +1589,8 @@ configmapReload: ## configmap-reload container image ## image: - repository: jimmidyson/configmap-reload - tag: v0.5.0 + repository: registry.drycc.cc/drycc-addons/configmap-reload + tag: 0 pullPolicy: IfNotPresent # containerPort: 9533 From 5f0eab41543462dee46759047322cde6ff79acea Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 23 Oct 2024 10:18:10 +0800 Subject: [PATCH 126/176] chore(fluentbit): timezone +8 --- addons/fluentbit/2/chart/fluentbit/templates/daemonset.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/addons/fluentbit/2/chart/fluentbit/templates/daemonset.yaml b/addons/fluentbit/2/chart/fluentbit/templates/daemonset.yaml index 215c7ed8..601a15c2 100644 --- a/addons/fluentbit/2/chart/fluentbit/templates/daemonset.yaml +++ b/addons/fluentbit/2/chart/fluentbit/templates/daemonset.yaml @@ -81,7 +81,13 @@ spec: mountPath: /var/log - name: {{ include "fluentbit.configMap" . }} mountPath: /opt/drycc/fluent-bit/etc/fluent-bit + - name: timezone + mountPath: /etc/localtime + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai - name: data emptyDir: {} - name: varlog From 4a132484153ef263fcb29be280f0d843d4ed8a3c Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 25 Oct 2024 16:38:43 +0800 Subject: [PATCH 127/176] chore(mysql-cluster): bind add domain --- addons/mysql-cluster/8.0/plans/standard-16c64g400/bind.yaml | 2 ++ addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml | 2 ++ addons/mysql-cluster/8.0/plans/standard-2c4g20/bind.yaml | 2 ++ addons/mysql-cluster/8.0/plans/standard-2c8g50/bind.yaml | 2 ++ addons/mysql-cluster/8.0/plans/standard-32c128g800/bind.yaml | 2 ++ addons/mysql-cluster/8.0/plans/standard-4c16g100/bind.yaml | 2 ++ addons/mysql-cluster/8.0/plans/standard-8c32g200/bind.yaml | 2 ++ 7 files changed, 14 insertions(+) diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/bind.yaml index 6a7147c9..a0668383 100644 --- a/addons/mysql-cluster/8.0/plans/standard-16c64g400/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-16c64g400/bind.yaml @@ -6,6 +6,8 @@ credential: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} + - name: DOMAIN + value: {{ template "common.names.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: HOST valueFrom: serviceRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml index 6a7147c9..a0668383 100644 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml @@ -6,6 +6,8 @@ credential: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} + - name: DOMAIN + value: {{ template "common.names.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: HOST valueFrom: serviceRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-2c4g20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-2c4g20/bind.yaml index 6a7147c9..a0668383 100644 --- a/addons/mysql-cluster/8.0/plans/standard-2c4g20/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-2c4g20/bind.yaml @@ -6,6 +6,8 @@ credential: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} + - name: DOMAIN + value: {{ template "common.names.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: HOST valueFrom: serviceRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-2c8g50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-2c8g50/bind.yaml index 6a7147c9..a0668383 100644 --- a/addons/mysql-cluster/8.0/plans/standard-2c8g50/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-2c8g50/bind.yaml @@ -6,6 +6,8 @@ credential: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} + - name: DOMAIN + value: {{ template "common.names.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: HOST valueFrom: serviceRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/bind.yaml index 6a7147c9..a0668383 100644 --- a/addons/mysql-cluster/8.0/plans/standard-32c128g800/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-32c128g800/bind.yaml @@ -6,6 +6,8 @@ credential: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} + - name: DOMAIN + value: {{ template "common.names.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: HOST valueFrom: serviceRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-4c16g100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-4c16g100/bind.yaml index 6a7147c9..a0668383 100644 --- a/addons/mysql-cluster/8.0/plans/standard-4c16g100/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-4c16g100/bind.yaml @@ -6,6 +6,8 @@ credential: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} + - name: DOMAIN + value: {{ template "common.names.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: HOST valueFrom: serviceRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/bind.yaml index 6a7147c9..a0668383 100644 --- a/addons/mysql-cluster/8.0/plans/standard-8c32g200/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-8c32g200/bind.yaml @@ -6,6 +6,8 @@ credential: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} + - name: DOMAIN + value: {{ template "common.names.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: HOST valueFrom: serviceRef: From 5f178baf15ce62a98cc7156f65f8bd2fa5c28558 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 28 Oct 2024 09:31:27 +0800 Subject: [PATCH 128/176] chore(postgresql-cluster): bind add domain --- .../15/chart/postgresql-cluster/values.yaml | 3 ++- .../15/plans/standard-16c64g400/bind.yaml | 6 +++++- .../postgresql-cluster/15/plans/standard-1c2g10/bind.yaml | 6 +++++- .../postgresql-cluster/15/plans/standard-2c4g20/bind.yaml | 6 +++++- .../postgresql-cluster/15/plans/standard-2c8g50/bind.yaml | 6 +++++- .../15/plans/standard-32c128g800/bind.yaml | 6 +++++- .../15/plans/standard-32c64g4000/bind.yaml | 6 +++++- .../postgresql-cluster/15/plans/standard-4c16g100/bind.yaml | 6 +++++- .../postgresql-cluster/15/plans/standard-8c32g200/bind.yaml | 6 +++++- 9 files changed, 42 insertions(+), 9 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 1bed7475..efa6be7a 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -432,4 +432,5 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: \ No newline at end of file + allowNamespaces: +clusterDomain: cluster.local \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-16c64g400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/bind.yaml index 0283dff3..5fc257f9 100644 --- a/addons/postgresql-cluster/15/plans/standard-16c64g400/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-16c64g400/bind.yaml @@ -10,7 +10,11 @@ credential: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- end }} +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: MASTER_HOST valueFrom: serviceRef: diff --git a/addons/postgresql-cluster/15/plans/standard-1c2g10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-1c2g10/bind.yaml index e41b7b31..43111931 100644 --- a/addons/postgresql-cluster/15/plans/standard-1c2g10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-1c2g10/bind.yaml @@ -10,7 +10,11 @@ credential: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- end }} +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: MASTER_HOST valueFrom: serviceRef: diff --git a/addons/postgresql-cluster/15/plans/standard-2c4g20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-2c4g20/bind.yaml index 0283dff3..5fc257f9 100644 --- a/addons/postgresql-cluster/15/plans/standard-2c4g20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-2c4g20/bind.yaml @@ -10,7 +10,11 @@ credential: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- end }} +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: MASTER_HOST valueFrom: serviceRef: diff --git a/addons/postgresql-cluster/15/plans/standard-2c8g50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-2c8g50/bind.yaml index 0283dff3..5fc257f9 100644 --- a/addons/postgresql-cluster/15/plans/standard-2c8g50/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-2c8g50/bind.yaml @@ -10,7 +10,11 @@ credential: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- end }} +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: MASTER_HOST valueFrom: serviceRef: diff --git a/addons/postgresql-cluster/15/plans/standard-32c128g800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/bind.yaml index 0283dff3..5fc257f9 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c128g800/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c128g800/bind.yaml @@ -10,7 +10,11 @@ credential: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- end }} +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: MASTER_HOST valueFrom: serviceRef: diff --git a/addons/postgresql-cluster/15/plans/standard-32c64g4000/bind.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/bind.yaml index 0283dff3..5fc257f9 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c64g4000/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c64g4000/bind.yaml @@ -10,7 +10,11 @@ credential: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- end }} +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: MASTER_HOST valueFrom: serviceRef: diff --git a/addons/postgresql-cluster/15/plans/standard-4c16g100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-4c16g100/bind.yaml index 0283dff3..5fc257f9 100644 --- a/addons/postgresql-cluster/15/plans/standard-4c16g100/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-4c16g100/bind.yaml @@ -10,7 +10,11 @@ credential: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- end }} +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: MASTER_HOST valueFrom: serviceRef: diff --git a/addons/postgresql-cluster/15/plans/standard-8c32g200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/bind.yaml index 0283dff3..5fc257f9 100644 --- a/addons/postgresql-cluster/15/plans/standard-8c32g200/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-8c32g200/bind.yaml @@ -10,7 +10,11 @@ credential: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- end }} +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - name: MASTER_HOST valueFrom: serviceRef: From 9ec5714ea90c30e1245ad91952f7af2bb32eb22b Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Nov 2024 11:13:40 +0800 Subject: [PATCH 129/176] chore(addons: add ydb) --- addons/index.yaml | 5 +- .../2024/chart/yugabytedb/Chart.yaml | 17 + .../2024/chart/yugabytedb/README.md | 1 + .../2024/chart/yugabytedb/app-readme.md | 1 + .../chart/yugabytedb/expose-all-shared.yaml | 21 + .../2024/chart/yugabytedb/expose-all.yaml | 31 + .../chart/yugabytedb/generate_kubeconfig.py | 220 +++++ .../chart/yugabytedb/openshift.values.yaml | 4 + .../2024/chart/yugabytedb/questions.yaml | 174 ++++ .../2024/chart/yugabytedb/templates/NOTES.txt | 29 + .../chart/yugabytedb/templates/_helpers.tpl | 548 +++++++++++ .../2024/chart/yugabytedb/templates/bind.yaml | 33 + .../yugabytedb/templates/certificates.yaml | 150 +++ .../templates/debug_config_map.yaml | 23 + .../hooks/setup-credentials-job.yaml | 80 ++ .../templates/master-servicemonitor.yaml | 51 + .../multicluster/common-tserver-service.yaml | 23 + .../multicluster/mcs-service-export.yaml | 21 + .../multicluster/service-per-pod.yaml | 34 + .../chart/yugabytedb/templates/service.yaml | 898 ++++++++++++++++++ .../setup-credentials-configmap.yaml | 262 +++++ .../templates/tserver-servicemonitor.yaml | 115 +++ .../2024/chart/yugabytedb/tests/README.md | 19 + .../tests/test_affinity_merges.yaml | 191 ++++ .../tests/values_affinity_merge.yaml | 66 ++ .../2024/chart/yugabytedb/values.yaml | 691 ++++++++++++++ .../2024/chart/yugabytedb/yugabyte-rbac.yaml | 19 + addons/yugabytedb/2024/meta.yaml | 24 + .../2024/plans/standard-1c2g3w10/bind.yaml | 33 + .../create-instance-schema.json | 12 + .../2024/plans/standard-1c2g3w10/meta.yaml | 6 + .../2024/plans/standard-1c2g3w10/values.yaml | 31 + .../2024/plans/standard-2c4g3w20/bind.yaml | 37 + .../create-instance-schema.json | 12 + .../2024/plans/standard-2c4g3w20/meta.yaml | 6 + .../2024/plans/standard-2c4g3w20/values.yaml | 31 + 36 files changed, 3918 insertions(+), 1 deletion(-) create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/Chart.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/README.md create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/app-readme.md create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/expose-all-shared.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/expose-all.yaml create mode 100755 addons/yugabytedb/2024/chart/yugabytedb/generate_kubeconfig.py create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/openshift.values.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/questions.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/templates/NOTES.txt create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/templates/_helpers.tpl create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/templates/bind.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/templates/certificates.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/templates/debug_config_map.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/templates/hooks/setup-credentials-job.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/templates/master-servicemonitor.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/templates/multicluster/common-tserver-service.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/templates/multicluster/mcs-service-export.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/templates/multicluster/service-per-pod.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/templates/service.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/templates/setup-credentials-configmap.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/templates/tserver-servicemonitor.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/tests/README.md create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/tests/test_affinity_merges.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/tests/values_affinity_merge.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/values.yaml create mode 100644 addons/yugabytedb/2024/chart/yugabytedb/yugabyte-rbac.yaml create mode 100644 addons/yugabytedb/2024/meta.yaml create mode 100644 addons/yugabytedb/2024/plans/standard-1c2g3w10/bind.yaml create mode 100644 addons/yugabytedb/2024/plans/standard-1c2g3w10/create-instance-schema.json create mode 100644 addons/yugabytedb/2024/plans/standard-1c2g3w10/meta.yaml create mode 100644 addons/yugabytedb/2024/plans/standard-1c2g3w10/values.yaml create mode 100644 addons/yugabytedb/2024/plans/standard-2c4g3w20/bind.yaml create mode 100644 addons/yugabytedb/2024/plans/standard-2c4g3w20/create-instance-schema.json create mode 100644 addons/yugabytedb/2024/plans/standard-2c4g3w20/meta.yaml create mode 100644 addons/yugabytedb/2024/plans/standard-2c4g3w20/values.yaml diff --git a/addons/index.yaml b/addons/index.yaml index a3a86454..a3cf0a27 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -62,4 +62,7 @@ entries: description: "ClickHouse is the fastest and most resource efficient open-source database for real-time apps and analytics." kvrocks: - version: 2.8 - description: "Apache Kvrocks is a distributed key value NoSQL database that uses RocksDB as storage engine and is compatible with Redis protocol." \ No newline at end of file + description: "Apache Kvrocks is a distributed key value NoSQL database that uses RocksDB as storage engine and is compatible with Redis protocol." + yugabytedb: + - version: 2024 + description: "YugabyteDB is a high-performance distributed SQL database for powering global, internet-scale applications. " \ No newline at end of file diff --git a/addons/yugabytedb/2024/chart/yugabytedb/Chart.yaml b/addons/yugabytedb/2024/chart/yugabytedb/Chart.yaml new file mode 100644 index 00000000..127d00b5 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v2 +name: yugabyte +version: 2024.1.3 +appVersion: 2024.1.3.0-b105 +kubeVersion: ">=1.17.0-0" +home: https://www.yugabyte.com +description: YugabyteDB is the high-performance distributed SQL database for building global, internet-scale apps. +icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 +sources: +- https://github.com/yugabyte/yugabyte-db +maintainers: +- name: Sanketh Indarapu + email: sanketh@yugabyte.com +- name: Govardhan Reddy Jalla + email: gjalla@yugabyte.com +annotations: + charts.openshift.io/name: yugabyte \ No newline at end of file diff --git a/addons/yugabytedb/2024/chart/yugabytedb/README.md b/addons/yugabytedb/2024/chart/yugabytedb/README.md new file mode 100644 index 00000000..9528cff1 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/README.md @@ -0,0 +1 @@ +YugabyteDB can be deployed in various Kubernetes configurations (including single zone, multi-zone and multi-cluster) using this Helm Chart. Detailed documentation is available in [YugabyteDB Docs for Kubernetes Deployments](https://docs.yugabyte.com/latest/deploy/kubernetes/). diff --git a/addons/yugabytedb/2024/chart/yugabytedb/app-readme.md b/addons/yugabytedb/2024/chart/yugabytedb/app-readme.md new file mode 100644 index 00000000..27ccaf2b --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/app-readme.md @@ -0,0 +1 @@ +This chart bootstraps an RF3 YugabyteDB version 2024.1.3.0-b105 cluster using the Helm Package Manager. diff --git a/addons/yugabytedb/2024/chart/yugabytedb/expose-all-shared.yaml b/addons/yugabytedb/2024/chart/yugabytedb/expose-all-shared.yaml new file mode 100644 index 00000000..fae02347 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/expose-all-shared.yaml @@ -0,0 +1,21 @@ +serviceEndpoints: + - name: "yb-master-service" + type: LoadBalancer + app: "yb-master" + ports: + ui: "7000" + + - name: "yb-tserver-service" + type: LoadBalancer + app: "yb-tserver" + ports: + yql-port: "9042" + yedis-port: "6379" + ysql-port: "5433" + + - name: "yugabyted-ui-service" + type: LoadBalancer + app: "yb-master" + sessionAffinity: ClientIP + ports: + yugabyted-ui: "15433" diff --git a/addons/yugabytedb/2024/chart/yugabytedb/expose-all.yaml b/addons/yugabytedb/2024/chart/yugabytedb/expose-all.yaml new file mode 100644 index 00000000..ac3edf56 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/expose-all.yaml @@ -0,0 +1,31 @@ +serviceEndpoints: + - name: "yb-master-ui" + type: LoadBalancer + app: "yb-master" + ports: + ui: "7000" + + - name: "yql-service" + type: LoadBalancer + app: "yb-tserver" + ports: + yql-port: "9042" + + - name: "yedis-service" + type: LoadBalancer + app: "yb-tserver" + ports: + yedis-port: "6379" + + - name: "ysql-service" + type: LoadBalancer + app: "yb-tserver" + ports: + ysql-port: "5433" + + - name: "yugabyted-ui-service" + type: LoadBalancer + app: "yb-master" + sessionAffinity: ClientIP + ports: + yugabyted-ui: "15433" diff --git a/addons/yugabytedb/2024/chart/yugabytedb/generate_kubeconfig.py b/addons/yugabytedb/2024/chart/yugabytedb/generate_kubeconfig.py new file mode 100755 index 00000000..0d91739f --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/generate_kubeconfig.py @@ -0,0 +1,220 @@ +#!/usr/bin/python +# Copyright (c) YugaByte, Inc. + +# This script would generate a kubeconfig for the given servie account +# by fetching the cluster information and also add the service account +# token for the authentication purpose. + +import argparse +from subprocess import check_output +from sys import exit +import json +import base64 +import tempfile +import time +import os.path + + +def run_command(command_args, namespace=None, as_json=True, log_command=True): + command = ["kubectl"] + if namespace: + command.extend(["--namespace", namespace]) + command.extend(command_args) + if as_json: + command.extend(["-o", "json"]) + if log_command: + print("Running command: {}".format(" ".join(command))) + output = check_output(command) + if as_json: + return json.loads(output) + else: + return output.decode("utf8") + + +def create_sa_token_secret(directory, sa_name, namespace): + """Creates a service account token secret for sa_name in + namespace. Returns the name of the secret created. + + Ref: + https://k8s.io/docs/concepts/configuration/secret/#service-account-token-secrets + + """ + token_secret = { + "apiVersion": "v1", + "data": { + "do-not-delete-used-for-yugabyte-anywhere": "MQ==", + }, + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/service-account.name": sa_name, + }, + "name": sa_name, + }, + "type": "kubernetes.io/service-account-token", + } + token_secret_file_name = os.path.join(directory, "token_secret.yaml") + with open(token_secret_file_name, "w") as token_secret_file: + json.dump(token_secret, token_secret_file) + run_command(["apply", "-f", token_secret_file_name], namespace) + return sa_name + + +def get_secret_data(secret, namespace): + """Returns the secret in JSON format if it has ca.crt and token in + it, else returns None. It retries 3 times with 1 second timeout + for the secret to be populated with this data. + + """ + secret_data = None + num_retries = 5 + timeout = 2 + while True: + secret_json = run_command(["get", "secret", secret], namespace) + if "ca.crt" in secret_json["data"] and "token" in secret_json["data"]: + secret_data = secret_json + break + + num_retries -= 1 + if num_retries == 0: + break + print( + "Secret '{}' is not populated. Sleep {}s, ({} retries left)".format( + secret, timeout, num_retries + ) + ) + time.sleep(timeout) + return secret_data + + +def get_secrets_for_sa(sa_name, namespace): + """Returns a list of all service account token secrets associated + with the given sa_name in the namespace. + + """ + secrets = run_command( + [ + "get", + "secret", + "--field-selector", + "type=kubernetes.io/service-account-token", + "-o", + 'jsonpath="{.items[?(@.metadata.annotations.kubernetes\.io/service-account\.name == "' + + sa_name + + '")].metadata.name}"', + ], + namespace, + as_json=False, + ) + return secrets.strip('"').split() + + +parser = argparse.ArgumentParser(description="Generate KubeConfig with Token") +parser.add_argument("-s", "--service_account", help="Service Account name", required=True) +parser.add_argument("-n", "--namespace", help="Kubernetes namespace", default="kube-system") +parser.add_argument("-c", "--context", help="kubectl context") +parser.add_argument("-o", "--output_file", help="output file path") +args = vars(parser.parse_args()) + +# if the context is not provided we use the current-context +context = args["context"] +if context is None: + context = run_command(["config", "current-context"], args["namespace"], as_json=False) + +cluster_attrs = run_command( + ["config", "get-contexts", context.strip(), "--no-headers"], args["namespace"], as_json=False +) + +cluster_name = cluster_attrs.strip().split()[2] +endpoint = run_command( + [ + "config", + "view", + "-o", + 'jsonpath="{.clusters[?(@.name =="' + cluster_name + '")].cluster.server}"', + ], + args["namespace"], + as_json=False, +) +service_account_info = run_command(["get", "sa", args["service_account"]], args["namespace"]) + +tmpdir = tempfile.TemporaryDirectory() + +# Get the token and ca.crt from service account secret. +sa_secrets = list() + +# Get secrets specified in the service account, there can be multiple +# of them, and not all are service account token secrets. +if "secrets" in service_account_info: + sa_secrets = [secret["name"] for secret in service_account_info["secrets"]] + +# Find the existing additional service account token secrets +sa_secrets.extend(get_secrets_for_sa(args["service_account"], args["namespace"])) + +secret_data = None +for secret in sa_secrets: + secret_data = get_secret_data(secret, args["namespace"]) + if secret_data is not None: + break + +# Kubernetes 1.22+ doesn't create the service account token secret by +# default, we have to create one. +if secret_data is None: + print("No usable secret found for '{}', creating one.".format(args["service_account"])) + token_secret = create_sa_token_secret(tmpdir.name, args["service_account"], args["namespace"]) + secret_data = get_secret_data(token_secret, args["namespace"]) + if secret_data is None: + exit( + "Failed to generate kubeconfig: No usable credentials found for '{}'.".format( + args["service_account"] + ) + ) + + +context_name = "{}-{}".format(args["service_account"], cluster_name) +kube_config = args["output_file"] +if not kube_config: + kube_config = "/tmp/{}.conf".format(args["service_account"]) + + +ca_crt_file_name = os.path.join(tmpdir.name, "ca.crt") +ca_crt_file = open(ca_crt_file_name, "wb") +ca_crt_file.write(base64.b64decode(secret_data["data"]["ca.crt"])) +ca_crt_file.close() + +# create kubeconfig entry +set_cluster_cmd = [ + "config", + "set-cluster", + cluster_name, + "--kubeconfig={}".format(kube_config), + "--server={}".format(endpoint.strip('"')), + "--embed-certs=true", + "--certificate-authority={}".format(ca_crt_file_name), +] +run_command(set_cluster_cmd, as_json=False) + +user_token = base64.b64decode(secret_data["data"]["token"]).decode("utf-8") +set_credentials_cmd = [ + "config", + "set-credentials", + context_name, + "--token={}".format(user_token), + "--kubeconfig={}".format(kube_config), +] +run_command(set_credentials_cmd, as_json=False, log_command=False) + +set_context_cmd = [ + "config", + "set-context", + context_name, + "--cluster={}".format(cluster_name), + "--user={}".format(context_name), + "--kubeconfig={}".format(kube_config), +] +run_command(set_context_cmd, as_json=False) + +use_context_cmd = ["config", "use-context", context_name, "--kubeconfig={}".format(kube_config)] +run_command(use_context_cmd, as_json=False) + +print("Generated the kubeconfig file: {}".format(kube_config)) diff --git a/addons/yugabytedb/2024/chart/yugabytedb/openshift.values.yaml b/addons/yugabytedb/2024/chart/yugabytedb/openshift.values.yaml new file mode 100644 index 00000000..d2784b23 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/openshift.values.yaml @@ -0,0 +1,4 @@ +# OCP compatible values for yugabyte + +Image: + repository: "quay.io/yugabyte/yugabyte-ubi" diff --git a/addons/yugabytedb/2024/chart/yugabytedb/questions.yaml b/addons/yugabytedb/2024/chart/yugabytedb/questions.yaml new file mode 100644 index 00000000..6befa49e --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/questions.yaml @@ -0,0 +1,174 @@ +--- +questions: + ## Default images for yugabyte + - variable: questions.defaultYugabyteDB + default: true + description: "Use default settings for YugabyteDB" + label: Use default + type: boolean + show_subquestion_if: false + group: "YugabyteDB" + subquestions: + - variable: Image.repository + default: "yugabytedb/yugabyte" + required: true + type: string + label: YugabyteDB image repository + description: "YugabyteDB image repository" + - variable: Image.tag + default: "2.5.1.0-b153" + required: true + type: string + label: YugabyteDB image tag + description: "YugabyteDB image tag" + - variable: Image.pullPolicy + default: "IfNotPresent" + required: false + type: enum + options: + - "Always" + - "IfNotPresent" + label: YugabyteDB image pull policy + description: "YugabyteDB image pull policy" + - variable: storage.ephemeral + default: false + required: false + type: boolean + label: YugabyteDB ephemeral storage + description: "Won't allocate PVs when true" + - variable: replicas.master + default: 3 + description: "Number of replicas for Master" + type: int + required: true + label: Replication Factor Master + - variable: replicas.tserver + default: 3 + description: "Number of replicas for TServer" + type: int + required: true + label: Replication Factor TServer + - variable: statefulSetAnnotations + description: Annotations for the StatefulSet + type: dict + required: false + label: "Annotations for the StatefulSet" + - variable: questions.defaultMasterStorage + default: true + description: "Use default storage configurations for YugabyteDB Master" + label: Use default storage configurations + type: boolean + show_subquestion_if: false + group: "Master Storage" + subquestions: + - variable: storage.master.count + default: 2 + required: true + type: int + label: YugabyteDB master storage disk count + description: "YugabyteDB master storage disk count" + - variable: storage.master.size + default: "10Gi" + required: true + type: string + label: YugabyteDB master storage size + description: "YugabyteDB master storage size" + - variable: storage.master.storageClass + default: "" + required: false + type: storageclass + label: YugabyteDB master storage class + description: "YugabyteDB master storage class" + - variable: questions.defaultTServerStorage + default: true + description: "Use default storage configurations for YugabyteDB TServer" + label: Use default storage configuration + type: boolean + show_subquestion_if: false + group: "TServer Storage" + subquestions: + - variable: storage.tserver.count + default: 2 + required: true + type: int + label: YugabyteDB TServer storage disk count + description: "YugabyteDB TServer storage disk count" + - variable: storage.tserver.size + default: "10Gi" + required: true + type: string + label: YugabyteDB TServer storage size + description: "YugabyteDB TServer storage size" + - variable: storage.tserver.storageClass + default: "" + required: false + type: storageclass + label: YugabyteDB TServer storage class + description: "YugabyteDB TServer storage class" + ## Default resources + - variable: questions.defaultResources + default: true + description: "Use default resources for YugabyteDB" + label: Use default resources + type: boolean + show_subquestion_if: false + group: "Resources" + subquestions: + - variable: resource.master.requests.cpu + default: "2" + description: "Master vcpu allocation for YugabyteDB" + type: string + required: true + label: vcpu allocation for master + - variable: resource.master.requests.memory + default: "2Gi" + description: "Master RAM allocation for YugabyteDB" + type: string + required: true + label: RAM allocation for master + - variable: resource.tserver.requests.cpu + default: "2" + description: "TServer vcpu allocation for YugabyteDB" + type: string + required: true + label: vcpu allocation for tserver + - variable: resource.tserver.requests.memory + default: "4Gi" + description: "TServer RAM allocation for YugabyteDB" + type: string + required: true + label: RAM allocation for tserver + ## TLS + - variable: tls.enabled + default: false + description: "Enable TLS - TLS disabled by default" + label: Enable TLS + type: boolean + show_subquestion_if: true + group: "TLS" + subquestions: + - variable: tls.nodeToNode + default: true + description: "Node to Node" + type: boolean + required: false + label: Node to Node + - variable: tls.clientToServer + default: true + description: "Client to server" + type: boolean + required: false + label: Client to server + - variable: tls.insecure + default: false + description: "Insecure - no service will connect on unencrypted connection" + type: boolean + required: false + label: Insecure communication + - variable: tls.certManager.enabled + default: false + description: "Use cert-manager to provide cluster certificates" + type: boolean + required: false + label: Cert-Manager Support + diff --git a/addons/yugabytedb/2024/chart/yugabytedb/templates/NOTES.txt b/addons/yugabytedb/2024/chart/yugabytedb/templates/NOTES.txt new file mode 100644 index 00000000..2f90d749 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/templates/NOTES.txt @@ -0,0 +1,29 @@ +1. Get YugabyteDB Pods by running this command: + kubectl --namespace {{ .Release.Namespace }} get pods + +2. Get list of YugabyteDB services that are running: + kubectl --namespace {{ .Release.Namespace }} get services + +3. Get information about the load balancer services: + kubectl get svc --namespace {{ .Release.Namespace }} + +4. Connect to one of the tablet server: + kubectl exec --namespace {{ .Release.Namespace }} -it yb-tserver-0 bash + +5. Run YSQL shell from inside of a tablet server: + kubectl exec --namespace {{ .Release.Namespace }} -it yb-tserver-0 -- /home/yugabyte/bin/ysqlsh -h yb-tserver-0.yb-tservers.{{ .Release.Namespace }} + +6. Cleanup YugabyteDB Pods + For helm 2: + helm delete {{ .Release.Name }} --purge + For helm 3: + helm delete {{ .Release.Name }} -n {{ .Release.Namespace }} + NOTE: You need to manually delete the persistent volume + {{- $root := . -}} + {{- range .Values.Services }} + kubectl delete pvc --namespace {{ $root.Release.Namespace }} -l app={{.label}} + {{- end }} +{{ if $root.Values.yugabytedUi.enabled }} +NOTE: The yugabyted UI is now available and is enabled by default. It requires version 2.21.0 or greater. +If you are using a custom image of YugabyteDB that is older than 2.21.0, please disable the UI by setting yugabytedUi.enabled to false. +{{- end }} diff --git a/addons/yugabytedb/2024/chart/yugabytedb/templates/_helpers.tpl b/addons/yugabytedb/2024/chart/yugabytedb/templates/_helpers.tpl new file mode 100644 index 00000000..1ae79d23 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/templates/_helpers.tpl @@ -0,0 +1,548 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +The components in this chart create additional resources that expand the longest created name strings. +The longest name that gets created of 20 characters, so truncation should be 63-20=43. +*/}} +{{- define "yugabyte.fullname" -}} + {{- if .Values.fullnameOverride -}} + {{- .Values.fullnameOverride | trunc 43 | trimSuffix "-" -}} + {{- else -}} + {{- $name := default .Chart.Name .Values.nameOverride -}} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 43 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 43 | trimSuffix "-" -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Generate common labels. +*/}} +{{- define "yugabyte.labels" }} +heritage: {{ .Values.helm2Legacy | ternary "Tiller" (.Release.Service | quote) }} +release: {{ .Release.Name | quote }} +chart: {{ .Chart.Name | quote }} +component: {{ .Values.Component | quote }} +{{- if .Values.commonLabels}} +{{ toYaml .Values.commonLabels }} +{{- end }} +{{- end }} + +{{/* +Generate app label. +*/}} +{{- define "yugabyte.applabel" }} +{{- if .root.Values.oldNamingStyle }} +app: "{{ .label }}" +{{- else }} +app.kubernetes.io/name: "{{ .label }}" +{{- end }} +{{- end }} + +{{/* +Generate app selector. +*/}} +{{- define "yugabyte.appselector" }} +{{- if .root.Values.oldNamingStyle }} +app: "{{ .label }}" +{{- else }} +app.kubernetes.io/name: "{{ .label }}" +release: {{ .root.Release.Name | quote }} +{{- end }} +{{- end }} + +{{/* +Create secrets in DBNamespace from other namespaces by iterating over envSecrets. +*/}} +{{- define "yugabyte.envsecrets" -}} +{{- range $v := .secretenv }} +{{- if $v.valueFrom.secretKeyRef.namespace }} +{{- $secretObj := (lookup +"v1" +"Secret" +$v.valueFrom.secretKeyRef.namespace +$v.valueFrom.secretKeyRef.name) +| default dict }} +{{- $secretData := (get $secretObj "data") | default dict }} +{{- $secretValue := (get $secretData $v.valueFrom.secretKeyRef.key) | default "" }} +{{- if (and (not $secretValue) (not $v.valueFrom.secretKeyRef.optional)) }} +{{- required (printf "Secret or key missing for %s/%s in namespace: %s" +$v.valueFrom.secretKeyRef.name +$v.valueFrom.secretKeyRef.key +$v.valueFrom.secretKeyRef.namespace) +nil }} +{{- end }} +{{- if $secretValue }} +apiVersion: v1 +kind: Secret +metadata: + {{- $secretfullname := printf "%s-%s-%s-%s" + $.root.Release.Name + $v.valueFrom.secretKeyRef.namespace + $v.valueFrom.secretKeyRef.name + $v.valueFrom.secretKeyRef.key + }} + name: {{ printf "%s-%s-%s-%s-%s-%s" + $.root.Release.Name + ($v.valueFrom.secretKeyRef.namespace | substr 0 5) + ($v.valueFrom.secretKeyRef.name | substr 0 5) + ( $v.valueFrom.secretKeyRef.key | substr 0 5) + (sha256sum $secretfullname | substr 0 4) + ($.suffix) + | lower | replace "." "" | replace "_" "" + }} + namespace: "{{ $.root.Release.Namespace }}" + labels: + {{- include "yugabyte.labels" $.root | indent 4 }} +type: Opaque # should it be an Opaque secret? +data: + {{ $v.valueFrom.secretKeyRef.key }}: {{ $secretValue | quote }} +{{- end }} +{{- end }} +--- +{{- end }} +{{- end }} + +{{/* +Add env secrets to DB statefulset. +*/}} +{{- define "yugabyte.addenvsecrets" -}} +{{- range $v := .secretenv }} +- name: {{ $v.name }} + valueFrom: + secretKeyRef: + {{- if $v.valueFrom.secretKeyRef.namespace }} + {{- $secretfullname := printf "%s-%s-%s-%s" + $.root.Release.Name + $v.valueFrom.secretKeyRef.namespace + $v.valueFrom.secretKeyRef.name + $v.valueFrom.secretKeyRef.key + }} + name: {{ printf "%s-%s-%s-%s-%s-%s" + $.root.Release.Name + ($v.valueFrom.secretKeyRef.namespace | substr 0 5) + ($v.valueFrom.secretKeyRef.name | substr 0 5) + ($v.valueFrom.secretKeyRef.key | substr 0 5) + (sha256sum $secretfullname | substr 0 4) + ($.suffix) + | lower | replace "." "" | replace "_" "" + }} + {{- else }} + name: {{ $v.valueFrom.secretKeyRef.name }} + {{- end }} + key: {{ $v.valueFrom.secretKeyRef.key }} + optional: {{ $v.valueFrom.secretKeyRef.optional | default "false" }} +{{- end }} +{{- end }} +{{/* +Create Volume name. +*/}} +{{- define "yugabyte.volume_name" -}} + {{- printf "%s-datadir" (include "yugabyte.fullname" .) -}} +{{- end -}} + +{{/* +Derive the memory hard limit in bytes for Master and Tserver components based on +a given memory size and a limit percentage. + +The function expects two parameters: +1. 'size': Specifies memory in 'G' or 'Gi' format (e.g., "2Gi"). +2. 'limitPercent': An integer representing the percentage of the memory limit (e.g., 85 for 85%). + +It uses a base multiplier of 1000 for 'G' units and 1024 for 'Gi' units. +*/}} +{{- define "yugabyte.memory_hard_limit" -}} + {{- $baseMultiplier := 1000 -}} + {{- if .size | toString | hasSuffix "Gi" -}} + {{- $baseMultiplier = 1024 -}} + {{- end -}} + {{- $limit_percent := .limitPercent -}} + {{- $multiplier := int (div (mul $limit_percent $baseMultiplier) 100) -}} + {{- printf "%d" .size | regexFind "\\d+" | mul $baseMultiplier | mul $baseMultiplier | mul $multiplier -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "yugabyte.chart" -}} + {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Generate a preflight check script invocation. +*/}} +{{- define "yugabyte.preflight_check" -}} +{{- if not .Values.preflight.skipAll -}} +{{- $port := .Preflight.Port -}} +{{- range $addr := split "," .Preflight.Addr -}} +if [ -f /home/yugabyte/tools/k8s_preflight.py ]; then + PYTHONUNBUFFERED="true" /home/yugabyte/tools/k8s_preflight.py \ + dnscheck \ + --addr="{{ $addr }}" \ +{{- if not $.Values.preflight.skipBind }} + --port="{{ $port }}" +{{- else }} + --skip_bind +{{- end }} +fi && \ +{{ end }} +{{- end }} +{{- end }} + +{{/* +Get YugaByte fs data directories. +*/}} +{{- define "yugabyte.fs_data_dirs" -}} + {{- range $index := until (int (.count)) -}} + {{- if ne $index 0 }},{{ end }}/mnt/disk{{ $index -}} + {{- end -}} +{{- end -}} + +{{/* +Get files from fs data directories for readiness / liveness probes. +*/}} +{{- define "yugabyte.fs_data_dirs_probe_files" -}} + {{- range $index := until (int (.count)) -}} + {{- if ne $index 0 }} {{ end }}"/mnt/disk{{ $index -}}/disk.check" + {{- end -}} +{{- end -}} + + +{{/* +Command to do a disk write and sync for liveness probes. +*/}} +{{- define "yugabyte.fs_data_dirs_probe" -}} +echo "disk check at: $(date)" \ + | tee {{ template "yugabyte.fs_data_dirs_probe_files" . }} \ + && sync {{ template "yugabyte.fs_data_dirs_probe_files" . }} +{{- end -}} + + +{{/* +Generate server FQDN. +*/}} +{{- define "yugabyte.server_fqdn" -}} + {{- if .Values.multicluster.createServicePerPod -}} + {{- printf "$(HOSTNAME).$(NAMESPACE).svc.%s" .Values.domainName -}} + {{- else if (and .Values.oldNamingStyle .Values.multicluster.createServiceExports) -}} + {{ $membershipName := required "A valid membership name is required! Please set multicluster.kubernetesClusterId" .Values.multicluster.kubernetesClusterId }} + {{- printf "$(HOSTNAME).%s.%s.$(NAMESPACE).svc.clusterset.local" $membershipName .Service.name -}} + {{- else if .Values.oldNamingStyle -}} + {{- printf "$(HOSTNAME).%s.$(NAMESPACE).svc.%s" .Service.name .Values.domainName -}} + {{- else -}} + {{- if .Values.multicluster.createServiceExports -}} + {{ $membershipName := required "A valid membership name is required! Please set multicluster.kubernetesClusterId" .Values.multicluster.kubernetesClusterId }} + {{- printf "$(HOSTNAME).%s.%s-%s.$(NAMESPACE).svc.clusterset.local" $membershipName (include "yugabyte.fullname" .) .Service.name -}} + {{- else -}} + {{- printf "$(HOSTNAME).%s-%s.$(NAMESPACE).svc.%s" (include "yugabyte.fullname" .) .Service.name .Values.domainName -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Generate server broadcast address. +*/}} +{{- define "yugabyte.server_broadcast_address" -}} + {{- include "yugabyte.server_fqdn" . }}:{{ index .Service.ports "tcp-rpc-port" -}} +{{- end -}} + +{{/* +Generate server RPC bind address. + +In case of multi-cluster services (MCS), we set it to $(POD_IP) to +ensure YCQL uses a resolvable address. +See https://github.com/yugabyte/yugabyte-db/issues/16155 + +We use a workaround for above in case of Istio by setting it to +$(POD_IP) and localhost. Master doesn't support that combination, so +we stick to 0.0.0.0, which works for master. +*/}} +{{- define "yugabyte.rpc_bind_address" -}} + {{- $port := index .Service.ports "tcp-rpc-port" -}} + {{- if .Values.istioCompatibility.enabled -}} + {{- if (eq .Service.name "yb-masters") -}} + 0.0.0.0:{{ $port }} + {{- else -}} + $(POD_IP):{{ $port }},127.0.0.1:{{ $port }} + {{- end -}} + {{- else if (or .Values.multicluster.createServiceExports .Values.multicluster.createServicePerPod) -}} + $(POD_IP):{{ $port }} + {{- else -}} + {{- include "yugabyte.server_fqdn" . -}} + {{- end -}} +{{- end -}} + +{{/* +Generate server web interface. +*/}} +{{- define "yugabyte.webserver_interface" -}} + {{- eq .Values.ip_version_support "v6_only" | ternary "[::]" "0.0.0.0" -}} +{{- end -}} + +{{/* +Generate server CQL proxy bind address. +*/}} +{{- define "yugabyte.cql_proxy_bind_address" -}} + {{- if or .Values.istioCompatibility.enabled .Values.multicluster.createServiceExports .Values.multicluster.createServicePerPod -}} + 0.0.0.0:{{ index .Service.ports "tcp-yql-port" -}} + {{- else -}} + {{- include "yugabyte.server_fqdn" . -}} + {{- end -}} +{{- end -}} + +{{/* +Generate server PGSQL proxy bind address. +*/}} +{{- define "yugabyte.pgsql_proxy_bind_address" -}} + {{- eq .Values.ip_version_support "v6_only" | ternary "[::]" "0.0.0.0" -}}:{{ index .Service.ports "tcp-ysql-port" -}} +{{- end -}} + +{{/* +Get YugaByte master addresses +*/}} +{{- define "yugabyte.master_addresses" -}} + {{- $master_replicas := .Values.replicas.master | int -}} + {{- $domain_name := .Values.domainName -}} + {{- $newNamingStylePrefix := printf "%s-" (include "yugabyte.fullname" .) -}} + {{- $prefix := ternary "" $newNamingStylePrefix $.Values.oldNamingStyle -}} + {{- range .Values.Services -}} + {{- if eq .name "yb-masters" -}} + {{- range $index := until $master_replicas -}} + {{- if ne $index 0 }},{{ end -}} + {{- $prefix }}yb-master-{{ $index }}.{{ $prefix }}yb-masters.$(NAMESPACE).svc.{{ $domain_name }}:7100 + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Compute the maximum number of unavailable pods based on the number of master replicas +*/}} +{{- define "yugabyte.max_unavailable_for_quorum" -}} + {{- $master_replicas_100x := .Values.replicas.master | int | mul 100 -}} + {{- $max_unavailable_master_replicas := 100 | div (100 | sub (2 | div ($master_replicas_100x | add 100))) -}} + {{- printf "%d" $max_unavailable_master_replicas -}} +{{- end -}} + +{{/* +Set consistent issuer name. +*/}} +{{- define "yugabyte.tls_cm_issuer" -}} + {{- if .Values.tls.certManager.bootstrapSelfsigned -}} + {{ .Values.oldNamingStyle | ternary "yugabyte-selfsigned" (printf "%s-selfsigned" (include "yugabyte.fullname" .)) }} + {{- else -}} + {{ .Values.tls.certManager.useClusterIssuer | ternary .Values.tls.certManager.clusterIssuer .Values.tls.certManager.issuer}} + {{- end -}} +{{- end -}} + +{{/* + Verify the extraVolumes and extraVolumeMounts mappings. + Every extraVolumes should have extraVolumeMounts +*/}} +{{- define "yugabyte.isExtraVolumesMappingExists" -}} + {{- $lenExtraVolumes := len .extraVolumes -}} + {{- $lenExtraVolumeMounts := len .extraVolumeMounts -}} + + {{- if and (eq $lenExtraVolumeMounts 0) (gt $lenExtraVolumes 0) -}} + {{- fail "You have not provided the extraVolumeMounts for extraVolumes." -}} + {{- else if and (eq $lenExtraVolumes 0) (gt $lenExtraVolumeMounts 0) -}} + {{- fail "You have not provided the extraVolumes for extraVolumeMounts." -}} + {{- else if and (gt $lenExtraVolumes 0) (gt $lenExtraVolumeMounts 0) -}} + {{- $volumeMountsList := list -}} + {{- range .extraVolumeMounts -}} + {{- $volumeMountsList = append $volumeMountsList .name -}} + {{- end -}} + + {{- $volumesList := list -}} + {{- range .extraVolumes -}} + {{- $volumesList = append $volumesList .name -}} + {{- end -}} + + {{- range $volumesList -}} + {{- if not (has . $volumeMountsList) -}} + {{- fail (printf "You have not provided the extraVolumeMounts for extraVolume %s" .) -}} + {{- end -}} + {{- end -}} + + {{- range $volumeMountsList -}} + {{- if not (has . $volumesList) -}} + {{- fail (printf "You have not provided the extraVolumes for extraVolumeMounts %s" .) -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* + Default nodeAffinity for multi-az deployments +*/}} +{{- define "yugabyte.multiAZNodeAffinity" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: failure-domain.beta.kubernetes.io/zone + operator: In + values: + - {{ quote .Values.AZ }} + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - {{ quote .Values.AZ }} +{{- end -}} + +{{/* + Default podAntiAffinity for master and tserver + + This requires "appLabelArgs" to be passed in - defined in service.yaml + we have a .root and a .label in appLabelArgs +*/}} +{{- define "yugabyte.podAntiAffinity" -}} +preferredDuringSchedulingIgnoredDuringExecution: +- weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + {{- if .root.Values.oldNamingStyle }} + - key: app + operator: In + values: + - "{{ .label }}" + {{- else }} + - key: app.kubernetes.io/name + operator: In + values: + - "{{ .label }}" + - key: release + operator: In + values: + - {{ .root.Release.Name | quote }} + {{- end }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* + YB Master ports +*/}} +{{- define "yugabyte.yb_masters.ports" -}} +{{- $masterPorts := dict -}} +{{- range .Values.Services -}} + {{- if eq .name "yb-masters" -}} + {{- range $key, $value := .ports -}} + {{- $masterPorts = set $masterPorts $key $value -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- toYaml $masterPorts -}} +{{- end -}} + +{{/* + Readiness Probe for Master +*/}} +{{- define "yugabyte.master.readinessProbe" -}} +{{- if .Values.master.customReadinessProbe -}} +{{- toYaml .Values.master.customReadinessProbe }} +{{- else if .Values.master.readinessProbe.enabled -}} +{{- toYaml (omit .Values.master.readinessProbe "enabled") }} +httpGet: + path: / + port: {{ index (include "yugabyte.yb_masters.ports" .| fromYaml) "http-ui" }} +{{- end -}} +{{- end -}} + +{{/* + YB Tservers ports +*/}} +{{- define "yugabyte.yb_tservers.ports" -}} +{{- $tserverPorts := dict -}} +{{- range .Values.Services }} + {{- if eq .name "yb-tservers" }} + {{- range $key, $value := .ports }} + {{- $tserverPorts = set $tserverPorts $key $value }} + {{- end }} + {{- end }} +{{- end }} +{{- toYaml $tserverPorts -}} +{{- end -}} + +{{/* + Readiness Probe for Tserver + Use ".Values.authCredentials.ysql.password" while setting ysql credentials through YB DB values.yaml + Use ".Values.gflags.tserver.ysql_enable_auth" while setting ysql credentials through YBA +*/}} +{{- define "yugabyte.tserver.readinessProbe" -}} +{{- if .Values.tserver.customReadinessProbe -}} +{{- toYaml .Values.tserver.customReadinessProbe }} +{{- else if .Values.tserver.readinessProbe.enabled -}} +{{- toYaml (omit .Values.tserver.readinessProbe "enabled") }} +exec: + command: + - bash + - -v + - -c + - | + {{- if not .Values.disableYsql }} + {{- if (or .Values.authCredentials.ysql.password (eq .Values.gflags.tserver.ysql_enable_auth "true")) }} + unix_socket=$(find /tmp -name ".yb.*"); + ysqlsh_output=$(ysqlsh -U yugabyte -h "${unix_socket}" -d system_platform -c "\\conninfo"); + exit_code="$?"; + {{- else }} + ysqlsh_output=$(ysqlsh -U yugabyte -h 127.0.0.1 -p {{ index (include "yugabyte.yb_tservers.ports" . | fromYaml) "tcp-ysql-port" }} -d system_platform -c "\\conninfo"); + exit_code="$?"; + {{- end }} + + if [[ $exit_code -ne 0 ]]; then + echo "Error while executing ysqlsh command. Exit code: ${exit_code}"; + echo "Error: ${ysqlsh_output}"; + exit "${exit_code}" + fi + {{- end }} + + {{- if not (eq .Values.gflags.tserver.start_cql_proxy "false") }} + {{- if (and .Values.tls.enabled .Values.tls.clientToServer) }} + ycqlsh_output=$(ycqlsh --debug --ssl -e "SHOW HOST" "$HOSTNAME" {{ index (include "yugabyte.yb_tservers.ports" . | fromYaml) "tcp-yql-port" }} 2>&1); + {{- else }} + ycqlsh_output=$(ycqlsh --debug -e "SHOW HOST" "$HOSTNAME" {{ index (include "yugabyte.yb_tservers.ports" . | fromYaml) "tcp-yql-port" }} 2>&1); + {{- end }} + exit_code="$?"; + + if [[ $exit_code -ne 0 && "${ycqlsh_output}" != *"Remote end requires authentication"* ]]; then + echo "Error while executing ycqlsh command. Exit code: ${exit_code}"; + echo "Error: ${ycqlsh_output}"; + exit "${exit_code}" + fi + {{- end }} + + exit 0 +{{- end -}} +{{- end -}} + +{{/* + Startup Probe for Master +*/}} +{{- define "yugabyte.master.startupProbe" -}} +{{- if .Values.master.customStartupProbe -}} +{{- toYaml .Values.master.customStartupProbe }} +{{- else if .Values.master.startupProbe.enabled -}} +{{- toYaml (omit .Values.master.startupProbe "enabled") }} +tcpSocket: + port: {{ index (include "yugabyte.yb_masters.ports" .| fromYaml) "tcp-rpc-port" }} +{{- end -}} +{{- end -}} + +{{/* + Startup Probe for Tserver +*/}} +{{- define "yugabyte.tserver.startupProbe" -}} +{{- if .Values.tserver.customStartupProbe -}} +{{- toYaml .Values.tserver.customStartupProbe }} +{{- else if .Values.tserver.startupProbe.enabled -}} +{{- toYaml (omit .Values.tserver.startupProbe "enabled") }} +tcpSocket: + port: {{ index (include "yugabyte.yb_tservers.ports" .| fromYaml) "tcp-rpc-port" }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/addons/yugabytedb/2024/chart/yugabytedb/templates/bind.yaml b/addons/yugabytedb/2024/chart/yugabytedb/templates/bind.yaml new file mode 100644 index 00000000..e1ea2b53 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/templates/bind.yaml @@ -0,0 +1,33 @@ +credential: + - name: TSERVER_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yb-tserver-service + jsonpath: '{ .spec.clusterIP }' + - name: TSERVER_EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yb-tserver-service + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: UI_EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yugabyted-ui-service + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: UI_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yugabyted-ui-service + jsonpath: '{ .spec.clusterIP }' + - name: MASTER_UI_EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yb-master-ui + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: MASTER_UI_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yb-master-ui + jsonpath: '{ .spec.clusterIP }' + - name: TSERVER_PORT + value: "5433" \ No newline at end of file diff --git a/addons/yugabytedb/2024/chart/yugabytedb/templates/certificates.yaml b/addons/yugabytedb/2024/chart/yugabytedb/templates/certificates.yaml new file mode 100644 index 00000000..07fc2e5f --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/templates/certificates.yaml @@ -0,0 +1,150 @@ +{{- $root := . -}} +--- +{{- if $root.Values.tls.certManager.enabled }} +{{- if $root.Values.tls.certManager.bootstrapSelfsigned }} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ (printf "%s-bootstrap" (include "yugabyte.tls_cm_issuer" $root)) | quote }} + namespace: "{{ $root.Release.Namespace }}" +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $root.Values.oldNamingStyle | ternary "yugabyte-ca" (printf "%s-ca" (include "yugabyte.fullname" $root)) }} + namespace: "{{ $root.Release.Namespace }}" +spec: + isCA: true + privateKey: + algorithm: {{ $root.Values.tls.certManager.certificates.algorithm | quote }} + encoding: PKCS8 + size: {{ $root.Values.tls.certManager.certificates.keySize }} + commonName: Yugabyte Selfsigned CA + secretName: {{ $root.Values.oldNamingStyle | ternary "yugabyte-ca" (printf "%s-ca" (include "yugabyte.fullname" $root)) }} + issuerRef: + name: {{ (printf "%s-bootstrap" (include "yugabyte.tls_cm_issuer" $root)) | quote }} + kind: Issuer +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ include "yugabyte.tls_cm_issuer" $root | quote }} + namespace: "{{ $root.Release.Namespace }}" +spec: + ca: + secretName: {{ $root.Values.oldNamingStyle | ternary "yugabyte-ca" (printf "%s-ca" (include "yugabyte.fullname" $root)) }} +--- +{{- else }} +{{/* when bootstrapSelfsigned = false, ie. when using an external CA. +Create a Secret with just the rootCA.cert value and mount into master/tserver pods. +This will be used as a fall back in case the Secret generated by cert-manager does not +have a root ca.crt. This can happen for certain certificate issuers like LetsEncrypt. +*/}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-root-ca" (include "yugabyte.fullname" $root) }} + namespace: "{{ $root.Release.Namespace }}" + labels: + {{- include "yugabyte.labels" $root | indent 4 }} +type: Opaque +data: + ca.crt: {{ $root.Values.tls.rootCA.cert }} +--- +{{- end }} + + +{{/* +The below Certificate resource will trigger cert-manager to issue crt/key into Secrets. +These secrets are mounted into master/tserver pods. +*/}} +{{- range .Values.Services }} +{{- $service := . -}} +{{- $appLabelArgs := dict "label" .label "root" $root -}} +{{- $serviceValues := (dict "Service" $service "Values" $root.Values "Chart" $root.Chart "Release" $root.Release) -}} +{{- $replicas := (eq .name "yb-masters") | ternary $root.Values.replicas.master $root.Values.replicas.tserver -}} + +{{- if (gt (int $replicas) 0) }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" $service.label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) $service.label) }} + namespace: "{{ $root.Release.Namespace }}" +spec: + secretTemplate: + labels: + {{- include "yugabyte.applabel" ($appLabelArgs) | indent 6 }} + {{- include "yugabyte.labels" $root | indent 6 }} + issuerRef: + name: {{ include "yugabyte.tls_cm_issuer" $root | quote }} + {{- if $root.Values.tls.certManager.useClusterIssuer }} + kind: ClusterIssuer + {{- else }} + kind: Issuer + {{- end }} + secretName: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" $service.label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) $service.label) }} + duration: {{ $root.Values.tls.certManager.certificates.duration | quote }} + renewBefore: {{ $root.Values.tls.certManager.certificates.renewBefore | quote }} + isCA: false + privateKey: + algorithm: {{ $root.Values.tls.certManager.certificates.algorithm | quote }} + encoding: PKCS8 + size: {{ $root.Values.tls.certManager.certificates.keySize }} + rotationPolicy: Always + usages: + - server auth + - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + {{- range $index := until ( int ( $replicas ) ) }} + {{- $nodeOldStyle := printf "%s-%d.%s.%s.svc.%s" $service.label $index $service.name $root.Release.Namespace $root.Values.domainName }} + {{- $nodeNewStyle := printf "%s-%s-%d.%s-%s.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace $root.Values.domainName }} + {{- $node := $root.Values.oldNamingStyle | ternary $nodeOldStyle $nodeNewStyle }} + - {{$node}} + {{- end }} + - {{ printf "%s-%s.%s.svc.%s" (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace $root.Values.domainName }} + uris: [] + ipAddresses: [] +--- +{{- end }} +{{- end }} + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} + namespace: "{{ $root.Release.Namespace }}" +spec: + secretTemplate: + labels: + {{- include "yugabyte.labels" $root | indent 6 }} + issuerRef: + name: {{ include "yugabyte.tls_cm_issuer" $root | quote }} + {{- if $root.Values.tls.certManager.useClusterIssuer }} + kind: ClusterIssuer + {{- else }} + kind: Issuer + {{- end }} + secretName: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} + duration: {{ $root.Values.tls.certManager.certificates.duration | quote }} + renewBefore: {{ $root.Values.tls.certManager.certificates.renewBefore | quote }} + commonName: yugabyte + isCA: false + privateKey: + algorithm: {{ $root.Values.tls.certManager.certificates.algorithm | quote }} + encoding: PKCS8 + size: {{ $root.Values.tls.certManager.certificates.keySize }} + rotationPolicy: Always + usages: + - client auth + dnsNames: [] + uris: [] + ipAddresses: [] +--- +{{- end }} diff --git a/addons/yugabytedb/2024/chart/yugabytedb/templates/debug_config_map.yaml b/addons/yugabytedb/2024/chart/yugabytedb/templates/debug_config_map.yaml new file mode 100644 index 00000000..a15c4fc9 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/templates/debug_config_map.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "yugabyte.fullname" . }}-master-hooks + namespace: "{{ .Release.Namespace }}" +data: +{{- range $index := until ( int ( .Values.replicas.master ) ) }} + yb-master-{{.}}-pre_debug_hook.sh: "echo 'hello-from-pre' " + yb-master-{{.}}-post_debug_hook.sh: "echo 'hello-from-post' " +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "yugabyte.fullname" . }}-tserver-hooks + namespace: "{{ .Release.Namespace }}" +data: +{{- range $index := until ( int ( .Values.replicas.tserver) ) }} + yb-tserver-{{.}}-pre_debug_hook.sh: "echo 'hello-from-pre' " + yb-tserver-{{.}}-post_debug_hook.sh: "echo 'hello-from-post' " +{{- end }} +--- diff --git a/addons/yugabytedb/2024/chart/yugabytedb/templates/hooks/setup-credentials-job.yaml b/addons/yugabytedb/2024/chart/yugabytedb/templates/hooks/setup-credentials-job.yaml new file mode 100644 index 00000000..1bde38cb --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/templates/hooks/setup-credentials-job.yaml @@ -0,0 +1,80 @@ +{{- if or .Values.authCredentials.ycql.user .Values.authCredentials.ycql.password .Values.authCredentials.ycql.keyspace .Values.authCredentials.ysql.password .Values.authCredentials.ysql.user .Values.authCredentials.ysql.database }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "yugabyte.fullname" . }}-setup-credentials + namespace: "{{ .Release.Namespace }}" + labels: + app: "setup-credentials" + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + component: "{{ .Values.Component }}" + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + backoffLimit: 2 + template: + metadata: + name: "setup-credentials" + labels: + app: "setup-credentials" + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + component: "{{ .Values.Component }}" + spec: + restartPolicy: Never + containers: + - name: setup-credentials + image: "{{ .Values.Image.repository }}:{{ .Values.Image.tag }}" + env: + {{- if .Values.authCredentials.ysql.user }} + - name: YSQL_USER + value: "{{ .Values.authCredentials.ysql.user }}" + {{- end }} + {{- if .Values.authCredentials.ysql.password }} + - name: YSQL_PASSWORD + value: "{{ .Values.authCredentials.ysql.password }}" + {{- end }} + {{- if .Values.authCredentials.ysql.database }} + - name: YSQL_DB + value: "{{ .Values.authCredentials.ysql.database }}" + {{- end }} + {{- if .Values.authCredentials.ycql.user }} + - name: YCQL_USER + value: "{{ .Values.authCredentials.ycql.user }}" + {{- end }} + {{- if .Values.authCredentials.ycql.password }} + - name: YCQL_PASSWORD + value: "{{ .Values.authCredentials.ycql.password }}" + {{- end }} + {{- if .Values.authCredentials.ycql.keyspace }} + - name: YCQL_KEYSPACE + value: "{{ .Values.authCredentials.ycql.keyspace }}" + {{- end }} + {{- if .Values.tls.enabled }} + - name: SSL_CERTFILE + value: "/root/.yugabytedb/root.crt" + {{- end }} + command: + - 'bash' + - '/home/yugabyte/bin/setup-credentials/setup-credentials.sh' + volumeMounts: + - name: setup-credentials-script + mountPath: "/home/yugabyte/bin/setup-credentials" + {{- if .Values.tls.enabled }} + - name: yugabyte-tls-client-cert + mountPath: "/root/.yugabytedb/" + {{- end }} + volumes: + - name: setup-credentials-script + configMap: + name: {{ include "yugabyte.fullname" . }}-setup-credentials-script + {{- if .Values.tls.enabled }} + - name: yugabyte-tls-client-cert + secret: + secretName: {{ .Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" . )) }} + defaultMode: 256 + {{- end }} +{{- end }} diff --git a/addons/yugabytedb/2024/chart/yugabytedb/templates/master-servicemonitor.yaml b/addons/yugabytedb/2024/chart/yugabytedb/templates/master-servicemonitor.yaml new file mode 100644 index 00000000..0e3c4314 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/templates/master-servicemonitor.yaml @@ -0,0 +1,51 @@ +{{- if and .Values.serviceMonitor.enabled .Values.serviceMonitor.master.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "yugabyte.fullname" . }}-yb-master + labels: + {{- if .Values.oldNamingStyle }} + app: "yb-master" + {{- else }} + app.kubernetes.io/name: "yb-master" + {{- end }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + component: "{{ .Values.Component }}" + {{- with .Values.serviceMonitor.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + jobLabel: "release" + selector: + matchLabels: + {{- if .Values.oldNamingStyle }} + app: "yb-master" + {{- else }} + app.kubernetes.io/name: "yb-master" + {{- end }} + release: {{ .Release.Name | quote }} + service-type: "headless" + endpoints: + + {{- with .Values.serviceMonitor.master }} + {{- if .enabled }} + - port: {{ .port }} + path: {{ .path }} + {{- if .interval }} + interval: {{ .interval }} + {{- else }} + interval: {{ $.Values.serviceMonitor.interval }} + {{- end }} + relabelings: + - targetLabel: "group" + replacement: "yb-master" + - targetLabel: "export_type" + replacement: "master_export" + - targetLabel: "node_prefix" + replacement: {{ $.Release.Name | quote }} + metricRelabelings: + {{- toYaml $.Values.serviceMonitor.commonMetricRelabelings | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/yugabytedb/2024/chart/yugabytedb/templates/multicluster/common-tserver-service.yaml b/addons/yugabytedb/2024/chart/yugabytedb/templates/multicluster/common-tserver-service.yaml new file mode 100644 index 00000000..68f250d2 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/templates/multicluster/common-tserver-service.yaml @@ -0,0 +1,23 @@ +{{- if (and .Values.multicluster.createCommonTserverService (not .Values.oldNamingStyle)) }} +{{- range $service := .Values.serviceEndpoints }} +{{- if eq $service.name "yb-tserver-service" }} +{{- $appLabelArgs := dict "label" $service.app "root" $ -}} +apiVersion: v1 +kind: Service +metadata: + name: "yb-tserver-common" + labels: + {{- include "yugabyte.applabel" ($appLabelArgs) | indent 4 }} + {{- include "yugabyte.labels" $ | indent 4 }} +spec: + ports: + {{- range $label, $port := $service.ports }} + - name: {{ $label | quote }} + port: {{ $port }} + {{- end }} + selector: + {{- include "yugabyte.appselector" ($appLabelArgs) | indent 4 }} +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/addons/yugabytedb/2024/chart/yugabytedb/templates/multicluster/mcs-service-export.yaml b/addons/yugabytedb/2024/chart/yugabytedb/templates/multicluster/mcs-service-export.yaml new file mode 100644 index 00000000..eeafcb1b --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/templates/multicluster/mcs-service-export.yaml @@ -0,0 +1,21 @@ +{{- /* + Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#registering_a_service_for_export + https://github.com/kubernetes/enhancements/tree/master/keps/sig-multicluster/1645-multi-cluster-services-api#exporting-services +*/}} +{{- if .Values.multicluster.createServiceExports }} +apiVersion: {{ .Values.multicluster.mcsApiVersion }} +kind: ServiceExport +metadata: + name: {{ .Values.oldNamingStyle | ternary "yb-masters" (printf "%s-%s" (include "yugabyte.fullname" .) "yb-masters") | quote }} + namespace: "{{ .Release.Namespace }}" + labels: + {{- include "yugabyte.labels" . | indent 4 }} +--- +apiVersion: {{ .Values.multicluster.mcsApiVersion }} +kind: ServiceExport +metadata: + name: {{ .Values.oldNamingStyle | ternary "yb-tservers" (printf "%s-%s" (include "yugabyte.fullname" .) "yb-tservers") | quote }} + namespace: "{{ .Release.Namespace }}" + labels: + {{- include "yugabyte.labels" . | indent 4 }} +{{ end -}} diff --git a/addons/yugabytedb/2024/chart/yugabytedb/templates/multicluster/service-per-pod.yaml b/addons/yugabytedb/2024/chart/yugabytedb/templates/multicluster/service-per-pod.yaml new file mode 100644 index 00000000..15e09dce --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/templates/multicluster/service-per-pod.yaml @@ -0,0 +1,34 @@ +{{- if .Values.multicluster.createServicePerPod }} +{{- range $server := .Values.Services }} +{{- range $replicaNum := until (int (ternary $.Values.replicas.master $.Values.replicas.tserver (eq $server.name "yb-masters"))) }} +{{- $appLabelArgs := dict "label" $server.label "root" $ -}} +{{- $podName := $.Values.oldNamingStyle | ternary $server.label (printf "%s-%s" (include "yugabyte.fullname" $) $server.label) -}} +{{- $podName := printf "%s-%d" $podName $replicaNum -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ $podName | quote }} + labels: + {{- include "yugabyte.applabel" ($appLabelArgs) | indent 4 }} + {{- include "yugabyte.labels" $ | indent 4 }} + service-type: "non-endpoint" +spec: + ports: + {{- range $label, $port := $server.ports }} + {{- if (eq $label "grpc-ybc-port") }} + {{- if $.Values.ybc.enabled }} + - name: {{ $label | quote }} + port: {{ $port }} + {{- end }} + {{- else }} + - name: {{ $label | quote }} + port: {{ $port }} + {{- end }} + {{- end}} + selector: + statefulset.kubernetes.io/pod-name: {{ $podName | quote }} + {{- include "yugabyte.appselector" ($appLabelArgs) | indent 4 }} +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/addons/yugabytedb/2024/chart/yugabytedb/templates/service.yaml b/addons/yugabytedb/2024/chart/yugabytedb/templates/service.yaml new file mode 100644 index 00000000..00289783 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/templates/service.yaml @@ -0,0 +1,898 @@ +{{- $root := . -}} +{{- if and (eq $root.Values.tls.enabled true) (eq $root.Values.tls.certManager.enabled false) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} + namespace: "{{ $root.Release.Namespace }}" + labels: + {{- include "yugabyte.labels" $root | indent 4 }} +type: Opaque +data: +{{- if $root.Values.tls.rootCA.key }} +{{- $rootCAClient := buildCustomCert $root.Values.tls.rootCA.cert $root.Values.tls.rootCA.key -}} +{{- $client := genSignedCert "yugabyte" ( default nil ) ( default nil ) 3650 $rootCAClient }} + root.crt: {{ $rootCAClient.Cert | b64enc }} + yugabytedb.crt: {{ $client.Cert | b64enc }} + yugabytedb.key: {{ $client.Key | b64enc }} +{{- else }} + root.crt: {{ $root.Values.tls.rootCA.cert }} + yugabytedb.crt: {{ $root.Values.tls.clientCert.cert }} + yugabytedb.key: {{ $root.Values.tls.clientCert.key }} +{{- end }} +--- +{{- end }} +--- +{{- range .Values.Services }} +{{- $service := . -}} +{{- $appLabelArgs := dict "label" .label "root" $root -}} +{{- $serviceValues := (dict "Service" $service "Values" $root.Values "Chart" $root.Chart "Release" $root.Release) -}} + +{{- if and (eq $root.Values.tls.enabled true) (eq $root.Values.tls.certManager.enabled false) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" $service.label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) $service.label) }} + namespace: "{{ $root.Release.Namespace }}" + labels: + {{- include "yugabyte.applabel" ($appLabelArgs) | indent 4 }} + {{- include "yugabyte.labels" $root | indent 4 }} +type: Opaque +data: +{{- $replicas := (eq .name "yb-masters") | ternary $root.Values.replicas.master $root.Values.replicas.tserver -}} +{{- range $index := until ( int ( $replicas ) ) }} +{{- $nodeOldStyle := printf "%s-%d.%s.%s.svc.%s" $service.label $index $service.name $root.Release.Namespace $root.Values.domainName }} +{{- $nodeNewStyle := printf "%s-%s-%d.%s-%s.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace $root.Values.domainName }} + +{{- if $root.Values.multicluster.createServiceExports -}} + {{- $nodeOldStyle = printf "%s-%d.%s.%s.%s.svc.clusterset.local" $service.label $index $root.Values.multicluster.kubernetesClusterId $service.name $root.Release.Namespace }} + {{- $nodeNewStyle = printf "%s-%s-%d.%s.%s-%s.%s.svc.clusterset.local" (include "yugabyte.fullname" $root) $service.label $index $root.Values.multicluster.kubernetesClusterId (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace }} +{{- end -}} + +{{- if $root.Values.multicluster.createServicePerPod -}} + {{- $nodeOldStyle = printf "%s-%d.%s.svc.%s" $service.label $index $root.Release.Namespace $root.Values.domainName }} + {{- $nodeNewStyle = printf "%s-%s-%d.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index $root.Release.Namespace $root.Values.domainName }} +{{- end -}} + +{{- $node := $root.Values.oldNamingStyle | ternary $nodeOldStyle $nodeNewStyle }} +{{- if $root.Values.tls.rootCA.key }} +{{- $dns1 := printf "*.%s-%s.%s" (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace }} +{{- $dns2 := printf "%s.svc.%s" $dns1 $root.Values.domainName }} +{{- if $root.Values.multicluster.createServiceExports -}} + {{- $dns1 = printf "*.%s.%s-%s.%s.svc.clusterset.local" $root.Values.multicluster.kubernetesClusterId (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace }} +{{- end -}} +{{- if $root.Values.multicluster.createServicePerPod -}} + {{- $dns1 = printf "*.%s.svc.%s" $root.Release.Namespace $root.Values.domainName }} +{{- end -}} +{{- $rootCA := buildCustomCert $root.Values.tls.rootCA.cert $root.Values.tls.rootCA.key -}} +{{- $server := genSignedCert $node ( default nil ) (list $node $dns1 $dns2 ) 3650 $rootCA }} + node.{{$node}}.crt: {{ $server.Cert | b64enc }} + node.{{$node}}.key: {{ $server.Key | b64enc }} +{{- else }} + node.{{$node}}.crt: {{ $root.Values.tls.nodeCert.cert }} + node.{{$node}}.key: {{ $root.Values.tls.nodeCert.key }} +{{- end }} +{{- end }} + ca.crt: {{ $root.Values.tls.rootCA.cert }} +{{- end }} + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $root.Values.oldNamingStyle | ternary .name (printf "%s-%s" (include "yugabyte.fullname" $root) .name) | quote }} + labels: + {{- include "yugabyte.applabel" ($appLabelArgs) | indent 4 }} + {{- include "yugabyte.labels" $root | indent 4 }} + service-type: "headless" +spec: + clusterIP: None + {{- if (or (include "yugabyte.master.readinessProbe" $root) (include "yugabyte.tserver.readinessProbe" $root)) }} + publishNotReadyAddresses: true + {{- end }} + ports: + {{- range $label, $port := .ports }} + {{- if (eq $label "grpc-ybc-port") }} + {{- if $root.Values.ybc.enabled }} + - name: {{ $label | quote }} + port: {{ $port }} + {{- end }} + {{- else if (eq $label "yugabyted-ui") }} + {{- if $root.Values.yugabytedUi.enabled }} + - name: {{ $label | quote }} + port: {{ $port }} + {{- end }} + {{- else }} + - name: {{ $label | quote }} + port: {{ $port }} + {{- end }} + {{- end}} + selector: + {{- include "yugabyte.appselector" ($appLabelArgs) | indent 4 }} + +{{- if $root.Values.enableLoadBalancer }} +{{- range $endpoint := $root.Values.serviceEndpoints }} +{{- if eq $service.label $endpoint.app }} +{{- if (or (ne $endpoint.name "yugabyted-ui-service") $root.Values.yugabytedUi.enabled) }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $root.Values.oldNamingStyle | ternary $endpoint.name (printf "%s-%s" (include "yugabyte.fullname" $root) $endpoint.name) | quote }} + annotations: +{{ toYaml $endpoint.annotations | indent 4 }} + labels: + {{- include "yugabyte.applabel" ($appLabelArgs) | indent 4 }} + {{- include "yugabyte.labels" $root | indent 4 }} + service-type: "endpoint" +spec: + {{- if eq $root.Release.Service "Tiller" }} + clusterIP: + {{- else }} + {{- if $endpoint.clusterIP }} + clusterIP: {{ $endpoint.clusterIP }} + {{- end }} + {{- end }} + ports: + {{- range $label, $port := $endpoint.ports }} + - name: {{ $label | quote }} + port: {{ $port }} + {{- end}} + selector: + {{- if eq $endpoint.name "yugabyted-ui-service"}} + yugabytedUi: "true" + {{- else }} + {{- include "yugabyte.appselector" ($appLabelArgs) | indent 4 }} + {{- end }} + type: {{ $root.Values.service.type }} + externalTrafficPolicy: {{ $endpoint.externalTrafficPolicy | default "Cluster" }} + {{- if $endpoint.loadBalancerIP }} + loadBalancerIP: {{ $endpoint.loadBalancerIP }} + {{- end }} + {{- if eq $endpoint.name "yugabyted-ui-service"}} + sessionAffinity: {{ $endpoint.sessionAffinity }} + {{- end }} +{{- end}} +{{- end}} +{{- end}} +{{- end}} + +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ $root.Values.oldNamingStyle | ternary .label (printf "%s-%s" (include "yugabyte.fullname" $root) .label) | quote }} + namespace: "{{ $root.Release.Namespace }}" + labels: + {{- include "yugabyte.applabel" ($appLabelArgs) | indent 4 }} + {{- include "yugabyte.labels" $root | indent 4 }} + {{- if $root.Values.statefulSetAnnotations }} + annotations: +{{ toYaml $root.Values.statefulSetAnnotations | indent 4 }} + {{- end }} +spec: + serviceName: {{ $root.Values.oldNamingStyle | ternary .name (printf "%s-%s" (include "yugabyte.fullname" $root) .name) | quote }} + podManagementPolicy: {{ $root.Values.PodManagementPolicy }} + {{ if eq .name "yb-masters" }} + replicas: {{ $root.Values.replicas.master }} + {{ else }} + replicas: {{ $root.Values.replicas.tserver }} + {{ end }} + {{- $storageInfo := (eq .name "yb-masters") | ternary $root.Values.storage.master $root.Values.storage.tserver -}} + {{ if not $root.Values.storage.ephemeral }} + {{- if $root.Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ $root.Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ $root.Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + volumeClaimTemplates: + {{- range $index := until (int ($storageInfo.count )) }} + - metadata: + name: {{ $root.Values.oldNamingStyle | ternary (printf "datadir%d" $index) (printf "%s%d" (include "yugabyte.volume_name" $root) $index) }} + {{- if $root.Values.legacyVolumeClaimAnnotations }} + annotations: + volume.beta.kubernetes.io/storage-class: {{ $storageInfo.storageClass | quote }} + {{- end }} + labels: + {{- include "yugabyte.labels" $root | indent 10 }} + spec: + accessModes: + - "ReadWriteOnce" + {{- if $storageInfo.storageClass }} + storageClassName: {{ $storageInfo.storageClass }} + {{- end }} + resources: + requests: + storage: {{ $storageInfo.size }} + {{- end }} + {{- end }} + updateStrategy: + {{- if eq $root.Values.updateStrategy.type "RollingUpdate" }} + type: RollingUpdate + rollingUpdate: + {{- if eq .name "yb-masters" }} + partition: {{ $root.Values.partition.master }} + {{- else }} + partition: {{ $root.Values.partition.tserver }} + {{- end }} + {{- else }} + type: {{ $root.Values.updateStrategy.type }} + {{- end }} + selector: + matchLabels: + {{- include "yugabyte.appselector" ($appLabelArgs) | indent 6 }} + template: + metadata: + {{- if eq .name "yb-masters" }} + {{- if (or $root.Values.networkAnnotation $root.Values.master.podAnnotations $root.Values.tls.enabled) }} + annotations: + {{- with $root.Values.networkAnnotation }}{{ toYaml . | nindent 8 }}{{ end }} + {{- with $root.Values.master.podAnnotations }}{{ toYaml . | nindent 8 }}{{ end }} + {{- if $root.Values.tls.enabled }} + checksum/rootCA: {{ cat $root.Values.tls.rootCA.cert $root.Values.tls.rootCA.key | sha256sum }} + {{- end }} + {{- end }} + {{- else }} + {{- if (or $root.Values.networkAnnotation $root.Values.tserver.podAnnotations $root.Values.tls.enabled) }} + annotations: + {{- with $root.Values.networkAnnotation }}{{ toYaml . | nindent 8 }}{{ end }} + {{- with $root.Values.tserver.podAnnotations }}{{ toYaml . | nindent 8 }}{{ end }} + {{- if $root.Values.tls.enabled }} + checksum/rootCA: {{ cat $root.Values.tls.rootCA.cert $root.Values.tls.rootCA.key | sha256sum }} + {{- end }} + {{- end }} + {{- end }} + labels: + {{- include "yugabyte.applabel" ($appLabelArgs) | indent 8 }} + {{- include "yugabyte.labels" $root | indent 8 }} + {{- if $root.Values.istioCompatibility.enabled }} + sidecar.istio.io/inject: "true" + {{- end }} + {{- if eq .name "yb-masters" }} + {{- with $root.Values.master.podLabels }}{{ toYaml . | nindent 8 }}{{ end }} + {{- else }} + {{- with $root.Values.tserver.podLabels }}{{ toYaml . | nindent 8 }}{{ end }} + {{- end }} + {{- if $root.Values.yugabytedUi.enabled }} + yugabytedUi: "true" + {{- end }} + spec: + {{- if $root.Values.Image.pullSecretName }} + imagePullSecrets: + - name: {{ $root.Values.Image.pullSecretName }} + {{ end }} + {{- if $root.Values.podSecurityContext.enabled }} + securityContext: {{- omit $root.Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if $root.Values.nodeSelector }} + nodeSelector: + {{ toYaml $root.Values.nodeSelector | indent 8 }} + {{- end }} + {{- if eq .name "yb-masters" }} # yb-masters + {{- with $root.Values.master.serviceAccount }} + serviceAccountName: {{ . }} + {{- end }} + {{- if $root.Values.master.tolerations }} + tolerations: + {{- with $root.Values.master.tolerations }}{{ toYaml . | nindent 8 }}{{ end }} + {{- end }} + {{- else }} # yb-tservers + {{- with $root.Values.tserver.serviceAccount }} + serviceAccountName: {{ . }} + {{- end }} + {{- if $root.Values.tserver.tolerations }} + tolerations: + {{- with $root.Values.tserver.tolerations }}{{ toYaml . | nindent 8 }}{{ end }} + {{- end }} + {{- end }} + terminationGracePeriodSeconds: 300 + affinity: + # Set the anti-affinity selector scope to YB masters and tservers. + {{- $nodeAffinityData := dict}} + {{- if eq .name "yb-masters" -}} + {{- $nodeAffinityData = get $root.Values.master.affinity "nodeAffinity" | default (dict) -}} + {{- else -}} + {{- $nodeAffinityData = get $root.Values.tserver.affinity "nodeAffinity" | default (dict) -}} + {{- end -}} + {{ if $root.Values.AZ }} + {{- $userSelectorTerms := dig "requiredDuringSchedulingIgnoredDuringExecution" "nodeSelectorTerms" "" $nodeAffinityData | default (list) -}} + {{- $baseAffinity := include "yugabyte.multiAZNodeAffinity" $root | fromYaml -}} + {{- $requiredSchedule := (list) -}} + {{- if $userSelectorTerms -}} + {{- range $userSelectorTerms -}} + {{- $userTerm := . -}} + {{- range $baseAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms -}} + {{- $matchExpr := concat .matchExpressions $userTerm.matchExpressions | dict "matchExpressions" -}} + {{- $requiredSchedule = mustMerge $matchExpr $userTerm | append $requiredSchedule -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- $requiredSchedule = $baseAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms -}} + {{- end -}} + + {{- with $baseAffinity.requiredDuringSchedulingIgnoredDuringExecution -}} + {{- $_ := set . "nodeSelectorTerms" $requiredSchedule -}} + {{- end -}} + {{- $nodeAffinityData = mustMerge $baseAffinity $nodeAffinityData -}} + {{- end -}} + + {{- $podAntiAffinityData := dict -}} + {{- $basePodAntiAffinity := include "yugabyte.podAntiAffinity" ($appLabelArgs) | fromYaml -}} + {{- if eq .name "yb-masters" -}} + {{- with $root.Values.master.affinity -}} + {{- $userPodAntiAffinity := get . "podAntiAffinity" | default (dict) -}} + {{- if $userPodAntiAffinity -}} + {{- $preferredList := dig "preferredDuringSchedulingIgnoredDuringExecution" "" $userPodAntiAffinity | default (list) | concat $basePodAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution}} + {{- $_ := set $basePodAntiAffinity "preferredDuringSchedulingIgnoredDuringExecution" $preferredList -}} + {{- end -}} + {{- $podAntiAffinityData = mustMerge $basePodAntiAffinity $userPodAntiAffinity -}} + {{- end -}} + {{- else -}} + {{- with $root.Values.tserver.affinity -}} + {{- $userPodAntiAffinity := get . "podAntiAffinity" | default (dict) -}} + {{- if $userPodAntiAffinity -}} + {{- $preferredList := dig "preferredDuringSchedulingIgnoredDuringExecution" "" $userPodAntiAffinity | default (list) | concat $basePodAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution}} + {{- $_ := set $basePodAntiAffinity "preferredDuringSchedulingIgnoredDuringExecution" $preferredList -}} + {{- end -}} + {{- $podAntiAffinityData = mustMerge $basePodAntiAffinity $userPodAntiAffinity -}} + {{- end -}} + {{- end -}} + + {{- if eq .name "yb-masters" -}} + {{- if $nodeAffinityData -}} + {{- $_ := set $root.Values.master.affinity "nodeAffinity" $nodeAffinityData -}} + {{- end -}} + {{- $_ := set $root.Values.master.affinity "podAntiAffinity" $podAntiAffinityData -}} + {{ toYaml $root.Values.master.affinity | nindent 8 }} + {{- else -}} + {{- if $nodeAffinityData -}} + {{- $_ := set $root.Values.tserver.affinity "nodeAffinity" $nodeAffinityData -}} + {{- end -}} + {{- $_ := set $root.Values.tserver.affinity "podAntiAffinity" $podAntiAffinityData -}} + {{ toYaml $root.Values.tserver.affinity | nindent 8 }} + {{ end }} + {{- with $root.Values.dnsConfig }} + dnsConfig: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $root.Values.dnsPolicy }} + dnsPolicy: {{ . | quote }} + {{- end }} + containers: + - name: "{{ .label }}" + image: "{{ $root.Values.Image.repository }}:{{ $root.Values.Image.tag }}" + imagePullPolicy: {{ $root.Values.Image.pullPolicy }} + lifecycle: + postStart: + exec: + command: + - "bash" + - "-c" + - > + mkdir -p /mnt/disk0/cores; + mkdir -p /mnt/disk0/yb-data/scripts; + if [ ! -f /mnt/disk0/yb-data/scripts/log_cleanup.sh ]; then + if [ -f /home/yugabyte/bin/log_cleanup.sh ]; then + cp /home/yugabyte/bin/log_cleanup.sh /mnt/disk0/yb-data/scripts; + fi; + fi + {{- if (and (not $root.Values.storage.ephemeral) (not $service.skipHealthChecks)) }} + livenessProbe: + exec: + command: + - bash + - -v + - -c + - | + {{- include "yugabyte.fs_data_dirs_probe" $storageInfo | nindent 14 }}; + exit_code="$?"; + echo "disk check exited with: ${exit_code}"; + exit "${exit_code}" + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + {{- if (and (eq .name "yb-masters") (include "yugabyte.master.startupProbe" $root)) }} + startupProbe: {{- include "yugabyte.master.startupProbe" $root | nindent 10 }} + {{- else if (and (eq .name "yb-tservers") (include "yugabyte.tserver.startupProbe" $root)) }} + startupProbe: {{- include "yugabyte.tserver.startupProbe" $root | nindent 10 }} + {{- end }} + {{- end }} + {{- if (and (eq .name "yb-masters") (include "yugabyte.master.readinessProbe" $root)) }} + readinessProbe: {{- include "yugabyte.master.readinessProbe" $root | nindent 10 }} + {{- else if (and (eq .name "yb-tservers") (include "yugabyte.tserver.readinessProbe" $root)) }} + readinessProbe: {{- include "yugabyte.tserver.readinessProbe" $root | nindent 10 }} + {{- end }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: YBDEVOPS_CORECOPY_DIR + value: "/mnt/disk0/cores" + {{- if eq .name "yb-masters" }} + {{- with $root.Values.master.extraEnv }}{{ toYaml . | nindent 8 }}{{- end }} + {{- $data := dict "secretenv" $root.Values.master.secretEnv "root" $root "suffix" "master"}} + {{- include "yugabyte.addenvsecrets" $data | nindent 8 }} + {{- else }} + {{- with $root.Values.tserver.extraEnv }}{{ toYaml . | nindent 8 }}{{- end }} + {{- $data := dict "secretenv" $root.Values.tserver.secretEnv "root" $root "suffix" "tserver" }} + {{- include "yugabyte.addenvsecrets" $data | nindent 8 }} + {{- end }} + {{- if and $root.Values.tls.enabled $root.Values.tls.clientToServer (ne .name "yb-masters") }} + - name: SSL_CERTFILE + value: /root/.yugabytedb/root.crt + {{- end }} + resources: + {{- if eq .name "yb-masters" }} +{{ toYaml $root.Values.resource.master | indent 10 }} + {{ else }} +{{ toYaml $root.Values.resource.tserver | indent 10 }} + {{ end }} + # core dumps are collected to workingDir if + # kernel.core_pattern is set to a relative path like + # core.%e.%p.%t ref: + # https://github.com/yugabyte/charts/issues/11 + workingDir: "/mnt/disk0/cores" + command: + - "/sbin/tini" + - "--" + args: + - "/bin/bash" + - "-c" + - | + {{- if and (not $root.Values.preflight.skipUlimit) (not $root.Values.preflight.skipAll) }} + if [ -f /home/yugabyte/tools/k8s_preflight.py ]; then + /home/yugabyte/tools/k8s_preflight.py all + fi && \ + {{- end }} + {{- if (and (not $root.Values.storage.ephemeral) (not $root.Values.preflight.skipAll)) }} + {{- include "yugabyte.fs_data_dirs_probe" $storageInfo | nindent 12 }} && \ + {{- end }} + {{- $rpcAddr := include "yugabyte.rpc_bind_address" $serviceValues -}} + {{- $rpcPort := index $service.ports "tcp-rpc-port" -}} + {{- $rpcDict := dict "Addr" $rpcAddr "Port" $rpcPort -}} + {{- $rpcPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $rpcDict) -}} + {{- if $rpcPreflight -}}{{ $rpcPreflight | nindent 12 }}{{ end -}} + {{- $broadcastAddr := include "yugabyte.server_broadcast_address" $serviceValues -}} + {{/* skip bind check for servicePerPod multi-cluster, we cannot/don't bind to service IP */}} + {{- if not $root.Values.multicluster.createServicePerPod }} + {{- $broadcastPort := index $service.ports "tcp-rpc-port" -}} + {{- $broadcastDict := dict "Addr" $broadcastAddr "Port" $broadcastPort -}} + {{- $broadcastPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $broadcastDict) -}} + {{- if $broadcastPreflight -}}{{ $broadcastPreflight | nindent 12 }}{{ end -}} + {{- end }} + {{- $webserverAddr := include "yugabyte.webserver_interface" $serviceValues -}} + {{- $webserverPort := index $service.ports "http-ui" -}} + {{- $webserverDict := dict "Addr" $webserverAddr "Port" $webserverPort -}} + {{- $webserverPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $webserverDict) -}} + {{- if $webserverPreflight -}}{{ $webserverPreflight | nindent 12 }}{{ end }} + if [[ -f /home/yugabyte/tools/k8s_parent.py ]]; then + k8s_parent="/home/yugabyte/tools/k8s_parent.py" + else + k8s_parent="" + fi && \ + {{- if and $root.Values.tls.enabled $root.Values.tls.certManager.enabled }} + echo "Creating ephemeral /opt/certs/yugabyte/ as symlink to persisted /mnt/disk0/certs/" && \ + mkdir -p /mnt/disk0/certs && \ + mkdir -p /opt/certs && \ + ln -s /mnt/disk0/certs /opt/certs/yugabyte && \ + if [[ ! -f /opt/certs/yugabyte/ca.crt ]]; then + echo "Fresh install of /opt/certs/yugabyte/ca.crt" + cp /home/yugabyte/cert-manager/ca.crt /opt/certs/yugabyte/ca.crt; + fi && \ + cmp -s /home/yugabyte/cert-manager/ca.crt /opt/certs/yugabyte/ca.crt;sameRootCA=$? && \ + if [[ $sameRootCA -eq 0 ]]; then + echo "Refreshing tls certs at /opt/certs/yugabyte/"; + cp /home/yugabyte/cert-manager/tls.crt /opt/certs/yugabyte/node.{{$rpcAddr}}.crt; + cp /home/yugabyte/cert-manager/tls.key /opt/certs/yugabyte/node.{{$rpcAddr}}.key; + chmod 600 /opt/certs/yugabyte/* + else + echo "WARNING: Not refreshing certificates as the root ca.crt has changed" + fi && \ + {{- end }} + {{- if eq .name "yb-masters" }} + exec ${k8s_parent} /home/yugabyte/bin/yb-master \ + --max_log_size="256" \ + --undefok="enable_ysql" \ + {{- if not $root.Values.storage.ephemeral }} + --fs_data_dirs={{ template "yugabyte.fs_data_dirs" $storageInfo }} \ + {{- else }} + --fs_data_dirs=/var/yugabyte \ + {{- end }} + {{- if eq $root.Values.ip_version_support "v6_only" }} + --net_address_filter=ipv6_external,ipv6_non_link_local,ipv6_all,ipv4_external,ipv4_all \ + {{- end }} + {{- if $root.Values.isMultiAz }} + --master_addresses={{ $root.Values.masterAddresses }} \ + --replication_factor={{ $root.Values.replicas.totalMasters }} \ + {{- else }} + --master_addresses={{ template "yugabyte.master_addresses" $root }} \ + --replication_factor={{ $root.Values.replicas.master }} \ + {{- end }} + {{- if not $root.Values.disableYsql }} + --enable_ysql=true \ + {{- else }} + --enable_ysql=false \ + {{- end }} + --metric_node_name=$(HOSTNAME) \ + --memory_limit_hard_bytes={{ template "yugabyte.memory_hard_limit" dict "size" $root.Values.resource.master.limits.memory "limitPercent" $root.Values.master.memoryLimitHardPercentage }} \ + --stderrthreshold=0 \ + --num_cpus={{ ceil $root.Values.resource.master.requests.cpu }} \ + --undefok=num_cpus,enable_ysql \ + {{- range $flag, $override := $root.Values.gflags.master }} + --{{ $flag }}={{ quote $override }} \ + {{- end }} + {{- if $root.Values.tls.enabled }} + --certs_dir=/opt/certs/yugabyte \ + --use_node_to_node_encryption={{ $root.Values.tls.nodeToNode }} \ + --allow_insecure_connections={{ $root.Values.tls.insecure }} \ + {{- end }} + --rpc_bind_addresses={{ $rpcAddr }} \ + --server_broadcast_addresses={{ $broadcastAddr }} \ + --webserver_interface={{ $webserverAddr }} \ + {{- if $root.Values.yugabytedUi.enabled }} + --master_enable_metrics_snapshotter={{ $root.Values.yugabytedUi.metricsSnapshotter.enabled }} \ + --metrics_snapshotter_tserver_metrics_whitelist={{ join "," $root.Values.yugabytedUi.metricsSnapshotter.whitelist }} + {{- end }} + {{- else }} + {{- $cqlAddr := include "yugabyte.cql_proxy_bind_address" $serviceValues -}} + {{- $cqlPort := index $service.ports "tcp-yql-port" -}} + {{- $cqlDict := dict "Addr" $cqlAddr "Port" $cqlPort -}} + {{- $cqlPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $cqlDict) -}} + {{- if $cqlPreflight -}}{{ $cqlPreflight | nindent 12 }}{{ end -}} + {{- $ysqlAddr := include "yugabyte.pgsql_proxy_bind_address" $serviceValues -}} + {{- $ysqlPort := index $service.ports "tcp-ysql-port" -}} + {{- if not $root.Values.disableYsql -}} + {{- $ysqlDict := dict "Addr" $ysqlAddr "Port" $ysqlPort -}} + {{- $ysqlPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $ysqlDict) -}} + {{- if $ysqlPreflight -}}{{ $ysqlPreflight | nindent 12 }}{{ end -}} + {{- end }} + exec ${k8s_parent} /home/yugabyte/bin/yb-tserver \ + --max_log_size="256" \ + --undefok="enable_ysql" \ + {{- if not $root.Values.storage.ephemeral }} + --fs_data_dirs={{ template "yugabyte.fs_data_dirs" $storageInfo }} \ + {{- else }} + --fs_data_dirs=/var/yugabyte \ + {{- end }} + {{- if eq $root.Values.ip_version_support "v6_only" }} + --net_address_filter=ipv6_external,ipv6_non_link_local,ipv6_all,ipv4_external,ipv4_all \ + {{- end }} + {{- if $root.Values.isMultiAz }} + --tserver_master_addrs={{ $root.Values.masterAddresses }} \ + {{- else }} + --tserver_master_addrs={{ template "yugabyte.master_addresses" $root }} \ + {{- end }} + --metric_node_name=$(HOSTNAME) \ + --memory_limit_hard_bytes={{ template "yugabyte.memory_hard_limit" dict "size" $root.Values.resource.tserver.limits.memory "limitPercent" $root.Values.tserver.memoryLimitHardPercentage }} \ + --stderrthreshold=0 \ + --num_cpus={{ ceil $root.Values.resource.tserver.requests.cpu }} \ + --undefok=num_cpus,enable_ysql \ + --use_node_hostname_for_local_tserver=true \ + {{- if $root.Values.authCredentials.ysql.password }} + --ysql_enable_auth=true \ + {{- if (include "yugabyte.tserver.readinessProbe" $root) }} + --ysql_hba_conf_csv="local all yugabyte trust" \ + {{- end }} + {{- end }} + {{- if or $root.Values.authCredentials.ycql.user $root.Values.authCredentials.ycql.password }} + --use_cassandra_authentication=true \ + {{- end }} + {{- range $flag, $override := $root.Values.gflags.tserver }} + --{{ $flag }}={{ quote $override }} \ + {{- end }} + {{- if $root.Values.tls.enabled }} + --certs_dir=/opt/certs/yugabyte \ + --use_node_to_node_encryption={{ $root.Values.tls.nodeToNode }} \ + --allow_insecure_connections={{ $root.Values.tls.insecure }} \ + --use_client_to_server_encryption={{ $root.Values.tls.clientToServer }} \ + --certs_for_client_dir=/opt/certs/yugabyte \ + {{- if $root.Values.tserver.serverBroadcastAddress }} + --cert_node_filename={{ include "yugabyte.server_fqdn" $serviceValues }} \ + {{- end }} + {{- end }} + --rpc_bind_addresses={{ $rpcAddr }} \ + --server_broadcast_addresses={{ $root.Values.tserver.serverBroadcastAddress | default $broadcastAddr }} \ + --webserver_interface={{ $webserverAddr }} \ + {{- if not $root.Values.disableYsql }} + --enable_ysql=true \ + --pgsql_proxy_bind_address={{ $ysqlAddr }} \ + {{- else }} + --enable_ysql=false \ + {{- end }} + --cql_proxy_bind_address={{ $cqlAddr }} \ + {{- if $root.Values.yugabytedUi.enabled }} + --tserver_enable_metrics_snapshotter={{ $root.Values.yugabytedUi.metricsSnapshotter.enabled }} \ + --metrics_snapshotter_interval_ms={{ $root.Values.yugabytedUi.metricsSnapshotter.interval }} \ + --metrics_snapshotter_tserver_metrics_whitelist={{ join "," $root.Values.yugabytedUi.metricsSnapshotter.whitelist }} + {{- end }} + {{- end }} + ports: + {{- range $label, $port := .ports }} + {{- if (eq $label "yugabyted-ui") }} + {{- if $root.Values.yugabytedUi.enabled }} + - containerPort: {{ $port }} + name: {{ $label | quote }} + {{- end }} + {{- else if not (eq $label "grpc-ybc-port") }} + - containerPort: {{ $port }} + name: {{ $label | quote }} + {{- end }} + {{- end}} + volumeMounts: + {{- if (eq .name "yb-tservers") }} + - name: tserver-tmp + mountPath: /tmp + {{- end }} + - name: debug-hooks-volume + mountPath: /opt/debug_hooks_config + {{ if not $root.Values.storage.ephemeral }} + {{- range $index := until (int ($storageInfo.count)) }} + - name: {{ $root.Values.oldNamingStyle | ternary (printf "datadir%d" $index) (printf "%s%d" (include "yugabyte.volume_name" $root) $index) }} + mountPath: /mnt/disk{{ $index }} + {{- end }} + {{- end }} + {{- if $root.Values.tls.enabled }} + - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} + mountPath: {{ $root.Values.tls.certManager.enabled | ternary "/home/yugabyte/cert-manager" "/opt/certs/yugabyte" }} + readOnly: true + - name: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} + mountPath: /root/.yugabytedb/ + readOnly: true + {{- end }} + {{- if and (eq .name "yb-masters") ($root.Values.master.extraVolumeMounts) -}} + {{- include "yugabyte.isExtraVolumesMappingExists" $root.Values.master -}} + {{- $root.Values.master.extraVolumeMounts | toYaml | nindent 10 -}} + {{- else if and (eq .name "yb-tservers") ($root.Values.tserver.extraVolumeMounts) -}} + {{- include "yugabyte.isExtraVolumesMappingExists" $root.Values.tserver -}} + {{- $root.Values.tserver.extraVolumeMounts | toYaml | nindent 10 -}} + {{- end -}} + + {{ if not $root.Values.storage.ephemeral }} + - name: yb-cleanup + image: "{{ $root.Values.Image.repository }}:{{ $root.Values.Image.tag }}" + imagePullPolicy: {{ $root.Values.Image.pullPolicy }} + env: + - name: USER + value: "yugabyte" + command: + - "/sbin/tini" + - "--" + args: + - "/bin/bash" + - "-c" + - > + while true; do + sleep 3600; + /home/yugabyte/scripts/log_cleanup.sh; + done + volumeMounts: + - name: {{ $root.Values.oldNamingStyle | ternary "datadir0" (printf "%s0" (include "yugabyte.volume_name" $root)) }} + mountPath: /home/yugabyte/ + subPath: yb-data + - name: {{ $root.Values.oldNamingStyle | ternary "datadir0" (printf "%s0" (include "yugabyte.volume_name" $root)) }} + mountPath: /var/yugabyte/cores + subPath: cores + {{- if $root.Values.ybCleanup.resources }} + resources: {{ toYaml $root.Values.ybCleanup.resources | nindent 10 }} + {{- end }} + {{- end }} + + {{- if $root.Values.yugabytedUi.enabled }} + - name: yugabyted-ui + image: "{{ $root.Values.Image.repository }}:{{ $root.Values.Image.tag }}" + imagePullPolicy: "IfNotPresent" + env: + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + command: + - "/sbin/tini" + - "--" + args: + - "/bin/bash" + - "-c" + - | + {{- if $root.Values.yugabytedUi.recoverWithoutFailure }} + while true; do + {{- end }} + /home/yugabyte/bin/yugabyted-ui \ + {{- $rpcAddr := include "yugabyte.rpc_bind_address" $serviceValues }} + -database_host={{ $rpcAddr }} \ + {{- $webserverAddr := include "yugabyte.webserver_interface" $serviceValues }} + -bind_address={{ $webserverAddr }} \ + {{- $masterPort := "7000" }} + {{- $tserverPort := "9000" }} + {{- $ysqlPort := "5433" }} + {{- $ycqlPort := "9042" }} + {{- range $root.Values.Services -}} + {{- if eq .name "yb-masters" -}} + {{- $masterPort = index .ports "http-ui" -}} + {{- else if eq .name "yb-tservers" -}} + {{- $tserverPort = index .ports "http-ui" -}} + {{- $ysqlPort = index .ports "tcp-ysql-port" -}} + {{- $ycqlPort = index .ports "tcp-yql-port" -}} + {{- end -}} + {{- end }} + -ysql_port={{ $ysqlPort }} \ + -ycql_port={{ $ycqlPort }} \ + -master_ui_port={{ $masterPort }} \ + -tserver_ui_port={{ $tserverPort }} \ + {{- if $root.Values.tls.enabled }} + -secure={{ $root.Values.tls.enabled }} \ + {{- end }} + {{- if $root.Values.authCredentials.ysql.user }} + -ysql_username={{ $root.Values.authCredentials.ysql.user }} \ + {{- end }} + {{- if $root.Values.authCredentials.ycql.user }} + -ycql_username={{ $root.Values.authCredentials.ycql.user }} \ + {{- end }} + {{- if $root.Values.authCredentials.ysql.password }} + -ysql_password={{ $root.Values.authCredentials.ysql.password }} \ + {{- end }} + {{- if $root.Values.authCredentials.ycql.password }} + -ycql_password={{ $root.Values.authCredentials.ycql.password }} \ + {{- end }} + || echo "ERROR: yugabyted-ui failed. This might be because your yugabyte \ + version is older than 2.21.0. If this is the case, set yugabytedUi.enabled to false \ + in helm to disable yugabyted-ui, or upgrade to a version 2.21.0 or newer."; \ + {{- if $root.Values.yugabytedUi.recoverWithoutFailure }} + echo "Attempting restart in {{ $root.Values.yugabytedUi.recoveryInterval }}." + trap break TERM INT; \ + sleep {{ $root.Values.yugabytedUi.recoveryInterval }} & wait; \ + trap - TERM INT; + done \ + {{- end }} + {{- end }} + + {{- if and (eq .name "yb-tservers") ($root.Values.ybc.enabled) }} + - name: yb-controller + image: "{{ $root.Values.Image.repository }}:{{ $root.Values.Image.tag }}" + imagePullPolicy: {{ $root.Values.Image.pullPolicy }} + lifecycle: + postStart: + exec: + command: + - "bash" + - "-c" + - > + mkdir -p /mnt/disk0/yw-data/controller/tmp; + mkdir -p /mnt/disk0/yw-data/controller/conf; + mkdir -p /mnt/disk0/ybc-data/controller/logs; + mkdir -p /tmp/yugabyte/controller; + ln -sf /mnt/disk0/ybc-data/controller/logs /tmp/yugabyte/controller; + ln -sf /mnt/disk0/yw-data/controller/bin /tmp/yugabyte/controller; + rm -f /tmp/yugabyte/controller/yb-controller.pid; + {{- if and $root.Values.tls.enabled $root.Values.tls.certManager.enabled }} + mkdir -p /opt/certs; + ln -sf /mnt/disk0/certs /opt/certs/yugabyte; + {{- end }} + command: + - "/sbin/tini" + - "--" + args: + - "/bin/bash" + - "-c" + - > + while true; do + sleep 60; + /home/yugabyte/tools/k8s_ybc_parent.py status || /home/yugabyte/tools/k8s_ybc_parent.py start; + done + {{- with index $service.ports "grpc-ybc-port" }} + ports: + - containerPort: {{ . }} + name: "grpc-ybc-port" + {{- end }} + volumeMounts: + - name: tserver-tmp + mountPath: /tmp + {{- if not $root.Values.storage.ephemeral }} + {{- range $index := until (int ($storageInfo.count)) }} + - name: {{ $root.Values.oldNamingStyle | ternary (printf "datadir%d" $index) (printf "%s%d" (include "yugabyte.volume_name" $root) $index) }} + mountPath: /mnt/disk{{ $index }} + {{- end }} + {{- end }} + {{- if $root.Values.tls.enabled }} + - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} + mountPath: {{ $root.Values.tls.certManager.enabled | ternary "/home/yugabyte/cert-manager" "/opt/certs/yugabyte" }} + readOnly: true + {{- end }} + {{- if ($root.Values.tserver.extraVolumeMounts) -}} + {{- include "yugabyte.isExtraVolumesMappingExists" $root.Values.tserver -}} + {{- $root.Values.tserver.extraVolumeMounts | toYaml | nindent 10 -}} + {{- end -}} + {{- if $root.Values.ybc.resources }} + resources: {{ toYaml $root.Values.ybc.resources | nindent 10 }} + {{- end }} + {{- end}} + + volumes: + {{- if (eq .name "yb-masters") }} + - name: debug-hooks-volume + configMap: + name: {{ include "yugabyte.fullname" $root }}-master-hooks + defaultMode: 0755 + {{- else if (eq .name "yb-tservers") }} + - name: debug-hooks-volume + configMap: + name: {{ include "yugabyte.fullname" $root }}-tserver-hooks + defaultMode: 0755 + - name: tserver-tmp + emptyDir: {} + {{- end }} + {{- if $root.Values.tls.enabled }} + {{- if $root.Values.tls.certManager.enabled }} + {{- /* certManager enabled */}} + - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} + projected: + sources: + {{- if not $root.Values.tls.certManager.bootstrapSelfsigned }} + - secret: + name: {{ printf "%s-root-ca" (include "yugabyte.fullname" $root) }} + {{- end }} + - secret: + name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} + {{- else }} + {{/* certManager disabled */}} + - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} + secret: + secretName: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} + defaultMode: 256 + {{- end }} + - name: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} + secret: + secretName: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} + {{- if $root.Values.tls.certManager.enabled }} + items: + - key: ca.crt + path: root.crt + - key: tls.crt + path: yugabytedb.crt + - key: tls.key + path: yugabytedb.key + {{- end }} + defaultMode: 256 + {{- end }} + {{- if and (eq .name "yb-masters") ($root.Values.master.extraVolumes) -}} + {{- include "yugabyte.isExtraVolumesMappingExists" $root.Values.master -}} + {{- $root.Values.master.extraVolumes | toYaml | nindent 8 -}} + {{- else if and (eq .name "yb-tservers") ($root.Values.tserver.extraVolumes) -}} + {{- include "yugabyte.isExtraVolumesMappingExists" $root.Values.tserver -}} + {{- $root.Values.tserver.extraVolumes | toYaml | nindent 8 -}} + {{- end -}} +{{- if eq $root.Values.isMultiAz false }} +--- +{{/* +TODO: switch to policy/v1 completely when we stop supporting +Kubernetes versions < 1.21 +*/}} +{{- if $root.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} +apiVersion: policy/v1 +{{- else }} +apiVersion: policy/v1beta1 +{{- end }} +kind: PodDisruptionBudget +metadata: + name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-pdb" .label) (printf "%s-%s-pdb" (include "yugabyte.fullname" $root) .name) }} +spec: + maxUnavailable: {{ template "yugabyte.max_unavailable_for_quorum" $root }} + selector: + matchLabels: + {{- include "yugabyte.appselector" ($appLabelArgs) | indent 6 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/addons/yugabytedb/2024/chart/yugabytedb/templates/setup-credentials-configmap.yaml b/addons/yugabytedb/2024/chart/yugabytedb/templates/setup-credentials-configmap.yaml new file mode 100644 index 00000000..ef3b548b --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/templates/setup-credentials-configmap.yaml @@ -0,0 +1,262 @@ +{{- if or .Values.authCredentials.ycql.user .Values.authCredentials.ycql.password .Values.authCredentials.ycql.keyspace .Values.authCredentials.ysql.password .Values.authCredentials.ysql.user .Values.authCredentials.ysql.database }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "yugabyte.fullname" . }}-setup-credentials-script + namespace: "{{ .Release.Namespace }}" + labels: + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + component: "{{ .Values.Component }}" +data: + setup-credentials.sh: | + #!/bin/bash + + set -eo pipefail + + # Setup script to setup credentials + + # ----------------------------------------- + # Default Variables + # ----------------------------------------- + + readonly DEFAULT_YSQL_USER="yugabyte" + readonly DEFAULT_YSQL_PASSWORD="yugabyte" + readonly DEFAULT_YSQL_DB="yugabyte" + + readonly DEFAULT_YCQL_USER="cassandra" + readonly DEFAULT_YCQL_PASSWORD="cassandra" + + {{- range .Values.Services }} + {{- $service := . -}} + {{- if eq ($service.name) "yb-tservers" }} + readonly YSQL_PORT={{ index $service.ports "tcp-ysql-port" }} + # TODO: Update the tcp-yql-port to tcp-ycql-port in values.yaml + readonly YCQL_PORT={{ index $service.ports "tcp-yql-port" }} + {{- end }} + {{- end }} + + {{- $serviceName := .Values.oldNamingStyle | ternary "yb-tservers" (printf "%s-yb-tservers" (include "yugabyte.fullname" . )) }} + {{- $tserverFQDN := printf "%s.%s.svc.%s" $serviceName .Release.Namespace .Values.domainName }} + + prefix_ysql_cmd=( + /home/yugabyte/bin/ysqlsh -h {{ $tserverFQDN }} + -p "$YSQL_PORT" + ) + + prefix_ycql_cmd=( + /home/yugabyte/bin/ycqlsh {{ $tserverFQDN }} + "$YCQL_PORT" + ) + + {{- if .Values.tls.enabled }} + prefix_ysql_cmd+=("sslmode=require") + prefix_ycql_cmd+=(--ssl) + {{- end }} + + # ----------------------------------------- + # Variables + # ----------------------------------------- + + ysql_user= + ysql_password= + ysql_db= + ycql_user= + ycql_password= + ycql_keyspace= + + # ----------------------------------------- + # Hepler functions + # ----------------------------------------- + + cleanup() { + local exit_code=$? + echo "Exiting with code $exit_code" + exit "$exit_code" + } + + function waitUntilHealthy() { + declare -a ysql_cmd + export PGPASSWORD="$2" + ysql_cmd=( + /home/yugabyte/bin/ysqlsh -h {{ $tserverFQDN }} + -p "$3" + -U "$1" + -c "\\conninfo" + ) + + if [[ "$4" == "true" ]]; then + ysql_cmd+=("sslmode=require") + fi + + echo "${ysql_cmd[@]}" + while ! "${ysql_cmd[@]}"; do + sleep 5s + done + } + + export -f waitUntilHealthy + + get_ysql_credentials() { + [[ -n "$YSQL_USER" ]] && ysql_user="$YSQL_USER" || ysql_user="$DEFAULT_YSQL_USER" + + [[ -n "$YSQL_PASSWORD" ]] && ysql_password="$YSQL_PASSWORD" + + if [[ -z "$YSQL_PASSWORD" ]] && [[ "$ysql_user" != "$DEFAULT_YSQL_USER" ]]; then + ysql_password="$YSQL_USER" + fi + + [[ -n "$YSQL_DB" ]] && ysql_db="$YSQL_DB" + + [[ -z "$YSQL_DB" ]] && [[ -n "$YSQL_USER" ]] && ysql_db="$ysql_user" + + api="ysql" + } + + get_ycql_credentials() { + [[ -n "$YCQL_USER" ]] && ycql_user="$YCQL_USER" || ycql_user="$DEFAULT_YCQL_USER" + + [[ -n "$YCQL_PASSWORD" ]] && ycql_password="$YCQL_PASSWORD" + + if [[ -z "$YCQL_PASSWORD" ]] && [[ "$ycql_user" != "$DEFAULT_YCQL_USER" ]]; then + ycql_password="$YCQL_USER" + fi + + [[ -n "$YCQL_KEYSPACE" ]] && ycql_keyspace="$YCQL_KEYSPACE" + + [[ -z "$YCQL_KEYSPACE" ]] && [[ -n "$YCQL_USER" ]] && ycql_keyspace="$ycql_user" + + api="ycql" + } + + create_user() { + declare -a ysql_cmd + declare -a ycql_cmd + + case "$api" in + "ysql") + export PGPASSWORD="$DEFAULT_YSQL_PASSWORD" + read -r -a ysql_cmd <<< "${prefix_ysql_cmd[@]}" + ysql_cmd+=( + -U "$DEFAULT_YSQL_USER" + -c "CREATE ROLE ${ysql_user} with LOGIN SUPERUSER password '${ysql_password}' ;" + -c "ALTER DATABASE ${ysql_db} OWNER TO ${ysql_user} ;" + ) + "${ysql_cmd[@]}" + ;; + "ycql") + read -r -a ycql_cmd <<< "${prefix_ycql_cmd[@]}" + ycql_cmd+=( + -u "$DEFAULT_YCQL_USER" + -p "$DEFAULT_YCQL_PASSWORD" + -e "CREATE ROLE IF NOT EXISTS ${ycql_user} WITH PASSWORD = '${ycql_password}' AND LOGIN = true AND SUPERUSER = true ;" + ) + "${ycql_cmd[@]}" + ;; + *) exit 1 + esac + } + + update_password() { + declare -a ysql_cmd + declare -a ycql_cmd + + case "$api" in + "ysql") + export PGPASSWORD="$DEFAULT_YSQL_PASSWORD" + read -r -a ysql_cmd <<< "${prefix_ysql_cmd[@]}" + ysql_cmd+=( + -U "$DEFAULT_YSQL_USER" + -c "ALTER ROLE ${ysql_user} WITH PASSWORD '${ysql_password}' ;" + ) + "${ysql_cmd[@]}" + ;; + "ycql") + read -r -a ycql_cmd <<< "${prefix_ycql_cmd[@]}" + ycql_cmd+=( + -u "$DEFAULT_YCQL_USER" + -p "$DEFAULT_YCQL_PASSWORD" + -e "ALTER ROLE ${ycql_user} WITH PASSWORD = '${ycql_password}' ;" + ) + "${ycql_cmd[@]}" + ;; + *) exit 1 + esac + } + + create_container() { + declare -a ysql_cmd + declare -a ycql_cmd + + case "$api" in + "ysql") + export PGPASSWORD="$DEFAULT_YSQL_PASSWORD" + read -r -a ysql_cmd <<< "${prefix_ysql_cmd[@]}" + ysql_cmd+=( + -U "$DEFAULT_YSQL_USER" + -c "CREATE DATABASE ${ysql_db} ;" + ) + "${ysql_cmd[@]}" + ;; + "ycql") + read -r -a ycql_cmd <<< "${prefix_ycql_cmd[@]}" + ycql_cmd+=( + -u "$DEFAULT_YCQL_USER" + -p "$DEFAULT_YCQL_PASSWORD" + -e "CREATE KEYSPACE IF NOT EXISTS ${ycql_keyspace} ;" + ) + "${ycql_cmd[@]}" + ;; + *) exit 1 + esac + } + + # ----------------------------------------- + # Main + # ----------------------------------------- + + trap cleanup EXIT + + echo "Waiting for YugabyteDB to start." + if ! timeout 3m bash -c "waitUntilHealthy ${DEFAULT_YSQL_USER} ${DEFAULT_YSQL_PASSWORD} ${YSQL_PORT} {{ .Values.tls.enabled }}"; then + echo "Timeout while waiting for database" + exit 1 + fi + + # YSQL Credentials + get_ysql_credentials + + ## Create YSQL DB + if [[ -n $ysql_db ]] && [[ "$ysql_db" != "$DEFAULT_YSQL_DB" ]]; then + create_container + fi + + ## Update YSQL Password + if [[ -n $ysql_password ]] && [[ "$ysql_password" != "$DEFAULT_YSQL_PASSWORD" ]] && [[ "$ysql_user" == "$DEFAULT_YSQL_USER" ]]; then + update_password + fi + + ## Create YSQL User + if [[ -n $ysql_user ]] && [[ "$ysql_user" != "$DEFAULT_YSQL_USER" ]]; then + create_user + fi + + # YCQL Credentials + get_ycql_credentials + + ## Create YCQL Keyspace + if [[ -n $ycql_keyspace ]] && [[ -n "$ycql_keyspace" ]]; then + create_container + fi + + ## Update YCQL Password + if [[ -n $ycql_password ]] && [[ "$ycql_password" != "$DEFAULT_YCQL_PASSWORD" ]] && [[ "$ycql_user" == "$DEFAULT_YCQL_USER" ]]; then + update_password + fi + + ## Create YCQL User + if [[ -n $ycql_user ]] && [[ "$ycql_user" != "$DEFAULT_YCQL_USER" ]]; then + create_user + fi + +{{- end }} diff --git a/addons/yugabytedb/2024/chart/yugabytedb/templates/tserver-servicemonitor.yaml b/addons/yugabytedb/2024/chart/yugabytedb/templates/tserver-servicemonitor.yaml new file mode 100644 index 00000000..64b82641 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/templates/tserver-servicemonitor.yaml @@ -0,0 +1,115 @@ +{{- $sm := .Values.serviceMonitor }} +{{ if and $sm.enabled (or $sm.tserver.enabled $sm.ycql.enabled $sm.ysql.enabled $sm.yedis.enabled) }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "yugabyte.fullname" . }}-yb-tserver + labels: + {{- if .Values.oldNamingStyle }} + app: "yb-tserver" + {{- else }} + app.kubernetes.io/name: "yb-tserver" + {{- end }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + component: "{{ .Values.Component }}" + {{- with .Values.serviceMonitor.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + jobLabel: "release" + selector: + matchLabels: + {{- if .Values.oldNamingStyle }} + app: "yb-tserver" + {{- else }} + app.kubernetes.io/name: "yb-tserver" + {{- end }} + release: {{ .Release.Name | quote }} + service-type: "headless" + endpoints: + + {{- with .Values.serviceMonitor.tserver }} + {{- if .enabled }} + - port: {{ .port }} + path: {{ .path }} + {{- if .interval }} + interval: {{ .interval }} + {{- else }} + interval: {{ $.Values.serviceMonitor.interval }} + {{- end }} + relabelings: + - targetLabel: "group" + replacement: "yb-tserver" + - targetLabel: "export_type" + replacement: "tserver_export" + - targetLabel: "node_prefix" + replacement: {{ $.Release.Name | quote }} + metricRelabelings: + {{- toYaml $.Values.serviceMonitor.commonMetricRelabelings | nindent 4 }} + {{- end }} + {{- end }} + + {{- with .Values.serviceMonitor.ycql }} + {{- if .enabled }} + - port: {{ .port }} + path: {{ .path }} + {{- if .interval }} + interval: {{ .interval }} + {{- else }} + interval: {{ $.Values.serviceMonitor.interval }} + {{- end }} + relabelings: + - targetLabel: "group" + replacement: "ycql" + - targetLabel: "export_type" + replacement: "cql_export" + - targetLabel: "node_prefix" + replacement: {{ $.Release.Name | quote }} + metricRelabelings: + {{- toYaml $.Values.serviceMonitor.commonMetricRelabelings | nindent 4 }} + {{- end }} + {{- end }} + + {{- with .Values.serviceMonitor.ysql }} + {{- if .enabled }} + - port: {{ .port }} + path: {{ .path }} + {{- if .interval }} + interval: {{ .interval }} + {{- else }} + interval: {{ $.Values.serviceMonitor.interval }} + {{- end }} + relabelings: + - targetLabel: "group" + replacement: "ysql" + - targetLabel: "export_type" + replacement: "ysql_export" + - targetLabel: "node_prefix" + replacement: {{ $.Release.Name | quote }} + metricRelabelings: + {{- toYaml $.Values.serviceMonitor.commonMetricRelabelings | nindent 4 }} + {{- end }} + {{- end }} + + {{- with .Values.serviceMonitor.yedis }} + {{- if .enabled }} + - port: {{ .port }} + path: {{ .path }} + {{- if .interval }} + interval: {{ .interval }} + {{- else }} + interval: {{ $.Values.serviceMonitor.interval }} + {{- end }} + relabelings: + - targetLabel: "group" + replacement: "yedis" + - targetLabel: "export_type" + replacement: "redis_export" + - targetLabel: "node_prefix" + replacement: {{ $.Release.Name | quote }} + metricRelabelings: + {{- toYaml $.Values.serviceMonitor.commonMetricRelabelings | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/yugabytedb/2024/chart/yugabytedb/tests/README.md b/addons/yugabytedb/2024/chart/yugabytedb/tests/README.md new file mode 100644 index 00000000..e7360384 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/tests/README.md @@ -0,0 +1,19 @@ +# Unit Testing Helm charts +Unit tests for the yugabyte helm charts, which can be used to validate helm templates +gives us our expected results. + +This is leveraging https://github.com/helm-unittest/helm-unittest + +See https://github.com/quintush/helm-unittest/blob/master/DOCUMENT.md for details on creating new +tests + +## Install +``` +$ helm plugin install https://github.com/helm-unittest/helm-unittest.git +``` + +## Run tests +``` +$ cd stable/yugabyte +$ helm unittest -f tests/test_*.yaml . +``` diff --git a/addons/yugabytedb/2024/chart/yugabytedb/tests/test_affinity_merges.yaml b/addons/yugabytedb/2024/chart/yugabytedb/tests/test_affinity_merges.yaml new file mode 100644 index 00000000..9671e842 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/tests/test_affinity_merges.yaml @@ -0,0 +1,191 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/quintush/helm-unittest/master/schema/helm-testsuite.json +suite: nodeAffinity and podAntiAffinity Merge +templates: +- service.yaml +tests: +- it: Test with AZ + values: + - ./values_affinity_merge.yaml + set: + AZ: test_az + oldNamingStyle: true + asserts: + - isSubset: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution + content: + nodeSelectorTerms: + - matchExpressions: + - key: failure-domain.beta.kubernetes.io/zone + operator: In + values: + - test_az + - key: custom_label_1 + operator: In + values: + - custom_value_1 + matchFields: + - key: metadata.name + operator: In + values: + - name + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - test_az + - key: custom_label_1 + operator: In + values: + - custom_value_1 + matchFields: + - key: metadata.name + operator: In + values: + - name + - matchExpressions: + - key: failure-domain.beta.kubernetes.io/zone + operator: In + values: + - test_az + - key: custom_label_2 + operator: In + values: + - custom_value_2 + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - test_az + - key: custom_label_2 + operator: In + values: + - custom_value_2 + documentIndex: 2 + - isSubset: + path: spec.template.spec.affinity.podAntiAffinity + content: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - "yb-master" + topologyKey: kubernetes.io/hostname + - weight: 30 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: paa_key + operator: In + values: + - paa_value + documentIndex: 2 + - isSubset: + path: spec.template.spec.affinity.nodeAffinity + content: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: failure-domain.beta.kubernetes.io/zone + operator: In + values: + - test_az + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - test_az + preferredDuringSchedulingIgnoredDuringExecution: + random_key: random_value + documentIndex: 6 + - isSubset: + path: spec.template.spec.affinity.podAntiAffinity + content: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - yb-tserver + topologyKey: kubernetes.io/hostname + requiredDuringSchedulingIgnoredDuringExecution: + random_key2: random_value2 + documentIndex: 6 +- it: Test without AZ + values: + - ./values_affinity_merge.yaml + set: + AZ: false + oldNamingStyle: true + asserts: + - isSubset: + path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution + content: + nodeSelectorTerms: + - matchExpressions: + - key: custom_label_1 + operator: In + values: + - custom_value_1 + matchFields: + - key: metadata.name + operator: In + values: + - name + - matchExpressions: + - key: custom_label_2 + operator: In + values: + - custom_value_2 + documentIndex: 2 + - isSubset: + path: spec.template.spec.affinity.podAntiAffinity + content: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - "yb-master" + topologyKey: kubernetes.io/hostname + - weight: 30 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: paa_key + operator: In + values: + - paa_value + documentIndex: 2 + - isSubset: + path: spec.template.spec.affinity.nodeAffinity + content: + preferredDuringSchedulingIgnoredDuringExecution: + random_key: random_value + documentIndex: 6 + - isSubset: + path: spec.template.spec.affinity.podAntiAffinity + content: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - yb-tserver + topologyKey: kubernetes.io/hostname + requiredDuringSchedulingIgnoredDuringExecution: + random_key2: random_value2 + documentIndex: 6 + diff --git a/addons/yugabytedb/2024/chart/yugabytedb/tests/values_affinity_merge.yaml b/addons/yugabytedb/2024/chart/yugabytedb/tests/values_affinity_merge.yaml new file mode 100644 index 00000000..b3de3398 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/tests/values_affinity_merge.yaml @@ -0,0 +1,66 @@ +master: + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#affinity-v1-core + ## This might override the default affinity from service.yaml + ## Example. + # affinity: + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app + # operator: In + # values: + # - "yb-master" + # topologyKey: kubernetes.io/hostname + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: custom_label_1 + operator: In + values: + - custom_value_1 + matchFields: + - key: metadata.name + operator: In + values: + - name + - matchExpressions: + - key: custom_label_2 + operator: In + values: + - custom_value_2 + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 30 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: paa_key + operator: In + values: + - paa_value + +tserver: + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#affinity-v1-core + ## This might override the default affinity from service.yaml + ## Example. + # affinity: + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app + # operator: In + # values: + # - "yb-tserver" + # topologyKey: kubernetes.io/hostname + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + random_key: random_value + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + random_key2: random_value2 + diff --git a/addons/yugabytedb/2024/chart/yugabytedb/values.yaml b/addons/yugabytedb/2024/chart/yugabytedb/values.yaml new file mode 100644 index 00000000..ce6f6da5 --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/values.yaml @@ -0,0 +1,691 @@ +# Default values for yugabyte. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +Component: "yugabytedb" + +fullnameOverride: "" +nameOverride: "" + +Image: + repository: "yugabytedb/yugabyte" + tag: 2024.1.3.0-b105 + pullPolicy: IfNotPresent + pullSecretName: "" + +storage: + ephemeral: false # will not allocate PVs when true + master: + count: 2 + size: 10Gi + storageClass: "" + tserver: + count: 2 + size: 10Gi + storageClass: "" + +resource: + master: + requests: + cpu: "2" + memory: 2Gi + limits: + cpu: "2" + ## Ensure the 'memory' value is strictly in 'Gi' or 'G' format. Deviating from these formats + ## may result in setting an incorrect value for the 'memory_limit_hard_bytes' flag. + ## Avoid using floating numbers for the numeric part of 'memory'. Doing so may lead to + ## the 'memory_limit_hard_bytes' being set to 0, as the function expects integer values. + memory: 2Gi + tserver: + requests: + cpu: "2" + memory: 4Gi + limits: + cpu: "2" + ## Ensure the 'memory' value is strictly in 'Gi' or 'G' format. Deviating from these formats + ## may result in setting an incorrect value for the 'memory_limit_hard_bytes' flag. + ## Avoid using floating numbers for the numeric part of 'memory'. Doing so may lead to + ## the 'memory_limit_hard_bytes' being set to 0, as the function expects integer values. + memory: 4Gi + +replicas: + master: 3 + tserver: 3 + ## Used to set replication factor when isMultiAz is set to true + totalMasters: 3 + +partition: + master: 0 + tserver: 0 + +updateStrategy: + type: RollingUpdate + +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Retain + whenDeleted: Delete +# Used in Multi-AZ setup +masterAddresses: "" + +isMultiAz: false +AZ: "" + +# Disable the YSQL +disableYsql: false + +tls: + # Set to true to enable the TLS. + enabled: false + nodeToNode: true + clientToServer: true + # Set to false to disallow any service with unencrypted communication from joining this cluster + insecure: false + # Set enabled to true to use cert-manager instead of providing your own rootCA + certManager: + enabled: false + # Will create own ca certificate and issuer when set to true + bootstrapSelfsigned: true + # Use ClusterIssuer when set to true, otherwise use Issuer + useClusterIssuer: false + # Name of ClusterIssuer to use when useClusterIssuer is true + clusterIssuer: cluster-ca + # Name of Issuer to use when useClusterIssuer is false + issuer: yugabyte-ca + certificates: + # The lifetime before cert-manager will issue a new certificate. + # The re-issued certificates will not be automatically reloaded by the service. + # It is necessary to provide some external means of restarting the pods. + duration: 2160h # 90d + renewBefore: 360h # 15d + algorithm: RSA # ECDSA or RSA + # Can be 2048, 4096 or 8192 for RSA + # Or 256, 384 or 521 for ECDSA + keySize: 2048 + + ## When certManager.enabled=false, rootCA.cert and rootCA.key are used to generate TLS certs. + ## When certManager.enabled=true and boostrapSelfsigned=true, rootCA is ignored. + ## When certManager.enabled=true and bootstrapSelfsigned=false, only rootCA.cert is used + ## to verify TLS certs generated and signed by the external provider. + rootCA: + cert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2VENDQWRHZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFXTVJRd0VnWURWUVFERXd0WmRXZGgKWW5sMFpTQkVRakFlRncweE9UQXlNRGd3TURRd01qSmFGdzB5T1RBeU1EVXdNRFF3TWpKYU1CWXhGREFTQmdOVgpCQU1UQzFsMVoyRmllWFJsSUVSQ01JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBCnVOMWF1aWc4b2pVMHM0OXF3QXhrT2FCaHkwcTlyaVg2akVyZWJyTHJOWDJOeHdWQmNVcWJkUlhVc3VZNS96RUQKUC9CZTNkcTFuMm9EQ2ZGVEwweGkyNFdNZExRcnJBMndCdzFtNHM1WmQzcEJ1U04yWHJkVVhkeUx6dUxlczJNbgovckJxcWRscXp6LzAyTk9TOE9SVFZCUVRTQTBSOFNMQ1RjSGxMQmRkMmdxZ1ZmemVXRlVObXhWQ2EwcHA5UENuCmpUamJJRzhJWkh5dnBkTyt3aURQM1Y1a1ZEaTkvbEtUaGUzcTFOeDg5VUNFcnRJa1pjSkYvWEs3aE90MU1sOXMKWDYzb2lVMTE1Q2svbGFGRjR6dWgrZk9VenpOVXRXeTc2RE92cm5pVGlaU0tQZDBBODNNa2l2N2VHaDVkV3owWgpsKzJ2a3dkZHJaRzVlaHhvbGhGS3pRSURBUUFCbzBJd1FEQU9CZ05WSFE4QkFmOEVCQU1DQXFRd0hRWURWUjBsCkJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWkkKaHZjTkFRRUxCUUFEZ2dFQkFEQjVRbmlYd1ptdk52eG5VbS9sTTVFbms3VmhTUzRUZldIMHY4Q0srZWZMSVBTbwpVTkdLNXU5UzNEUWlvaU9SN1Vmc2YrRnk1QXljMmNUY1M2UXBxTCt0V1QrU1VITXNJNk9oQ05pQ1gvQjNKWERPCkd2R0RIQzBVOHo3aWJTcW5zQ2Rid05kajAyM0lwMHVqNE9DVHJ3azZjd0RBeXlwVWkwN2tkd28xYWJIWExqTnAKamVQMkwrY0hkc2dKM1N4WWpkK1kvei9IdmFrZG1RZDJTL1l2V0R3aU1SRDkrYmZXWkJVRHo3Y0QyQkxEVmU0aAp1bkFaK3NyelR2Sjd5dkVodzlHSDFyajd4Qm9VNjB5SUUrYSszK2xWSEs4WnBSV0NXMnh2eWNrYXJSKytPS2NKClFsL04wWExqNWJRUDVoUzdhOTdhQktTamNqY3E5VzNGcnhJa2tKST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" + key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdU4xYXVpZzhvalUwczQ5cXdBeGtPYUJoeTBxOXJpWDZqRXJlYnJMck5YMk54d1ZCCmNVcWJkUlhVc3VZNS96RURQL0JlM2RxMW4yb0RDZkZUTDB4aTI0V01kTFFyckEyd0J3MW00czVaZDNwQnVTTjIKWHJkVVhkeUx6dUxlczJNbi9yQnFxZGxxenovMDJOT1M4T1JUVkJRVFNBMFI4U0xDVGNIbExCZGQyZ3FnVmZ6ZQpXRlVObXhWQ2EwcHA5UENualRqYklHOElaSHl2cGRPK3dpRFAzVjVrVkRpOS9sS1RoZTNxMU54ODlVQ0VydElrClpjSkYvWEs3aE90MU1sOXNYNjNvaVUxMTVDay9sYUZGNHp1aCtmT1V6ek5VdFd5NzZET3ZybmlUaVpTS1BkMEEKODNNa2l2N2VHaDVkV3owWmwrMnZrd2RkclpHNWVoeG9saEZLelFJREFRQUJBb0lCQUJsdW1tU3gxR1djWER1Mwpwei8wZEhWWkV4c2NsU3U0SGRmZkZPcTF3cFlCUjlmeGFTZGsxQzR2YXF1UjhMaWl6WWVtVWViRGgraitkSnlSCmpwZ2JNaDV4S1BtRkw5empwU3ZUTkN4UHB3OUF5bm5sM3dyNHZhcU1CTS9aZGpuSGttRC9kQzBadEEvL0JIZ3YKNHk4d3VpWCsvUWdVaER0Z1JNcmR1ZUZ1OVlKaFo5UE9jYXkzSkkzMFhEYjdJSS9vNFNhYnhTcFI3bTg5WjY0NwpUb3hsOEhTSzl0SUQxbkl1bHVpTmx1dHI1RzdDdE93WTBSc2N5dmZ2elg4a1d2akpLZVJVbmhMSCtXVFZOaExICjdZc0tMNmlLa1NkckMzeWVPWnV4R0pEbVdrZVgxTzNPRUVGYkc4TjVEaGNqL0lXbDh1dGt3LzYwTEthNHBCS2cKTXhtNEx3RUNnWUVBNnlPRkhNY2pncHYxLzlHZC8yb3c2YmZKcTFjM1dqQkV2cnM2ZXNyMzgrU3UvdVFneXJNcAo5V01oZElpb2dYZjVlNjV5ZlIzYVBXcjJJdWMxZ0RUNlYycDZFR2h0NysyQkF1YkIzczloZisycVNRY1lkS3pmCnJOTDdKalE4ZEVGZWdYd041cHhKOTRTTVFZNEI4Qm9hOHNJWTd3TzU4dHpVMjZoclVnanFXQ1VDZ1lFQXlVUUIKNzViWlh6MGJ5cEc5NjNwYVp0bGlJY0cvUk1XMnVPOE9rVFNYSGdDSjBob25uRm5IMGZOc1pGTHdFWEtnTTRORworU3ZNbWtUekE5eVVSMHpIMFJ4UW44L1YzVWZLT2k5RktFeWx6NzNiRkV6ZW1QSEppQm12NWQ4ZTlOenZmU0E0CkdpRTYrYnFyV3VVWWRoRWlYTnY1SFNPZ3I4bUx1TzJDbGlmNTg0a0NnWUFlZzlDTmlJWmlOODAzOHNNWFYzZWIKalI5ZDNnYXY3SjJ2UnVyeTdvNDVGNDlpUXNiQ3AzZWxnY1RnczY5eWhkaFpwYXp6OGNEVndhREpyTW16cHF4cQpWY1liaFFIblppSWM5MGRubS9BaVF2eWJWNUZqNnQ5b05VVWtreGpaV1haalJXOGtZMW55QmtDUmJWVnhER0k4CjZOV0ZoeTFGaUVVVGNJcms3WVZFQlFLQmdRREpHTVIrYWRFamtlRlUwNjVadkZUYmN0VFVPY3dzb1Foalc2akkKZVMyTThxakNYeE80NnhQMnVTeFNTWFJKV3FpckQ3NDRkUVRvRjRCaEdXS21veGI3M3pqSGxWaHcwcXhDMnJ4VQorZENxODE0VXVJR3BlOTBMdWU3QTFlRU9kRHB1WVdUczVzc1FmdTE3MG5CUWQrcEhzaHNFZkhhdmJjZkhyTGpQCjQzMmhVUUtCZ1FDZ3hMZG5Pd2JMaHZLVkhhdTdPVXQxbGpUT240SnB5bHpnb3hFRXpzaDhDK0ZKUUQ1bkFxZXEKZUpWSkNCd2VkallBSDR6MUV3cHJjWnJIN3IyUTBqT2ZFallwU1dkZGxXaWh4OTNYODZ0aG83UzJuUlYrN1hNcQpPVW9ZcVZ1WGlGMWdMM1NGeHZqMHhxV3l0d0NPTW5DZGFCb0M0Tkw3enJtL0lZOEUwSkw2MkE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=" + ## When tls.certManager.enabled=false + ## nodeCert and clientCert will be used only when rootCA.key is empty. + ## Will be ignored and genSignedCert will be used to generate + ## node and client certs if rootCA.key is provided. + ## cert and key are base64 encoded content of certificate and key. + nodeCert: + cert: "" + key: "" + clientCert: + cert: "" + key: "" + +gflags: + master: + default_memory_limit_to_ram_ratio: 0.85 + tserver: {} +# use_cassandra_authentication: false + +yugabytedUi: + enabled: true + # If recoverWithoutFailure is true, yugabyted-ui will automatically try to restart itself + # instead of failing and causing the pod to restart + recoverWithoutFailure: true + recoveryInterval: 30s + # metricsSnapshotter must be enabled for yugabytedUi to properly display metrics + metricsSnapshotter: + enabled: true + # time between each metric snapshot in ms + interval: 11000 + whitelist: + - handler_latency_yb_tserver_TabletServerService_Read_count + - handler_latency_yb_tserver_TabletServerService_Write_count + - handler_latency_yb_tserver_TabletServerService_Read_sum + - handler_latency_yb_tserver_TabletServerService_Write_sum + - disk_usage + - cpu_usage + - node_up + +PodManagementPolicy: Parallel + +enableLoadBalancer: true + +ybc: + enabled: false + ## https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container + ## Use the above link to learn more about Kubernetes resources configuration. + # resources: + # requests: + # cpu: "1" + # memory: 1Gi + # limits: + # cpu: "1" + # memory: 1Gi + +ybCleanup: {} + ## https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container + ## Use the above link to learn more about Kubernetes resources configuration. + # resources: + # requests: + # cpu: "1" + # memory: 1Gi + # limits: + # cpu: "1" + # memory: 1Gi + +domainName: "cluster.local" +service: + type: "LoadBalancer" + +serviceEndpoints: + - name: "yb-master-ui" + type: LoadBalancer + annotations: {} + clusterIP: "" + ## Sets the Service's externalTrafficPolicy + externalTrafficPolicy: "" + app: "yb-master" + loadBalancerIP: "" + ports: + http-ui: "7000" + + - name: "yb-tserver-service" + type: LoadBalancer + annotations: {} + clusterIP: "" + ## Sets the Service's externalTrafficPolicy + externalTrafficPolicy: "" + app: "yb-tserver" + loadBalancerIP: "" + ports: + tcp-yql-port: "9042" + tcp-yedis-port: "6379" + tcp-ysql-port: "5433" + + - name: "yugabyted-ui-service" + type: LoadBalancer + annotations: {} + clusterIP: "" + ## Sets the Service's externalTrafficPolicy + externalTrafficPolicy: "" + app: "yb-master" + loadBalancerIP: "" + sessionAffinity: ClientIP + ports: + yugabyted-ui: "15433" + +Services: + - name: "yb-masters" + label: "yb-master" + skipHealthChecks: false + memory_limit_to_ram_ratio: 0.85 + ports: + http-ui: "7000" + tcp-rpc-port: "7100" + yugabyted-ui: "15433" + + - name: "yb-tservers" + label: "yb-tserver" + skipHealthChecks: false + ports: + http-ui: "9000" + tcp-rpc-port: "9100" + tcp-yql-port: "9042" + tcp-yedis-port: "6379" + tcp-ysql-port: "5433" + http-ycql-met: "12000" + http-yedis-met: "11000" + http-ysql-met: "13000" + grpc-ybc-port: "18018" + yugabyted-ui: "15433" + + +## Should be set to true only if Istio is being used. This also adds +## the Istio sidecar injection labels to the pods. +## TODO: remove this once +## https://github.com/yugabyte/yugabyte-db/issues/5641 is fixed. +## +istioCompatibility: + enabled: false + +## Settings required when using multicluster environment. +multicluster: + ## Creates a ClusterIP service for each yb-master and yb-tserver + ## pod. + createServicePerPod: false + ## creates a ClusterIP service whos name does not have release name + ## in it. A common service across different clusters for automatic + ## failover. Useful when using new naming style. + createCommonTserverService: false + + ## Enable it to deploy YugabyteDB in a multi-cluster services enabled + ## Kubernetes cluster (KEP-1645). This will create ServiceExport. + ## GKE Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#registering_a_service_for_export + ## You can use this gist for the reference to deploy the YugabyteDB in a multi-cluster scenario. + ## Gist - https://gist.github.com/baba230896/78cc9bb6f4ba0b3d0e611cd49ed201bf + createServiceExports: false + + ## Mandatory variable when createServiceExports is set to true. + ## Use: In case of GKE, you need to pass GKE Hub Membership Name. + ## GKE Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#enabling + kubernetesClusterId: "" + + ## mcsApiVersion is used for the MCS resources created by the + ## chart. Set to net.gke.io/v1 when using GKE MCS. + mcsApiVersion: "multicluster.x-k8s.io/v1alpha1" + +serviceMonitor: + ## If true, two ServiceMonitor CRs are created. One for yb-master + ## and one for yb-tserver + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor + ## + enabled: false + ## interval is the default scrape_interval for all the endpoints + interval: 30s + ## extraLabels can be used to add labels to the ServiceMonitors + ## being created + extraLabels: {} + # release: prom + + ## Configurations of ServiceMonitor for yb-master + master: + enabled: true + port: "http-ui" + interval: "" + path: "/prometheus-metrics" + + ## Configurations of ServiceMonitor for yb-tserver + tserver: + enabled: true + port: "http-ui" + interval: "" + path: "/prometheus-metrics" + ycql: + enabled: true + port: "http-ycql-met" + interval: "" + path: "/prometheus-metrics" + ysql: + enabled: true + port: "http-ysql-met" + interval: "" + path: "/prometheus-metrics" + yedis: + enabled: true + port: "http-yedis-met" + interval: "" + path: "/prometheus-metrics" + + commonMetricRelabelings: + # https://git.io/JJW5p + # Save the name of the metric so we can group_by since we cannot by __name__ directly... + - sourceLabels: ["__name__"] + regex: "(.*)" + targetLabel: "saved_name" + replacement: "$1" + # The following basically retrofit the handler_latency_* metrics to label format. + - sourceLabels: ["__name__"] + regex: "handler_latency_(yb_[^_]*)_([^_]*)_([^_]*)(.*)" + targetLabel: "server_type" + replacement: "$1" + - sourceLabels: ["__name__"] + regex: "handler_latency_(yb_[^_]*)_([^_]*)_([^_]*)(.*)" + targetLabel: "service_type" + replacement: "$2" + - sourceLabels: ["__name__"] + regex: "handler_latency_(yb_[^_]*)_([^_]*)_([^_]*)(_sum|_count)?" + targetLabel: "service_method" + replacement: "$3" + - sourceLabels: ["__name__"] + regex: "handler_latency_(yb_[^_]*)_([^_]*)_([^_]*)(_sum|_count)?" + targetLabel: "__name__" + replacement: "rpc_latency$4" + +resources: {} + +nodeSelector: {} + +affinity: {} + +statefulSetAnnotations: {} + +networkAnnotation: {} + +commonLabels: {} + +## @param dnsPolicy DNS Policy for pod +## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +## E.g. +## dnsPolicy: ClusterFirst +dnsPolicy: "" +## @param dnsConfig DNS Configuration pod +## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +## E.g. +## dnsConfig: +## options: +## - name: ndots +## value: "4" +dnsConfig: {} + + +master: + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#affinity-v1-core + ## This might override the default affinity from service.yaml + # To successfully merge, we need to follow rules for merging nodeSelectorTerms that kubernentes + # has. Each new node selector term is ORed together, and each match expression or match field in + # a single selector is ANDed together. + # This means, if a pod needs to be scheduled on a label 'custom_label_1' with a value + # 'custom_value_1', we need to add this 'subterm' to each of our pre-defined node affinity + # terms. + # + # Pod anti affinity is a simpler merge. Each term is applied separately, and the weight is tracked. + # The pod that achieves the highest weight is selected. + ## Example. + # affinity: + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app + # operator: In + # values: + # - "yb-master" + # topologyKey: kubernetes.io/hostname + # + # For further examples, see examples/yugabyte/affinity_overrides.yaml + affinity: {} + + ## Extra environment variables passed to the Master pods. + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#envvar-v1-core + ## Example: + # extraEnv: + # - name: NODE_IP + # valueFrom: + # fieldRef: + # fieldPath: status.hostIP + extraEnv: [] + + # secretEnv variables are used to expose secrets data as env variables in the master pod. + # TODO Add namespace also to support copying secrets from other namespace. + # secretEnv: + # - name: MYSQL_LDAP_PASSWORD + # valueFrom: + # secretKeyRef: + # name: secretName + # key: password + secretEnv: [] + + ## Annotations to be added to the Master pods. + podAnnotations: {} + + ## Labels to be added to the Master pods. + podLabels: {} + + ## Tolerations to be added to the Master pods. + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#toleration-v1-core + ## Example: + # tolerations: + # - key: dedicated + # operator: Equal + # value: experimental + # effect: NoSchedule + tolerations: [] + + ## Extra volumes + ## extraVolumesMounts are mandatory for each extraVolumes. + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volume-v1-core + ## Example: + # extraVolumes: + # - name: custom-nfs-vol + # persistentVolumeClaim: + # claimName: some-nfs-claim + extraVolumes: [] + + ## Extra volume mounts + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volumemount-v1-core + ## Example: + # extraVolumeMounts: + # - name: custom-nfs-vol + # mountPath: /home/yugabyte/nfs-backup + extraVolumeMounts: [] + + ## Set service account for master DB pods. The service account + ## should exist in the namespace where the master DB pods are brought up. + serviceAccount: "" + + ## Memory limit hard % (between 1-100) of the memory limit. + memoryLimitHardPercentage: 85 + + ## Readiness Probe + readinessProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 3 + successThreshold: 1 + + ## Custom readinessProbe that overrides the default one + ## Example: HTTP based Master readinessProbe + # customReadinessProbe: + # initialDelaySeconds: 30 + # periodSeconds: 20 + # timeoutSeconds: 10 + # failureThreshold: 3 + # successThreshold: 1 + # httpGet: + # path: / + # port: 7000 + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes + customReadinessProbe: {} + + ## Startup probe + startupProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 + + ## Custom startupProbe that overrides the default one + ## Enabling it will overrides the tserver.startupProbe + ## Example: HTTP based Master startupProbe + # customStartupProbe: + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 3 + # successThreshold: 1 + # httpGet: + # path: / + # port: 7000 + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes + customStartupProbe: {} + + +tserver: + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#affinity-v1-core + ## This might override the default affinity from service.yaml + # To successfully merge, we need to follow rules for merging nodeSelectorTerms that kubernentes + # has. Each new node selector term is ORed together, and each match expression or match field in + # a single selector is ANDed together. + # This means, if a pod needs to be scheduled on a label 'custom_label_1' with a value + # 'custom_value_1', we need to add this 'subterm' to each of our pre-defined node affinity + # terms. + # + # Pod anti affinity is a simpler merge. Each term is applied separately, and the weight is tracked. + # The pod that achieves the highest weight is selected. + ## Example. + # affinity: + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app + # operator: In + # values: + # - "yb-tserver" + # topologyKey: kubernetes.io/hostname + # For further examples, see examples/yugabyte/affinity_overrides.yaml + affinity: {} + + ## Extra environment variables passed to the TServer pods. + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#envvar-v1-core + ## Example: + # extraEnv: + # - name: NODE_IP + # valueFrom: + # fieldRef: + # fieldPath: status.hostIP + extraEnv: [] + + ## secretEnv variables are used to expose secrets data as env variables in the tserver pods. + ## If namespace field is not specified we assume that user already + ## created the secret in the same namespace as DB pods. + ## Example + # secretEnv: + # - name: MYSQL_LDAP_PASSWORD + # valueFrom: + # secretKeyRef: + # name: secretName + # namespace: my-other-namespace-with-ldap-secret + # key: password + secretEnv: [] + + ## Annotations to be added to the TServer pods. + podAnnotations: {} + + ## Labels to be added to the TServer pods. + podLabels: {} + + ## Tolerations to be added to the TServer pods. + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#toleration-v1-core + ## Example: + # tolerations: + # - key: dedicated + # operator: Equal + # value: experimental + # effect: NoSchedule + tolerations: [] + + ## Sets the --server_broadcast_addresses flag on the TServer, no + ## preflight checks are done for this address. You might need to add + ## `use_private_ip: cloud` to the gflags.master and gflags.tserver. + serverBroadcastAddress: "" + + ## Extra volumes + ## extraVolumesMounts are mandatory for each extraVolumes. + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volume-v1-core + ## Example: + # extraVolumes: + # - name: custom-nfs-vol + # persistentVolumeClaim: + # claimName: some-nfs-claim + extraVolumes: [] + + ## Extra volume mounts + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volumemount-v1-core + ## Example: + # extraVolumeMounts: + # - name: custom-nfs-vol + # path: /home/yugabyte/nfs-backup + extraVolumeMounts: [] + + ## Set service account for tserver DB pods. The service account + ## should exist in the namespace where the tserver DB pods are brought up. + serviceAccount: "" + + ## Memory limit hard % (between 1-100) of the memory limit. + memoryLimitHardPercentage: 85 + + ## Readiness Probe + readinessProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 3 + successThreshold: 1 + + ## Custom readinessProbe that overrides the default one + ## Enabling it will overrides the tserver.readinessProbe + ## Example: HTTP based Tserver readinessProbe + # customReadinessProbe: + # initialDelaySeconds: 30 + # periodSeconds: 20 + # timeoutSeconds: 10 + # httpGet: + # path: / + # port: 9000 + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes + customReadinessProbe: {} + + ## Startup probe + startupProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 + + ## Custom startupProbe that overrides the default one + ## Enabling it will overrides the tserver.startupProbe + ## Example: HTTP based Tserver startupProbe + # customStartupProbe: + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 3 + # successThreshold: 1 + # httpGet: + # path: / + # port: 9000 + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes + customStartupProbe: {} + + +helm2Legacy: false + +ip_version_support: "v4_only" # v4_only, v6_only are the only supported values at the moment + +# For more https://docs.yugabyte.com/latest/reference/configuration/yugabyted/#environment-variables +authCredentials: + ysql: + user: "yugabyte" + password: "yugabyte" + database: "yugabyte" + ycql: + user: "" + password: "" + keyspace: "" + +oldNamingStyle: false + +preflight: + # Set to true to skip disk IO check, DNS address resolution, and + # port bind checks + skipAll: false + # Set to true to skip port bind checks + skipBind: false + + ## Set to true to skip ulimit verification + ## SkipAll has higher priority + skipUlimit: false + +## Pod securityContext +## Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context +## The following configuration runs YB-Master and YB-TServer as a non-root user +podSecurityContext: + enabled: false + ## Mark it false, if you want to stop the non root user validation + runAsNonRoot: true + fsGroup: 10001 + runAsUser: 10001 + runAsGroup: 10001 + +## Added to handle old universe which has volume annotations +## K8s universe <= 2.5 to >= 2.6 +legacyVolumeClaimAnnotations: false diff --git a/addons/yugabytedb/2024/chart/yugabytedb/yugabyte-rbac.yaml b/addons/yugabytedb/2024/chart/yugabytedb/yugabyte-rbac.yaml new file mode 100644 index 00000000..d021fbcb --- /dev/null +++ b/addons/yugabytedb/2024/chart/yugabytedb/yugabyte-rbac.yaml @@ -0,0 +1,19 @@ +# Create YugaByte specific service account +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yugabyte-helm + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yugabyte-helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: yugabyte-helm + namespace: kube-system diff --git a/addons/yugabytedb/2024/meta.yaml b/addons/yugabytedb/2024/meta.yaml new file mode 100644 index 00000000..d2f1f5c5 --- /dev/null +++ b/addons/yugabytedb/2024/meta.yaml @@ -0,0 +1,24 @@ +name: yugabytedb +version: 2024 +id: 1f8087cd-d210-44ba-ba84-344f752252b7 +description: "yugabytedb." +displayName: "yugabytedb" +metadata: + displayName: "yugabytedb" + provider: + name: drycc + supportURL: https://docs.yugabyte.com + documentationURL: https://github.com/drycc-addons/containers/tree/main/containers/yugabytedb +tags: yugabytedb +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "networkPolicy.allowNamespaces" + required: false + description: "networkPolicy allowNamespaces config for values.yaml" +- name: "service.type" + required: false + description: "service type config for values.yaml" +archive: false diff --git a/addons/yugabytedb/2024/plans/standard-1c2g3w10/bind.yaml b/addons/yugabytedb/2024/plans/standard-1c2g3w10/bind.yaml new file mode 100644 index 00000000..e1ea2b53 --- /dev/null +++ b/addons/yugabytedb/2024/plans/standard-1c2g3w10/bind.yaml @@ -0,0 +1,33 @@ +credential: + - name: TSERVER_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yb-tserver-service + jsonpath: '{ .spec.clusterIP }' + - name: TSERVER_EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yb-tserver-service + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: UI_EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yugabyted-ui-service + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: UI_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yugabyted-ui-service + jsonpath: '{ .spec.clusterIP }' + - name: MASTER_UI_EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yb-master-ui + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: MASTER_UI_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yb-master-ui + jsonpath: '{ .spec.clusterIP }' + - name: TSERVER_PORT + value: "5433" \ No newline at end of file diff --git a/addons/yugabytedb/2024/plans/standard-1c2g3w10/create-instance-schema.json b/addons/yugabytedb/2024/plans/standard-1c2g3w10/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/yugabytedb/2024/plans/standard-1c2g3w10/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/yugabytedb/2024/plans/standard-1c2g3w10/meta.yaml b/addons/yugabytedb/2024/plans/standard-1c2g3w10/meta.yaml new file mode 100644 index 00000000..549fa994 --- /dev/null +++ b/addons/yugabytedb/2024/plans/standard-1c2g3w10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1c2g3w10" +id: 2b65e52b-7d7f-4e41-83b8-9a53965ce314 +description: "ZooKeeper standard-1c2g3w plan which limit resources 1 core 2G memory 3 replicas." +displayName: "standard-1c2g3w10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/yugabytedb/2024/plans/standard-1c2g3w10/values.yaml b/addons/yugabytedb/2024/plans/standard-1c2g3w10/values.yaml new file mode 100644 index 00000000..7b28893d --- /dev/null +++ b/addons/yugabytedb/2024/plans/standard-1c2g3w10/values.yaml @@ -0,0 +1,31 @@ +storage: + master: + count: 2 + size: 10Gi + tserver: + count: 2 + size: 10Gi + +resource: + master: + requests: + cpu: 2 + memory: 2Gi + limits: + cpu: 2 + memory: 2Gi + tserver: + requests: + cpu: 2 + memory: 4Gi + limits: + cpu: 2 + memory: 4Gi + +replicas: + master: 3 + tserver: 3 + +partition: + master: 3 + tserver: 3 \ No newline at end of file diff --git a/addons/yugabytedb/2024/plans/standard-2c4g3w20/bind.yaml b/addons/yugabytedb/2024/plans/standard-2c4g3w20/bind.yaml new file mode 100644 index 00000000..6f4da8e3 --- /dev/null +++ b/addons/yugabytedb/2024/plans/standard-2c4g3w20/bind.yaml @@ -0,0 +1,37 @@ +credential: + - name: TSERVER_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yb-tserver-service + jsonpath: '{ .spec.clusterIP }' + - name: TSERVER_EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yb-tserver-service + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: TSERVER_PORT + value: "5433" + - name: UI_EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yugabyted-ui-service + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: UI_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yugabyted-ui-service + jsonpath: '{ .spec.clusterIP }' + - name: UI_PORT + value: "15433" + - name: MASTER_UI_EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yb-master-ui + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: MASTER_UI_HOST + valueFrom: + serviceRef: + name: {{ (include "yugabyte.fullname" .) }}-yb-master-ui + jsonpath: '{ .spec.clusterIP }' + - name: MASTER_UI_PORT + value: "7000" diff --git a/addons/yugabytedb/2024/plans/standard-2c4g3w20/create-instance-schema.json b/addons/yugabytedb/2024/plans/standard-2c4g3w20/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/yugabytedb/2024/plans/standard-2c4g3w20/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/yugabytedb/2024/plans/standard-2c4g3w20/meta.yaml b/addons/yugabytedb/2024/plans/standard-2c4g3w20/meta.yaml new file mode 100644 index 00000000..3036a2f9 --- /dev/null +++ b/addons/yugabytedb/2024/plans/standard-2c4g3w20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g3w20" +id: 60a4ad4b-9243-4d2a-831d-c6a8b8a03985 +description: "ZooKeeper standard-2c4g20 plan which limit resources 2 cores 4G memory 3 replicas." +displayName: "standard-2c4g3w20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/yugabytedb/2024/plans/standard-2c4g3w20/values.yaml b/addons/yugabytedb/2024/plans/standard-2c4g3w20/values.yaml new file mode 100644 index 00000000..65cea216 --- /dev/null +++ b/addons/yugabytedb/2024/plans/standard-2c4g3w20/values.yaml @@ -0,0 +1,31 @@ +storage: + master: + count: 2 + size: 20Gi + tserver: + count: 2 + size: 20Gi + +resource: + master: + requests: + cpu: 2 + memory: 2Gi + limits: + cpu: 2 + memory: 2Gi + tserver: + requests: + cpu: 2 + memory: 4Gi + limits: + cpu: 2 + memory: 4Gi + +replicas: + master: 3 + tserver: 3 + +partition: + master: 3 + tserver: 3 \ No newline at end of file From 5b8370feedb3de93fa9c61917fc0bdc9a3b64d88 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 21 Nov 2024 16:20:29 +0800 Subject: [PATCH 130/176] chore(clickhouse): add plan 32c64g12000 --- .../24/chart/clickhouse/values.yaml | 1 + .../24/plans/standard-16c64g1000/values.yaml | 4 ++-- .../24/plans/standard-32c64g12000/bind.yaml | 24 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++++ .../24/plans/standard-32c64g12000/meta.yaml | 6 +++++ .../24/plans/standard-32c64g12000/values.yaml | 23 ++++++++++++++++++ .../24/plans/standard-4c16g100/values.yaml | 4 ++-- .../24/plans/standard-8c32g500/values.yaml | 4 ++-- 8 files changed, 72 insertions(+), 6 deletions(-) create mode 100644 addons/clickhouse/24/plans/standard-32c64g12000/bind.yaml create mode 100644 addons/clickhouse/24/plans/standard-32c64g12000/create-instance-schema.json create mode 100644 addons/clickhouse/24/plans/standard-32c64g12000/meta.yaml create mode 100644 addons/clickhouse/24/plans/standard-32c64g12000/values.yaml diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml index 76726030..e711b6b1 100644 --- a/addons/clickhouse/24/chart/clickhouse/values.yaml +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -294,6 +294,7 @@ defaultConfigurationOverrides: | {{- $shards := $.Values.shards | int }} {{- range $shard, $e := until $shards }} + true {{- $replicas := $.Values.replicaCount | int }} {{- range $i, $_e := until $replicas }} diff --git a/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml b/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml index 60735b83..6c4b2f47 100644 --- a/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml +++ b/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 16000m memory: 64Gi requests: - cpu: 16000m - memory: 64Gi + cpu: 4000m + memory: 16Gi persistence: size: 1000Gi \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-32c64g12000/bind.yaml b/addons/clickhouse/24/plans/standard-32c64g12000/bind.yaml new file mode 100644 index 00000000..8cddaa51 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-32c64g12000/bind.yaml @@ -0,0 +1,24 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: {{ printf "EXTRANET_HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: {{ printf "HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + value: '{{ .Values.auth.username }}' + - name: TCP_PORT + value: 9000 + - name: HTTP_PORT + value: 8123 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-32c64g12000/create-instance-schema.json b/addons/clickhouse/24/plans/standard-32c64g12000/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-32c64g12000/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-32c64g12000/meta.yaml b/addons/clickhouse/24/plans/standard-32c64g12000/meta.yaml new file mode 100644 index 00000000..384a51c8 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-32c64g12000/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c64g12000" +id: 24a85352-a7e0-11ef-8a06-ef08afb2fad9 +description: "clickhouse standard-32c64g12000 plan: Disk 12000Gi ,vCPUs 32 , RAM 64G " +displayName: "standard-32c64g12000" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-32c64g12000/values.yaml b/addons/clickhouse/24/plans/standard-32c64g12000/values.yaml new file mode 100644 index 00000000..8be44d06 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-32c64g12000/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-clickhouse-cluster-standard-32c64g12000 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 32000m + memory: 64Gi + requests: + cpu: 8000m + memory: 16Gi + +persistence: + size: 12000Gi \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-4c16g100/values.yaml b/addons/clickhouse/24/plans/standard-4c16g100/values.yaml index 8b69f236..002cc894 100644 --- a/addons/clickhouse/24/plans/standard-4c16g100/values.yaml +++ b/addons/clickhouse/24/plans/standard-4c16g100/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 4000m memory: 16Gi requests: - cpu: 4000m - memory: 16Gi + cpu: 2000m + memory: 4Gi persistence: size: 100Gi diff --git a/addons/clickhouse/24/plans/standard-8c32g500/values.yaml b/addons/clickhouse/24/plans/standard-8c32g500/values.yaml index 3d1c8a1e..dab1c884 100644 --- a/addons/clickhouse/24/plans/standard-8c32g500/values.yaml +++ b/addons/clickhouse/24/plans/standard-8c32g500/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 8000m memory: 32Gi requests: - cpu: 8000m - memory: 32Gi + cpu: 2000m + memory: 8Gi persistence: size: 500Gi \ No newline at end of file From 9d24f3c0df39a355b60715f8ffb63b87184e4010 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 27 Nov 2024 10:29:06 +0800 Subject: [PATCH 131/176] chore(grafana): disable update --- addons/grafana/10/meta.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/grafana/10/meta.yaml b/addons/grafana/10/meta.yaml index 81d5f692..4a066bd4 100644 --- a/addons/grafana/10/meta.yaml +++ b/addons/grafana/10/meta.yaml @@ -13,7 +13,7 @@ tags: grafana bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: true +plan_updateable: false allow_parameters: - name: "networkPolicy.allowNamespaces" required: false From 7c8c99e622c5c307484cfc1434446d75c354c528 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 28 Nov 2024 13:31:14 +0800 Subject: [PATCH 132/176] chore(mysql-cluster):remove plan1c2g10 --- .../8.0/chart/mysql-cluster/values.yaml | 1 - .../8.0/plans/standard-1c2g10/bind.yaml | 35 ----------- .../create-instance-schema.json | 12 ---- .../8.0/plans/standard-1c2g10/meta.yaml | 6 -- .../8.0/plans/standard-1c2g10/values.yaml | 61 ------------------- 5 files changed, 115 deletions(-) delete mode 100644 addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml delete mode 100644 addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json delete mode 100644 addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml delete mode 100644 addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 34a406b2..d32c9c56 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -235,7 +235,6 @@ primary: character-set-server=UTF8MB4 collation-server=UTF8MB4_general_ci slow_query_log=0 - slow_query_log_file=/opt/drycc/mysql/logs/mysqld.log long_query_time=10.0 log_timestamps=system disabled_storage_engines="MyISAM,BLACKHOLE,FEDERATED,ARCHIVE,MEMORY" diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml deleted file mode 100644 index a0668383..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml +++ /dev/null @@ -1,35 +0,0 @@ -credential: -{{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: EXTRANET_HOST - valueFrom: - serviceRef: - name: {{ include "common.names.fullname" . }}-router - jsonpath: '{ .status.loadBalancer.ingress[*].ip }' -{{- end }} - - name: DOMAIN - value: {{ template "common.names.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - - name: HOST - valueFrom: - serviceRef: - name: {{ include "common.names.fullname" . }}-router - jsonpath: '{ .spec.clusterIP }' - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-administrator-user - jsonpath: '{ .data.password }' - - name: USERNAME - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-administrator-user - jsonpath: '{ .data.username }' - - name: READONLY_PORT - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-administrator-user - jsonpath: '{ .data.portro }' - - name: READWRITE_PORT - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-administrator-user - jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml deleted file mode 100644 index b06fc92b..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-1c2g10" -id: 2b455154-8725-482a-95b2-a193c180d9b5 -description: "Mysql Cluster standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" -displayName: "standard-1c2g10" -bindable: true -maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml deleted file mode 100644 index 437127a4..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-mysql-cluster-standard-10 - -## MinIO® containers' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the MinIO® container -## @param resources.requests The requested resources for the MinIO® container -## -primary: - maxConnectionLimit: 600 - resources: - limits: - cpu: 1000m - memory: 2Gi - requests: - cpu: 1000m - memory: 2Gi - - -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## - persistence: - ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir - ## - enabled: true - ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas - ## NOTE: When it's set the rest of persistence parameters are ignored - ## - existingClaim: "" - ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations - ## - annotations: {} - ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param primary.persistence.size MySQL primary persistent volume size - ## - size: 10Gi - ## @param primary.persistence.selector Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} From 3f64c9ca6dadc6064adbbad2377346e027077d51 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 30 Dec 2024 13:14:41 +0800 Subject: [PATCH 133/176] chore(grafana): add node selector --- addons/grafana/10/meta.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/addons/grafana/10/meta.yaml b/addons/grafana/10/meta.yaml index 4a066bd4..8e4a9eac 100644 --- a/addons/grafana/10/meta.yaml +++ b/addons/grafana/10/meta.yaml @@ -21,4 +21,6 @@ allow_parameters: - name: "service.type" required: false description: "service type config for values.yaml" +- name: "grafana.nodeSelector" + required: false archive: false From 934f8409cc3af02bd010ae10524d8301a3c1efb4 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 30 Dec 2024 13:15:15 +0800 Subject: [PATCH 134/176] chore(prometheus): add node selector --- addons/prometheus/2/meta.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index 50079cc3..97504a6d 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -51,4 +51,10 @@ allow_parameters: - name: "server.evaluationInterval" required: false description: "evaluationInterval values.yaml" +- name: "server.nodeSelector" + required: false + description: "server nodeSelector" +- name: "alertmanager.nodeSelector" + required: false + description: "alertmanager nodeSelector" archive: false From 60153ede6ebd44e4cef7597deff86e5a5873694c Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 30 Dec 2024 13:17:30 +0800 Subject: [PATCH 135/176] chore(clickhouse) set internal_replication true and other params about memory --- addons/clickhouse/24/chart/clickhouse/values.yaml | 9 +++++++-- .../clickhouse/24/plans/standard-16c64g1000/values.yaml | 5 ++++- addons/clickhouse/24/plans/standard-2c4g20/meta.yaml | 2 +- addons/clickhouse/24/plans/standard-2c4g20/values.yaml | 3 +++ .../clickhouse/24/plans/standard-32c64g12000/values.yaml | 5 ++++- addons/clickhouse/24/plans/standard-4c16g100/values.yaml | 3 +++ addons/clickhouse/24/plans/standard-8c32g500/values.yaml | 5 ++++- 7 files changed, 26 insertions(+), 6 deletions(-) diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml index e711b6b1..720fa9b7 100644 --- a/addons/clickhouse/24/chart/clickhouse/values.yaml +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -278,6 +278,8 @@ keeper: defaultConfigurationOverrides: | Asia/Shanghai + {{ printf "%.0f" .Values.MaxServerMemoryUsage }} + {{ printf "%.0f" .Values.MergesMutationsMemoryUsageSoftLimit }} @@ -294,8 +296,8 @@ defaultConfigurationOverrides: | {{- $shards := $.Values.shards | int }} {{- range $shard, $e := until $shards }} - true + true {{- $replicas := $.Values.replicaCount | int }} {{- range $i, $_e := until $replicas }} @@ -321,10 +323,13 @@ defaultConfigurationOverrides: | /drycc/clickhouse/keeper/coordination/log /drycc/clickhouse/keeper/coordination/snapshots - + {{ printf "%.0f" .Values.MaxServerMemoryUsage }} + 10000 30000 + {{ printf "%.0f" .Values.MergesMutationsMemoryUsageSoftLimit }} + true trace diff --git a/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml b/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml index 6c4b2f47..96c4ccbd 100644 --- a/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml +++ b/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml @@ -20,4 +20,7 @@ resources: memory: 16Gi persistence: - size: 1000Gi \ No newline at end of file + size: 1000Gi + +MaxServerMemoryUsage: 59055800320 +MergesMutationsMemoryUsageSoftLimit: 34359738368 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-2c4g20/meta.yaml b/addons/clickhouse/24/plans/standard-2c4g20/meta.yaml index ca409ee7..6ae80b84 100644 --- a/addons/clickhouse/24/plans/standard-2c4g20/meta.yaml +++ b/addons/clickhouse/24/plans/standard-2c4g20/meta.yaml @@ -1,6 +1,6 @@ name: "standard-2c4g20" id: 9866afb5-eeb1-4c89-a6d6-01197ff34bbc -description: "clickhouse standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G " +description: "clickhouse standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DO NOT USE THIS PLAN, only for test " displayName: "standard-2c4g20" bindable: true maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-2c4g20/values.yaml b/addons/clickhouse/24/plans/standard-2c4g20/values.yaml index 254b4fea..0c5d38c4 100644 --- a/addons/clickhouse/24/plans/standard-2c4g20/values.yaml +++ b/addons/clickhouse/24/plans/standard-2c4g20/values.yaml @@ -21,3 +21,6 @@ resources: persistence: size: 20Gi + +MaxServerMemoryUsage: 3221225472 +MergesMutationsMemoryUsageSoftLimit: 2147483648 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-32c64g12000/values.yaml b/addons/clickhouse/24/plans/standard-32c64g12000/values.yaml index 8be44d06..a933b9da 100644 --- a/addons/clickhouse/24/plans/standard-32c64g12000/values.yaml +++ b/addons/clickhouse/24/plans/standard-32c64g12000/values.yaml @@ -20,4 +20,7 @@ resources: memory: 16Gi persistence: - size: 12000Gi \ No newline at end of file + size: 12000Gi + +MaxServerMemoryUsage: 59055800320 +MergesMutationsMemoryUsageSoftLimit: 34359738368 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-4c16g100/values.yaml b/addons/clickhouse/24/plans/standard-4c16g100/values.yaml index 002cc894..39aa6b39 100644 --- a/addons/clickhouse/24/plans/standard-4c16g100/values.yaml +++ b/addons/clickhouse/24/plans/standard-4c16g100/values.yaml @@ -21,3 +21,6 @@ resources: persistence: size: 100Gi + +MaxServerMemoryUsage: 10737418240 +MergesMutationsMemoryUsageSoftLimit: 8589934592 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-8c32g500/values.yaml b/addons/clickhouse/24/plans/standard-8c32g500/values.yaml index dab1c884..117e2e58 100644 --- a/addons/clickhouse/24/plans/standard-8c32g500/values.yaml +++ b/addons/clickhouse/24/plans/standard-8c32g500/values.yaml @@ -20,4 +20,7 @@ resources: memory: 8Gi persistence: - size: 500Gi \ No newline at end of file + size: 500Gi + +MaxServerMemoryUsage: 10737418240 +MergesMutationsMemoryUsageSoftLimit: 8589934592 \ No newline at end of file From b3d62048e73e01b445b016de74ad84daf1b0bf55 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 30 Dec 2024 13:18:59 +0800 Subject: [PATCH 136/176] chore(postgresql-cluster): remove 1c2g plan --- .../15/chart/postgresql-cluster/values.yaml | 2 +- .../15/plans/standard-1c2g10/bind.yaml | 42 ---------- .../create-instance-schema.json | 12 --- .../15/plans/standard-1c2g10/meta.yaml | 6 -- .../15/plans/standard-1c2g10/values.yaml | 78 ------------------- 5 files changed, 1 insertion(+), 139 deletions(-) delete mode 100644 addons/postgresql-cluster/15/plans/standard-1c2g10/bind.yaml delete mode 100644 addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json delete mode 100644 addons/postgresql-cluster/15/plans/standard-1c2g10/meta.yaml delete mode 100644 addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index efa6be7a..7e3ca476 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -356,7 +356,7 @@ persistentVolume: ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## - # storageClass: "-" + storageClass: "" subPath: "" mountPath: "/home/postgres/pgdata" annotations: {} diff --git a/addons/postgresql-cluster/15/plans/standard-1c2g10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-1c2g10/bind.yaml deleted file mode 100644 index 43111931..00000000 --- a/addons/postgresql-cluster/15/plans/standard-1c2g10/bind.yaml +++ /dev/null @@ -1,42 +0,0 @@ -credential: -{{- if (eq .Values.service.type "LoadBalancer") }} - - name: EXTRANET_MASTER_HOST - valueFrom: - serviceRef: - name: {{ include "common.names.fullname" . }}-master - jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: EXTRANET_REPL_HOST - valueFrom: - serviceRef: - name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{ .status.loadBalancer.ingress[*].ip }' -{{- end }} - - name: DOMAIN_MASTER - value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - - name: DOMAIN_REPL - value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - - name: MASTER_HOST - valueFrom: - serviceRef: - name: {{ include "common.names.fullname" . }}-master - jsonpath: '{ .spec.clusterIP }' - - name: REPL_HOST - valueFrom: - serviceRef: - name: {{ include "common.names.fullname" . }}-repl - jsonpath: '{ .spec.clusterIP }' - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.admin-password }' - - name: USERNAME - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.admin-user }' - - name: PORT - value: 5432 - - name: DADABASE - value: postgres - diff --git a/addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-1c2g10/meta.yaml b/addons/postgresql-cluster/15/plans/standard-1c2g10/meta.yaml deleted file mode 100644 index ecec7095..00000000 --- a/addons/postgresql-cluster/15/plans/standard-1c2g10/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-1c2g10" -id: 83c3b52e-2685-4362-9ea1-42e170060c78 -description: "Postgresql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" -displayName: "standard-1c2g10" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml b/addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml deleted file mode 100644 index 80634ab3..00000000 --- a/addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml +++ /dev/null @@ -1,78 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-postgresql-cluster-standard-10 - -postgresql: - config: |- - # Connectivity - max_connections = 980 - superuser_reserved_connections = 3 - - # Memory Settings - shared_buffers = '256 MB' - work_mem = '32 MB' - maintenance_work_mem = '320 MB' - huge_pages = off - effective_cache_size = '1 GB' - effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function - random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) - - # Monitoring - track_io_timing=on # measure exact block IO times - track_functions=pl # track execution times of pl-language procedures if any - - # Replication - max_wal_senders = 10 - synchronous_commit = on - - # Checkpointing: - checkpoint_timeout = '15 min' - checkpoint_completion_target = 0.9 - max_wal_size = '1 GB' - min_wal_size = '512 MB' - - # WAL writing - wal_compression = on - wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) - wal_writer_delay = 200ms - wal_writer_flush_after = 1MB - wal_keep_size = '1 GB' - - # Background writer - bgwriter_delay = 200ms - bgwriter_lru_maxpages = 100 - bgwriter_lru_multiplier = 2.0 - bgwriter_flush_after = 0 - - # Parallel queries: - max_worker_processes = 2 - max_parallel_workers_per_gather = 1 - max_parallel_maintenance_workers = 1 - max_parallel_workers = 2 - parallel_leader_participation = on - - # Advanced features - enable_partitionwise_join = on - enable_partitionwise_aggregate = on - jit = on - max_slot_wal_keep_size = '1000 MB' - track_wal_io_timing = on - maintenance_io_concurrency = 100 - -resources: - # If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1000m - memory: 2Gi - hugepages-2Mi: 4Mi - requests: - cpu: 1000m - memory: 2Gi - -persistentVolume: - enabled: true - size: 10Gi - -shmVolume: - sizeLimit: "1Gi" \ No newline at end of file From 2cbc5b4ce94cbdb6b2878eb474487981d2b5dc3d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 30 Dec 2024 13:41:24 +0800 Subject: [PATCH 137/176] chore(mysql-cluster): Support different MySQL initialization parameters against plan --- .../templates/primary/configmap.yaml | 1 + .../templates/primary/statefulset.yaml | 4 --- .../8.0/chart/mysql-cluster/values.yaml | 16 ++++++++-- addons/mysql-cluster/8.0/meta.yaml | 6 ++++ .../8.0/plans/standard-16c64g400/values.yaml | 20 ++++++++++++- .../8.0/plans/standard-2c4g20/values.yaml | 29 ++++++++++++++++++- .../8.0/plans/standard-2c8g50/values.yaml | 28 +++++++++++++++++- .../8.0/plans/standard-32c128g800/values.yaml | 20 ++++++++++++- .../8.0/plans/standard-4c16g100/values.yaml | 23 +++++++++++++-- .../8.0/plans/standard-8c32g200/values.yaml | 20 ++++++++++++- 10 files changed, 153 insertions(+), 14 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/configmap.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/configmap.yaml index e3bf8c93..2f497755 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/configmap.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/configmap.yaml @@ -20,4 +20,5 @@ metadata: data: my.cnf: |- {{- include "common.tplvalues.render" ( dict "value" .Values.primary.configuration "context" $ ) | nindent 4 }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extraConfig "context" $ ) | nindent 4 }} {{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 822a407b..2a444c87 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -160,10 +160,6 @@ spec: - name: MYSQL_DATABASE value: {{ .Values.auth.database | quote }} {{- end }} - {{- if .Values.primary.maxConnectionLimit }} - - name: MAX_CONNECTION_LIMIT - value: {{ .Values.primary.maxConnectionLimit | quote }} - {{- end }} {{- if or (eq .Values.architecture "replication") (eq .Values.architecture "mgr") }} - name: MYSQL_REPLICATION_MODE value: "master" diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index d32c9c56..1639f6bd 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -180,7 +180,6 @@ initdbScripts: echo report_host=$mgr_host >> $base_conf_file echo loose-group_replication_group_seeds="$svc_mgr_host-0:24901,$svc_mgr_host-1:24901,$svc_mgr_host-2:24901" >> $base_conf_file echo loose-group_replication_start_on_boot='OFF' >> $base_conf_file - echo max_connections=$MAX_CONNECTION_LIMIT >> $base_conf_file ## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) ## @@ -212,7 +211,14 @@ primary: ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file ## maxConnectionLimit: 2000 - + ## against plans + extraConfig: | + [mysqld] + innodb_io_capacity=2000 + innodb_io_capacity_max=3000 + max_connect_errors=1000000 + thread_cache_size=200 + configuration: |- [mysqld] # server @@ -241,6 +247,8 @@ primary: sql_require_primary_key=ON log_error_suppression_list='MY-013360' binlog_transaction_dependency_tracking=WRITESET + default-time-zone='+8:00' + local_infile=ON # Replication log_bin=mysql-bin @@ -606,8 +614,10 @@ router: replicaCount: 2 configuration: |- + [DEFAULT] + max_total_connections = 1000 [routing:bootstrap_rw] - max_connections=1000 + max_connections= 1000 ## @param primary.existingConfigmap Name of existing ConfigMap with MySQL Primary configuration. ## NOTE: When it's set the 'configuration' parameter is ignored diff --git a/addons/mysql-cluster/8.0/meta.yaml b/addons/mysql-cluster/8.0/meta.yaml index df1189e4..9e3db304 100644 --- a/addons/mysql-cluster/8.0/meta.yaml +++ b/addons/mysql-cluster/8.0/meta.yaml @@ -27,4 +27,10 @@ allow_parameters: - name: "backup" required: false description: "backup config for values.yaml" +- name: "primary.nodeSelector" + required: false + description: "primary.nodeSelector for values.yaml" +- name: "router.nodeSelector" + required: false + description: "router.nodeSelector for values.yaml" archive: false \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml index f346d776..e897821a 100644 --- a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml @@ -12,7 +12,19 @@ fullnameOverride: hb-mysql-cluster-standard-400 ## @param resources.requests The requested resources for the MinIO® container ## primary: - maxConnectionLimit: 1600 + extraConfig: | + [mysqld] + innodb_io_capacity=2000 + innodb_io_capacity_max=3000 + max_connect_errors=1000000 + open_files_limit=2000000 + performance_schema_max_table_instances=200 + thread_cache_size=200 + innodb_read_io_threads=32 + innodb_write_io_threads=32 + innodb_buffer_pool_instances=16 + innodb_buffer_pool_size=42949672960 + max_connections=16000 resources: limits: cpu: 16000m @@ -60,6 +72,12 @@ primary: selector: {} router: + replicaCount: 4 + configuration: |- + [DEFAULT] + max_total_connections = 3900 + [routing:bootstrap_rw] + max_connections= 3900 resources: limits: cpu: 1600m diff --git a/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml b/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml index d9422e70..40a62583 100644 --- a/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml @@ -12,7 +12,19 @@ fullnameOverride: hb-mysql-cluster-standard-20 ## @param resources.requests The requested resources for the MinIO® container ## primary: - maxConnectionLimit: 1000 + extraConfig: | + [mysqld] + innodb_io_capacity=2000 + innodb_io_capacity_max=3000 + max_connect_errors=1000000 + open_files_limit=2000000 + performance_schema_max_table_instances=200 + thread_cache_size=200 + innodb_read_io_threads=4 + innodb_write_io_threads=4 + innodb_buffer_pool_instances=2 + innodb_buffer_pool_size=2147483648 + max_connections=1000 resources: limits: cpu: 2000m @@ -59,3 +71,18 @@ primary: ## app: my-app ## selector: {} + +router: + replicaCount: 2 + configuration: |- + [DEFAULT] + max_total_connections = 400 + [routing:bootstrap_rw] + max_connections= 400 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 500m + memory: 512Mi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml b/addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml index bc9fd336..5cd7245b 100644 --- a/addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml @@ -12,7 +12,19 @@ fullnameOverride: hb-mysql-cluster-standard-50 ## @param resources.requests The requested resources for the MinIO® container ## primary: - maxConnectionLimit: 2000 + extraConfig: | + [mysqld] + innodb_io_capacity=2000 + innodb_io_capacity_max=3000 + max_connect_errors=1000000 + open_files_limit=2000000 + performance_schema_max_table_instances=200 + thread_cache_size=200 + innodb_read_io_threads=4 + innodb_write_io_threads=4 + innodb_buffer_pool_instances=2 + innodb_buffer_pool_size=4294967296 + max_connections=2000 resources: limits: cpu: 2000m @@ -58,3 +70,17 @@ primary: ## app: my-app ## selector: {} +router: + replicaCount: 2 + configuration: |- + [DEFAULT] + max_total_connections = 900 + [routing:bootstrap_rw] + max_connections= 900 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 500m + memory: 512Mi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml index c25affff..92916170 100644 --- a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml @@ -12,7 +12,19 @@ fullnameOverride: hb-mysql-cluster-standard-800 ## @param resources.requests The requested resources for the MinIO® container ## primary: - maxConnectionLimit: 32000 + extraConfig: | + [mysqld] + innodb_io_capacity=2000 + innodb_io_capacity_max=3000 + max_connect_errors=1000000 + open_files_limit=2000000 + performance_schema_max_table_instances=200 + thread_cache_size=200 + innodb_read_io_threads=64 + innodb_write_io_threads=64 + innodb_buffer_pool_instances=32 + innodb_buffer_pool_size=85899345920 + max_connections=32000 resources: limits: cpu: 32000m @@ -59,6 +71,12 @@ primary: ## selector: {} router: + replicaCount: 4 + configuration: |- + [DEFAULT] + max_total_connections = 7900 + [routing:bootstrap_rw] + max_connections= 7900 resources: limits: cpu: 3200m diff --git a/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml index 68412b31..9fdcd02b 100644 --- a/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml @@ -12,14 +12,27 @@ fullnameOverride: hb-mysql-cluster-standard-100 ## @param resources.requests The requested resources for the MinIO® container ## primary: - maxConnectionLimit: 4000 + extraConfig: | + [mysqld] + innodb_io_capacity=2000 + innodb_io_capacity_max=3000 + max_connect_errors=1000000 + open_files_limit=2000000 + performance_schema_max_table_instances=200 + thread_cache_size=200 + innodb_read_io_threads=8 + innodb_write_io_threads=8 + innodb_buffer_pool_instances=4 + innodb_buffer_pool_size=10737418240 + max_connections=4000 + resources: limits: cpu: 4000m memory: 16Gi requests: cpu: 4000m - memory: 16Gi + memory: 12Gi ## @section Persistence parameters @@ -60,6 +73,12 @@ primary: selector: {} router: + replicaCount: 3 + configuration: |- + [DEFAULT] + max_total_connections = 1200 + [routing:bootstrap_rw] + max_connections= 1200 resources: limits: cpu: 500m diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml index 4061331e..5bd7daef 100644 --- a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml @@ -12,7 +12,19 @@ fullnameOverride: hb-mysql-cluster-standard-200 ## @param resources.requests The requested resources for the MinIO® container ## primary: - maxConnectionLimit: 8000 + extraConfig: | + [mysqld] + innodb_io_capacity=2000 + innodb_io_capacity_max=3000 + max_connect_errors=1000000 + open_files_limit=2000000 + performance_schema_max_table_instances=200 + thread_cache_size=200 + innodb_read_io_threads=16 + innodb_write_io_threads=16 + innodb_buffer_pool_instances=8 + innodb_buffer_pool_size=22548578304 + max_connections=8000 resources: limits: cpu: 8000m @@ -60,6 +72,12 @@ primary: selector: {} router: + replicaCount: 4 + configuration: |- + [DEFAULT] + max_total_connections = 1900 + [routing:bootstrap_rw] + max_connections= 1900 resources: limits: cpu: 800m From efbe1da47936e7369b8a5d52c8184ac209d31008 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 8 Jan 2025 15:06:49 +0800 Subject: [PATCH 138/176] chore(postgresql-cluster): optimization of database parameters --- .../templates/networkpolicy.yaml | 7 ++++++- .../15/chart/postgresql-cluster/values.yaml | 21 ++++++++++++------- .../15/plans/standard-16c64g400/values.yaml | 11 ++++++---- .../15/plans/standard-2c4g20/values.yaml | 17 ++++++++------- .../15/plans/standard-2c8g50/values.yaml | 14 ++++++++----- .../15/plans/standard-32c128g800/values.yaml | 12 +++++++---- .../15/plans/standard-32c64g4000/values.yaml | 12 +++++++---- .../15/plans/standard-4c16g100/values.yaml | 12 +++++++---- .../15/plans/standard-8c32g200/values.yaml | 12 +++++++---- 9 files changed, 76 insertions(+), 42 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index cf6bfb01..19ff2288 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -23,11 +23,16 @@ spec: - ports: - port: 5432 - port: 9000 + - port: 80 + - port: 8008 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.containerPort }} - {{ end }} + {{ end }} {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: backup {{- if .Values.networkPolicy.allowCurrentNamespace }} - namespaceSelector: matchLabels: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 7e3ca476..95d57e54 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -54,9 +54,6 @@ preInitScript: | restapi: listen: 0.0.0.0:8008 connect_address: 0.0.0.0:8008 - authentication: - username: NzUwNjg3MTEtMDgzOS00YTNkLWEyNjAt - password: YjJjMDNjYjQtMDA0Ny00NTgwLTgwYjMt bootstrap: dcs: ttl: 30 @@ -75,16 +72,19 @@ preInitScript: | - host replication postgres 0.0.0.0/0 scram-sha-256 custom_conf: '/opt/drycc/postgresql/config/custom_conf.conf' parameters: - wal_level: hot_standby + max_connections: {{ .Values.patroni.pgParameters.max_connections }} + max_worker_processes: {{ .Values.patroni.pgParameters.max_worker_processes }} + max_parallel_workers: {{ .Values.patroni.pgParameters.max_parallel_workers }} + wal_level: logical hot_standby: "on" - max_connections: 1005 - max_worker_processes: 8 max_wal_senders: 10 max_replication_slots: 10 hot_standby_feedback: on max_prepared_transactions: 0 max_locks_per_transaction: 64 wal_log_hints: "on" + wal_keep_size: "1 GB" + max_slot_wal_keep_size: {{ .Values.patroni.pgParameters.max_slot_wal_keep_size | quote }} track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s @@ -194,14 +194,19 @@ postgresql: log_min_duration_statement = 1000 max_wal_size = 4GB min_wal_size = 4GB - max_connections = 1005 - max_worker_processes = 8 max_wal_senders = 10 max_replication_slots = 10 max_prepared_transactions = 0 max_locks_per_transaction = 64 patroni: + pgParameters: + max_worker_processes: 64 + max_parallel_workers: 32 + max_connections: 2000 + max_slot_wal_keep_size: '2 GB' + + ## @param patroni.podAnnotations Additional pod annotations for Postgresql patroni pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## diff --git a/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml index a14f012e..8fe5e689 100644 --- a/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml @@ -1,11 +1,16 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## fullnameOverride: hb-postgresql-cluster-standard-400 +patroni: + pgParameters: + max_worker_processes: 32 + max_parallel_workers: 16 + max_connections: 2000 + max_slot_wal_keep_size: '10 GB' postgresql: config: |- # Connectivity - max_connections = 2000 superuser_reserved_connections = 3 # Memory Settings @@ -28,7 +33,7 @@ postgresql: # Checkpointing: checkpoint_timeout = '30 min' checkpoint_completion_target = 0.9 - max_wal_size = '6 GB' + max_wal_size = '16 GB' min_wal_size = '2 GB' # WAL writing @@ -36,7 +41,6 @@ postgresql: wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '10 GB' # Background writer bgwriter_delay = 200ms @@ -45,7 +49,6 @@ postgresql: bgwriter_flush_after = 0 # Parallel queries: - max_worker_processes = 16 max_parallel_workers_per_gather = 8 max_parallel_maintenance_workers = 8 max_parallel_workers = 16 diff --git a/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml b/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml index 1f1b9a1b..27ea5c42 100644 --- a/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml @@ -2,10 +2,16 @@ ## fullnameOverride: hb-postgresql-cluster-standard-20 +patroni: + pgParameters: + max_worker_processes: 4 + max_parallel_workers: 2 + max_connections: 1000 + max_slot_wal_keep_size: '2 GB' + postgresql: config: |- # Connectivity - max_connections = 1000 superuser_reserved_connections = 3 # Memory Settings @@ -29,7 +35,7 @@ postgresql: checkpoint_timeout = '15 min' checkpoint_completion_target = 0.9 max_wal_size = '2 GB' - min_wal_size = '512 MB' + min_wal_size = '1 GB' # WAL writing @@ -37,8 +43,6 @@ postgresql: wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '1 GB' - # Background writer bgwriter_delay = 200ms @@ -46,18 +50,15 @@ postgresql: bgwriter_lru_multiplier = 2.0 bgwriter_flush_after = 0 - # Parallel queries: - max_worker_processes = 2 + # Parallel queries: max_parallel_workers_per_gather = 1 max_parallel_maintenance_workers = 1 - max_parallel_workers = 2 parallel_leader_participation = on # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml b/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml index 293a8a45..1062740f 100644 --- a/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml @@ -2,10 +2,16 @@ ## fullnameOverride: hb-postgresql-cluster-standard-50 +patroni: + pgParameters: + max_worker_processes: 4 + max_parallel_workers: 2 + max_connections: 2000 + max_slot_wal_keep_size: '5 GB' + postgresql: config: |- # Connectivity - max_connections = 1000 superuser_reserved_connections = 3 # Memory Settings @@ -28,15 +34,14 @@ postgresql: # Checkpointing: checkpoint_timeout = '15 min' checkpoint_completion_target = 0.9 - max_wal_size = '2 GB' - min_wal_size = '512 MB' + max_wal_size = '4 GB' + min_wal_size = '1 GB' # WAL writing wal_compression = on wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3 GB' # Background writer @@ -46,7 +51,6 @@ postgresql: bgwriter_flush_after = 0 # Parallel queries: - max_worker_processes = 2 max_parallel_workers_per_gather = 1 max_parallel_maintenance_workers = 1 max_parallel_workers = 2 diff --git a/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml index c0ed7230..a2f1bb41 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml @@ -2,10 +2,16 @@ ## fullnameOverride: hb-postgresql-cluster-standard-800 +patroni: + pgParameters: + max_worker_processes: 64 + max_parallel_workers: 32 + max_connections: 2000 + max_slot_wal_keep_size: '100 GB' + postgresql: config: |- # Connectivity - max_connections = 2000 superuser_reserved_connections = 3 # Memory Settings @@ -28,7 +34,7 @@ postgresql: # Checkpointing: checkpoint_timeout = '30 min' checkpoint_completion_target = 0.9 - max_wal_size = '8 GB' + max_wal_size = '64 GB' min_wal_size = '4 GB' # WAL writing @@ -36,7 +42,6 @@ postgresql: wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '10 GB' # Background writer bgwriter_delay = 200ms @@ -45,7 +50,6 @@ postgresql: bgwriter_flush_after = 0 # Parallel queries: - max_worker_processes = 32 max_parallel_workers_per_gather = 16 max_parallel_maintenance_workers = 16 max_parallel_workers = 32 diff --git a/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml index 2c9a48e3..cdc3c494 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml @@ -2,10 +2,16 @@ ## fullnameOverride: hb-postgresql-cluster-standard-800 +patroni: + pgParameters: + max_worker_processes: 64 + max_parallel_workers: 32 + max_connections: 2000 + max_slot_wal_keep_size: '200 GB' + postgresql: config: |- # Connectivity - max_connections = 2000 superuser_reserved_connections = 3 # Memory Settings @@ -29,14 +35,13 @@ postgresql: checkpoint_timeout = '30 min' checkpoint_completion_target = 0.9 max_wal_size = '32 GB' - min_wal_size = '16 GB' + min_wal_size = '4 GB' # WAL writing wal_compression = on wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '60 GB' # Background writer bgwriter_delay = 200ms @@ -45,7 +50,6 @@ postgresql: bgwriter_flush_after = 0 # Parallel queries: - max_worker_processes = 32 max_parallel_workers_per_gather = 16 max_parallel_maintenance_workers = 16 max_parallel_workers = 32 diff --git a/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml b/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml index a60c85ce..3b5d6b45 100644 --- a/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml @@ -2,10 +2,16 @@ ## fullnameOverride: hb-postgresql-cluster-standard-100 +patroni: + pgParameters: + max_worker_processes: 8 + max_parallel_workers: 4 + max_connections: 2000 + max_slot_wal_keep_size: '10 GB' + postgresql: config: |- # Connectivity - max_connections = 2000 superuser_reserved_connections = 3 # Memory Settings @@ -28,7 +34,7 @@ postgresql: # Checkpointing: checkpoint_timeout = '25 min' checkpoint_completion_target = 0.9 - max_wal_size = '4 GB' + max_wal_size = '8 GB' min_wal_size = '2 GB' # WAL writing @@ -36,7 +42,6 @@ postgresql: wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '4 GB' # Background writer @@ -46,7 +51,6 @@ postgresql: bgwriter_flush_after = 0 # Parallel queries: - max_worker_processes = 4 max_parallel_workers_per_gather = 2 max_parallel_maintenance_workers = 2 max_parallel_workers = 4 diff --git a/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml index 08d777be..e2484df5 100644 --- a/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml @@ -2,10 +2,16 @@ ## fullnameOverride: hb-postgresql-cluster-standard-200 +patroni: + pgParameters: + max_worker_processes: 16 + max_parallel_workers: 8 + max_connections: 2000 + max_slot_wal_keep_size: '10 GB' + postgresql: config: |- # Connectivity - max_connections = 2000 superuser_reserved_connections = 3 # Memory Settings @@ -28,7 +34,7 @@ postgresql: # Checkpointing: checkpoint_timeout = '25 min' checkpoint_completion_target = 0.9 - max_wal_size = '5 GB' + max_wal_size = '16 GB' min_wal_size = '3 GB' # WAL writing @@ -36,7 +42,6 @@ postgresql: wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '5 GB' # Background writer bgwriter_delay = 200ms @@ -45,7 +50,6 @@ postgresql: bgwriter_flush_after = 0 # Parallel queries: - max_worker_processes = 8 max_parallel_workers_per_gather = 4 max_parallel_maintenance_workers = 4 max_parallel_workers = 8 From 0194b4a5872a7295ca3579d017c320ca60623cb2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 10 Jan 2025 17:44:15 +0800 Subject: [PATCH 139/176] chore(clickhouse): Remove useless parameters --- addons/clickhouse/24/chart/clickhouse/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml index 720fa9b7..daef8b9c 100644 --- a/addons/clickhouse/24/chart/clickhouse/values.yaml +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -328,7 +328,6 @@ defaultConfigurationOverrides: | 10000 30000 - {{ printf "%.0f" .Values.MergesMutationsMemoryUsageSoftLimit }} true trace From 1c309c1693427db3601ac9fbd632ad3b7605cb73 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 14 Feb 2025 14:01:04 +0800 Subject: [PATCH 140/176] chore(postgresql-cluster): add postgresql 16 --- .../16/chart/postgresql-cluster/Chart.yaml | 28 ++ .../16/chart/postgresql-cluster/README.md | 166 +++++++ .../postgresql-cluster/templates/NOTES.txt | 25 + .../postgresql-cluster/templates/_helpers.tpl | 219 +++++++++ .../templates/cm-backup.yaml | 16 + .../templates/cm-logicalbackup .yaml | 19 + .../templates/cm-patroni.yaml | 20 + .../templates/cm-postgresql.yaml | 18 + .../postgresql-cluster/templates/cronjob.yaml | 43 ++ .../templates/logicalbackup-cronjob.yaml | 69 +++ .../templates/networkpolicy.yaml | 54 +++ .../postgresql-cluster/templates/role.yaml | 49 ++ .../templates/rolebinding.yaml | 19 + .../postgresql-cluster/templates/sec.yaml | 18 + .../templates/serviceaccount.yaml | 12 + .../templates/statefulset.yaml | 273 +++++++++++ .../templates/svc-config.yaml | 11 + .../templates/svc-master.yaml | 24 + .../templates/svc-metrics.yaml | 32 ++ .../templates/svc-relp.yaml | 26 ++ .../postgresql-cluster/templates/svc.yaml | 18 + .../16/chart/postgresql-cluster/values.yaml | 441 ++++++++++++++++++ addons/postgresql-cluster/16/meta.yaml | 30 ++ .../16/plans/standard-16c64g400/bind.yaml | 41 ++ .../create-instance-schema.json | 12 + .../16/plans/standard-16c64g400/meta.yaml | 6 + .../16/plans/standard-16c64g400/values.yaml | 81 ++++ .../16/plans/standard-2c4g20/bind.yaml | 41 ++ .../create-instance-schema.json | 12 + .../16/plans/standard-2c4g20/meta.yaml | 6 + .../16/plans/standard-2c4g20/values.yaml | 81 ++++ .../16/plans/standard-2c8g50/bind.yaml | 41 ++ .../create-instance-schema.json | 12 + .../16/plans/standard-2c8g50/meta.yaml | 6 + .../16/plans/standard-2c8g50/values.yaml | 83 ++++ .../16/plans/standard-32c128g800/bind.yaml | 41 ++ .../create-instance-schema.json | 12 + .../16/plans/standard-32c128g800/meta.yaml | 6 + .../16/plans/standard-32c128g800/values.yaml | 82 ++++ .../16/plans/standard-32c64g4000/bind.yaml | 41 ++ .../create-instance-schema.json | 12 + .../16/plans/standard-32c64g4000/meta.yaml | 6 + .../16/plans/standard-32c64g4000/values.yaml | 82 ++++ .../16/plans/standard-4c16g100/bind.yaml | 41 ++ .../create-instance-schema.json | 12 + .../16/plans/standard-4c16g100/meta.yaml | 6 + .../16/plans/standard-4c16g100/values.yaml | 83 ++++ .../16/plans/standard-8c32g200/bind.yaml | 41 ++ .../create-instance-schema.json | 12 + .../16/plans/standard-8c32g200/meta.yaml | 6 + .../16/plans/standard-8c32g200/values.yaml | 82 ++++ 51 files changed, 2617 insertions(+) create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/Chart.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/README.md create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/NOTES.txt create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/_helpers.tpl create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-backup.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-logicalbackup .yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-patroni.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-postgresql.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cronjob.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/logicalbackup-cronjob.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/networkpolicy.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/role.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/rolebinding.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/sec.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/serviceaccount.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/statefulset.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-config.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-master.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-metrics.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-relp.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc.yaml create mode 100644 addons/postgresql-cluster/16/chart/postgresql-cluster/values.yaml create mode 100644 addons/postgresql-cluster/16/meta.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-16c64g400/bind.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-16c64g400/create-instance-schema.json create mode 100644 addons/postgresql-cluster/16/plans/standard-16c64g400/meta.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-16c64g400/values.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-2c4g20/bind.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-2c4g20/create-instance-schema.json create mode 100644 addons/postgresql-cluster/16/plans/standard-2c4g20/meta.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-2c4g20/values.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-2c8g50/bind.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-2c8g50/create-instance-schema.json create mode 100644 addons/postgresql-cluster/16/plans/standard-2c8g50/meta.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-2c8g50/values.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-32c128g800/bind.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-32c128g800/create-instance-schema.json create mode 100644 addons/postgresql-cluster/16/plans/standard-32c128g800/meta.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-32c128g800/values.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-32c64g4000/bind.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-32c64g4000/create-instance-schema.json create mode 100644 addons/postgresql-cluster/16/plans/standard-32c64g4000/meta.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-32c64g4000/values.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-4c16g100/bind.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-4c16g100/create-instance-schema.json create mode 100644 addons/postgresql-cluster/16/plans/standard-4c16g100/meta.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-4c16g100/values.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-8c32g200/bind.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-8c32g200/create-instance-schema.json create mode 100644 addons/postgresql-cluster/16/plans/standard-8c32g200/meta.yaml create mode 100644 addons/postgresql-cluster/16/plans/standard-8c32g200/values.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/Chart.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/Chart.yaml new file mode 100644 index 00000000..a718116f --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/Chart.yaml @@ -0,0 +1,28 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: "16" +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + version: ~1.1.1 +description: PostgreSQL (Postgres) is an open source object-relational database known for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, views, triggers and stored procedures. +engine: gotpl +home: https://github.com/bitnami/charts/tree/master/bitnami/postgresql +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png +keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster + - patroni +maintainers: + - email: zhang.eamon@hotmail.com + name: zhangeamon +name: postgresql +sources: + - https://github.com/drycc-addons/ + - https://www.postgresql.org/ +version: 16.4 diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/16/chart/postgresql-cluster/README.md new file mode 100644 index 00000000..c407603f --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/README.md @@ -0,0 +1,166 @@ + +# Postgresql cluster addons +## Plans + +View and choose the service resource specifications you need. +``` + # drycc resources:plans postgresql-cluster +``` +### Resource specification list +| Resource Specification | Cores | MEMORY | Storage SIZE | +| :---: | :---: | :---: | :---: | +| standard-10 | 1C | 2G | 10G | +| standard-20 | 2C | 4G | 20G | +| standard-50 | 2C | 8G | 50G | +| standard-100 | 4C | 16G | 100G | +| standard-200 | 8C | 32G | 200G | +| standard-400 | 16C | 64G | 400G | +| standard-800 | 32C | 128G | 800G | + +In order to obtain a better experience, it is recommended not to exceed 80% usage of resource utilization for a long period of time. If there is a need for larger resource scale, please apply for private customization. + +## Create Postgresql Cluster Service instance + +- Create Postgresql service +``` +# drycc resources:create postgresql-cluster:standard-10 `my_pg_001` +``` +- View service status +``` +# drycc resources:describe `my_pg_001` +``` +- Bind service +``` +# drycc resources:bind `my_pg_001` +``` +- View resource status +``` +# drycc resources:describe `my_pg_001` +``` + +## Create Service with values file + +`vim values.yaml` +``` +# create or update pg instance template yaml +networkPolicy.allowNamespaces: + - mx-test1 +service.type: ClusterIP +metrics.enabled: true +backup: + # whether BackUP should be enabled + enabled: true + # Cron schedule for doing base backups + scheduleCronJob: "20 0 * * 0" + Amount of base backups to retain + retainBackups: 2 + s3: + awsAccessKeyID: "" + awsSecretAccessKey: "" + walGS3Prefix: "s3://xx" + awsEndpoint: "http://xxxx:9000" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 +``` +``` + drycc resources:create postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml +``` + +## Update Service +### Create app user and database + +- Login database web with admin user & password + +- Change administrator initial password +``` +ALTER USER administrator WITH ENCRYPTED PASSWORD 'newpassword'; +``` +- View total connections number in postgresql cluster; +``` +show max_connections ; +``` +- CREATE APP USER +``` +CREATE USER `myuser` WITH CONNECTION LIMIT `conn limit` LOGIN ENCRYPTED PASSWORD 'password'; +GRANT `myuser` to administrator ; +``` +- CREATE APP DATABASE +``` +CREATE DATABASE `mydb` OWNER `myuser`; + +``` +- CREATE EXTENSIONS +``` +CREATE EXTENSION pg_buffercache; +``` + +### Network Access + +Default access allow policy: only namespace scope. + +- allow `mx-test1` namespace access + +`vim values.yaml ` +``` +networkPolicy.allowNamespaces: + - mx-test1 +``` +``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml +``` + + - Assign external network IP address + +`vim values.yaml` +``` + service.type: LoadBlancer +``` +``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml +``` +- View resource status +``` +# drycc resources:describe `my_pg_001` +``` + + ### Manger backup your data `Very important` + +`Strongly recommend enabling this feature.` +`Strongly recommend enabling this feature.` +`Strongly recommend enabling this feature.` + +PG data backup use S3 as backenp store. Choose an independent storage space `outside of the current environment` as your backup space. + +`vim values.yaml` +``` +backup: + # whether BackUP should be enabled + enabled: true + # Cron schedule for doing base backups + scheduleCronJob: "20 0 * * 0" + Amount of base backups to retain + retainBackups: 2 + s3: + awsAccessKeyID: DO9l771LqiwZkhhz + awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn + walGS3Prefix: mx-test +``` +``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml +``` + +You can modify multiple content at once, there is no need to modify part of it each time. + + +## Destroy Service + +- Unbind service first +``` +# drycc resources:unbind `my_pg_001` +``` +- Destroy service +``` +# drycc resources:destroy `my_pg_001` +``` +# 修改pg在容器中分配的动态共享内存不足的问题 +https://www.cnblogs.com/daniel-hutao/p/17903993.html \ No newline at end of file diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/NOTES.txt b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/NOTES.txt new file mode 100644 index 00000000..22a4f2d2 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/NOTES.txt @@ -0,0 +1,25 @@ +Patroni can be accessed via port 5432 on the following DNS name from within your cluster: +{{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To get your password for superuser run: + + # superuser password + PGPASSWORD_SUPERUSER=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "patroni.fullname" . }} -o jsonpath="{.data.password-superuser}" | base64 --decode) + + # admin password + PGPASSWORD_ADMIN=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "patroni.fullname" . }} -o jsonpath="{.data.password-admin}" | base64 --decode) + +To connect to your database: + +1. Run a postgres pod and connect using the psql cli: + # login as superuser + kubectl run -i --tty --rm psql --image=postgres \ + --env "PGPASSWORD=$PGPASSWORD_SUPERUSER" \ + --command -- psql -U postgres \ + -h {{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local postgres + + # login as admin + kubectl run -i -tty --rm psql --image=postgres \ + --env "PGPASSWORD=$PGPASSWORD_ADMIN" \ + --command -- psql -U admin \ + -h {{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local postgres diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/_helpers.tpl new file mode 100644 index 00000000..d5876632 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/_helpers.tpl @@ -0,0 +1,219 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "patroni.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "patroni.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "patroni.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use. +*/}} +{{- define "patroni.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "patroni.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature +*/}} +{{- define "patroni.createCronJob" -}} +{{- if and .Values.backup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature +*/}} +{{- define "patroni.createLogicalBackupCronJob" -}} +{{- if and .Values.logicalbackup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for Postgresql HA patroni +*/}} +{{- define "patroni.createConfigmap" -}} +{{- if and .Values.preInitScript }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Create patroni envs. +*/}} +{{- define "patroni.envs" }} +{{- if .Values.kubernetes.configmaps.enable }} +- name: KUBERNETES_USE_CONFIGMAPS + value: "true" +{{- end }} +{{- if .Values.kubernetes.endpoints.enable }} +- name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' +{{- end }} +- name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP +- name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +- name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' +- name: PATRONI_KUBERNETES_LABELS + value: '{application: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' +- name: PATRONI_SUPERUSER_USERNAME + value: postgres +- name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser +- name: PATRONI_REPLICATION_USERNAME + value: standby +- name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication +- name: PATRONI_REWIND_USERNAME + value: rewinder +- name: PATRONI_REWIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-rewind +- name: ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: admin-user +- name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: admin-password +- name: PATRONI_SCOPE + value: {{ template "patroni.fullname" . }} +- name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name +- name: PATRONI_POSTGRESQL_DATA_DIR + value: "{{ .Values.persistentVolume.mountPath }}/data" +- name: PGDATA + value: "{{ .Values.persistentVolume.mountPath }}/data" +- name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass +- name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' +- name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' +{{- end -}} + +{{/* +Return true if a configmap object should be created for PG backup. +*/}} +{{- define "backup.createConfigmap" -}} +{{- if and .Values.backup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Generate random password +*/}} + +{{/* +Get the super user password ; +*/}} +{{- define "credentials.superuserValue" }} +{{- if .Values.credentials.superuser }} + {{- .Values.credentials.superuser -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-superuser") -}} +{{- end -}} +{{- end }} + +{{/* +Get the rewind password ; +*/}} +{{- define "credentials.rewindValue" }} +{{- if .Values.credentials.rewind }} + {{- .Values.credentials.rewind -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-rewind") -}} +{{- end -}} +{{- end }} + +{{/* +Get the replication password ; +*/}} +{{- define "credentials.replicationValue" }} +{{- if .Values.credentials.replication }} + {{- .Values.credentials.replication -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} +{{- end -}} +{{- end }} + +{{/* +Get the administrator password ; +*/}} +{{- define "adminRole.passwordValue" }} +{{- if .Values.adminRole.password }} + {{- .Values.adminRole.password -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "admin-password") -}} +{{- end -}} +{{- end }} + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} +{{- $len := (default 16 .Length) | int -}} +{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $obj }} +{{- index $obj .Key | b64dec -}} +{{- else -}} +{{- randAlphaNum $len -}} +{{- end -}} +{{- end }} + diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-backup.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-backup.yaml new file mode 100644 index 00000000..fdc62197 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-backup.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + backup.env: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-logicalbackup .yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-logicalbackup .yaml new file mode 100644 index 00000000..8de61100 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-logicalbackup .yaml @@ -0,0 +1,19 @@ +{{- if (include "patroni.createLogicalBackupCronJob" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-logicalbackup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + logicalbackup.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.logicalbackupScript "context" $ ) | nindent 4 }} + +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-patroni.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-patroni.yaml new file mode 100644 index 00000000..ad4b5849 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-patroni.yaml @@ -0,0 +1,20 @@ +{{- if (include "patroni.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-patroni + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + pre_init.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.preInitScript "context" $ ) | nindent 4 }} + post_init.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.postInitScript "context" $ ) | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-postgresql.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-postgresql.yaml new file mode 100644 index 00000000..8aba698a --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-postgresql.yaml @@ -0,0 +1,18 @@ +{{- if (include "patroni.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-postgresql + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom_conf.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.postgresql.config "context" $ ) | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cronjob.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cronjob.yaml new file mode 100644 index 00000000..495dfa7b --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cronjob.yaml @@ -0,0 +1,43 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- if (include "patroni.createCronJob" .) }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "patroni.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + schedule: "{{ .Values.backup.scheduleCronJob }}" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ .Chart.Name }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: + - /usr/bin/env + - bash + - -c + - | + curl "http://${REPLHOST}:9000/pg_backup" + env: + - name: REPLHOST + value: {{ include "patroni.fullname" . }}-repl +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/logicalbackup-cronjob.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/logicalbackup-cronjob.yaml new file mode 100644 index 00000000..071b9bd9 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/logicalbackup-cronjob.yaml @@ -0,0 +1,69 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- if (include "patroni.createLogicalBackupCronJob" .) }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "patroni.fullname" . }}-logicalbackup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + schedule: "{{ .Values.logicalbackup.scheduleCronJob }}" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ .Chart.Name }}-logicalbackup + image: "{{ .Values.logicalbackupImages.repository }}:{{ .Values.logicalbackupImages.tag }}" + imagePullPolicy: {{ .Values.logicalbackupImages.pullPolicy | quote }} + command: + - /usr/bin/env + - bash + - -c + - | + sh /opt/drycc/logicalbackup/logicalbackup.sh + env: + - name: PGHOST + value: {{ include "patroni.fullname" . }}-repl + - name: PGPORT + value: "5432" + - name: PGUSER + value: postgres + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: MINIO_BUCKET + value: {{ .Values.logicalbackup.minio.bucket }} + - name: MINIO_HOST + value: {{ .Values.logicalbackup.minio.endpoint }} + - name: MINIO_ACCESS_KEY + value: {{ .Values.logicalbackup.minio.access_key }} + - name: MINIO_SECRET_KEY + value: {{ .Values.logicalbackup.minio.secret_key }} + + volumeMounts: + - mountPath: "/opt/drycc/logicalbackup/" + name: logicalbackup-config + + volumes: + - name: logicalbackup-config + configMap: + name: {{ template "common.names.fullname" . }}-logicalbackup +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/networkpolicy.yaml new file mode 100644 index 00000000..19ff2288 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -0,0 +1,54 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: patroni + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.service.type "ClusterIP" }} + ingress: + # Allow inbound connections + - ports: + - port: 5432 + - port: 9000 + - port: 80 + - port: 8008 + {{- if and .Values.metrics.enabled }} + - port: {{ .Values.metrics.containerPort }} + {{ end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: backup + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + ingress: + - {} + {{- end }} +{{- end }} diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/role.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/role.yaml new file mode 100644 index 00000000..8dec5309 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/role.yaml @@ -0,0 +1,49 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete +- apiGroups: [""] + resources: ["services"] + verbs: + - create +- apiGroups: [""] + resources: ["endpoints"] + verbs: + - create + - get + - patch + - update + # the following three privileges are necessary only when using endpoints + - list + - watch + # delete is required only for for 'patronictl remove' + - delete + - deletecollection +- apiGroups: [""] + resources: ["pods"] + verbs: + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/rolebinding.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/rolebinding.yaml new file mode 100644 index 00000000..5e15948f --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ template "patroni.serviceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "patroni.fullname" . }} +{{- end }} diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/sec.yaml new file mode 100644 index 00000000..c2e13055 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/sec.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +type: Opaque +data: + password-superuser: {{ include "credentials.superuserValue" . | b64enc | quote }} + password-rewind: {{ include "credentials.rewindValue" . | b64enc | quote }} + password-replication: {{ include "credentials.replicationValue" . | b64enc | quote }} + admin-user: {{ .Values.adminRole.username | b64enc | quote }} + admin-password: {{ include "adminRole.passwordValue" . | b64enc | quote }} \ No newline at end of file diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/serviceaccount.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/serviceaccount.yaml new file mode 100644 index 00000000..e1b2ebf6 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "patroni.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/statefulset.yaml new file mode 100644 index 00000000..d826952c --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/statefulset.yaml @@ -0,0 +1,273 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + serviceName: {{ template "patroni.fullname" . }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + template: + metadata: + name: {{ template "patroni.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + spec: + {{- if .Values.patroni.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.patroni.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.patroni.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.patroni.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.patroni.nodeAffinityPreset.type "key" .Values.patroni.nodeAffinityPreset.key "values" .Values.patroni.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.patroni.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.patroni.nodeSelector "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "patroni.serviceAccountName" . }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + env: + {{- include "patroni.envs" . | indent 8 }} + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote | upper }} + value: {{ $val | quote }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + scheme: HTTP + path: /readiness + port: 8008 + initialDelaySeconds: 3 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /liveness + port: 8008 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + lifecycle: + preStop: + exec: + command: + - /usr/bin/env + - bash + - -c + - | + # switch leader pod if the current pod is the leader + if curl --fail http://localhost:8008/read-write; then + init-stack patronictl switchover --force + fi + ports: + - containerPort: 8008 + protocol: TCP + - containerPort: 5432 + protocol: TCP + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + - mountPath: "/opt/drycc/postgresql/scripts/" + name: patroni-config + - mountPath: "/opt/drycc/postgresql/config/" + name: postgresql-config + # readOnly: true + - mountPath: "/opt/drycc/postgresql/backup/" + name: backup-config + - name: dshm + mountPath: /dev/shm + # readOnly: true + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: "{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}" + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.customMetrics }} + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + env: + - name: DATA_SOURCE_NAME + value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/postgres?sslmode=disable" }} + ports: + - name: http-metrics + containerPort: {{ .Values.metrics.containerPort }} + startupProbe: + initialDelaySeconds: 10 + tcpSocket: + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + livenessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + - name: {{ .Chart.Name }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + command: + - /usr/bin/env + - bash + - -c + - | + python3 /opt/drycc/postgresql/pgbackup.py 0.0.0.0 9000 + env: + - name: PGHOST + value: localhost + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: PGUSER + value: postgres + - name: PGDATABASE + value: postgres + - name: PGPORT + value: "5432" + - name: PGDATA + value: "{{ .Values.persistentVolume.mountPath }}/data" + ports: + - containerPort: 9000 + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + - mountPath: "/opt/drycc/postgresql/backup/" + name: backup-config + + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ .Values.affinity | toYaml | indent 8 }} + {{- else if .Values.affinityTemplate }} + affinity: +{{ tpl .Values.affinityTemplate . | indent 8 }} + {{- end }} + volumes: + - name: patroni-config + configMap: + name: {{ template "common.names.fullname" . }}-patroni + - name: postgresql-config + configMap: + name: {{ template "common.names.fullname" . }}-postgresql + - name: backup-config + configMap: + name: {{ template "common.names.fullname" . }}-backup + {{- if not .Values.persistentVolume.enabled }} + - name: storage-volume + emptyDir: {} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + {{- if .Values.shmVolume.sizeLimit }} + sizeLimit: {{ .Values.shmVolume.sizeLimit }} + {{- end }} + {{- end }} + + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + {{- if .Values.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: storage-volume + annotations: + {{- if .Values.persistentVolume.annotations }} +{{ toYaml .Values.persistentVolume.annotations | indent 8 }} + {{- end }} + labels: + application: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + accessModes: +{{ toYaml .Values.persistentVolume.accessModes | indent 8 }} + resources: + requests: + storage: "{{ .Values.persistentVolume.size }}" + {{- if .Values.persistentVolume.storageClass }} + {{- if (eq "-" .Values.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistentVolume.storageClass }}" + {{- end }} + {{- end }} + {{- end }} diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-config.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-config.yaml new file mode 100644 index 00000000..5f7b0f60 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-config.yaml @@ -0,0 +1,11 @@ +# headless service to avoid deletion of patronidemo-config endpoint +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-config + labels: + application: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + clusterIP: None diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-master.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-master.yaml new file mode 100644 index 00000000..f3d20fd2 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-master.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-master + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + role: master +spec: + type: {{ .Values.service.type }} + selector: + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: master + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-metrics.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-metrics.yaml new file mode 100644 index 00000000..862c6a0c --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-metrics.yaml @@ -0,0 +1,32 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "patroni.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} + {{- if .Values.metrics.service.clusterIP }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.service.ports.metrics }} + targetPort: http-metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: patroni +{{- end }} diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-relp.yaml new file mode 100644 index 00000000..252882b3 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-relp.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-repl + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + role: replica +spec: + type: {{ .Values.service.type }} + selector: + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: replica + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + - name: pgbackup + port: 9000 + targetPort: 9000 \ No newline at end of file diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc.yaml new file mode 100644 index 00000000..ac0c2c44 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + type: ClusterIP + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster/values.yaml new file mode 100644 index 00000000..9ab405f3 --- /dev/null +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster/values.yaml @@ -0,0 +1,441 @@ +replicaCount: 3 +diagnosticMode: + enable: false + +service: + type: ClusterIP + +image: + # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 + # https://github.com/zalando/spilo/tree/master/postgres-appliance + repository: registry.drycc.cc/drycc-addons/postgresql-patroni + tag: 16 + # IfNotPresent , Always + pullPolicy: 'IfNotPresent' + +logicalbackupImages: + repository: registry.drycc.cc/drycc-addons/postgresql-logicalbackup + tag: 16 + # IfNotPresent , Always + pullPolicy: 'IfNotPresent' + +# Credentials used by Patroni , passwd +# https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql +# https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst +credentials: + superuser: "" + rewind: "" + replication: "" + +adminRole: + username: administrator + password: "" + +# Distribution Configuration stores +# Please note that only one of the following stores should be enabled. +kubernetes: + endpoints: + enable: true + configmaps: + enable: false + +# Extra custom environment variables. +env: {} + +# +#custom patroni.yaml used by patroni boot +# configuration: {} +preInitScript: | + mkdir -p /home/postgres/pgdata/log + ln -sf /dev/stdout "/home/postgres/pgdata/log/postgresql.csv" + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ + log: + level: INFO + restapi: + listen: 0.0.0.0:8008 + connect_address: 0.0.0.0:8008 + bootstrap: + dcs: + ttl: 30 + loop_wait: 10 + retry_timeout: 10 + maximum_lag_on_failover: 1048576 + failsafe_mode: true + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - local all all peer + - host all tea_mon 127.0.0.1/32 trust + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + - host replication postgres 0.0.0.0/0 scram-sha-256 + custom_conf: '/opt/drycc/postgresql/config/custom_conf.conf' + parameters: + max_connections: {{ .Values.patroni.pgParameters.max_connections }} + max_worker_processes: {{ .Values.patroni.pgParameters.max_worker_processes }} + max_parallel_workers: {{ .Values.patroni.pgParameters.max_parallel_workers }} + wal_level: logical + hot_standby: "on" + max_wal_senders: 10 + max_replication_slots: 10 + hot_standby_feedback: on + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + wal_keep_size: "1 GB" + max_slot_wal_keep_size: {{ .Values.patroni.pgParameters.max_slot_wal_keep_size | quote }} + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 300s + archive_command: sh /opt/drycc/postgresql/walbackup.sh %p + # timescaledb.license: 'timescale' + shared_preload_libraries: 'auto_explain,pg_stat_statements' + log_destination: 'csvlog' + log_filename: postgresql.log + logging_collector: on + log_directory: /home/postgres/pgdata/log + log_min_messages: 'info' + log_min_duration_statement: 1000 + log_lock_waits: on + log_statement: 'ddl' + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + username: postgres + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + username: standby + password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_PASSWORD}' + watchdog: + mode: off + __EOF__ + +postInitScript: | + #!/bin/bash + set -Eeu + # Create monitor user + psql -w -c "CREATE USER tea_mon ;GRANT pg_monitor TO tea_mon ;create extension pg_stat_statements;create extension pg_buffercache ;" + # Create admin user + if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then + + echo "Creating user ${ADMIN_USER}" + psql -w -c "CREATE USER ${ADMIN_USER} WITH SUPERUSER CREATEDB CREATEROLE CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" + + else + echo "Skipping create admin user" + fi + psql -w -c "CHECKPOINT;CHECKPOINT;" + +backupEnv: | + #!/bin/bash + export USE_WALG={{ .Values.backup.enabled | quote }} + export BACKUP_NUM_TO_RETAIN={{ .Values.backup.retainBackups | quote}} + export WALG_BACKUP_THRESHOLD_MEGABYTES={{ .Values.backup.backupThresholdMegabytes | quote }} + export WALE_BACKUP_THRESHOLD_PERCENTAGE={{ .Values.backup.backupThresholdPercentage | quote }} + export AWS_ACCESS_KEY_ID={{ .Values.backup.s3.awsAccessKeyID | quote }} + export AWS_SECRET_ACCESS_KEY={{ .Values.backup.s3.awsSecretAccessKey | quote }} + export WALG_S3_PREFIX={{ .Values.backup.s3.walGS3Prefix | quote }} + export AWS_ENDPOINT={{ .Values.backup.s3.awsEndpoint | quote }} + export AWS_S3_FORCE_PATH_STYLE={{ .Values.backup.s3.awsS3ForcePathStyle | quote }} + export AWS_REGION={{ .Values.backup.s3.awsRegion | quote }} + +logicalbackupScript: | + #!/bin/bash + + # PostgreSQL 设置 + # POSTGRES_USER="postgres" + # POSTGRES_HOST="127.0.0.1" + + # MinIO 设置 + # MINIO_BUCKET="pgbackup" + # MINIO_HOST="http://localhost:9000" + # MINIO_ACCESS_KEY="admin123" + # MINIO_SECRET_KEY="admin123" + + # 设置 MinIO 客户端别名 + mc alias set myminio $MINIO_HOST $MINIO_ACCESS_KEY $MINIO_SECRET_KEY + + # 创建以当前日期和时间命名的备份目录 + BACKUP_DIR="$(date +%Y%m%d%H%M)" + MINIO_PATH="myminio/$MINIO_BUCKET/$BACKUP_DIR" + + # 备份全局对象 + echo "Backing up global objects to $MINIO_PATH/roles_globals.sql.gz" + pg_dumpall -g -U "$POSTGRES_USER" -h "$POSTGRES_HOST" | pigz | mc pipe "$MINIO_PATH/roles_globals.sql.gz" + + # 获取所有非模板数据库的列表 + DATABASES=$(psql -U "$POSTGRES_USER" -h "$POSTGRES_HOST" -t -c "SELECT datname FROM pg_database WHERE datistemplate = false;") + + # 为每个数据库执行备份 + for DB in $DATABASES; do + echo "Backing up $DB to $MINIO_PATH/$DB.sql.gz" + pg_dump -U "$POSTGRES_USER" -h "$POSTGRES_HOST" "$DB" | pigz | mc pipe "$MINIO_PATH/$DB.sql.gz" + done + + echo "Backup process completed!" + + +postgresql: + config: |- + log_min_duration_statement = 1000 + max_wal_size = 4GB + min_wal_size = 4GB + max_wal_senders = 10 + max_replication_slots = 10 + max_prepared_transactions = 0 + max_locks_per_transaction = 64 + +patroni: + pgParameters: + max_worker_processes: 64 + max_parallel_workers: 32 + max_connections: 2000 + max_slot_wal_keep_size: '2 GB' + + + ## @param patroni.podAnnotations Additional pod annotations for Postgresql patroni pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param patroni.podAffinityPreset Postgresql patroni pod affinity preset. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param patroni.podAntiAffinityPreset Postgresql patroni pod anti-affinity preset. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Postgresql Primary node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param patroni.nodeAffinityPreset.type Postgresql patroni node affinity preset type. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param patroni.nodeAffinityPreset.key Postgresql patroni node label key to match Ignored if `patroni.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param patroni.nodeAffinityPreset.values Postgresql patroni node label values to match. Ignored if `patroni.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param patroni.affinity Affinity for Postgresql patroni pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param patroni.nodeSelector Node labels for Postgresql patroni pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + +## Postgresql Prometheus exporter parameters +## +metrics: + enabled: true + image: + repository: registry.drycc.cc/drycc-addons/postgres-exporter + tag: "0" + # IfNotPresent , Always + pullPolicy: 'IfNotPresent' + ## @param metrics.customMetrics Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + ## customMetrics: + ## pg_database:.... + ## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + ## metrics: + ## - name: + ## usage: "LABEL" + ## description: "Name of the database" + ## - size_bytes: + ## usage: "GAUGE" + ## description: "Size of the database in bytes" + ## + service: + ports: + metrics: 9187 + clusterIP: "" + ## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + + customMetrics: {} + containerPort: 9187 + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: true + customLivenessProbe: {} + customReadinessProbe: + enabled: true + resources: + limits: + cpu: 100m + memory: 512Mi + hugepages-2Mi: 20Mi + requests: + cpu: 100m + memory: 512Mi + +logicalbackup: + enabled: false + scheduleCronJob: "22 0 * * 0" + minio: + used: true + buckect: "s3://xx" + access_key: "" + secret_key: "" + endpoint: "http://xxxx:9000" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 + +backup: + # Specifies whether Wal-G should be enabled + enabled: false + # Cron schedule for doing base backups + scheduleCronJob: "22 0 * * 0" + # Amount of base backups to retain + retainBackups: 2 + # Name of the secret that holds the credentials to the bucket + kubernetesSecret: + # Maximum size of the WAL segments accumulated after the base backup to + # consider WAL-G restore instead of pg_basebackup + backupThresholdMegabytes: 1024 + # Maximum ratio (in percents) of the accumulated WAL files to the base backup + # to consider WAL-G restore instead of pg_basebackup + backupThresholdPercentage: 30 + s3: + used: true + awsAccessKeyID: "" + awsSecretAccessKey: "" + walGS3Prefix: "s3://xx" + awsEndpoint: "http://xxxx:9000" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 + +logicalBackup: + enabled: false + +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Retain + whenDeleted: Delete +persistentVolume: + enabled: true + size: 10G + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + subPath: "" + mountPath: "/home/postgres/pgdata" + annotations: {} + accessModes: + - ReadWriteOnce + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 512Mi + # hugepages-2Mi: 4Mi + requests: + cpu: 100m + memory: 512Mi + +shmVolume: + ## @param shmVolume.enabled Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) + ## + enabled: true + ## @param shmVolume.sizeLimit Set this to enable a size limit on the shm tmpfs + ## Note: the size of the tmpfs counts against container's memory limit + ## e.g: + ## sizeLimit: 1Gi + ## + sizeLimit: "1Gi" + +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +nodeSelector: {} + +# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinityTemplate: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + application: {{ template "patroni.name" . }} + release: {{ .Release.Name | quote }} +affinity: {} + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: +## Postgresql Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port Postgresql is listening + ## on. When true, Postgresql will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: +clusterDomain: cluster.local \ No newline at end of file diff --git a/addons/postgresql-cluster/16/meta.yaml b/addons/postgresql-cluster/16/meta.yaml new file mode 100644 index 00000000..891012bc --- /dev/null +++ b/addons/postgresql-cluster/16/meta.yaml @@ -0,0 +1,30 @@ +name: postgresql-cluster-16 +version: 16 +id: 5cfb0abf-276c-445b-9060-9aa964ede87d +description: "postgresql-cluster-16" +displayName: "postgresql-cluster-16" +metadata: + displayName: "postgresql-cluster-16" + provider: + name: drycc + supportURL: https://www.postgresql.org/ + documentationURL: https://github.com/drycc-addons/drycc-docker-postgresql-cluster +tags: postgresql-cluster +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "networkPolicy.allowNamespaces" + required: false + description: "networkPolicy allowNamespaces config for values.yaml" +- name: "service.type" + required: false + description: "service type config for values.yaml" +- name: "backup" + required: false + description: "Whether to use S3 for backup your data. default false . ps: Make sure there is a available S3 " +- name: "logicalbackup" + required: false + description: "Whether to use S3 for logical backup your data. default false . ps: Make sure there is a available S3 " +archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-16c64g400/bind.yaml b/addons/postgresql-cluster/16/plans/standard-16c64g400/bind.yaml new file mode 100644 index 00000000..5fc257f9 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-16c64g400/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-16c64g400/create-instance-schema.json b/addons/postgresql-cluster/16/plans/standard-16c64g400/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-16c64g400/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-16c64g400/meta.yaml b/addons/postgresql-cluster/16/plans/standard-16c64g400/meta.yaml new file mode 100644 index 00000000..0e82a8d2 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-16c64g400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-16c64g400" +id: 16bfd3a8-1080-4731-93d0-bd90e6ba6dad +description: "PostgreSQL Cluster standard-16c64g400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-16c64g400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/16/plans/standard-16c64g400/values.yaml b/addons/postgresql-cluster/16/plans/standard-16c64g400/values.yaml new file mode 100644 index 00000000..8fe5e689 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-16c64g400/values.yaml @@ -0,0 +1,81 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-400 +patroni: + pgParameters: + max_worker_processes: 32 + max_parallel_workers: 16 + max_connections: 2000 + max_slot_wal_keep_size: '10 GB' + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '16384 MB' + work_mem = '32 MB' + maintenance_work_mem = '520 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '45 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '30 min' + checkpoint_completion_target = 0.9 + max_wal_size = '16 GB' + min_wal_size = '2 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 8 + max_parallel_maintenance_workers = 8 + max_parallel_workers = 16 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = 40GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 16000m + memory: 64Gi + hugepages-2Mi: 40Mi + requests: + cpu: 8000m + memory: 32Gi + +persistentVolume: + enabled: true + size: 400Gi + +shmVolume: + sizeLimit: "32Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-2c4g20/bind.yaml b/addons/postgresql-cluster/16/plans/standard-2c4g20/bind.yaml new file mode 100644 index 00000000..5fc257f9 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-2c4g20/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-2c4g20/create-instance-schema.json b/addons/postgresql-cluster/16/plans/standard-2c4g20/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-2c4g20/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-2c4g20/meta.yaml b/addons/postgresql-cluster/16/plans/standard-2c4g20/meta.yaml new file mode 100644 index 00000000..e6fc9417 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-2c4g20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g20" +id: edf8bdfe-b1dc-4f41-b042-801153794df7 +description: "PostgreSQL Cluster standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-2c4g20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/16/plans/standard-2c4g20/values.yaml b/addons/postgresql-cluster/16/plans/standard-2c4g20/values.yaml new file mode 100644 index 00000000..27ea5c42 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-2c4g20/values.yaml @@ -0,0 +1,81 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-20 + +patroni: + pgParameters: + max_worker_processes: 4 + max_parallel_workers: 2 + max_connections: 1000 + max_slot_wal_keep_size: '2 GB' + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '1024 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '3 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '2 GB' + min_wal_size = '1 GB' + + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 2000m + memory: 4Gi + hugepages-2Mi: 20Mi + requests: + cpu: 2000m + memory: 4Gi + +persistentVolume: + enabled: true + size: 20Gi + +shmVolume: + sizeLimit: "2Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-2c8g50/bind.yaml b/addons/postgresql-cluster/16/plans/standard-2c8g50/bind.yaml new file mode 100644 index 00000000..5fc257f9 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-2c8g50/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-2c8g50/create-instance-schema.json b/addons/postgresql-cluster/16/plans/standard-2c8g50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-2c8g50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-2c8g50/meta.yaml b/addons/postgresql-cluster/16/plans/standard-2c8g50/meta.yaml new file mode 100644 index 00000000..f559091d --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-2c8g50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c8g50" +id: 0542f411-4e7b-46af-966c-c9989e54873c +description: "PostgreSQL Cluster standard-2c8g50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-2c8g50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/16/plans/standard-2c8g50/values.yaml b/addons/postgresql-cluster/16/plans/standard-2c8g50/values.yaml new file mode 100644 index 00000000..1062740f --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-2c8g50/values.yaml @@ -0,0 +1,83 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-50 + +patroni: + pgParameters: + max_worker_processes: 4 + max_parallel_workers: 2 + max_connections: 2000 + max_slot_wal_keep_size: '5 GB' + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '2048 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '6 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '4 GB' + min_wal_size = '1 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = 5GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 2000m + memory: 8Gi + hugepages-2Mi: 20Mi + requests: + cpu: 2000m + memory: 8Gi + +persistentVolume: + enabled: true + size: 50Gi + +shmVolume: + sizeLimit: "4Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-32c128g800/bind.yaml b/addons/postgresql-cluster/16/plans/standard-32c128g800/bind.yaml new file mode 100644 index 00000000..5fc257f9 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-32c128g800/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-32c128g800/create-instance-schema.json b/addons/postgresql-cluster/16/plans/standard-32c128g800/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-32c128g800/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-32c128g800/meta.yaml b/addons/postgresql-cluster/16/plans/standard-32c128g800/meta.yaml new file mode 100644 index 00000000..90f0ee80 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-32c128g800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c128g800" +id: 60f37e20-e69e-4f6f-9cce-e43caec34963 +description: "PostgreSQL Cluster standard-32c128g800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" +displayName: "standard-32c128g800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/16/plans/standard-32c128g800/values.yaml b/addons/postgresql-cluster/16/plans/standard-32c128g800/values.yaml new file mode 100644 index 00000000..a2f1bb41 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-32c128g800/values.yaml @@ -0,0 +1,82 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-800 + +patroni: + pgParameters: + max_worker_processes: 64 + max_parallel_workers: 32 + max_connections: 2000 + max_slot_wal_keep_size: '100 GB' + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '32768 MB' + work_mem = '64 MB' + maintenance_work_mem = '720 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '90 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '30 min' + checkpoint_completion_target = 0.9 + max_wal_size = '64 GB' + min_wal_size = '4 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 16 + max_parallel_maintenance_workers = 16 + max_parallel_workers = 32 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = 80GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 32000m + memory: 128Gi + hugepages-2Mi: 80Mi + requests: + cpu: 16000m + memory: 64Gi + +persistentVolume: + enabled: true + size: 800Gi + +shmVolume: + sizeLimit: "64Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-32c64g4000/bind.yaml b/addons/postgresql-cluster/16/plans/standard-32c64g4000/bind.yaml new file mode 100644 index 00000000..5fc257f9 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-32c64g4000/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-32c64g4000/create-instance-schema.json b/addons/postgresql-cluster/16/plans/standard-32c64g4000/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-32c64g4000/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-32c64g4000/meta.yaml b/addons/postgresql-cluster/16/plans/standard-32c64g4000/meta.yaml new file mode 100644 index 00000000..37d28b85 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-32c64g4000/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c64g4000" +id: 138f8059-a3f6-4efe-a210-09d9ff00f9a9 +description: "PostgreSQL Cluster standard-32c64g4000 plan: Disk 4Ti ,vCPUs 32 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-32c64g4000" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/16/plans/standard-32c64g4000/values.yaml b/addons/postgresql-cluster/16/plans/standard-32c64g4000/values.yaml new file mode 100644 index 00000000..cdc3c494 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-32c64g4000/values.yaml @@ -0,0 +1,82 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-800 + +patroni: + pgParameters: + max_worker_processes: 64 + max_parallel_workers: 32 + max_connections: 2000 + max_slot_wal_keep_size: '200 GB' + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '16384 MB' + work_mem = '256 MB' + maintenance_work_mem = '2048 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '45 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '30 min' + checkpoint_completion_target = 0.9 + max_wal_size = '32 GB' + min_wal_size = '4 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 16 + max_parallel_maintenance_workers = 16 + max_parallel_workers = 32 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = 100GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 32000m + memory: 64Gi + hugepages-2Mi: 80Mi + requests: + cpu: 16000m + memory: 32Gi + +persistentVolume: + enabled: true + size: 4Ti + +shmVolume: + sizeLimit: "32Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-4c16g100/bind.yaml b/addons/postgresql-cluster/16/plans/standard-4c16g100/bind.yaml new file mode 100644 index 00000000..5fc257f9 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-4c16g100/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-4c16g100/create-instance-schema.json b/addons/postgresql-cluster/16/plans/standard-4c16g100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-4c16g100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-4c16g100/meta.yaml b/addons/postgresql-cluster/16/plans/standard-4c16g100/meta.yaml new file mode 100644 index 00000000..7e6943c1 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-4c16g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c16g100" +id: c44160a6-5ec4-49e5-af1e-a1c1676871cf +description: "PostgreSQL Cluster standard-4c16g100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" +displayName: "standard-4c16g100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/16/plans/standard-4c16g100/values.yaml b/addons/postgresql-cluster/16/plans/standard-4c16g100/values.yaml new file mode 100644 index 00000000..3b5d6b45 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-4c16g100/values.yaml @@ -0,0 +1,83 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-100 + +patroni: + pgParameters: + max_worker_processes: 8 + max_parallel_workers: 4 + max_connections: 2000 + max_slot_wal_keep_size: '10 GB' + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '4096 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '11 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '25 min' + checkpoint_completion_target = 0.9 + max_wal_size = '8 GB' + min_wal_size = '2 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 2 + max_parallel_maintenance_workers = 2 + max_parallel_workers = 4 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = 10GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 4000m + memory: 16Gi + hugepages-2Mi: 50Mi + requests: + cpu: 4000m + memory: 16Gi + +persistentVolume: + enabled: true + size: 100Gi + +shmVolume: + sizeLimit: "8Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-8c32g200/bind.yaml b/addons/postgresql-cluster/16/plans/standard-8c32g200/bind.yaml new file mode 100644 index 00000000..5fc257f9 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-8c32g200/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-8c32g200/create-instance-schema.json b/addons/postgresql-cluster/16/plans/standard-8c32g200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-8c32g200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-8c32g200/meta.yaml b/addons/postgresql-cluster/16/plans/standard-8c32g200/meta.yaml new file mode 100644 index 00000000..e71fc4d6 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-8c32g200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c32g200" +id: a2160ac2-6c35-4162-b8a2-8dfb2e01816f +description: "PostgreSQL Cluster standard-8c32g200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" +displayName: "standard-8c32g200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/16/plans/standard-8c32g200/values.yaml b/addons/postgresql-cluster/16/plans/standard-8c32g200/values.yaml new file mode 100644 index 00000000..e2484df5 --- /dev/null +++ b/addons/postgresql-cluster/16/plans/standard-8c32g200/values.yaml @@ -0,0 +1,82 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-200 + +patroni: + pgParameters: + max_worker_processes: 16 + max_parallel_workers: 8 + max_connections: 2000 + max_slot_wal_keep_size: '10 GB' + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '8192 MB' + work_mem = '32 MB' + maintenance_work_mem = '420 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '22 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '25 min' + checkpoint_completion_target = 0.9 + max_wal_size = '16 GB' + min_wal_size = '3 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 4 + max_parallel_maintenance_workers = 4 + max_parallel_workers = 8 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = 20GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 8000m + memory: 32Gi + hugepages-2Mi: 60Mi + requests: + cpu: 4000m + memory: 16Gi + +persistentVolume: + enabled: true + size: 200Gi + +shmVolume: + sizeLimit: "16Gi" \ No newline at end of file From e96fa74fab5b4e212293e44b516a5c36950cd6ea Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 19 Feb 2025 10:52:48 +0800 Subject: [PATCH 141/176] chore(postgresql-cluster):add postgressql 16 --- .gitignore | 6 +++++- addons/index.yaml | 2 ++ .../Chart.yaml | 0 .../{postgresql-cluster => postgresql-cluster-16}/README.md | 0 .../templates/NOTES.txt | 0 .../templates/_helpers.tpl | 0 .../templates/cm-backup.yaml | 0 .../templates/cm-logicalbackup .yaml | 0 .../templates/cm-patroni.yaml | 0 .../templates/cm-postgresql.yaml | 0 .../templates/cronjob.yaml | 0 .../templates/logicalbackup-cronjob.yaml | 0 .../templates/networkpolicy.yaml | 0 .../templates/role.yaml | 0 .../templates/rolebinding.yaml | 0 .../templates/sec.yaml | 0 .../templates/serviceaccount.yaml | 0 .../templates/statefulset.yaml | 0 .../templates/svc-config.yaml | 0 .../templates/svc-master.yaml | 4 ++-- .../templates/svc-metrics.yaml | 0 .../templates/svc-relp.yaml | 0 .../templates/svc.yaml | 0 .../values.yaml | 0 addons/postgresql-cluster/16/meta.yaml | 2 +- .../16/plans/standard-16c64g400/meta.yaml | 2 +- .../postgresql-cluster/16/plans/standard-2c4g20/meta.yaml | 2 +- .../postgresql-cluster/16/plans/standard-2c8g50/meta.yaml | 2 +- .../16/plans/standard-32c128g800/meta.yaml | 2 +- .../16/plans/standard-32c64g4000/meta.yaml | 2 +- .../postgresql-cluster/16/plans/standard-4c16g100/meta.yaml | 2 +- .../postgresql-cluster/16/plans/standard-8c32g200/meta.yaml | 2 +- 32 files changed, 17 insertions(+), 11 deletions(-) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/Chart.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/README.md (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/NOTES.txt (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/_helpers.tpl (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/cm-backup.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/cm-logicalbackup .yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/cm-patroni.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/cm-postgresql.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/cronjob.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/logicalbackup-cronjob.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/networkpolicy.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/role.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/rolebinding.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/sec.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/serviceaccount.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/statefulset.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/svc-config.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/svc-master.yaml (95%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/svc-metrics.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/svc-relp.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/templates/svc.yaml (100%) rename addons/postgresql-cluster/16/chart/{postgresql-cluster => postgresql-cluster-16}/values.yaml (100%) diff --git a/.gitignore b/.gitignore index be9ec9db..4817d62e 100644 --- a/.gitignore +++ b/.gitignore @@ -47,4 +47,8 @@ Temporary Items toCopy/ out/ Chart.lock -*.tgz \ No newline at end of file +*.tgz + +*.fix +addons/grafana/10/dashborad/ +addons/prometheus/prom-value.yaml diff --git a/addons/index.yaml b/addons/index.yaml index 33cbbd9c..82d92742 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -39,6 +39,8 @@ entries: postgresql-cluster: - version: 15 description: "PostgreSQL is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance." + - version: 16 + description: "PostgreSQL is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance." seaweedfs: - version: 3 description: "SeaweedFS is a fast distributed storage system for blobs, objects, files, and data lake, for billions of files." diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/Chart.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/Chart.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/Chart.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/Chart.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/README.md similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/README.md rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/README.md diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/NOTES.txt b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/NOTES.txt similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/NOTES.txt rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/NOTES.txt diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/_helpers.tpl similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/_helpers.tpl rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/_helpers.tpl diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-backup.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/cm-backup.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-backup.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/cm-backup.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-logicalbackup .yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/cm-logicalbackup .yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-logicalbackup .yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/cm-logicalbackup .yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-patroni.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/cm-patroni.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-patroni.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/cm-patroni.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-postgresql.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/cm-postgresql.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cm-postgresql.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/cm-postgresql.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cronjob.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/cronjob.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/cronjob.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/cronjob.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/logicalbackup-cronjob.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/logicalbackup-cronjob.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/logicalbackup-cronjob.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/logicalbackup-cronjob.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/networkpolicy.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/networkpolicy.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/networkpolicy.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/role.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/role.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/role.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/role.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/rolebinding.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/rolebinding.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/rolebinding.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/rolebinding.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/sec.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/sec.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/sec.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/serviceaccount.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/serviceaccount.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/serviceaccount.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/serviceaccount.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/statefulset.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/statefulset.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/statefulset.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-config.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/svc-config.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-config.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/svc-config.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-master.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/svc-master.yaml similarity index 95% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-master.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/svc-master.yaml index f3d20fd2..609ed5ba 100644 --- a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-master.yaml +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/svc-master.yaml @@ -10,13 +10,13 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} - role: master + role: primary spec: type: {{ .Values.service.type }} selector: application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} - role: master + role: primary ports: - name: postgresql port: 5432 diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-metrics.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/svc-metrics.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-metrics.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/svc-metrics.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/svc-relp.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc-relp.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/svc-relp.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/svc.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/templates/svc.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/svc.yaml diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/values.yaml similarity index 100% rename from addons/postgresql-cluster/16/chart/postgresql-cluster/values.yaml rename to addons/postgresql-cluster/16/chart/postgresql-cluster-16/values.yaml diff --git a/addons/postgresql-cluster/16/meta.yaml b/addons/postgresql-cluster/16/meta.yaml index 891012bc..54a98604 100644 --- a/addons/postgresql-cluster/16/meta.yaml +++ b/addons/postgresql-cluster/16/meta.yaml @@ -1,6 +1,6 @@ name: postgresql-cluster-16 version: 16 -id: 5cfb0abf-276c-445b-9060-9aa964ede87d +id: 344e4f5f-8a46-4a0a-9f42-57ce2708da44 description: "postgresql-cluster-16" displayName: "postgresql-cluster-16" metadata: diff --git a/addons/postgresql-cluster/16/plans/standard-16c64g400/meta.yaml b/addons/postgresql-cluster/16/plans/standard-16c64g400/meta.yaml index 0e82a8d2..3c60cb3a 100644 --- a/addons/postgresql-cluster/16/plans/standard-16c64g400/meta.yaml +++ b/addons/postgresql-cluster/16/plans/standard-16c64g400/meta.yaml @@ -1,5 +1,5 @@ name: "standard-16c64g400" -id: 16bfd3a8-1080-4731-93d0-bd90e6ba6dad +id: a8f2ec87-7b64-4ad5-ae21-b8070a8cbf4e description: "PostgreSQL Cluster standard-16c64g400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" displayName: "standard-16c64g400" bindable: true diff --git a/addons/postgresql-cluster/16/plans/standard-2c4g20/meta.yaml b/addons/postgresql-cluster/16/plans/standard-2c4g20/meta.yaml index e6fc9417..10e34581 100644 --- a/addons/postgresql-cluster/16/plans/standard-2c4g20/meta.yaml +++ b/addons/postgresql-cluster/16/plans/standard-2c4g20/meta.yaml @@ -1,5 +1,5 @@ name: "standard-2c4g20" -id: edf8bdfe-b1dc-4f41-b042-801153794df7 +id: 15a1f1b3-2af5-4d6a-acf3-4251ef305d66 description: "PostgreSQL Cluster standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" displayName: "standard-2c4g20" bindable: true diff --git a/addons/postgresql-cluster/16/plans/standard-2c8g50/meta.yaml b/addons/postgresql-cluster/16/plans/standard-2c8g50/meta.yaml index f559091d..d19e4757 100644 --- a/addons/postgresql-cluster/16/plans/standard-2c8g50/meta.yaml +++ b/addons/postgresql-cluster/16/plans/standard-2c8g50/meta.yaml @@ -1,5 +1,5 @@ name: "standard-2c8g50" -id: 0542f411-4e7b-46af-966c-c9989e54873c +id: 1cb94804-c93d-4500-a736-09f467230754 description: "PostgreSQL Cluster standard-2c8g50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" displayName: "standard-2c8g50" bindable: true diff --git a/addons/postgresql-cluster/16/plans/standard-32c128g800/meta.yaml b/addons/postgresql-cluster/16/plans/standard-32c128g800/meta.yaml index 90f0ee80..e6588767 100644 --- a/addons/postgresql-cluster/16/plans/standard-32c128g800/meta.yaml +++ b/addons/postgresql-cluster/16/plans/standard-32c128g800/meta.yaml @@ -1,5 +1,5 @@ name: "standard-32c128g800" -id: 60f37e20-e69e-4f6f-9cce-e43caec34963 +id: e2a98bfc-da70-4db9-b58d-57a0fb869ad9 description: "PostgreSQL Cluster standard-32c128g800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" displayName: "standard-32c128g800" bindable: true diff --git a/addons/postgresql-cluster/16/plans/standard-32c64g4000/meta.yaml b/addons/postgresql-cluster/16/plans/standard-32c64g4000/meta.yaml index 37d28b85..1da62950 100644 --- a/addons/postgresql-cluster/16/plans/standard-32c64g4000/meta.yaml +++ b/addons/postgresql-cluster/16/plans/standard-32c64g4000/meta.yaml @@ -1,5 +1,5 @@ name: "standard-32c64g4000" -id: 138f8059-a3f6-4efe-a210-09d9ff00f9a9 +id: 60f4fb02-fb4d-4e42-acbe-194e056535a6 description: "PostgreSQL Cluster standard-32c64g4000 plan: Disk 4Ti ,vCPUs 32 , RAM 64G , DB MAX Connection 2000" displayName: "standard-32c64g4000" bindable: true diff --git a/addons/postgresql-cluster/16/plans/standard-4c16g100/meta.yaml b/addons/postgresql-cluster/16/plans/standard-4c16g100/meta.yaml index 7e6943c1..405ee9fa 100644 --- a/addons/postgresql-cluster/16/plans/standard-4c16g100/meta.yaml +++ b/addons/postgresql-cluster/16/plans/standard-4c16g100/meta.yaml @@ -1,5 +1,5 @@ name: "standard-4c16g100" -id: c44160a6-5ec4-49e5-af1e-a1c1676871cf +id: 87f0fa69-67ba-4d1d-b0e7-cd84e5d57a0f description: "PostgreSQL Cluster standard-4c16g100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" displayName: "standard-4c16g100" bindable: true diff --git a/addons/postgresql-cluster/16/plans/standard-8c32g200/meta.yaml b/addons/postgresql-cluster/16/plans/standard-8c32g200/meta.yaml index e71fc4d6..916b2924 100644 --- a/addons/postgresql-cluster/16/plans/standard-8c32g200/meta.yaml +++ b/addons/postgresql-cluster/16/plans/standard-8c32g200/meta.yaml @@ -1,5 +1,5 @@ name: "standard-8c32g200" -id: a2160ac2-6c35-4162-b8a2-8dfb2e01816f +id: 44b98aeb-6774-42d2-80a3-c7bd2bf6155d description: "PostgreSQL Cluster standard-8c32g200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" displayName: "standard-8c32g200" bindable: true From 1b53d7882c5d0bf1a72a4393093ed7f5e8868f74 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 14 Mar 2025 14:15:11 +0800 Subject: [PATCH 142/176] chore(nessie): add nessie init --- addons/nessie/0.103/chart/nessie/Chart.yaml | 21 + addons/nessie/0.103/chart/nessie/README.md | 351 +++++++ .../0.103/chart/nessie/simple-values.yaml | 0 .../0.103/chart/nessie/templates/NOTES.txt | 38 + .../0.103/chart/nessie/templates/_helpers.tpl | 519 +++++++++ .../chart/nessie/templates/configmap.yaml | 225 ++++ .../chart/nessie/templates/deployment.yaml | 199 ++++ .../0.103/chart/nessie/templates/hpa.yaml | 65 ++ .../0.103/chart/nessie/templates/ingress.yaml | 75 ++ .../0.103/chart/nessie/templates/secrets.yaml | 19 + .../0.103/chart/nessie/templates/service.yaml | 118 +++ .../nessie/templates/serviceaccount.yaml | 31 + .../nessie/templates/servicemonitor.yaml | 47 + .../0.103/chart/nessie/templates/storage.yaml | 63 ++ addons/nessie/0.103/chart/nessie/values.yaml | 987 ++++++++++++++++++ addons/nessie/0.103/meta.yaml | 63 ++ .../0.103/plans/standard-1c1g5/bind.yaml | 29 + .../0.103/plans/standard-1c1g5/meta.yaml | 6 + .../0.103/plans/standard-1c1g5/values.yaml | 50 + 19 files changed, 2906 insertions(+) create mode 100644 addons/nessie/0.103/chart/nessie/Chart.yaml create mode 100644 addons/nessie/0.103/chart/nessie/README.md create mode 100644 addons/nessie/0.103/chart/nessie/simple-values.yaml create mode 100644 addons/nessie/0.103/chart/nessie/templates/NOTES.txt create mode 100644 addons/nessie/0.103/chart/nessie/templates/_helpers.tpl create mode 100644 addons/nessie/0.103/chart/nessie/templates/configmap.yaml create mode 100644 addons/nessie/0.103/chart/nessie/templates/deployment.yaml create mode 100644 addons/nessie/0.103/chart/nessie/templates/hpa.yaml create mode 100644 addons/nessie/0.103/chart/nessie/templates/ingress.yaml create mode 100644 addons/nessie/0.103/chart/nessie/templates/secrets.yaml create mode 100644 addons/nessie/0.103/chart/nessie/templates/service.yaml create mode 100644 addons/nessie/0.103/chart/nessie/templates/serviceaccount.yaml create mode 100644 addons/nessie/0.103/chart/nessie/templates/servicemonitor.yaml create mode 100644 addons/nessie/0.103/chart/nessie/templates/storage.yaml create mode 100644 addons/nessie/0.103/chart/nessie/values.yaml create mode 100644 addons/nessie/0.103/meta.yaml create mode 100644 addons/nessie/0.103/plans/standard-1c1g5/bind.yaml create mode 100644 addons/nessie/0.103/plans/standard-1c1g5/meta.yaml create mode 100644 addons/nessie/0.103/plans/standard-1c1g5/values.yaml diff --git a/addons/nessie/0.103/chart/nessie/Chart.yaml b/addons/nessie/0.103/chart/nessie/Chart.yaml new file mode 100644 index 00000000..e1ba8165 --- /dev/null +++ b/addons/nessie/0.103/chart/nessie/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +description: A Helm chart for Nessie +home: https://projectnessie.org/ +icon: https://raw.githubusercontent.com/projectnessie/nessie/main/site/docs/img/nessie.svg +keywords: +- nessie +- iceberg +- delta +- data lake +- transactional catalog +- git-like semantics +maintainers: +- name: nastra +- name: snazy +- name: dimas-b +- name: adutra +name: nessie +sources: +- https://github.com/projectnessie/nessie +type: application +version: 0.103.0 diff --git a/addons/nessie/0.103/chart/nessie/README.md b/addons/nessie/0.103/chart/nessie/README.md new file mode 100644 index 00000000..1b926af0 --- /dev/null +++ b/addons/nessie/0.103/chart/nessie/README.md @@ -0,0 +1,351 @@ + + +# Nessie Helm chart + +![Version: 0.103.0](https://img.shields.io/badge/Version-0.103.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +A Helm chart for Nessie. + +**Homepage:** + +## Maintainers +* [nastra](https://github.com/nastra) +* [snazy](https://github.com/snazy) +* [dimas-b](https://github.com/dimas-b) +* [adutra](https://github.com/adutra) + +## Source Code + +* + +## Documentation + +For users: see [Nessie on Kubernetes](https://projectnessie.org/try/kubernetes/) +for more information. + +For developers: to update this README file, e.g. when the chart is updated or when the template file +`README.md.gotmpl` is updated, install the [helm-docs](https://github.com/norwoodj/helm-docs) tool, +then run: + +```bash +helm-docs --chart-search-root=helm +``` + +Note: don't modify the README.md file directly, please modify `README.md.gotmpl` instead. + +## Installation + +### From Helm repo +```bash +helm repo add nessie-helm https://charts.projectnessie.org +helm repo update +helm install --namespace nessie-ns nessie nessie-helm/nessie +``` + +### From local directory (for development purposes ONLY!) + +From Nessie repo root: + +```bash +helm install --namespace nessie-ns nessie helm/nessie +``` + +Beware that the local chart may contain changes that are not yet released. + +### Uninstalling the chart + +```bash +helm uninstall --namespace nessie-ns nessie +``` + +## Debugging, linting & testing locally + +To debug the rendering of Helm templates: + +```bash +helm template nessie -n nessie-ns helm/nessie --debug +``` + +You can also provide a values file: + +```bash +helm template nessie -n nessie-ns helm/nessie --values helm/nessie/ci/inmemory-values.yaml --debug +``` + +For linting and testing, the [chart-testing](https://github.com/helm/chart-testing) tool (`ct`) must +be installed. + +To lint the Helm chart, use `ct lint`: + +```bash +ct lint --charts helm/nessie +``` + +To test the charts against a local running minikube cluster, first create the namespace and apply the fixtures: + +```bash +kubectl create namespace nessie-ns +kubectl apply --namespace nessie-ns $(find helm/nessie/ci/fixtures -name "*.yaml" -exec echo -n "-f {} " \;) +``` + +Then run the tests with `ct install`: + +```bash +ct install --charts ./helm/nessie --namespace nessie-ns --debug +``` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| advancedConfig | object | `{}` | Advanced configuration. You can pass here any valid Nessie or Quarkus configuration property. Any property that is defined here takes precedence over all the other configuration values generated by this chart. Properties can be passed "flattened" or as nested YAML objects (see examples below). | +| affinity | object | `{}` | Affinity and anti-affinity for nessie pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. | +| authentication.enabled | bool | `false` | Specifies whether authentication for the nessie server should be enabled. | +| authentication.oidcAuthServerUrl | string | `nil` | Sets the base URL of the OpenID Connect (OIDC) server. Required if authentication is enabled (unless local token introspection is enforced through advanced configuration). | +| authentication.oidcClientId | string | `"nessie"` | Set the OIDC client ID. If Nessie must contact the OIDC server, this is the client ID that will be used to identify the application. | +| authentication.oidcClientSecret | object | `{}` | Set the OIDC client secret. Whether the client secret is required depends on the OIDC server configuration. For Keycloak, the client secret is generally not required as the returned tokens can be introspected locally by Nessie. If token introspection requires a round-trip to the OIDC server, the client secret is required. | +| authorization.enabled | bool | `false` | Specifies whether authorization for the nessie server should be enabled. | +| authorization.rules | object | `{}` | The authorization rules when authorization.enabled=true. Example rules can be found at https://projectnessie.org/features/metadata_authorization/#authorization-rules | +| autoscaling.enabled | bool | `false` | Specifies whether automatic horizontal scaling should be enabled. Do not enable this when using ROCKSDB version store type. | +| autoscaling.maxReplicas | int | `3` | The maximum number of replicas to maintain. | +| autoscaling.minReplicas | int | `1` | The minimum number of replicas to maintain. | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | Optional; set to zero or empty to disable. | +| autoscaling.targetMemoryUtilizationPercentage | string | `nil` | Optional; set to zero or empty to disable. | +| bigtable.appProfileId | string | `"default"` | The Google Cloud Bigtable app profile ID. | +| bigtable.instanceId | string | `"nessie-bigtable"` | The Google Cloud Bigtable instance ID. | +| bigtable.projectId | string | `"my-gcp-project"` | The Google Cloud project ID. | +| bigtable.secret | object | `{}` | The secret to use to authenticate against BigTable. When provided, it is assumed that authentication will use a service account JSON key. See https://cloud.google.com/iam/docs/keys-create-delete for details on how to create a service account key. If left empty, then Workload Identity usage is assumed instead; in this case, make sure that the pod's service account has been granted access to BigTable. See https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to for details on how to create a suitable service account. Important: when using Workload Identity, unless the cluster is in Autopilot mode, it is also required to add the following nodeSelector label: iam.gke.io/gke-metadata-server-enabled: "true" This is not done automatically by this chart because this selector would be invalid for Autopilot clusters. | +| cassandra.contactPoints | string | `"cassandra.cassandra.svc.cluster.local:9042"` | The contact points for the Cassandra cluster. At least one contact point must be provided, but more can be added for redundancy. The format is a comma-separated list of host:port elements. | +| cassandra.keyspace | string | `"nessie"` | | +| cassandra.localDatacenter | string | `"datacenter1"` | | +| cassandra.secret.name | string | `"cassandra-creds"` | The secret name to pull Cassandra credentials from. | +| cassandra.secret.password | string | `"cassandra_password"` | The secret key storing the Cassandra password. | +| cassandra.secret.username | string | `"cassandra_username"` | The secret key storing the Cassandra username. | +| catalog | object | `{"enabled":false,"iceberg":{"configDefaults":{},"configOverrides":{},"defaultWarehouse":null,"objectStoresHealthCheckEnabled":true,"warehouses":[{"configDefaults":{},"configOverrides":{},"location":null,"name":null}]},"storage":{"adls":{"advancedConfig":{},"defaultOptions":{"accountSecret":{"accountKey":null,"accountName":null,"name":null},"authType":null,"endpoint":null,"externalEndpoint":null,"maxRetries":null,"maxRetryDelay":null,"retryDelay":null,"retryPolicy":null,"sasTokenSecret":{"name":null,"sasToken":null},"tryTimeout":null},"filesystems":[],"transport":{"connectTimeout":null,"connectionIdleTimeout":null,"maxHttpConnections":null,"readBlockSize":null,"readTimeout":null,"writeBlockSize":null,"writeTimeout":null}},"gcs":{"buckets":[],"defaultOptions":{"authCredentialsJsonSecret":{"key":null,"name":null},"authType":null,"clientLibToken":null,"decryptionKey":null,"deleteBatchSize":null,"encryptionKey":null,"externalHost":null,"host":null,"oauth2TokenSecret":{"expiresAt":null,"name":null,"token":null},"projectId":null,"quotaProjectId":null,"readChunkSize":null,"userProject":null,"writeChunkSize":null},"transport":{"connectTimeout":null,"initialRetryDelay":null,"initialRpcTimeout":null,"logicalTimeout":null,"maxAttempts":null,"maxRetryDelay":null,"maxRpcTimeout":null,"readTimeout":null,"retryDelayMultiplier":null,"rpcTimeoutMultiplier":null,"totalTimeout":null}},"retryAfter":null,"s3":{"buckets":[],"defaultOptions":{"accessKeySecret":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"name":null},"accessPoint":null,"allowCrossRegionAccessPoint":null,"authType":null,"clientIam":{"enabled":null,"externalId":null,"policy":null,"roleArn":null,"roleSessionName":null,"sessionDuration":null,"statements":null},"endpoint":null,"externalEndpoint":null,"pathStyleAccess":null,"region":null,"requestSigningEnabled":null,"serverIam":{"enabled":null,"externalId":null,"policy":null,"roleArn":null,"roleSessionName":null,"sessionDuration":null},"stsEndpoint":null},"sessionCredentials":{"sessionCredentialCacheMaxEntries":null,"sessionCredentialRefreshGracePeriod":null,"stsClientsCacheMaxEntries":null},"transport":{"connectTimeout":null,"connectionAcquisitionTimeout":null,"connectionMaxIdleTime":null,"connectionTimeToLive":null,"expectContinueEnabled":null,"maxHttpConnections":null,"readTimeout":null}}}}` | The Nessie catalog server configuration. | +| catalog.enabled | bool | `false` | Whether to enable the REST catalog service. | +| catalog.iceberg | object | `{"configDefaults":{},"configOverrides":{},"defaultWarehouse":null,"objectStoresHealthCheckEnabled":true,"warehouses":[{"configDefaults":{},"configOverrides":{},"location":null,"name":null}]}` | Iceberg catalog settings. | +| catalog.iceberg.configDefaults | object | `{}` | Iceberg config defaults applicable to all clients and warehouses. Any properties that are common to all iceberg clients should be included here. They will be passed to all clients on all warehouses as config defaults. These defaults can be overridden on a per-warehouse basis, see below. | +| catalog.iceberg.configOverrides | object | `{}` | Iceberg config overrides applicable to all clients and warehouses. Any properties that are common to all iceberg clients should be included here. They will be passed to all clients on all warehouses as config overrides. These overrides can be overridden on a per-warehouse basis, see below. | +| catalog.iceberg.defaultWarehouse | string | `nil` | The default warehouse name. Required. This is just a symbolic name; it must refer to a declared warehouse below. | +| catalog.iceberg.warehouses | list | `[{"configDefaults":{},"configOverrides":{},"location":null,"name":null}]` | Iceberg warehouses. Each warehouse is a location where Iceberg tables are stored. Each warehouse has a name, a location, and optional config defaults and overrides. At least one warehouse must be defined. | +| catalog.iceberg.warehouses[0] | object | `{"configDefaults":{},"configOverrides":{},"location":null,"name":null}` | Symbolic name of the warehouse. Required. | +| catalog.iceberg.warehouses[0].configDefaults | object | `{}` | Iceberg config defaults specific to this warehouse. They override any defaults specified above in catalog.iceberg.configDefaults. | +| catalog.iceberg.warehouses[0].configOverrides | object | `{}` | Iceberg config overrides specific to this warehouse. They override any defaults specified above in catalog.iceberg.configOverrides. | +| catalog.iceberg.warehouses[0].location | string | `nil` | Location of the warehouse. Required. Used to determine the base location of a table. Scheme must be either s3 (Amazon S3), gs (Google GCS) or abfs / abfss (Azure ADLS). Storage properties for each location can be defined below. | +| catalog.storage | object | `{"adls":{"advancedConfig":{},"defaultOptions":{"accountSecret":{"accountKey":null,"accountName":null,"name":null},"authType":null,"endpoint":null,"externalEndpoint":null,"maxRetries":null,"maxRetryDelay":null,"retryDelay":null,"retryPolicy":null,"sasTokenSecret":{"name":null,"sasToken":null},"tryTimeout":null},"filesystems":[],"transport":{"connectTimeout":null,"connectionIdleTimeout":null,"maxHttpConnections":null,"readBlockSize":null,"readTimeout":null,"writeBlockSize":null,"writeTimeout":null}},"gcs":{"buckets":[],"defaultOptions":{"authCredentialsJsonSecret":{"key":null,"name":null},"authType":null,"clientLibToken":null,"decryptionKey":null,"deleteBatchSize":null,"encryptionKey":null,"externalHost":null,"host":null,"oauth2TokenSecret":{"expiresAt":null,"name":null,"token":null},"projectId":null,"quotaProjectId":null,"readChunkSize":null,"userProject":null,"writeChunkSize":null},"transport":{"connectTimeout":null,"initialRetryDelay":null,"initialRpcTimeout":null,"logicalTimeout":null,"maxAttempts":null,"maxRetryDelay":null,"maxRpcTimeout":null,"readTimeout":null,"retryDelayMultiplier":null,"rpcTimeoutMultiplier":null,"totalTimeout":null}},"retryAfter":null,"s3":{"buckets":[],"defaultOptions":{"accessKeySecret":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"name":null},"accessPoint":null,"allowCrossRegionAccessPoint":null,"authType":null,"clientIam":{"enabled":null,"externalId":null,"policy":null,"roleArn":null,"roleSessionName":null,"sessionDuration":null,"statements":null},"endpoint":null,"externalEndpoint":null,"pathStyleAccess":null,"region":null,"requestSigningEnabled":null,"serverIam":{"enabled":null,"externalId":null,"policy":null,"roleArn":null,"roleSessionName":null,"sessionDuration":null},"stsEndpoint":null},"sessionCredentials":{"sessionCredentialCacheMaxEntries":null,"sessionCredentialRefreshGracePeriod":null,"stsClientsCacheMaxEntries":null},"transport":{"connectTimeout":null,"connectionAcquisitionTimeout":null,"connectionMaxIdleTime":null,"connectionTimeToLive":null,"expectContinueEnabled":null,"maxHttpConnections":null,"readTimeout":null}}}` | Catalog storage settings. | +| catalog.storage.adls.advancedConfig | object | `{}` | Custom ADLS configuration options, see javadocs of com.azure.core.util.Configuration. Not overridable on a per-filesystem basis. | +| catalog.storage.adls.defaultOptions.accountSecret | object | `{"accountKey":null,"accountName":null,"name":null}` | A secret containing the account name and key to use. Required when authType is STORAGE_SHARED_KEY. | +| catalog.storage.adls.defaultOptions.accountSecret.accountKey | string | `nil` | Secret key containing the account key. | +| catalog.storage.adls.defaultOptions.accountSecret.accountName | string | `nil` | Secret key containing the fully-qualified account name, e.g. "myaccount.dfs.core.windows.net". | +| catalog.storage.adls.defaultOptions.accountSecret.name | string | `nil` | Name of the secret containing the account name and key. | +| catalog.storage.adls.defaultOptions.authType | string | `nil` | The authentication type to use. Valid values are: NONE, STORAGE_SHARED_KEY, SAS_TOKEN, APPLICATION_DEFAULT. The default is NONE. | +| catalog.storage.adls.defaultOptions.endpoint | string | `nil` | Custom HTTP endpoint. In case clients need to use a different URI, use externalEndpoint. | +| catalog.storage.adls.defaultOptions.externalEndpoint | string | `nil` | Custom HTTP endpoint to be used by clients. If not set, the endpoint value is used. | +| catalog.storage.adls.defaultOptions.maxRetries | string | `nil` | The maximum number of retries. Must be a positive integer. Default is 4. Optional. Valid if retryPolicy is EXPONENTIAL_BACKOFF or FIXED_DELAY. | +| catalog.storage.adls.defaultOptions.maxRetryDelay | string | `nil` | Specifies the maximum delay allowed before retrying an operation, default value is PT120s (120 seconds). Must be a valid ISO duration. Valid if retryPolicy is EXPONENTIAL_BACKOFF. | +| catalog.storage.adls.defaultOptions.retryDelay | string | `nil` | Specifies the amount of delay to use before retrying an operation, default value is PT4S (4 seconds) when retryPolicy is EXPONENTIAL_BACKOFF and PT30S (30 seconds) when retryPolicy is FIXED_DELAY. Must be a valid ISO duration. | +| catalog.storage.adls.defaultOptions.retryPolicy | string | `nil` | The retry strategy to use. Valid values are: NONE, EXPONENTIAL_BACKOFF, FIXED_DELAY. The default is EXPONENTIAL_BACKOFF. | +| catalog.storage.adls.defaultOptions.sasTokenSecret | object | `{"name":null,"sasToken":null}` | A secret containing the SAS token to use. Required when authType is SAS_TOKEN. | +| catalog.storage.adls.defaultOptions.sasTokenSecret.name | string | `nil` | Name of the secret containing the SAS token. | +| catalog.storage.adls.defaultOptions.sasTokenSecret.sasToken | string | `nil` | Secret key containing the SAS token. | +| catalog.storage.adls.defaultOptions.tryTimeout | string | `nil` | The maximum time allowed before a request is cancelled and assumed failed, default is Integer.MAX_VALUE. Optional. Must be a valid ISO duration. Valid if retryPolicy is EXPONENTIAL_BACKOFF or FIXED_DELAY. | +| catalog.storage.adls.filesystems | list | `[]` | Per-filesystem ADLS settings. Override the general settings above. | +| catalog.storage.adls.transport | object | `{"connectTimeout":null,"connectionIdleTimeout":null,"maxHttpConnections":null,"readBlockSize":null,"readTimeout":null,"writeBlockSize":null,"writeTimeout":null}` | ADLS transport settings. Not overridable on a per-bucket basis. | +| catalog.storage.adls.transport.connectTimeout | string | `nil` | Sets the connection timeout for a request to be sent. The default is PT10S (10 seconds). Must be a valid ISO duration. Not overridable on a per-filesystem basis. | +| catalog.storage.adls.transport.connectionIdleTimeout | string | `nil` | Sets the maximum idle time for a connection to be kept alive. The default is PT60S (60 seconds). Must be a valid ISO duration. Not overridable on a per-filesystem basis. | +| catalog.storage.adls.transport.maxHttpConnections | string | `nil` | The default maximum connection pool size is determined by the underlying HTTP client. Not overridable on a per-filesystem basis. | +| catalog.storage.adls.transport.readBlockSize | string | `nil` | The size of each data chunk returned from the service in bytes. The default value is 4 MB. Not overridable on a per-filesystem basis. | +| catalog.storage.adls.transport.readTimeout | string | `nil` | Sets the read timeout duration used when reading the server response. The default is PT60S (60 seconds). Must be a valid ISO duration. Not overridable on a per-filesystem basis. | +| catalog.storage.adls.transport.writeBlockSize | string | `nil` | Sets the block size in bytes to transfer at a time. Not overridable on a per-filesystem basis. | +| catalog.storage.adls.transport.writeTimeout | string | `nil` | Sets the write timeout duration used when writing the request to the server. The default is PT60S (60 seconds). Must be a valid ISO duration. Not overridable on a per-filesystem basis. | +| catalog.storage.gcs.buckets | list | `[]` | Per-bucket GCS settings. Override the general settings above. | +| catalog.storage.gcs.defaultOptions.authCredentialsJsonSecret | object | `{"key":null,"name":null}` | The Google Cloud service account key secret. This is required when authType is USER or SERVICE_ACCOUNT. | +| catalog.storage.gcs.defaultOptions.authCredentialsJsonSecret.key | string | `nil` | The secret key storing the Google Cloud service account JSON key. | +| catalog.storage.gcs.defaultOptions.authCredentialsJsonSecret.name | string | `nil` | The secret name to pull a valid Google Cloud service account key from. | +| catalog.storage.gcs.defaultOptions.authType | string | `nil` | The authentication type to use. Valid values are: NONE, USER, SERVICE_ACCOUNT, ACCESS_TOKEN, APPLICATION_DEFAULT. The default is NONE. | +| catalog.storage.gcs.defaultOptions.clientLibToken | string | `nil` | The Google client lib token. | +| catalog.storage.gcs.defaultOptions.decryptionKey | string | `nil` | Customer-supplied AES256 key for blob decryption when reading. Currently unsupported. | +| catalog.storage.gcs.defaultOptions.deleteBatchSize | string | `nil` | The delete batch size. | +| catalog.storage.gcs.defaultOptions.encryptionKey | string | `nil` | Customer-supplied AES256 key for blob encryption when writing. Currently unsupported. | +| catalog.storage.gcs.defaultOptions.externalHost | string | `nil` | When using a specific endpoint, see host, and the endpoint URIs for the Nessie server differ, you can specify the URI passed down to clients using this setting. Otherwise, clients will receive the value from the host setting. | +| catalog.storage.gcs.defaultOptions.host | string | `nil` | The default endpoint override to use. The endpoint is almost always used for testing purposes. If the endpoint URIs for the Nessie server and clients differ, this one defines the endpoint used for the Nessie server. | +| catalog.storage.gcs.defaultOptions.oauth2TokenSecret | object | `{"expiresAt":null,"name":null,"token":null}` | The oauth2 token secret. This is required when authType is ACCESS_TOKEN. | +| catalog.storage.gcs.defaultOptions.projectId | string | `nil` | The Google project ID. | +| catalog.storage.gcs.defaultOptions.quotaProjectId | string | `nil` | The Google quota project ID. | +| catalog.storage.gcs.defaultOptions.readChunkSize | string | `nil` | The read chunk size in bytes. Must be a valid ISO duration. | +| catalog.storage.gcs.defaultOptions.userProject | string | `nil` | Optionally specify the user project (Google term). | +| catalog.storage.gcs.defaultOptions.writeChunkSize | string | `nil` | The write chunk size in bytes. Must be a valid ISO duration. | +| catalog.storage.gcs.transport | object | `{"connectTimeout":null,"initialRetryDelay":null,"initialRpcTimeout":null,"logicalTimeout":null,"maxAttempts":null,"maxRetryDelay":null,"maxRpcTimeout":null,"readTimeout":null,"retryDelayMultiplier":null,"rpcTimeoutMultiplier":null,"totalTimeout":null}` | GCS transport settings. Not overridable on a per-bucket basis. | +| catalog.storage.gcs.transport.connectTimeout | string | `nil` | Override the default connection timeout. Must be a valid ISO duration. | +| catalog.storage.gcs.transport.initialRetryDelay | string | `nil` | Override the default initial retry delay. Must be a valid ISO duration. | +| catalog.storage.gcs.transport.initialRpcTimeout | string | `nil` | Override the default initial RPC timeout. Must be a valid ISO duration. | +| catalog.storage.gcs.transport.logicalTimeout | string | `nil` | Override the default logical request timeout. Must be a valid ISO duration. | +| catalog.storage.gcs.transport.maxAttempts | string | `nil` | Override the default maximum number of attempts. | +| catalog.storage.gcs.transport.maxRetryDelay | string | `nil` | Override the default maximum retry delay. Must be a valid ISO duration. | +| catalog.storage.gcs.transport.maxRpcTimeout | string | `nil` | Override the default maximum RPC timeout. Must be a valid ISO duration. | +| catalog.storage.gcs.transport.readTimeout | string | `nil` | Override the default read timeout. Must be a valid ISO duration. | +| catalog.storage.gcs.transport.retryDelayMultiplier | string | `nil` | Override the default retry delay multiplier. Must be a valid ISO duration. | +| catalog.storage.gcs.transport.rpcTimeoutMultiplier | string | `nil` | Override the default RPC timeout multiplier. Must be a valid ISO duration. | +| catalog.storage.gcs.transport.totalTimeout | string | `nil` | Override the default total timeout. Must be a valid ISO duration. | +| catalog.storage.retryAfter | string | `nil` | Interval after which a request is retried when Storage responds with some "retry later" error. Must be a valid ISO duration. | +| catalog.storage.s3.buckets | list | `[]` | Per-bucket S3 settings. Override the general settings above. | +| catalog.storage.s3.defaultOptions.accessKeySecret | object | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"name":null}` | AWS credentials. Required when serverAuthenticationMode is STATIC. | +| catalog.storage.s3.defaultOptions.accessKeySecret.awsAccessKeyId | string | `nil` | The secret key storing the AWS secret key id. | +| catalog.storage.s3.defaultOptions.accessKeySecret.awsSecretAccessKey | string | `nil` | The secret key storing the AWS secret access key. | +| catalog.storage.s3.defaultOptions.accessKeySecret.name | string | `nil` | The secret name to pull AWS credentials from. | +| catalog.storage.s3.defaultOptions.accessPoint | string | `nil` | AWS Access point for this bucket. Access points can be used to perform S3 operations by specifying a mapping of bucket to access points. This is useful for multi-region access, cross-region access, disaster recovery, etc. See https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html. | +| catalog.storage.s3.defaultOptions.allowCrossRegionAccessPoint | string | `nil` | Authorize cross-region calls when contacting an access point. The default is false. | +| catalog.storage.s3.defaultOptions.authType | string | `nil` | Controls the authentication mode for the Catalog server. Valid values are: - APPLICATION_GLOBAL: Use the default AWS credentials provider chain. - STATIC: Static credentials provided through the accessKeySecret option. The default is STATIC. | +| catalog.storage.s3.defaultOptions.clientIam.enabled | string | `nil` | Whether to enable vended credentials functionality. If this option is enabled, the server will temporarily assume the configured role, then pass the returned session credentials down to the client, for each table that is created, updated or registered. Vended credentials are not cached server-side. | +| catalog.storage.s3.defaultOptions.clientIam.externalId | string | `nil` | An identifier for the party assuming the role. This parameter must match the external ID configured in IAM rules that govern the assume role process for the specified roleArn. | +| catalog.storage.s3.defaultOptions.clientIam.policy | string | `nil` | The IAM policy in JSON format to be used as an inline session policy when calling the assume-role endpoint. Optional. | +| catalog.storage.s3.defaultOptions.clientIam.roleArn | string | `nil` | The ARN of the role to assume for accessing S3 data. This parameter is required for Amazon S3, but may not be required for other storage providers (e.g. Minio does not use it at all). | +| catalog.storage.s3.defaultOptions.clientIam.roleSessionName | string | `nil` | An identifier for the assumed role session. This parameter is most important in cases when the same role is assumed by different principals in different use cases. | +| catalog.storage.s3.defaultOptions.clientIam.sessionDuration | string | `nil` | A higher bound estimate of the expected duration of client "sessions" working with data in this bucket. A session, for example, is the lifetime of an Iceberg REST catalog object on the client side. This value is used for validating expiration times of credentials associated with the warehouse. If unset, a default of one hour is assumed. | +| catalog.storage.s3.defaultOptions.clientIam.statements | string | `nil` | Additional IAM policy statements in JSON format to add to generated per-table IAM policies. | +| catalog.storage.s3.defaultOptions.endpoint | string | `nil` | Endpoint URI, required for private clouds. Optional; if not provided, the default is used. | +| catalog.storage.s3.defaultOptions.externalEndpoint | string | `nil` | Endpoint URI, required for private clouds. Optional; if not provided, the default is used. If the endpoint URIs for the Nessie server and clients differ, this one defines the endpoint used for the Nessie server. | +| catalog.storage.s3.defaultOptions.pathStyleAccess | string | `nil` | Whether to use path-style access. Optional; if not provided, the default is used. If true, path-style access will be used, as in: https:///. If false, a virtual-hosted style will be used instead, as in: https://.. | +| catalog.storage.s3.defaultOptions.region | string | `nil` | DNS name of the region, required for AWS. | +| catalog.storage.s3.defaultOptions.requestSigningEnabled | string | `nil` | Optional parameter to disable S3 request signing. Default is to enable S3 request signing. | +| catalog.storage.s3.defaultOptions.serverIam | object | `{"enabled":null,"externalId":null,"policy":null,"roleArn":null,"roleSessionName":null,"sessionDuration":null}` | Settings only relevant when clientAuthenticationMode is ASSUME_ROLE. | +| catalog.storage.s3.defaultOptions.serverIam.enabled | string | `nil` | Whether to enable server assume-role functionality. If this option is enabled, the server will attempt to assume the configured role at startup and cache the returned session credentials. | +| catalog.storage.s3.defaultOptions.serverIam.externalId | string | `nil` | An identifier for the party assuming the role. This parameter must match the external ID configured in IAM rules that govern the assume role process for the specified roleArn. | +| catalog.storage.s3.defaultOptions.serverIam.policy | string | `nil` | The IAM policy in JSON format to be used as an inline session policy when calling the assume-role endpoint. Optional. | +| catalog.storage.s3.defaultOptions.serverIam.roleArn | string | `nil` | The ARN of the role to assume for accessing S3 data. This parameter is required for Amazon S3, but may not be required for other storage providers (e.g. Minio does not use it at all). | +| catalog.storage.s3.defaultOptions.serverIam.roleSessionName | string | `nil` | An identifier for the assumed role session. This parameter is most important in cases when the same role is assumed by different principals in different use cases. | +| catalog.storage.s3.defaultOptions.serverIam.sessionDuration | string | `nil` | A higher bound estimate of the expected duration of client "sessions" working with data in this bucket. A session, for example, is the lifetime of an Iceberg REST catalog object on the client side. This value is used for validating expiration times of credentials associated with the warehouse. If unset, a default of one hour is assumed. | +| catalog.storage.s3.defaultOptions.stsEndpoint | string | `nil` | The STS endpoint. Optional; if not provided, the default is used. This parameter must be set if the cloud provider is not AMAZON and the catalog is configured to use S3 sessions (e.g. to use the "assume role" functionality). | +| catalog.storage.s3.sessionCredentials.sessionCredentialCacheMaxEntries | string | `nil` | Maximum number of entries to keep in the session credentials cache (assumed role credentials). Not overridable on a per-bucket basis. The default is 1000. | +| catalog.storage.s3.sessionCredentials.sessionCredentialRefreshGracePeriod | string | `nil` | The time period to subtract from the S3 session credentials (assumed role credentials) expiry time to define the time when those credentials become eligible for refreshing. Not overridable on a per-bucket basis. The default is PT5M (5 minutes). | +| catalog.storage.s3.sessionCredentials.stsClientsCacheMaxEntries | string | `nil` | Maximum number of entries to keep in the STS clients cache. Not overridable on a per-bucket basis. The default is 50. | +| catalog.storage.s3.transport | object | `{"connectTimeout":null,"connectionAcquisitionTimeout":null,"connectionMaxIdleTime":null,"connectionTimeToLive":null,"expectContinueEnabled":null,"maxHttpConnections":null,"readTimeout":null}` | S3 transport settings. Not overridable on a per-bucket basis. | +| catalog.storage.s3.transport.connectTimeout | string | `nil` | Override the default TCP connect timeout. Must be a valid ISO duration. | +| catalog.storage.s3.transport.connectionAcquisitionTimeout | string | `nil` | Override default connection acquisition timeout. This is the time a request will wait for a connection from the pool. Must be a valid ISO duration. | +| catalog.storage.s3.transport.connectionMaxIdleTime | string | `nil` | Override default max idle time of a pooled connection. Must be a valid ISO duration. | +| catalog.storage.s3.transport.connectionTimeToLive | string | `nil` | Override default time-time of a pooled connection. Must be a valid ISO duration. | +| catalog.storage.s3.transport.expectContinueEnabled | string | `nil` | Override default behavior whether to expect an HTTP/100-Continue. Must be a valid ISO duration. | +| catalog.storage.s3.transport.maxHttpConnections | string | `nil` | Override the default maximum number of pooled connections. | +| catalog.storage.s3.transport.readTimeout | string | `nil` | Override the default connection read timeout. Must be a valid ISO duration. | +| configMapLabels | object | `{}` | Additional Labels to apply to nessie configmap. | +| deploymentStrategy | object | `{}` | Override the strategy for nessie deployment. Valid values for type are: RollingUpdate and Recreate. If you are using the ROCKSDB version store type then you should use Recreate. Max Surge will allow new pods to be created before old ones are culled. Do not enable this when using ROCKSDB version store type. Max Unavailable will allow old pods to be culled before replacements are created See: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy | +| dynamodb.profile | string | `"default"` | The name of the profile that should be used, when loading AWS credentials from a profile file. Required only if no secret is provided below. | +| dynamodb.region | string | `"us-west-2"` | The AWS region to use. | +| dynamodb.secret.awsAccessKeyId | string | `"aws_access_key_id"` | The secret key storing the AWS secret key id. | +| dynamodb.secret.awsSecretAccessKey | string | `"aws_secret_access_key"` | The secret key storing the AWS secret access key. | +| dynamodb.secret.name | string | `"awscreds"` | The secret name to pull AWS credentials from. Optional; if not present, the default AWS credentials provider chain is used. | +| extraEnv | list | `[]` | Advanced configuration via Environment Variables. Extra environment variables to add to the Nessie server container. You can pass here any valid EnvVar object: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core This can be useful to get configuration values from Kubernetes secrets or config maps. | +| extraInitContainers | list | `[]` | Add additional init containers to the nessie pod(s) See https://kubernetes.io/docs/concepts/workloads/pods/init-containers/. | +| extraServices | list | `[]` | Additional service definitions. All service definitions always select all Nessie pods. Use this if you need to expose specific ports with different configurations. | +| extraVolumeMounts | list | `[]` | Extra volume mounts to add to the nessie container. See https://kubernetes.io/docs/concepts/storage/volumes/. | +| extraVolumes | list | `[]` | Extra volumes to add to the nessie pod. See https://kubernetes.io/docs/concepts/storage/volumes/. | +| image.configDir | string | `"/deployments/config"` | The path to the directory where the application.properties file should be mounted. | +| image.pullPolicy | string | `"IfNotPresent"` | The image pull policy. | +| image.repository | string | `"ghcr.io/projectnessie/nessie"` | The image repository to pull from. | +| image.tag | string | `""` | Overrides the image tag whose default is the chart version. | +| imagePullSecrets | list | `[]` | References to secrets in the same namespace to use for pulling any of the images used by this chart. Each entry is a LocalObjectReference to an existing secret in the namespace. The secret must contain a .dockerconfigjson key with a base64-encoded Docker configuration file. See https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ for more information. | +| ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[],"service":{"nameSuffix":"","portName":"nessie-http"}}],"pathType":"ImplementationSpecific","tls":[]}` | Nessie Ingress settings. These settings generate an Ingress resource that routes external traffic to the Nessie service. Consider enabling sticky sessions based on the remote client's IP address; this is generally beneficial to Nessie deployments, but some testing may be required in order to make sure that the load is distributed evenly among the pods. Check your ingress controller's documentation. | +| ingress.annotations | object | `{}` | Annotations to add to the ingress. | +| ingress.className | string | `""` | Specifies the ingressClassName; leave empty if you don't want to customize it. | +| ingress.enabled | bool | `false` | Specifies whether an ingress should be created. | +| ingress.hosts | list | `[{"host":"chart-example.local","paths":[],"service":{"nameSuffix":"","portName":"nessie-http"}}]` | A list of host paths used to configure the ingress. | +| ingress.hosts[0].service | object | `{"nameSuffix":"","portName":"nessie-http"}` | The service target for the ingress. | +| ingress.hosts[0].service.nameSuffix | string | `""` | The target service name suffix. Optional; if not provided, the main service will be targeted. Change this only if you are targeting a service defined in extraServices. | +| ingress.hosts[0].service.portName | string | `"nessie-http"` | The port name to route traffic to. Must match one of the ports in service.ports or in extraServices.ports. Optional; if not provided, the first port in service.ports will be used. | +| ingress.pathType | string | `"ImplementationSpecific"` | Specifies the path type of host paths. Valid values are: "Prefix", "Exact" or "ImplementationSpecific". | +| ingress.tls | list | `[]` | A list of TLS certificates; each entry has a list of hosts in the certificate, along with the secret name used to terminate TLS traffic on port 443. | +| jdbc.jdbcUrl | string | `"jdbc:postgresql://localhost:5432/my_database?currentSchema=nessie"` | The JDBC connection string. If you are using Nessie OSS images, then only PostgreSQL, MariaDB and MySQL URLs are supported. Check your JDBC driver documentation for the correct URL format. | +| jdbc.secret.name | string | `"datasource-creds"` | The secret name to pull datasource credentials from. | +| jdbc.secret.password | string | `"password"` | The secret key storing the datasource password. | +| jdbc.secret.username | string | `"username"` | The secret key storing the datasource username. | +| livenessProbe | object | `{"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"terminationGracePeriodSeconds":30,"timeoutSeconds":10}` | Configures the liveness probe for nessie pods. | +| livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. | +| livenessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before liveness probes are initiated. Minimum value is 0. | +| livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the probe. Minimum value is 1. | +| livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1. | +| livenessProbe.terminationGracePeriodSeconds | int | `30` | Optional duration in seconds the pod needs to terminate gracefully upon probe failure. Minimum value is 1. | +| livenessProbe.timeoutSeconds | int | `10` | Number of seconds after which the probe times out. Minimum value is 1. | +| log | object | `{"categories":{"org.projectnessie":"INFO"},"console":{"enabled":true,"format":"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n","json":false,"threshold":"ALL"},"file":{"enabled":false,"fileName":"nessie.log","format":"%d{yyyy-MM-dd HH:mm:ss,SSS} %h %N[%i] %-5p [%X{traceId},%X{spanId},%X{sampled}] [%c{3.}] (%t) %s%e%n","json":false,"logsDir":"/deployments/logs","rotation":{"fileSuffix":null,"maxBackupIndex":5,"maxFileSize":"100Mi"},"storage":{"className":"standard","selectorLabels":{},"size":"512Gi"},"threshold":"ALL"},"level":"INFO","sentry":{"dsn":null,"enabled":false,"environment":null,"inAppPackages":["org.projectnessie"],"level":"ERROR","release":null}}` | Logging configuration. | +| log.categories | object | `{"org.projectnessie":"INFO"}` | Configuration for specific log categories. | +| log.console | object | `{"enabled":true,"format":"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n","json":false,"threshold":"ALL"}` | Configuration for the console appender. | +| log.console.enabled | bool | `true` | Whether to enable the console appender. | +| log.console.format | string | `"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n"` | The log format to use. Ignored if JSON format is enabled. See https://quarkus.io/guides/logging#logging-format for details. | +| log.console.json | bool | `false` | Whether to log in JSON format. | +| log.console.threshold | string | `"ALL"` | The log level of the console appender. | +| log.file | object | `{"enabled":false,"fileName":"nessie.log","format":"%d{yyyy-MM-dd HH:mm:ss,SSS} %h %N[%i] %-5p [%X{traceId},%X{spanId},%X{sampled}] [%c{3.}] (%t) %s%e%n","json":false,"logsDir":"/deployments/logs","rotation":{"fileSuffix":null,"maxBackupIndex":5,"maxFileSize":"100Mi"},"storage":{"className":"standard","selectorLabels":{},"size":"512Gi"},"threshold":"ALL"}` | Configuration for the file appender. | +| log.file.enabled | bool | `false` | Whether to enable the file appender. | +| log.file.fileName | string | `"nessie.log"` | The log file name. | +| log.file.format | string | `"%d{yyyy-MM-dd HH:mm:ss,SSS} %h %N[%i] %-5p [%X{traceId},%X{spanId},%X{sampled}] [%c{3.}] (%t) %s%e%n"` | The log format to use. Ignored if JSON format is enabled. See https://quarkus.io/guides/logging#logging-format for details. | +| log.file.json | bool | `false` | Whether to log in JSON format. | +| log.file.logsDir | string | `"/deployments/logs"` | The local directory where log files are stored. The persistent volume claim will be mounted here. | +| log.file.rotation | object | `{"fileSuffix":null,"maxBackupIndex":5,"maxFileSize":"100Mi"}` | Log rotation configuration. | +| log.file.rotation.fileSuffix | string | `nil` | An optional suffix to append to the rotated log files. If present, the rotated log files will be grouped in time buckets, and each bucket will contain at most maxBackupIndex files. The suffix must be in a date-time format that is understood by DateTimeFormatter. If the suffix ends with .gz or .zip, the rotated files will also be compressed using the corresponding algorithm. | +| log.file.rotation.maxBackupIndex | int | `5` | The maximum number of backup files to keep. | +| log.file.rotation.maxFileSize | string | `"100Mi"` | The maximum size of the log file before it is rotated. Should be expressed as a Kubernetes quantity. | +| log.file.storage | object | `{"className":"standard","selectorLabels":{},"size":"512Gi"}` | The log storage configuration. A persistent volume claim will be created using these settings. | +| log.file.storage.className | string | `"standard"` | The storage class name of the persistent volume claim to create. | +| log.file.storage.selectorLabels | object | `{}` | Labels to add to the persistent volume claim spec selector; a persistent volume with matching labels must exist. Leave empty if using dynamic provisioning. | +| log.file.storage.size | string | `"512Gi"` | The size of the persistent volume claim to create. | +| log.file.threshold | string | `"ALL"` | The log level of the file appender. | +| log.level | string | `"INFO"` | The log level of the root category, which is used as the default log level for all categories. | +| log.sentry | object | `{"dsn":null,"enabled":false,"environment":null,"inAppPackages":["org.projectnessie"],"level":"ERROR","release":null}` | Configuration for the Sentry appender. See https://sentry.io and https://docs.quarkiverse.io/quarkus-logging-sentry/dev for more information. | +| log.sentry.dsn | string | `nil` | The Sentry DSN. Required. | +| log.sentry.enabled | bool | `false` | Whether to enable the Sentry appender. | +| log.sentry.environment | string | `nil` | The environment to report to Sentry. Optional. | +| log.sentry.inAppPackages | list | `["org.projectnessie"]` | Package prefixes that belong to your application. | +| log.sentry.level | string | `"ERROR"` | The log level of the Sentry appender. | +| log.sentry.release | string | `nil` | The release version to report to Sentry. Optional. | +| managementService | object | `{"annotations":{},"portName":"nessie-mgmt","portNumber":9000}` | Management service settings. These settings are used to configure liveness and readiness probes, and to configure the dedicated headless service that will expose health checks and metrics, e.g. for metrics scraping and service monitoring. | +| managementService.annotations | object | `{}` | Annotations to add to the service. | +| managementService.portName | string | `"nessie-mgmt"` | The name of the management port. Required. | +| managementService.portNumber | int | `9000` | The port the management service listens on. By default, the management interface is exposed on HTTP port 9000. | +| metrics.enabled | bool | `true` | Specifies whether metrics for the nessie server should be enabled. | +| metrics.tags | object | `{}` | Additional tags (dimensional labels) to add to the metrics. | +| mongodb.connectionString | string | `"mongodb://localhost:27017"` | The MongoDB connection string. | +| mongodb.name | string | `"nessie"` | The MongoDB database name. | +| mongodb.secret.name | string | `"mongodb-creds"` | The secret name to pull MongoDB credentials from. | +| mongodb.secret.password | string | `"mongodb_password"` | The secret key storing the MongoDB password. | +| mongodb.secret.username | string | `"mongodb_username"` | The secret key storing the MongoDB username. | +| nodeSelector | object | `{}` | Node labels which must match for the nessie pod to be scheduled on that node. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. | +| podAnnotations | object | `{}` | Annotations to apply to nessie pods. | +| podLabels | object | `{}` | Additional Labels to apply to nessie pods. | +| podSecurityContext | object | `{"fsGroup":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the nessie pod. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. | +| readinessProbe | object | `{"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10}` | Configures the readiness probe for nessie pods. | +| readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. | +| readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before readiness probes are initiated. Minimum value is 0. | +| readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the probe. Minimum value is 1. | +| readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1. | +| readinessProbe.timeoutSeconds | int | `10` | Number of seconds after which the probe times out. Minimum value is 1. | +| replicaCount | int | `1` | The number of replicas to deploy (horizontal scaling). Beware that replicas are stateless; don't set this number > 1 when using IN_MEMORY or ROCKSDB version store types. | +| resources | object | `{}` | Configures the resources requests and limits for nessie pods. We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. | +| rocksdb.selectorLabels | object | `{}` | Labels to add to the persistent volume claim spec selector; a persistent volume with matching labels must exist. Leave empty if using dynamic provisioning. | +| rocksdb.storageClassName | string | `"standard"` | The storage class name of the persistent volume claim to create. | +| rocksdb.storageSize | string | `"1Gi"` | The size of the persistent volume claim to create. | +| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsGroup":10001,"runAsNonRoot":true,"runAsUser":10000}` | Security context for the nessie container. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. | +| service | object | `{"annotations":{},"clusterIP":"","externalTrafficPolicy":"Cluster","internalTrafficPolicy":"Cluster","ports":[{"name":"nessie-http","number":19120}],"sessionAffinity":"None","trafficDistribution":"PreferClose","type":"ClusterIP"}` | Nessie main service settings. | +| service.annotations | object | `{}` | Annotations to add to the service. | +| service.clusterIP | string | `""` | You can specify your own cluster IP address If you define a Service that has the .spec.clusterIP set to "None" then Kubernetes does not assign an IP address. Instead, DNS records for the service will return the IP addresses of each pod targeted by the server. This is called a headless service. See https://kubernetes.io/docs/concepts/services-networking/service/#headless-services | +| service.internalTrafficPolicy | string | `"Cluster"` | The traffic policy fields control how traffic from internal and external sources are routed respectively. Valid values are Cluster and Local. Set the field to Cluster to route traffic to all ready endpoints. Set the field to Local to only route to ready node-local endpoints. If the traffic policy is Local and there are no node-local endpoints, traffic is dropped by kube-proxy | +| service.ports | list | `[{"name":"nessie-http","number":19120}]` | The ports the service will listen on. At least one port is required; the first port implicitly becomes the HTTP port that the application will use for serving API requests. By default, it's 19120. Note: port names must be unique and no more than 15 characters long. | +| service.sessionAffinity | string | `"None"` | The session affinity for the service. Valid values are: None, ClientIP. ClientIP enables sticky sessions based on the client's IP address. This is generally beneficial to Nessie deployments, but some testing may be required in order to make sure that the load is distributed evenly among the pods. Also, this setting affects only internal clients, not external ones. If Ingress is enabled, it is recommended to set sessionAffinity to None. | +| service.trafficDistribution | string | `"PreferClose"` | The traffic distribution field provides another way to influence traffic routing within a Kubernetes Service. While traffic policies focus on strict semantic guarantees, traffic distribution allows you to express preferences such as routing to topologically closer endpoints. Valid values are: PreferClose | +| service.type | string | `"ClusterIP"` | The type of service to create. | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account. | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | +| serviceMonitor.enabled | bool | `true` | Specifies whether a ServiceMonitor for Prometheus operator should be created. | +| serviceMonitor.interval | string | `""` | The scrape interval; leave empty to let Prometheus decide. Must be a valid duration, e.g. 1d, 1h30m, 5m, 10s. | +| serviceMonitor.labels | object | `{}` | Labels for the created ServiceMonitor so that Prometheus operator can properly pick it up. | +| serviceMonitor.metricRelabelings | list | `[]` | Relabeling rules to apply to metrics. Ref https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config. | +| tolerations | list | `[]` | A list of tolerations to apply to nessie pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/. | +| tracing.attributes | object | `{}` | Resource attributes to identify the nessie service among other tracing sources. See https://opentelemetry.io/docs/reference/specification/resource/semantic_conventions/#service. If left empty, traces will be attached to a service named "Nessie"; to change this, provide a service.name attribute here. | +| tracing.enabled | bool | `false` | Specifies whether tracing for the nessie server should be enabled. | +| tracing.endpoint | string | `"http://otlp-collector:4317"` | The collector endpoint URL to connect to (required). The endpoint URL must have either the http:// or the https:// scheme. The collector must talk the OpenTelemetry protocol (OTLP) and the port must be its gRPC port (by default 4317). See https://quarkus.io/guides/opentelemetry for more information. | +| tracing.sample | string | `"1.0d"` | Which requests should be sampled. Valid values are: "all", "none", or a ratio between 0.0 and "1.0d" (inclusive). E.g. "0.5d" means that 50% of the requests will be sampled. | +| versionStoreType | string | `"IN_MEMORY"` | Which type of version store to use: IN_MEMORY, ROCKSDB, DYNAMODB2, MONGODB2, CASSANDRA2, JDBC2, BIGTABLE. Note: the version store type JDBC is deprecated, please use the Nessie Server Admin Tool to migrate to JDBC2. Note: the version store type CASSANDRA is deprecated, please use the Nessie Server Admin Tool to migrate to CASSANDRA2. Note: the version store type DYNAMODB is deprecated, please use the Nessie Server Admin Tool to migrate to DYNAMODB2. Note: the version store type MONGODB is deprecated, please use the Nessie Server Admin Tool to migrate to MONGODB2. | diff --git a/addons/nessie/0.103/chart/nessie/simple-values.yaml b/addons/nessie/0.103/chart/nessie/simple-values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/addons/nessie/0.103/chart/nessie/templates/NOTES.txt b/addons/nessie/0.103/chart/nessie/templates/NOTES.txt new file mode 100644 index 00000000..b06ddd7c --- /dev/null +++ b/addons/nessie/0.103/chart/nessie/templates/NOTES.txt @@ -0,0 +1,38 @@ +{{/** + + Copyright (C) 2024 Dremio + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +**/}} + +To connect to Nessie, please execute the following commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "nessie.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "nessie.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "nessie.fullname" . }} -o jsonpath="{ .status.loadBalancer.ingress[0].ip }") + echo http://$SERVICE_IP:{{ get (first .Values.service.ports) "number" }} +{{- else if contains "ClusterIP" .Values.service.type }} + nohup kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ include "nessie.fullname" . }} 19120:{{ get (first .Values.service.ports) "number" }} & + echo "Visit http://127.0.0.1:19120 to use your application" +{{- end }} diff --git a/addons/nessie/0.103/chart/nessie/templates/_helpers.tpl b/addons/nessie/0.103/chart/nessie/templates/_helpers.tpl new file mode 100644 index 00000000..fb2887f8 --- /dev/null +++ b/addons/nessie/0.103/chart/nessie/templates/_helpers.tpl @@ -0,0 +1,519 @@ +{{/** + + Copyright (C) 2024 Dremio + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +**/}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "nessie.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nessie.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nessie.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "nessie.labels" -}} +helm.sh/chart: {{ include "nessie.chart" . }} +{{ include "nessie.selectorLabels" . }} +app.kubernetes.io/version: {{ .Chart.Version | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "nessie.selectorLabels" -}} +app.kubernetes.io/name: {{ include "nessie.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "nessie.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "nessie.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Convert a dict into a string formed by a comma-separated list of key-value pairs: key1=value1,key2=value2, ... +*/}} +{{- define "nessie.dictToString" -}} +{{- $list := list -}} +{{- range $k, $v := . -}} +{{- $list = append $list (printf "%s=%s" $k $v) -}} +{{- end -}} +{{ join "," $list }} +{{- end -}} + +{{- define "nessie.mergeAdvancedConfig" -}} +{{- $advConfig := index . 0 -}} +{{- $prefix := index . 1 -}} +{{- $dest := index . 2 -}} +{{- range $key, $val := $advConfig -}} +{{- $name := ternary $key (print $prefix "." $key) (eq $prefix "") -}} +{{- if kindOf $val | eq "map" -}} +{{- list $val $name $dest | include "nessie.mergeAdvancedConfig" -}} +{{- else -}} +{{- $_ := set $dest $name $val -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Determine the datasource kind based on the jdbcUrl. This relies on the fact that datasource +names should coincide with jdbc schemes in connection URIs. +*/}} +{{- define "nessie.dbKind" -}} +{{- $v := . | split ":" -}} +{{ $v._1 }} +{{- end }} + +{{/* +Apply Nessie Catalog (Iceberg REST) options. +*/}} +{{- define "nessie.applyCatalogIcebergOptions" -}} +{{- $root := index . 0 -}}{{/* the object to introspect */}} +{{- $map := index . 1 -}}{{/* the destination map */}} +{{- with $root -}} +{{- $_ := set $map "nessie.catalog.default-warehouse" .defaultWarehouse -}} +{{- $_ = set $map "nessie.catalog.object-stores.health-check.enabled" .objectStoresHealthCheckEnabled -}} +{{- range $k, $v := .configDefaults -}} +{{- $_ = set $map ( printf "nessie.catalog.iceberg-config-defaults.%s" $k ) $v -}} +{{- end -}} +{{- range $k, $v := .configOverrides -}} +{{- $_ = set $map ( printf "nessie.catalog.iceberg-config-overrides.%s" $k ) $v -}} +{{- end -}} +{{- range $i, $warehouse := .warehouses -}} +{{- if not $warehouse.name -}}{{- required ( printf "catalog.iceberg.warehouses[%d]: missing warehouse name" $i ) $warehouse.name -}}{{- end -}} +{{- $_ = set $map ( printf "nessie.catalog.warehouses.%s.location" ( quote $warehouse.name ) ) $warehouse.location -}} +{{- range $k, $v := $warehouse.configDefaults -}} +{{- $_ = set $map ( printf "nessie.catalog.warehouses.%s.iceberg-config-defaults.%s" ( quote $warehouse.name ) $k ) $v -}} +{{- end -}} +{{- range $k, $v := $warehouse.configOverrides -}} +{{- $_ = set $map ( printf "nessie.catalog.warehouses.%s.iceberg-config-overrides.%s" ( quote $warehouse.name ) $k ) $v -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Apply S3 catalog options. +*/}} +{{- define "nessie.applyCatalogStorageS3RootOptions" -}} +{{- $root := index . 0 -}}{{/* the object to introspect */}} +{{- $prefix := index . 1 -}}{{/* the current prefix */}} +{{- $map := index . 2 -}}{{/* the destination map */}} +{{- with $root -}} +{{- if .transport -}} +{{- include "nessie.addConfigOption" (list .transport.maxHttpConnections $map ( print $prefix "http.max-http-connections" )) -}} +{{- include "nessie.addConfigOption" (list .transport.readTimeout $map ( print $prefix "http.read-timeout" )) -}} +{{- include "nessie.addConfigOption" (list .transport.connectTimeout $map ( print $prefix "http.connect-timeout" )) -}} +{{- include "nessie.addConfigOption" (list .transport.connectionAcquisitionTimeout $map ( print $prefix "http.connection-acquisition-timeout" )) -}} +{{- include "nessie.addConfigOption" (list .transport.connectionMaxIdleTime $map ( print $prefix "http.connection-max-idle-time" )) -}} +{{- include "nessie.addConfigOption" (list .transport.connectionTimeToLive $map ( print $prefix "http.connection-time-to-live" )) -}} +{{- include "nessie.addConfigOption" (list .transport.expectContinueEnabled $map ( print $prefix "http.expect-continue-enabled" )) -}} +{{- end -}} +{{- if .sessionCredentials }} +{{- include "nessie.addConfigOption" (list .sessionCredentials.sessionCredentialRefreshGracePeriod $map ( print $prefix "sts.session-grace-period" )) -}} +{{- include "nessie.addConfigOption" (list .sessionCredentials.sessionCredentialCacheMaxEntries $map ( print $prefix "sts.session-cache-max-size" )) -}} +{{- include "nessie.addConfigOption" (list .sessionCredentials.stsClientsCacheMaxEntries $map ( print $prefix "sts.clients-cache-max-size" )) -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "nessie.applyCatalogStorageS3BucketOptions" -}} +{{- $root := index . 0 -}}{{/* the object to introspect */}} +{{- $prefix := index . 1 -}}{{/* the current prefix */}} +{{- $map := index . 2 -}}{{/* the destination map */}} +{{- with $root -}} +{{- include "nessie.addConfigOption" (list .name $map ( print $prefix "name" )) -}} +{{- include "nessie.addConfigOption" (list .authority $map ( print $prefix "authority" )) -}} +{{- include "nessie.addConfigOption" (list .pathPrefix $map ( print $prefix "path-prefix" )) -}} +{{- include "nessie.addConfigOption" (list .region $map ( print $prefix "region" )) -}} +{{- include "nessie.addConfigOption" (list .endpoint $map ( print $prefix "endpoint" )) -}} +{{- include "nessie.addConfigOption" (list .externalEndpoint $map ( print $prefix "external-endpoint" )) -}} +{{- include "nessie.addConfigOption" (list .pathStyleAccess $map ( print $prefix "path-style-access" )) -}} +{{- include "nessie.addConfigOption" (list .accessPoint $map ( print $prefix "access-point" )) -}} +{{- include "nessie.addConfigOption" (list .allowCrossRegionAccessPoint $map ( print $prefix "allow-cross-region-access-point" )) -}} +{{- include "nessie.addConfigOption" (list .requestSigningEnabled $map ( print $prefix "request-signing-enabled" )) -}} +{{- include "nessie.addConfigOption" (list .authType $map ( print $prefix "auth-type" )) -}} +{{- include "nessie.addConfigOption" (list .stsEndpoint $map ( print $prefix "sts-endpoint" )) -}} +{{- if .clientIam -}} +{{- include "nessie.addConfigOption" (list .clientIam.enabled $map ( print $prefix "client-iam.enabled" )) -}} +{{- include "nessie.addConfigOption" (list .clientIam.policy $map ( print $prefix "client-iam.policy" )) -}} +{{- include "nessie.addConfigOption" (list .clientIam.roleArn $map ( print $prefix "client-iam.assume-role" )) -}} +{{- include "nessie.addConfigOption" (list .clientIam.roleSessionName $map ( print $prefix "client-iam.role-session-name" )) -}} +{{- include "nessie.addConfigOption" (list .clientIam.externalId $map ( print $prefix "client-iam.external-id" )) -}} +{{- include "nessie.addConfigOption" (list .clientIam.sessionDuration $map ( print $prefix "client-iam.session-duration" )) -}} +{{- if .clientIam.statements -}} +{{- range $i, $statement := .clientIam.statements -}} +{{- $_ := set $map ( printf "%sclient-iam.statements[%d]" $prefix $i ) $statement -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- if .serverIam -}} +{{- include "nessie.addConfigOption" (list .serverIam.enabled $map ( print $prefix "server-iam.enabled" )) -}} +{{- include "nessie.addConfigOption" (list .serverIam.policy $map ( print $prefix "server-iam.policy" )) -}} +{{- include "nessie.addConfigOption" (list .serverIam.roleArn $map ( print $prefix "server-iam.ssume-role" )) -}} +{{- include "nessie.addConfigOption" (list .serverIam.roleSessionName $map ( print $prefix "server-iam.role-session-name" )) -}} +{{- include "nessie.addConfigOption" (list .serverIam.externalId $map ( print $prefix "server-iam.external-id" )) -}} +{{- include "nessie.addConfigOption" (list .serverIam.sessionDuration $map ( print $prefix "server-iam.session-duration" )) -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Apply GCS catalog options. +*/}} +{{- define "nessie.applyCatalogStorageGcsRootOptions" -}} +{{- $root := index . 0 -}}{{/* the object to introspect */}} +{{- $prefix := index . 1 -}}{{/* the current prefix */}} +{{- $map := index . 2 -}}{{/* the destination map */}} +{{- with $root -}} +{{- if .transport -}} +{{- include "nessie.addConfigOption" (list .transport.maxAttempts $map ( print $prefix "max-attempts" )) -}} +{{- include "nessie.addConfigOption" (list .transport.connectTimeout $map ( print $prefix "connect-timeout" )) -}} +{{- include "nessie.addConfigOption" (list .transport.readTimeout $map ( print $prefix "read-timeout" )) -}} +{{- include "nessie.addConfigOption" (list .transport.initialRetryDelay $map ( print $prefix "initial-retry-delay" )) -}} +{{- include "nessie.addConfigOption" (list .transport.maxRetryDelay $map ( print $prefix "max-retry-delay" )) -}} +{{- include "nessie.addConfigOption" (list .transport.retryDelayMultiplier $map ( print $prefix "retry-delay-multiplier" )) -}} +{{- include "nessie.addConfigOption" (list .transport.initialRpcTimeout $map ( print $prefix "initial-rpc-timeout" )) -}} +{{- include "nessie.addConfigOption" (list .transport.maxRpcTimeout $map ( print $prefix "max-rpc-timeout" )) -}} +{{- include "nessie.addConfigOption" (list .transport.rpcTimeoutMultiplier $map ( print $prefix "rpc-timeout-multiplier" )) -}} +{{- include "nessie.addConfigOption" (list .transport.logicalTimeout $map ( print $prefix "logical-timeout" )) -}} +{{- include "nessie.addConfigOption" (list .transport.totalTimeout $map ( print $prefix "total-timeout" )) -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "nessie.applyCatalogStorageGcsBucketOptions" -}} +{{- $root := index . 0 -}}{{/* the object to introspect */}} +{{- $prefix := index . 1 -}}{{/* the current prefix */}} +{{- $map := index . 2 -}}{{/* the destination map */}} +{{- with $root -}} +{{- include "nessie.addConfigOption" (list .name $map ( print $prefix "name" )) -}} +{{- include "nessie.addConfigOption" (list .authority $map ( print $prefix "authority" )) -}} +{{- include "nessie.addConfigOption" (list .pathPrefix $map ( print $prefix "path-prefix" )) -}} +{{- include "nessie.addConfigOption" (list .host $map ( print $prefix "host" )) -}} +{{- include "nessie.addConfigOption" (list .externalHost $map ( print $prefix "external-host" )) -}} +{{- include "nessie.addConfigOption" (list .userProject $map ( print $prefix "user-project" )) -}} +{{- include "nessie.addConfigOption" (list .projectId $map ( print $prefix "project-id" )) -}} +{{- include "nessie.addConfigOption" (list .quotaProjectId $map ( print $prefix "quota-project-id" )) -}} +{{- include "nessie.addConfigOption" (list .clientLibToken $map ( print $prefix "client-lib-token" )) -}} +{{- include "nessie.addConfigOption" (list .authType $map ( print $prefix "auth-type" )) -}} +{{- include "nessie.addConfigOption" (list .encryptionKey $map ( print $prefix "encryption-key" )) -}} +{{- include "nessie.addConfigOption" (list .decryptionKey $map ( print $prefix "decryption-key" )) -}} +{{- include "nessie.addConfigOption" (list .readChunkSize $map ( print $prefix "read-chunk-size" )) -}} +{{- include "nessie.addConfigOption" (list .writeChunkSize $map ( print $prefix "write-chunk-size" )) -}} +{{- include "nessie.addConfigOption" (list .deleteBatchSize $map ( print $prefix "delete-batch-size" )) -}} +{{- end -}} +{{- end -}} + +{{/* +Apply ADLS catalog options. +*/}} +{{- define "nessie.applyCatalogStorageAdlsRootOptions" -}} +{{- $root := index . 0 -}}{{/* the object to introspect */}} +{{- $prefix := index . 1 -}}{{/* the current prefix */}} +{{- $map := index . 2 -}}{{/* the destination map */}} +{{- with $root -}} +{{- if .transport -}} +{{- include "nessie.addConfigOption" (list .transport.maxHttpConnections $map ( print $prefix "max-http-connections" )) -}} +{{- include "nessie.addConfigOption" (list .transport.connectTimeout $map ( print $prefix "connect-timeout" )) -}} +{{- include "nessie.addConfigOption" (list .transport.readTimeout $map ( print $prefix "read-timeout" )) -}} +{{- include "nessie.addConfigOption" (list .transport.writeTimeout $map ( print $prefix "write-timeout" )) -}} +{{- include "nessie.addConfigOption" (list .transport.connectionIdleTimeout $map ( print $prefix "connection-idle-timeout" )) -}} +{{- include "nessie.addConfigOption" (list .transport.readBlockSize $map ( print $prefix "read-block-size" )) -}} +{{- include "nessie.addConfigOption" (list .transport.writeBlockSize $map ( print $prefix "write-block-size" )) -}} +{{- end -}} +{{- list .advancedConfig ( print $prefix "configuration" ) $map | include "nessie.mergeAdvancedConfig" }} +{{- end -}} +{{- end -}} + +{{- define "nessie.applyCatalogStorageAdlsFileSystemOptions" -}} +{{- $root := index . 0 -}}{{/* the object to introspect */}} +{{- $prefix := index . 1 -}}{{/* the current prefix */}} +{{- $map := index . 2 -}}{{/* the destination map */}} +{{- with $root -}} +{{- include "nessie.addConfigOption" (list .name $map ( print $prefix "name" )) -}} +{{- include "nessie.addConfigOption" (list .authority $map ( print $prefix "authority" )) -}} +{{- include "nessie.addConfigOption" (list .pathPrefix $map ( print $prefix "path-prefix" )) -}} +{{- include "nessie.addConfigOption" (list .endpoint $map ( print $prefix "endpoint" )) -}} +{{- include "nessie.addConfigOption" (list .externalEndpoint $map ( print $prefix "external-endpoint" )) -}} +{{- include "nessie.addConfigOption" (list .retryPolicy $map ( print $prefix "retry-policy" )) -}} +{{- include "nessie.addConfigOption" (list .maxRetries $map ( print $prefix "max-retries" )) -}} +{{- include "nessie.addConfigOption" (list .tryTimeout $map ( print $prefix "try-timeout" )) -}} +{{- include "nessie.addConfigOption" (list .retryDelay $map ( print $prefix "retry-delay" )) -}} +{{- include "nessie.addConfigOption" (list .maxRetryDelay $map ( print $prefix "max-retry-delay" )) -}} +{{- include "nessie.addConfigOption" (list .authType $map ( print $prefix "auth-type" )) -}} +{{- end -}} +{{- end -}} + +{{/* +Define environkent variables for catalog storage options. +*/}} +{{- define "nessie.catalogStorageEnv" -}} +{{ $global := .}} +{{- include "nessie.catalogSecretToEnv" (list .Values.catalog.storage.s3.defaultOptions.accessKeySecret "awsAccessKeyId" "s3.default-options.access-key" "name" true . ) }} +{{- include "nessie.catalogSecretToEnv" (list .Values.catalog.storage.s3.defaultOptions.accessKeySecret "awsSecretAccessKey" "s3.default-options.access-key" "secret" false . ) }} +{{- range $i, $bucket := .Values.catalog.storage.s3.buckets -}} +{{- with $global }} +{{- include "nessie.catalogSecretToEnv" (list $bucket.accessKeySecret "awsAccessKeyId" (printf "s3.buckets.bucket%d.access-key" (add $i 1)) "name" true . ) }} +{{- include "nessie.catalogSecretToEnv" (list $bucket.accessKeySecret "awsSecretAccessKey" (printf "s3.buckets.bucket%d.access-key" (add $i 1)) "secret" false . ) }} +{{- end -}} +{{- end -}} +{{- include "nessie.catalogSecretToEnv" (list .Values.catalog.storage.gcs.defaultOptions.authCredentialsJsonSecret "key" "gcs.default-options.auth-credentials-json" "key" true . ) }} +{{- include "nessie.catalogSecretToEnv" (list .Values.catalog.storage.gcs.defaultOptions.oauth2TokenSecret "token" "gcs.default-options.oauth-token" "token" true . ) }} +{{- include "nessie.catalogSecretToEnv" (list .Values.catalog.storage.gcs.defaultOptions.oauth2TokenSecret "expiresAt" "gcs.default-options.oauth-token" "expiresAt" false . ) }} +{{- range $i, $bucket := .Values.catalog.storage.gcs.buckets -}} +{{- with $global }} +{{- include "nessie.catalogSecretToEnv" (list $bucket.authCredentialsJsonSecret "key" (printf "gcs.buckets.bucket%d.auth-credentials-json" (add $i 1)) "key" true . ) }} +{{- include "nessie.catalogSecretToEnv" (list $bucket.oauth2TokenSecret "token" (printf "gcs.buckets.bucket%d.oauth-token" (add $i 1)) "token" true . ) }} +{{- include "nessie.catalogSecretToEnv" (list $bucket.oauth2TokenSecret "expiresAt" (printf "gcs.buckets.bucket%d.oauth-token" (add $i 1)) "expiresAt" false . ) }} +{{- end -}} +{{- end -}} +{{ include "nessie.catalogSecretToEnv" (list .Values.catalog.storage.adls.defaultOptions.accountSecret "accountName" "adls.default-options.account" "name" true . ) }} +{{- include "nessie.catalogSecretToEnv" (list .Values.catalog.storage.adls.defaultOptions.accountSecret "accountKey" "adls.default-options.account" "secret" false . ) }} +{{- include "nessie.catalogSecretToEnv" (list .Values.catalog.storage.adls.defaultOptions.sasTokenSecret "sasToken" "adls.default-options.sas-token" "key" true . ) }} +{{- range $i, $filesystem := .Values.catalog.storage.adls.filesystems -}} +{{- with $global }} +{{- include "nessie.catalogSecretToEnv" (list $filesystem.accountSecret "accountName" (printf "adls.file-systems.filesystem%d.account" (add $i 1)) "name" true . ) }} +{{- include "nessie.catalogSecretToEnv" (list $filesystem.accountSecret "accountKey" (printf "adls.file-systems.filesystem%d.account" (add $i 1)) "secret" false . ) }} +{{- include "nessie.catalogSecretToEnv" (list $filesystem.sasTokenSecret "sasToken" (printf "adls.file-systems.filesystem%d.sas-token" (add $i 1)) "key" true . ) }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Define an env var from secret key. + +Secrets are (can be) composite values - think of a username+password. +Secrets are not (no longer) present (or directly resolvable) from the bucket option types, but have to be resolved +via a symbolic name, which is something like 'nessie-catalog-secrets.s3.default-options.access-key'. The bucket +config types know about that symbolic name and resolve it via a SecretsProvider, which resolves via Quarkus' config. + +*/}} +{{- define "nessie.catalogSecretToEnv" -}} +{{- $secret := index . 0 -}} +{{- $key := index . 1 -}} +{{- $midfix := index . 2 -}} +{{- $suffix := index . 3 -}} +{{- $addRef := index . 4 -}} +{{- $global := index . 5 -}} +{{- if $secret -}} +{{- $secretName := get $secret "name" -}} +{{- $secretKey := get $secret $key -}} +{{- with $global -}} +{{- if (and $secretName $secretKey) -}} +{{ if $addRef -}} +# +# {{ $midfix }} +# +- name: {{ (printf "nessie.catalog.service.%s" $midfix) | quote }} + value: {{ (printf "urn:nessie-secret:quarkus:nessie-catalog-secrets.%s" $midfix) | quote }} +{{- end }} +- name: {{ (printf "nessie-catalog-secrets.%s.%s" $midfix $suffix) | quote }} + valueFrom: + secretKeyRef: + name: {{ (tpl $secretName . ) | quote }} + key: {{ (tpl $secretKey . ) | quote }} +{{ end -}} +{{- end -}} +{{- end -}} +{{- end -}} + + +{{/* +Define an env var from secret key. +*/}} +{{- define "nessie.secretToEnv" -}} +{{- $secret := index . 0 -}} +{{- $key := index . 1 -}} +{{- $envVarName := index . 2 -}} +{{- $global := index . 3 -}} +{{- if $secret -}} +{{- $secretName := get $secret "name" -}} +{{- $secretKey := get $secret $key -}} +{{- with $global -}} +{{- if (and $secretName $secretKey) -}} +- name: {{ $envVarName | quote }} + valueFrom: + secretKeyRef: + name: {{ (tpl $secretName . ) | quote }} + key: {{ (tpl $secretKey . ) | quote }} +{{ end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Adds a configuration option to the map if the value is not nil. Zero-values like false or 0 are +considered valid and thus added. This template should not be applied to non-scalar values like +slices or maps. +*/}} +{{- define "nessie.addConfigOption" -}} +{{- $value := index . 0 -}}{{/* the value to add */}} +{{- $map := index . 1 -}}{{/* the destination map */}} +{{- $key := index . 2 -}}{{/* the destination map key */}} +{{- if (ne $value nil) -}} +{{- $_ := set $map $key $value -}} +{{- end -}} +{{- end -}} + +{{/* +Prints the configuration option to the destination configmap entry. See confimap.yaml. +Any nil values will be printed as empty config options; otherwise, the value will be evaluated +as a template against the global context, then printed. Furthermore, if the value contains +line breaks, they will be escaped and a multi-line option will be printed. +*/}} +{{- define "nessie.appendConfigOption" -}} +{{- $key := index . 0 -}} +{{- $value := index . 1 -}} +{{- $global := index . 2 -}} +{{- $valAsString := "" -}} +{{- if ne $value nil -}} +{{- $valAsString = tpl (toString $value) $global -}} +{{- if contains "\r\n" $valAsString -}} +{{- $valAsString = $valAsString | nindent 4 | replace "\r\n" "\\\r\n" -}} +{{- else if contains "\n" $valAsString -}} +{{- $valAsString = $valAsString | nindent 4 | replace "\n" "\\\n" -}} +{{- end -}} +{{- end -}} +{{ print $key "=" $valAsString }} +{{- end -}} + +{{/* +Prints the ports section of the container spec. Also validates all port names and numbers to ensure +that they are consistent and that there are no overlaps. +*/}} +{{- define "nessie.containerPorts" -}} +{{- $ports := dict -}} +{{- range $i, $port := .Values.service.ports -}} +{{- if hasKey $ports $port.name -}} +{{- fail (printf "service.ports[%d]: port name already taken: %v" $i $port.name) -}} +{{- end -}} +{{- if has $port.number (values $ports) -}} +{{- fail (printf "service.ports[%d]: port number already taken: %v" $i $port.number) -}} +{{- end -}} +{{- $_ := set $ports $port.name $port.number -}} +{{- end -}} +{{- if hasKey $ports .Values.managementService.portName -}} +{{- fail (print "managementService.portName: port name already taken: " .Values.managementService.portName ) -}} +{{- end -}} +{{- if has .Values.managementService.portNumber (values $ports) -}} +{{- fail (print "managementService.portNumber: port number already taken: " .Values.managementService.portNumber) -}} +{{- end -}} +{{- $_ := set $ports .Values.managementService.portName .Values.managementService.portNumber -}} +{{- range $i, $svc := .Values.extraServices -}} +{{- range $j, $port := $svc.ports -}} +{{- if hasKey $ports $port.name -}} +{{- if ne $port.number (get $ports $port.name) -}} +{{- fail (printf "extraServices[%d].ports[%d]: wrong port number for port %s, expected %v, got %v" $i $j $port.name (get $ports $port.name) $port.number) -}} +{{- end -}} +{{- else if has $port.number (values $ports) -}} +{{- fail (printf "extraServices[%d].ports[%d]: port number already taken: %v" $i $j $port.number) -}} +{{- end -}} +{{- $_ := set $ports $port.name $port.number -}} +{{- end -}} +{{- end -}} +ports: +{{ range $portName, $portNumber := $ports -}} +- name: {{ $portName }} + containerPort: {{ $portNumber }} + protocol: TCP +{{ end -}} +{{ end -}} + +{{/* +Shared - Converts a Kubernetes quantity to a number (int64 if possible or float64 otherwise). +It handles raw numbers as well as quantities with suffixes +like m, k, M, G, T, P, E, ki, Mi, Gi, Ti, Pi, Ei. +It also handles scientific notation. +Quantities should be positive, so negative values, zero, or any unparseable number +will result in a failure. +https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/ +*/}} +{{- define "nessie.quantity" -}} +{{- $quantity := . -}} +{{- $n := $quantity | float64 -}} +{{- if kindIs "string" $quantity -}} +{{- if hasSuffix "m" $quantity -}} +{{- $n = divf (trimSuffix "m" $quantity | float64) 1000.0 -}} +{{- else if hasSuffix "k" $quantity -}} +{{- $n = trimSuffix "k" $quantity | int64 | mul 1000 -}} +{{- else if hasSuffix "M" $quantity -}} +{{- $n = trimSuffix "M" $quantity | int64 | mul 1000000 -}} +{{- else if hasSuffix "G" $quantity -}} +{{- $n = trimSuffix "G" $quantity | int64 | mul 1000000000 -}} +{{- else if hasSuffix "T" $quantity -}} +{{- $n = trimSuffix "T" $quantity | int64 | mul 1000000000000 -}} +{{- else if hasSuffix "P" $quantity -}} +{{- $n = trimSuffix "P" $quantity | int64 | mul 1000000000000000 -}} +{{- else if hasSuffix "E" $quantity -}} +{{- $n = trimSuffix "E" $quantity | int64 | mul 1000000000000000000 -}} +{{- else if hasSuffix "ki" $quantity -}} +{{- $n = trimSuffix "ki" $quantity | int64 | mul 1024 -}} +{{- else if hasSuffix "Mi" $quantity -}} +{{- $n = trimSuffix "Mi" $quantity | int64 | mul 1048576 -}} +{{- else if hasSuffix "Gi" $quantity -}} +{{- $n = trimSuffix "Gi" $quantity | int64 | mul 1073741824 -}} +{{- else if hasSuffix "Ti" $quantity -}} +{{- $n = trimSuffix "Ti" $quantity | int64 | mul 1099511627776 -}} +{{- else if hasSuffix "Pi" $quantity -}} +{{- $n = trimSuffix "Pi" $quantity | int64 | mul 1125899906842624 -}} +{{- else if hasSuffix "Ei" $quantity -}} +{{- $n = trimSuffix "Ei" $quantity | int64 | mul 1152921504606846976 -}} +{{- end -}} +{{- end -}} +{{- if le ($n | float64) 0.0 -}} +{{- fail (print "invalid quantity: " $quantity) -}} +{{- end -}} +{{- if kindIs "float64" $n -}} +{{- printf "%f" $n -}} +{{- else -}} +{{- printf "%v" $n -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/addons/nessie/0.103/chart/nessie/templates/configmap.yaml b/addons/nessie/0.103/chart/nessie/templates/configmap.yaml new file mode 100644 index 00000000..ab804732 --- /dev/null +++ b/addons/nessie/0.103/chart/nessie/templates/configmap.yaml @@ -0,0 +1,225 @@ +{{/** + + Copyright (C) 2024 Dremio + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +**/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "nessie.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nessie.labels" . | nindent 4 }} + {{- if .Values.configMapLabels }} + {{- toYaml .Values.configMapLabels | nindent 4 }} + {{- end }} +data: + application.properties: |- + {{- $map := dict -}} + {{- $_ := set $map "nessie.version.store.type" .Values.versionStoreType -}} + + {{- $serviceNamesMgmt := include "nessie.fullname" . | printf "%s-mgmt" -}} + {{- $cacheInvalToken := .Values.managementService | toYaml | sha1sum -}} + {{- $_ = set $map "nessie.version.store.persist.cache-invalidations.service-names" $serviceNamesMgmt -}} + {{- $_ = set $map "nessie.version.store.persist.cache-invalidations.valid-tokens" $cacheInvalToken -}} + + {{- $_ = set $map "quarkus.http.port" (get (first .Values.service.ports) "number") -}} + {{- $_ = set $map "quarkus.management.port" .Values.managementService.portNumber -}} + + {{- $_ = set $map "quarkus.log.level" (coalesce .Values.logLevel .Values.log.level) -}} + {{- if .Values.log.console.enabled -}} + {{- $_ = set $map "quarkus.log.console.enable" "true" -}} + {{- $_ = set $map "quarkus.log.console.level" .Values.log.console.threshold -}} + {{- if .Values.log.console.json -}} + {{- $_ = set $map "quarkus.log.console.json" "true" -}} + {{- else -}} + {{- $_ = set $map "quarkus.log.console.format" .Values.log.console.format -}} + {{- end -}} + {{- else -}} + {{- $_ = set $map "quarkus.log.console.enable" "false" -}} + {{- end -}} + {{- if .Values.log.file.enabled -}} + {{- $_ = set $map "quarkus.log.file.enable" "true" -}} + {{- $_ = set $map "quarkus.log.file.level" .Values.log.file.threshold -}} + {{- $_ = set $map "quarkus.log.file.path" (printf "%s/%s" .Values.log.file.logsDir .Values.log.file.fileName) -}} + {{- $_ = set $map "quarkus.log.file.rotation.max-file-size" (include "nessie.quantity" .Values.log.file.rotation.maxFileSize) -}} + {{- $_ = set $map "quarkus.log.file.rotation.max-backup-index" .Values.log.file.rotation.maxBackupIndex -}} + {{- if .Values.log.file.rotation.fileSuffix -}} + {{- $_ = set $map "quarkus.log.file.rotation.file-suffix" .Values.log.file.rotation.fileSuffix -}} + {{- end -}} + {{- if .Values.log.file.json -}} + {{- $_ = set $map "quarkus.log.file.json" "true" -}} + {{- else -}} + {{- $_ = set $map "quarkus.log.file.format" .Values.log.file.format -}} + {{- end -}} + {{- else -}} + {{- $_ = set $map "quarkus.log.file.enable" "false" -}} + {{- end -}} + {{- if .Values.log.sentry.enabled -}} + {{- $_ = set $map "quarkus.log.sentry" "true" -}} + {{- if not .Values.log.sentry.dsn -}}{{- required "log.sentry.dsn is required when log.sentry.enabled is true" .Values.log.sentry.dsn -}}{{- end -}} + {{- $_ = set $map "quarkus.log.sentry.dsn" .Values.log.sentry.dsn -}} + {{- $_ = set $map "quarkus.log.sentry.level" .Values.log.sentry.level -}} + {{- if .Values.log.sentry.environment -}} + {{- $_ = set $map "quarkus.log.sentry.environment" .Values.log.sentry.environment -}} + {{- end -}} + {{- if .Values.log.sentry.release -}} + {{- $_ = set $map "quarkus.log.sentry.release" .Values.log.sentry.release -}} + {{- end -}} + {{- $_ = set $map "quarkus.log.sentry.in-app-packages" ( join "," .Values.log.sentry.inAppPackages ) -}} + {{- else -}} + {{- $_ = set $map "quarkus.log.sentry" "false" -}} + {{- end -}} + {{- $categories := dict -}} + {{- list .Values.log.categories "" $categories | include "nessie.mergeAdvancedConfig" -}} + {{- range $k, $v := $categories -}} + {{- $_ = set $map (printf "quarkus.log.category.\"%s\".level" $k) $v -}} + {{- end -}} + + {{- if hasPrefix "DYNAMODB" .Values.versionStoreType -}} + {{- if .Values.dynamodb.region -}} + {{- $_ = set $map "quarkus.dynamodb.aws.region" .Values.dynamodb.region -}} + {{- end -}} + {{- if .Values.dynamodb.profile -}} + {{- $_ = set $map "quarkus.dynamodb.aws.credentials.profile-provider.profile-name" .Values.dynamodb.profile -}} + {{- end -}} + {{- end -}} + + {{- if hasPrefix "CASSANDRA" .Values.versionStoreType -}} + {{- $_ = set $map "quarkus.cassandra.keyspace" .Values.cassandra.keyspace -}} + {{- $_ = set $map "quarkus.cassandra.contact-points" .Values.cassandra.contactPoints -}} + {{- if .Values.cassandra.localDatacenter -}} + {{- $_ = set $map "quarkus.cassandra.local-datacenter" .Values.cassandra.localDatacenter -}} + {{- end -}} + {{- /* legacy support for username/password */}} + {{- if and .Values.cassandra.auth .Values.cassandra.auth.username -}} + {{- $_ = set $map "quarkus.cassandra.auth.username" .Values.cassandra.auth.username -}} + {{- $_ = set $map "quarkus.cassandra.auth.password" .Values.cassandra.auth.password -}} + {{- end -}} + {{- end -}} + + {{- if hasPrefix "ROCKSDB" .Values.versionStoreType -}} + {{- $_ = set $map "nessie.version.store.persist.rocks.database-path" "/rocks-nessie" -}} + {{- end -}} + + {{- if hasPrefix "MONGODB" .Values.versionStoreType -}} + {{- if .Values.mongodb.name -}} + {{- $_ = set $map "quarkus.mongodb.database" .Values.mongodb.name -}} + {{- end -}} + {{- if .Values.mongodb.connectionString -}} + {{- $_ = set $map "quarkus.mongodb.connection-string" .Values.mongodb.connectionString -}} + {{- end -}} + {{- end -}} + + {{- if hasPrefix "JDBC" .Values.versionStoreType -}} + {{- $oldConfig := .Values.postgres | default dict -}} + {{- $newConfig := .Values.jdbc | default dict -}} + {{- $jdbcUrl := coalesce $oldConfig.jdbcUrl $newConfig.jdbcUrl -}} + {{- $dbKind := include "nessie.dbKind" $jdbcUrl -}} + {{- $_ = set $map "nessie.version.store.persist.jdbc.datasource" $dbKind -}} + {{- $_ = set $map ( printf "quarkus.datasource.%s.jdbc.url" $dbKind ) $jdbcUrl }} + {{- end -}} + + {{- if hasPrefix "BIGTABLE" .Values.versionStoreType -}} + {{- $_ = set $map "quarkus.google.cloud.project-id" .Values.bigtable.projectId -}} + {{- $_ = set $map "nessie.version.store.persist.bigtable.instance-id" .Values.bigtable.instanceId -}} + {{- $_ = set $map "nessie.version.store.persist.bigtable.app-profile-id" .Values.bigtable.appProfileId -}} + {{- end -}} + + {{- if .Values.authentication.enabled -}} + {{- $_ = set $map "nessie.server.authentication.enabled" .Values.authentication.enabled -}} + {{- $_ = set $map "quarkus.oidc.ui-app.application-type" "web-app" -}} + {{- $_ = set $map "quarkus.oidc.ui-app.tenant-paths" "/,/tree*,/content*,/notfound*,/commits*" -}} + {{- if .Values.authentication.oidcAuthServerUrl -}} + {{- $_ = set $map "quarkus.oidc.auth-server-url" .Values.authentication.oidcAuthServerUrl -}} + {{- $_ = set $map "quarkus.oidc.ui-app.auth-server-url" .Values.authentication.oidcAuthServerUrl -}} + {{- end -}} + {{- if .Values.authentication.oidcClientId -}} + {{- $_ = set $map "quarkus.oidc.client-id" .Values.authentication.oidcClientId -}} + {{- $_ = set $map "quarkus.oidc.ui-app.client-id" .Values.authentication.oidcClientId -}} + {{- end -}} + {{- else -}} + {{- $_ = set $map "quarkus.oidc.tenant-enabled" false -}} + {{- end -}} + + {{- if .Values.authorization.enabled -}} + {{- $_ = set $map "nessie.server.authorization.enabled" .Values.authorization.enabled -}} + {{- if .Values.authorization.rules -}} + {{- range $ruleId, $rule := .Values.authorization.rules -}} + {{- $_ = set $map (printf "nessie.server.authorization.rules.%s" $ruleId ) $rule -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if .Values.tracing.enabled -}} + {{- $_ = set $map "quarkus.otel.exporter.otlp.endpoint" .Values.tracing.endpoint -}} + {{- if .Values.tracing.attributes -}} + {{- $_ = set $map "quarkus.otel.resource.attributes" (include "nessie.dictToString" .Values.tracing.attributes) -}} + {{- end -}} + {{- if .Values.tracing.sample -}} + {{ if eq .Values.tracing.sample "all" -}} + {{- $_ = set $map "quarkus.otel.traces.sampler" "parentbased_always_on" -}} + {{- else if eq .Values.tracing.sample "none" -}} + {{- $_ = set $map "quarkus.otel.traces.sampler" "always_off" -}} + {{- else -}} + {{- $_ = set $map "quarkus.otel.traces.sampler" "parentbased_traceidratio" -}} + {{- $_ = set $map "quarkus.otel.traces.sampler.arg" .Values.tracing.sample -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- $_ = set $map "quarkus.otel.sdk.disabled" true -}} + {{- end -}} + + {{- if .Values.metrics.enabled -}} + {{- range $name, $value := .Values.metrics.tags -}} + {{- $_ = set $map (print "nessie.metrics.tags." $name) $value -}} + {{- end -}} + {{- else -}} + {{- $_ = set $map "quarkus.micrometer.enabled" "false" -}} + {{- end -}} + + {{- if .Values.catalog.enabled -}} + {{- list .Values.catalog.iceberg $map | include "nessie.applyCatalogIcebergOptions" -}} + {{- if .Values.catalog.storage.retryAfter -}} + {{- $_ = set $map "nessie.catalog.error-handling.throttled-retry-after" .Values.catalog.storage.retryAfter -}} + {{- end -}} + {{- list .Values.catalog.storage.s3 "nessie.catalog.service.s3." $map | include "nessie.applyCatalogStorageS3RootOptions" }} + {{- list .Values.catalog.storage.s3.defaultOptions "nessie.catalog.service.s3.default-options." $map | include "nessie.applyCatalogStorageS3BucketOptions" }} + {{- range $i, $bucket := .Values.catalog.storage.s3.buckets -}} + {{- if not $bucket.name -}}{{- required ( printf "catalog.storage.s3.buckets[%d]: missing bucket name" $i ) $bucket.name -}}{{- end -}} + {{- list $bucket ( printf "nessie.catalog.service.s3.buckets.bucket%d." (add $i 1) ) $map | include "nessie.applyCatalogStorageS3BucketOptions" }} + {{- end -}} + {{- list .Values.catalog.storage.gcs "nessie.catalog.service.gcs." $map | include "nessie.applyCatalogStorageGcsRootOptions" }} + {{- list .Values.catalog.storage.gcs.defaultOptions "nessie.catalog.service.gcs.default-options." $map | include "nessie.applyCatalogStorageGcsBucketOptions" }} + {{- range $i, $bucket := .Values.catalog.storage.gcs.buckets -}} + {{- if not $bucket.name -}}{{- required ( printf "catalog.storage.gcs.buckets[%d]: missing bucket name" $i ) $bucket.name -}}{{- end -}} + {{ list $bucket ( printf "nessie.catalog.service.gcs.buckets.bucket%d." (add $i 1) ) $map | include "nessie.applyCatalogStorageGcsBucketOptions" }} + {{- end -}} + {{- list .Values.catalog.storage.adls "nessie.catalog.service.adls." $map | include "nessie.applyCatalogStorageAdlsRootOptions" }} + {{- list .Values.catalog.storage.adls.defaultOptions "nessie.catalog.service.adls.default-options." $map | include "nessie.applyCatalogStorageAdlsFileSystemOptions" }} + {{- range $i, $filesystem := .Values.catalog.storage.adls.filesystems -}} + {{- if not $filesystem.name -}}{{- required ( printf "catalog.storage.adls.filesystems[%d]: missing filesystem name" $i ) $filesystem.name -}}{{- end -}} + {{- list $filesystem ( printf "nessie.catalog.service.adls.file-systems.filesystem%d." (add $i 1) ) $map | include "nessie.applyCatalogStorageAdlsFileSystemOptions" }} + {{- end -}} + {{- else -}} + {{- $_ = set $map "nessie.catalog.object-stores.health-check.enabled" false -}} + {{- end -}} + + {{- list .Values.advancedConfig "" $map | include "nessie.mergeAdvancedConfig" }} + {{- $global := . -}} + {{- range $k, $v := $map }} + {{ include "nessie.appendConfigOption" (list $k $v $global) }} + {{- end }} \ No newline at end of file diff --git a/addons/nessie/0.103/chart/nessie/templates/deployment.yaml b/addons/nessie/0.103/chart/nessie/templates/deployment.yaml new file mode 100644 index 00000000..d054ae50 --- /dev/null +++ b/addons/nessie/0.103/chart/nessie/templates/deployment.yaml @@ -0,0 +1,199 @@ +{{/** + + Copyright (C) 2024 Dremio + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +**/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "nessie.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nessie.labels" . | nindent 4 }} + {{- if .Values.podLabels }} + {{- tpl (toYaml .Values.podLabels) . | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "nessie.selectorLabels" . | nindent 6 }} + strategy: + {{- tpl (toYaml .Values.deploymentStrategy) . | nindent 4 }} + template: + metadata: + annotations: + projectnessie.org/config-checksum: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + prometheus.io/scrape: "{{ .Values.metrics.enabled | default "false" }}" + prometheus.io/port: "{{ .Values.managementService.port }}" + prometheus.io/path: "/q/metrics" + {{- if .Values.podAnnotations }} + {{- tpl (toYaml .Values.podAnnotations) . | nindent 8 }} + {{- end }} + labels: + {{- include "nessie.selectorLabels" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- tpl (toYaml .Values.podLabels) . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- tpl (toYaml .Values.imagePullSecrets) . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "nessie.serviceAccountName" . }} + securityContext: + {{- tpl (toYaml .Values.podSecurityContext) . | nindent 8 }} + {{- if .Values.extraInitContainers }} + initContainers: + {{- tpl (toYaml .Values.extraInitContainers) . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + ports: + - name: {{ .Values.managementService.portName | default "metrics" }} + containerPort: {{ .Values.managementService.port | default 9000 }} + securityContext: + {{- tpl (toYaml .Values.securityContext) . | nindent 12 }} + image: "{{ tpl .Values.image.repository . }}:{{ tpl .Values.image.tag . | default .Chart.Version }}" + imagePullPolicy: {{ tpl .Values.image.pullPolicy . }} + volumeMounts: + - name: nessie-config + mountPath: {{ trimSuffix "/" .Values.image.configDir }}/application.properties + subPath: application.properties + readOnly: true + - name: temp-dir + mountPath: /tmp + {{- if hasPrefix "ROCKSDB" .Values.versionStoreType }} + - name: rocks-storage + mountPath: /rocks-nessie + readOnly: false + {{- end }} + {{- if .Values.log.file.enabled }} + - name: logs-storage + mountPath: {{ .Values.log.file.logsDir }} + readOnly: false + {{- end }} + {{- if and (hasPrefix "BIGTABLE" .Values.versionStoreType) (.Values.bigtable.secret) }} + - name: bigtable-creds + mountPath: /bigtable-nessie + readOnly: true + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- tpl (toYaml .Values.extraVolumeMounts) . | nindent 12 }} + {{- end }} + env: + {{- if hasPrefix "DYNAMODB" .Values.versionStoreType -}} + {{- include "nessie.secretToEnv" (list .Values.dynamodb.secret "awsAccessKeyId" "AWS_ACCESS_KEY_ID" . ) | trim | nindent 12 -}} + {{- include "nessie.secretToEnv" (list .Values.dynamodb.secret "awsSecretAccessKey" "AWS_SECRET_ACCESS_KEY" . ) | trim | nindent 12 -}} + {{- end -}} + {{- if hasPrefix "MONGODB" .Values.versionStoreType }} + {{- include "nessie.secretToEnv" (list .Values.mongodb.secret "username" "quarkus.mongodb.credentials.username" . ) | trim | nindent 12 -}} + {{- include "nessie.secretToEnv" (list .Values.mongodb.secret "password" "quarkus.mongodb.credentials.password" . ) | trim | nindent 12 -}} + {{- end -}} + {{- if hasPrefix "CASSANDRA" .Values.versionStoreType }} + {{- include "nessie.secretToEnv" (list .Values.cassandra.secret "username" "quarkus.cassandra.auth.username" . ) | trim | nindent 12 -}} + {{- include "nessie.secretToEnv" (list .Values.cassandra.secret "password" "quarkus.cassandra.auth.password" . ) | trim | nindent 12 -}} + {{- end -}} + {{- if hasPrefix "JDBC" .Values.versionStoreType }} + {{- $oldConfig := .Values.postgres | default dict }} + {{- $newConfig := .Values.jdbc | default dict }} + {{- $jdbcUrl := coalesce $oldConfig.jdbcUrl $newConfig.jdbcUrl }} + {{- $secret := coalesce $oldConfig.secret $newConfig.secret }} + {{- $dbKind := include "nessie.dbKind" $jdbcUrl }} + {{- include "nessie.secretToEnv" (list $secret "username" (printf "quarkus.datasource.%s.username" $dbKind) . ) | trim | nindent 12 }} + {{- include "nessie.secretToEnv" (list $secret "password" (printf "quarkus.datasource.%s.password" $dbKind) . ) | trim | nindent 12 }} + {{- end -}} + {{- if hasPrefix "BIGTABLE" .Values.versionStoreType }} + {{- if .Values.bigtable.secret }} + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /bigtable-nessie/sa_credentials.json + {{- end }} + {{- end -}} + {{- if .Values.authentication.enabled -}} + {{- include "nessie.secretToEnv" (list .Values.authentication.oidcClientSecret "key" "quarkus.oidc.credentials.secret" . ) | trim | nindent 12 -}} + {{- include "nessie.secretToEnv" (list .Values.authentication.oidcClientSecret "key" "quarkus.oidc.ui-app.credentials.secret" . ) | trim | nindent 12 -}} + {{- end -}} + {{- if .Values.catalog.enabled -}} + {{- include "nessie.catalogStorageEnv" . | trim | nindent 12 -}} + {{- end -}} + {{- if .Values.extraEnv }} + {{- tpl (toYaml .Values.extraEnv) . | nindent 12 }} + {{- end }} + {{- include "nessie.containerPorts" . | trim | nindent 10 }} + livenessProbe: + httpGet: + path: /q/health/live + port: {{ .Values.managementService.portName }} + scheme: HTTP + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + terminationGracePeriodSeconds: {{ .Values.livenessProbe.terminationGracePeriodSeconds }} + readinessProbe: + httpGet: + path: /q/health/ready + port: {{ .Values.managementService.portName }} + scheme: HTTP + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + resources: + {{- tpl (toYaml .Values.resources) . | nindent 12 }} + volumes: + - name: nessie-config + configMap: + name: {{ include "nessie.fullname" . }} + - name: temp-dir + emptyDir: {} + {{- if hasPrefix "ROCKSDB" .Values.versionStoreType }} + - name: rocks-storage + persistentVolumeClaim: + claimName: {{ include "nessie.fullname" . }} + {{- end }} + {{- if .Values.log.file.enabled }} + - name: logs-storage + persistentVolumeClaim: + claimName: {{ include "nessie.fullname" . }}-logs + {{- end }} + {{- if and (hasPrefix "BIGTABLE" .Values.versionStoreType) (.Values.bigtable.secret) }} + - name: bigtable-creds + secret: + secretName: {{ .Values.bigtable.secret.name }} + items: + - key: {{ .Values.bigtable.secret.key }} + path: sa_credentials.json + {{- end }} + {{- if .Values.extraVolumes }} + {{- tpl (toYaml .Values.extraVolumes) . | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: + {{- tpl (toYaml .Values.nodeSelector) . | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: + {{- tpl (toYaml .Values.affinity) . | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: + {{- tpl (toYaml .Values.tolerations) . | nindent 8 }} + {{- end }} diff --git a/addons/nessie/0.103/chart/nessie/templates/hpa.yaml b/addons/nessie/0.103/chart/nessie/templates/hpa.yaml new file mode 100644 index 00000000..16560081 --- /dev/null +++ b/addons/nessie/0.103/chart/nessie/templates/hpa.yaml @@ -0,0 +1,65 @@ +{{/** + + Copyright (C) 2024 Dremio + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +**/}} + +{{- if .Values.autoscaling.enabled }} +{{- if .Capabilities.APIVersions.Has "autoscaling/v2" -}} +apiVersion: autoscaling/v2 +{{- else if .Capabilities.APIVersions.Has "autoscaling/v2beta2" -}} +apiVersion: autoscaling/v2beta2 +{{- else -}} +apiVersion: autoscaling/v2beta1 +{{- end }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "nessie.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nessie.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "nessie.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + {{- if or (.Capabilities.APIVersions.Has "autoscaling/v2") (.Capabilities.APIVersions.Has "autoscaling/v2beta2") }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- else }} + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + {{- if or (.Capabilities.APIVersions.Has "autoscaling/v2") (.Capabilities.APIVersions.Has "autoscaling/v2beta2") }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- else }} + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/nessie/0.103/chart/nessie/templates/ingress.yaml b/addons/nessie/0.103/chart/nessie/templates/ingress.yaml new file mode 100644 index 00000000..5e782865 --- /dev/null +++ b/addons/nessie/0.103/chart/nessie/templates/ingress.yaml @@ -0,0 +1,75 @@ +{{/** + + Copyright (C) 2024 Dremio + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +**/}} + +{{- $kubeVersion := .Capabilities.KubeVersion.Version -}} +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "nessie.fullname" . -}} +{{- if semverCompare ">=1.22-0" $kubeVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" $kubeVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nessie.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className | quote }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + {{- $portName := dig "service" "portName" (get (first $.Values.service.ports) "name") . }} + {{- $svcName := printf "%s%s" $fullName (dig "service" "nameSuffix" "" .) }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + pathType: {{ default "ImplementationSpecific" $.Values.ingress.pathType }} + backend: + {{- if semverCompare ">=1.22-0" $kubeVersion }} + service: + name: {{ $svcName }} + port: + name: {{ $portName }} + {{- else }} + serviceName: {{ $svcName }} + servicePort: {{ $portName }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} diff --git a/addons/nessie/0.103/chart/nessie/templates/secrets.yaml b/addons/nessie/0.103/chart/nessie/templates/secrets.yaml new file mode 100644 index 00000000..24cc8bbd --- /dev/null +++ b/addons/nessie/0.103/chart/nessie/templates/secrets.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Secret +metadata: + name: datasource-creds + namespace: {{ .Release.Namespace }} +type: Opaque +stringData: + username: "{{ .Values.jdbc.username }}" + password: "{{ .Values.jdbc.password }}" +--- +apiVersion: v1 +kind: Secret +metadata: + name: awscreds + namespace: {{ .Release.Namespace }} +type: Opaque +stringData: + aws_access_key_id: "{{ .Values.catalog.storage.s3.defaultOptions.awsAccessKeyId }}" + aws_secret_access_key: "{{ .Values.catalog.storage.s3.defaultOptions.awsSecretAccessKey }}" diff --git a/addons/nessie/0.103/chart/nessie/templates/service.yaml b/addons/nessie/0.103/chart/nessie/templates/service.yaml new file mode 100644 index 00000000..b3be6eb9 --- /dev/null +++ b/addons/nessie/0.103/chart/nessie/templates/service.yaml @@ -0,0 +1,118 @@ +{{/** + + Copyright (C) 2024 Dremio + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +**/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "nessie.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nessie.labels" . | nindent 4 }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + selector: + {{- include "nessie.selectorLabels" . | nindent 4 }} + ports: + {{- range .Values.service.ports }} + - name: {{ .name }} + port: {{ .number }} + targetPort: {{ .number }} + protocol: TCP + {{- end }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} + {{- end }} + internalTrafficPolicy: {{ .Values.service.internalTrafficPolicy }} + {{- if ge (int $.Capabilities.KubeVersion.Minor) 31 }} + trafficDistribution: {{ .Values.service.trafficDistribution }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "nessie.fullname" . }}-mgmt + namespace: {{ .Release.Namespace }} + labels: + {{- include "nessie.labels" . | nindent 4 }} + {{- with .Values.managementService.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + clusterIP: None + selector: + {{- include "nessie.selectorLabels" . | nindent 4 }} + ports: + - name: {{ .Values.managementService.portName }} + port: {{ .Values.managementService.portNumber }} + targetPort: {{ .Values.managementService.portNumber }} + protocol: TCP + publishNotReadyAddresses: true +{{- range $i, $svc := .Values.extraServices }} +{{- if not $svc.nameSuffix }} +{{- fail (printf "extraServices[%d]: missing required nameSuffix" $i) }} +{{- else if eq $svc.nameSuffix "-mgmt" }} +{{- fail (printf "extraServices[%d]: invalid nameSuffix" $i) }} +{{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "nessie.fullname" $ }}{{ $svc.nameSuffix }} + namespace: {{ $.Release.Namespace }} + labels: + {{- include "nessie.labels" $ | nindent 4 }} + {{- with $svc.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ $svc.type }} + selector: + {{- include "nessie.selectorLabels" $ | nindent 4 }} + ports: + {{- range $svc.ports }} + - name: {{ .name }} + port: {{ .number }} + targetPort: {{ .number }} + protocol: TCP + {{- end }} + {{- if $svc.sessionAffinity }} + sessionAffinity: {{ $svc.sessionAffinity }} + {{- end }} + {{- if $svc.clusterIP }} + clusterIP: {{ $svc.clusterIP }} + {{- end }} + {{- if and $svc.externalTrafficPolicy (or (eq $svc.type "LoadBalancer") (eq $svc.type "NodePort")) }} + externalTrafficPolicy: {{ $svc.externalTrafficPolicy }} + {{- end }} + {{- if $svc.internalTrafficPolicy }} + internalTrafficPolicy: {{ $svc.internalTrafficPolicy }} + {{- end }} + {{- if and (ge (int $.Capabilities.KubeVersion.Minor) 31) ($svc.trafficDistribution) }} + trafficDistribution: {{ $svc.trafficDistribution }} + {{- end }} +{{- end }} diff --git a/addons/nessie/0.103/chart/nessie/templates/serviceaccount.yaml b/addons/nessie/0.103/chart/nessie/templates/serviceaccount.yaml new file mode 100644 index 00000000..5bd0ceda --- /dev/null +++ b/addons/nessie/0.103/chart/nessie/templates/serviceaccount.yaml @@ -0,0 +1,31 @@ +{{/** + + Copyright (C) 2024 Dremio + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +**/}} + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "nessie.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nessie.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/addons/nessie/0.103/chart/nessie/templates/servicemonitor.yaml b/addons/nessie/0.103/chart/nessie/templates/servicemonitor.yaml new file mode 100644 index 00000000..b823f213 --- /dev/null +++ b/addons/nessie/0.103/chart/nessie/templates/servicemonitor.yaml @@ -0,0 +1,47 @@ +{{- if .Values.metrics.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "nessie.fullname" . }} + labels: + {{- include "nessie.labels" . | nindent 4 }} + {{- with .Values.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + spec: + endpoints: + - port: {{ .Values.managementService.portName | default "metrics" }} + path: /q/metrics + interval: 30s + selector: + matchLabels: + {{- include "nessie.selectorLabels" . | nindent 6 }} +{{- end }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "nessie.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nessie.labels" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.labels }} + {{ toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.managementService.portName }} + scheme: http + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + path: /q/metrics + {{- with .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "nessie.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/addons/nessie/0.103/chart/nessie/templates/storage.yaml b/addons/nessie/0.103/chart/nessie/templates/storage.yaml new file mode 100644 index 00000000..7147f364 --- /dev/null +++ b/addons/nessie/0.103/chart/nessie/templates/storage.yaml @@ -0,0 +1,63 @@ +{{/** + + Copyright (C) 2024 Dremio + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +**/}} + +{{- if or (eq .Values.versionStoreType "ROCKS") (eq .Values.versionStoreType "ROCKSDB") }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "nessie.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nessie.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + storageClassName: {{ .Values.rocksdb.storageClassName }} + resources: + requests: + storage: "{{ .Values.rocksdb.storageSize }}" +{{- if .Values.rocksdb.selectorLabels }} + selector: + matchLabels: + {{- toYaml .Values.rocksdb.selectorLabels | nindent 6 }} +{{- end }} +{{- end }} +--- +{{- if .Values.log.file.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "nessie.fullname" . }}-logs + namespace: {{ .Release.Namespace }} + labels: + {{- include "nessie.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + storageClassName: {{ .Values.log.file.storage.className }} + resources: + requests: + storage: "{{ .Values.log.file.storage.size }}" +{{- if .Values.log.file.storage.selectorLabels }} + selector: + matchLabels: + {{- toYaml .Values.log.file.storage.selectorLabels | nindent 6 }} +{{- end }} +{{- end }} diff --git a/addons/nessie/0.103/chart/nessie/values.yaml b/addons/nessie/0.103/chart/nessie/values.yaml new file mode 100644 index 00000000..8db1f8ca --- /dev/null +++ b/addons/nessie/0.103/chart/nessie/values.yaml @@ -0,0 +1,987 @@ +## +## Copyright (C) 2024 Dremio +## +## Licensed under the Apache License, Version 2.0 (the "License"); +## you may not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## + +# -- The number of replicas to deploy (horizontal scaling). +# Beware that replicas are stateless; don't set this number > 1 when using IN_MEMORY or ROCKSDB version store types. +replicaCount: 2 + +image: + # -- The image repository to pull from. + repository: registry.drycc.cc/drycc-addons/nessie + # -- The image pull policy. + pullPolicy: IfNotPresent + # -- Overrides the image tag whose default is the chart version. + tag: "0" + # -- The path to the directory where the application.properties file should be mounted. + configDir: /opt/drycc/nessie/config + +# -- References to secrets in the same namespace to use for pulling any of the images used by this +# chart. Each entry is a LocalObjectReference to an existing secret in the namespace. The secret +# must contain a .dockerconfigjson key with a base64-encoded Docker configuration file. See +# https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ for more +# information. +imagePullSecrets: [] +# - name: registry-creds + +# -- Logging configuration. +log: + # -- The log level of the root category, which is used as the default log level for all categories. + level: INFO + # -- Configuration for the console appender. + console: + # -- Whether to enable the console appender. + enabled: true + # -- The log level of the console appender. + threshold: ALL + # -- Whether to log in JSON format. + json: false + # -- The log format to use. Ignored if JSON format is enabled. See + # https://quarkus.io/guides/logging#logging-format for details. + format: "%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n" + # -- Configuration for the file appender. + file: + # -- Whether to enable the file appender. + enabled: false + # -- The log level of the file appender. + threshold: ALL + # -- Whether to log in JSON format. + json: false + # -- The log format to use. Ignored if JSON format is enabled. See + # https://quarkus.io/guides/logging#logging-format for details. + format: "%d{yyyy-MM-dd HH:mm:ss,SSS} %h %N[%i] %-5p [%X{traceId},%X{spanId},%X{sampled}] [%c{3.}] (%t) %s%e%n" + # -- The local directory where log files are stored. The persistent volume claim will be mounted + # here. + logsDir: /deployments/logs + # -- The log file name. + fileName: nessie.log + # -- Log rotation configuration. + rotation: + # -- The maximum size of the log file before it is rotated. Should be expressed as a Kubernetes quantity. + maxFileSize: 100Mi + # -- The maximum number of backup files to keep. + maxBackupIndex: 5 + # -- An optional suffix to append to the rotated log files. If present, the rotated log files + # will be grouped in time buckets, and each bucket will contain at most maxBackupIndex files. + # The suffix must be in a date-time format that is understood by DateTimeFormatter. If the + # suffix ends with .gz or .zip, the rotated files will also be compressed using the + # corresponding algorithm. + fileSuffix: ~ # .yyyy-MM-dd.gz + # -- The log storage configuration. A persistent volume claim will be created using these + # settings. + storage: + # -- The storage class name of the persistent volume claim to create. + className: standard + # -- The size of the persistent volume claim to create. + size: 512Gi + # -- Labels to add to the persistent volume claim spec selector; a persistent volume with + # matching labels must exist. Leave empty if using dynamic provisioning. + selectorLabels: {} + # app.kubernetes.io/name: nessie + # app.kubernetes.io/instance: RELEASE-NAME + # -- Configuration for the Sentry appender. See https://sentry.io and + # https://docs.quarkiverse.io/quarkus-logging-sentry/dev for more information. + sentry: + # -- Whether to enable the Sentry appender. + enabled: false + # -- The Sentry DSN. Required. + dsn: ~ # "https://abcd@sentry.io/1234" + # -- The log level of the Sentry appender. + level: ERROR + # -- The environment to report to Sentry. Optional. + environment: ~ + # -- The release version to report to Sentry. Optional. + release: ~ + # -- Package prefixes that belong to your application. + inAppPackages: + - org.projectnessie + # -- Configuration for specific log categories. + categories: + org.projectnessie: INFO + # Useful to debug configuration issues: + # io.smallrye.config: DEBUG + +# -- Which type of version store to use: IN_MEMORY, ROCKSDB, DYNAMODB2, MONGODB2, CASSANDRA2, JDBC2, BIGTABLE. +# Note: the version store type JDBC is deprecated, please use the Nessie Server Admin Tool to migrate to JDBC2. +# Note: the version store type CASSANDRA is deprecated, please use the Nessie Server Admin Tool to migrate to CASSANDRA2. +# Note: the version store type DYNAMODB is deprecated, please use the Nessie Server Admin Tool to migrate to DYNAMODB2. +# Note: the version store type MONGODB is deprecated, please use the Nessie Server Admin Tool to migrate to MONGODB2. +versionStoreType: JDBC2 + +# Cassandra settings. Only required when using CASSANDRA version store type; ignored otherwise. +cassandra: + keyspace: nessie + # -- The contact points for the Cassandra cluster. At least one contact point must be provided, + # but more can be added for redundancy. The format is a comma-separated list of host:port elements. + contactPoints: cassandra.cassandra.svc.cluster.local:9042 + localDatacenter: datacenter1 + secret: + # -- The secret name to pull Cassandra credentials from. + name: cassandra-creds + # -- The secret key storing the Cassandra username. + username: cassandra_username + # -- The secret key storing the Cassandra password. + password: cassandra_password + +# RocksDB settings. Only required when using ROCKSDB version store type; ignored otherwise. +rocksdb: + # -- The storage class name of the persistent volume claim to create. + storageClassName: standard + # -- The size of the persistent volume claim to create. + storageSize: 1Gi + # -- Labels to add to the persistent volume claim spec selector; a persistent volume with matching labels must exist. + # Leave empty if using dynamic provisioning. + selectorLabels: + {} + # app.kubernetes.io/name: nessie + # app.kubernetes.io/instance: RELEASE-NAME + +# DynamoDB settings. Only required when using DYNAMODB version store type; ignored otherwise. +dynamodb: + # -- The AWS region to use. + region: us-west-2 + # -- The name of the profile that should be used, when loading AWS credentials from a profile + # file. Required only if no secret is provided below. + profile: default + secret: + # -- The secret name to pull AWS credentials from. Optional; if not present, the default AWS + # credentials provider chain is used. + name: awscreds + # -- The secret key storing the AWS secret key id. + awsAccessKeyId: aws_access_key_id + # -- The secret key storing the AWS secret access key. + awsSecretAccessKey: aws_secret_access_key + +## Mongo DB settings. Only required when using MONGODB version store type; ignored otherwise. +mongodb: + # -- The MongoDB database name. + name: nessie + # -- The MongoDB connection string. + connectionString: mongodb://localhost:27017 + secret: + # -- The secret name to pull MongoDB credentials from. + name: mongodb-creds + # -- The secret key storing the MongoDB username. + username: mongodb_username + # -- The secret key storing the MongoDB password. + password: mongodb_password + +# JDBC datasource settings. Only required when using JDBC version store type; ignored otherwise. +jdbc: + # -- The JDBC connection string. If you are using Nessie OSS images, then only + # PostgreSQL, MariaDB and MySQL URLs are supported. Check your JDBC driver documentation + # for the correct URL format. + jdbcUrl: jdbc:postgresql://localhost:5432/my_database?currentSchema=nessie + secret: + # -- The secret name to pull datasource credentials from. + name: datasource-creds + # -- The secret key storing the datasource username. + username: username + # -- The secret key storing the datasource password. + password: password + +# BigTable settings. Only required when using BIGTABLE version store type; ignored otherwise. +bigtable: + # -- The Google Cloud project ID. + projectId: my-gcp-project + # -- The Google Cloud Bigtable instance ID. + instanceId: nessie-bigtable + # -- The Google Cloud Bigtable app profile ID. + appProfileId: default + # -- The secret to use to authenticate against BigTable. + # When provided, it is assumed that authentication will use a service account JSON key. + # See https://cloud.google.com/iam/docs/keys-create-delete for details on how to create a + # service account key. + # If left empty, then Workload Identity usage is assumed instead; in this case, make sure that + # the pod's service account has been granted access to BigTable. + # See https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to + # for details on how to create a suitable service account. + # Important: when using Workload Identity, unless the cluster is in Autopilot mode, it is also + # required to add the following nodeSelector label: + # iam.gke.io/gke-metadata-server-enabled: "true" + # This is not done automatically by this chart because this selector would be invalid for + # Autopilot clusters. + secret: {} + # # -- The secret name to pull a valid Google Cloud service account key from. + # name: bigtable-creds + # # -- The secret key storing the Google Cloud service account JSON key. + # key: sa_json + +# -- The Nessie catalog server configuration. +catalog: + + # -- Whether to enable the REST catalog service. + enabled: true + + # -- Iceberg catalog settings. + iceberg: + + # -- The default warehouse name. Required. This is just a symbolic name; it must refer to a + # declared warehouse below. + defaultWarehouse: warehouse1 + + # -- Iceberg config defaults applicable to all clients and warehouses. Any properties that are + # common to all iceberg clients should be included here. They will be passed to all clients on + # all warehouses as config defaults. These defaults can be overridden on a per-warehouse basis, + # see below. + configDefaults: {} + # io-impl: org.apache.iceberg.hadoop.HadoopFileIO + + # -- Iceberg config overrides applicable to all clients and warehouses. Any properties that are + # common to all iceberg clients should be included here. They will be passed to all clients on + # all warehouses as config overrides. These overrides can be overridden on a per-warehouse + # basis, see below. + configOverrides: {} + # s3.acl: public-read-write + + # -- Iceberg warehouses. Each warehouse is a location where Iceberg tables are stored. Each + # warehouse has a name, a location, and optional config defaults and overrides. At least one + # warehouse must be defined. + warehouses: + # -- Symbolic name of the warehouse. Required. + - name: warehouse1 + # -- Location of the warehouse. Required. Used to determine the base location of a table. + # Scheme must be either s3 (Amazon S3), gs (Google GCS) or abfs / abfss (Azure ADLS). Storage + # properties for each location can be defined below. + location: s3://bucket1/ + # -- Iceberg config defaults specific to this warehouse. They override any defaults specified + # above in catalog.iceberg.configDefaults. + configDefaults: {} + # -- Iceberg config overrides specific to this warehouse. They override any defaults specified + # above in catalog.iceberg.configOverrides. + configOverrides: {} + # In rare cases it might be legit to turn off the object-stores readiness check. + objectStoresHealthCheckEnabled: true + + # -- Catalog storage settings. + storage: + # -- Interval after which a request is retried when Storage responds with some "retry later" + # error. Must be a valid ISO duration. + retryAfter: ~ + + s3: + + # Global S3 settings. Can be overridden on a per-bucket basis below. + defaultOptions: + # -- DNS name of the region, required for AWS. + region: us-west-2 + # -- Endpoint URI, required for private clouds. Optional; if not provided, the default is + # used. + endpoint: "https://bucket1.s3.amazonaws.com" + # -- Endpoint URI, required for private clouds. Optional; if not provided, the default is + # used. If the endpoint URIs for the Nessie server and clients differ, this one defines the + # endpoint used for the Nessie server. + externalEndpoint: ~ + # -- Whether to use path-style access. Optional; if not provided, the default is used. If + # true, path-style access will be used, as in: https:///. If false, a + # virtual-hosted style will be used instead, as in: https://.. + pathStyleAccess: true + # -- AWS Access point for this bucket. Access points can be used to perform S3 operations by + # specifying a mapping of bucket to access points. This is useful for multi-region access, + # cross-region access, disaster recovery, etc. See + # https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html. + accessPoint: ~ + # -- Authorize cross-region calls when contacting an access point. The default is false. + allowCrossRegionAccessPoint: ~ + # -- Controls the authentication mode for the Catalog server. Valid values are: + # - APPLICATION_GLOBAL: Use the default AWS credentials provider chain. + # - STATIC: Static credentials provided through the accessKeySecret option. + # The default is STATIC. + authType: ~ # STATIC + # --Optional parameter to disable S3 request signing. Default is to enable S3 request signing. + requestSigningEnabled: ~ # true + # -- The STS endpoint. Optional; if not provided, the default is used. This parameter must + # be set if the cloud provider is not AMAZON and the catalog is configured to use S3 + # sessions (e.g. to use the "assume role" functionality). + stsEndpoint: ~ # "https://sts.amazonaws.com" + + clientIam: + # -- Whether to enable vended credentials functionality. If this option is enabled, the + # server will temporarily assume the configured role, then pass the returned session + # credentials down to the client, for each table that is created, updated or registered. + # Vended credentials are not cached server-side. + enabled: ~ # false + # -- The ARN of the role to assume for accessing S3 data. This parameter is required for + # Amazon S3, but may not be required for other storage providers (e.g. Minio does not use it + # at all). + roleArn: ~ # "arn:aws:iam::123456789012:role/role-name" + # -- The IAM policy in JSON format to be used as an inline session policy when calling the + # assume-role endpoint. Optional. + policy: ~ # "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Effect\": \"Allow\", \"Action\": \"s3:*\", \"Resource\": \"*\" } ] }" + # -- An identifier for the assumed role session. This parameter is most important in cases + # when the same role is assumed by different principals in different use cases. + roleSessionName: ~ # nessie + # -- An identifier for the party assuming the role. This parameter must match the external + # ID configured in IAM rules that govern the assume role process for the specified roleArn. + externalId: ~ + # -- A higher bound estimate of the expected duration of client "sessions" working with data in + # this bucket. A session, for example, is the lifetime of an Iceberg REST catalog object on + # the client side. This value is used for validating expiration times of credentials + # associated with the warehouse. If unset, a default of one hour is assumed. + sessionDuration: ~ + # -- Additional IAM policy statements in JSON format to add to generated per-table IAM policies. + statements: ~ + # - >- + # { + # "Effect": "Allow", + # "Action": "s3:GetObject", + # "Resource": "arn:aws:s3:::bucket1.{{ .Release.Namespace }}/*" + # } + # - >- + # { + # "Effect": "Allow", + # "Action": "s3:PutObject", + # "Resource": "arn:aws:s3:::bucket1.{{ .Release.Namespace }}/*" + # } + + # -- Settings only relevant when clientAuthenticationMode is ASSUME_ROLE. + serverIam: + # -- Whether to enable server assume-role functionality. If this option is enabled, the + # server will attempt to assume the configured role at startup and cache the returned + # session credentials. + enabled: ~ # false + # -- The ARN of the role to assume for accessing S3 data. This parameter is required for + # Amazon S3, but may not be required for other storage providers (e.g. Minio does not use it + # at all). + roleArn: ~ # "arn:aws:iam::123456789012:role/role-name" + # -- The IAM policy in JSON format to be used as an inline session policy when calling the + # assume-role endpoint. Optional. + policy: ~ # "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Effect\": \"Allow\", \"Action\": \"s3:*\", \"Resource\": \"*\" } ] }" + # -- An identifier for the assumed role session. This parameter is most important in cases + # when the same role is assumed by different principals in different use cases. + roleSessionName: ~ # nessie + # -- An identifier for the party assuming the role. This parameter must match the external + # ID configured in IAM rules that govern the assume role process for the specified roleArn. + externalId: ~ + # -- A higher bound estimate of the expected duration of client "sessions" working with data in + # this bucket. A session, for example, is the lifetime of an Iceberg REST catalog object on + # the client side. This value is used for validating expiration times of credentials + # associated with the warehouse. If unset, a default of one hour is assumed. + sessionDuration: ~ + + # -- AWS credentials. Required when serverAuthenticationMode is STATIC. + accessKeySecret: + # -- The secret name to pull AWS credentials from. + name: awscreds + + # -- The secret key storing the AWS secret key id. + awsAccessKeyId: aws_access_key_id + # -- The secret key storing the AWS secret access key. + awsSecretAccessKey: aws_secret_access_key + + # -- Per-bucket S3 settings. Override the general settings above. + buckets: [] + # - name: bucket1 + # authority: bucket1 + # pathPrefix: path/in/the/bucket + # endpoint: "https://bucket1.s3.amazonaws.com" + # accessKeySecret: + # name: awscreds + # awsAccessKeyId: aws_access_key_id + # awsSecretAccessKey: aws_secret_access_key + + # -- S3 transport settings. Not overridable on a per-bucket basis. + transport: + # -- Override the default maximum number of pooled connections. + maxHttpConnections: ~ + # -- Override the default connection read timeout. Must be a valid ISO duration. + readTimeout: ~ + # -- Override the default TCP connect timeout. Must be a valid ISO duration. + connectTimeout: ~ + # -- Override default connection acquisition timeout. This is the time a request will wait + # for a connection from the pool. Must be a valid ISO duration. + connectionAcquisitionTimeout: ~ + # -- Override default max idle time of a pooled connection. Must be a valid ISO duration. + connectionMaxIdleTime: ~ + # -- Override default time-time of a pooled connection. Must be a valid ISO duration. + connectionTimeToLive: ~ + # -- Override default behavior whether to expect an HTTP/100-Continue. Must be a valid ISO + # duration. + expectContinueEnabled: ~ + + sessionCredentials: + # -- The time period to subtract from the S3 session credentials (assumed role credentials) + # expiry time to define the time when those credentials become eligible for refreshing. + # Not overridable on a per-bucket basis. The default is PT5M (5 minutes). + sessionCredentialRefreshGracePeriod: ~ # PT5M + # -- Maximum number of entries to keep in the session credentials cache (assumed role + # credentials). Not overridable on a per-bucket basis. The default is 1000. + sessionCredentialCacheMaxEntries: ~ # 1000 + # -- Maximum number of entries to keep in the STS clients cache. Not overridable on a + # per-bucket basis. The default is 50. + stsClientsCacheMaxEntries: ~ # 50 + + gcs: + + # Global GCS settings. Can be overridden on a per-bucket basis below. + defaultOptions: + # -- The default endpoint override to use. The endpoint is almost always used for testing + # purposes. If the endpoint URIs for the Nessie server and clients differ, this one defines + # the endpoint used for the Nessie server. + host: ~ + # -- When using a specific endpoint, see host, and the endpoint URIs for the Nessie server + # differ, you can specify the URI passed down to clients using this setting. Otherwise, + # clients will receive the value from the host setting. + externalHost: ~ + # -- Optionally specify the user project (Google term). + userProject: ~ + # -- The Google project ID. + projectId: ~ + # -- The Google quota project ID. + quotaProjectId: ~ + # -- The Google client lib token. + clientLibToken: ~ + # -- The authentication type to use. Valid values are: NONE, USER, SERVICE_ACCOUNT, + # ACCESS_TOKEN, APPLICATION_DEFAULT. The default is NONE. + authType: ~ + + # -- The Google Cloud service account key secret. This is required when authType is USER or + # SERVICE_ACCOUNT. + authCredentialsJsonSecret: + # -- The secret name to pull a valid Google Cloud service account key from. + name: ~ + # -- The secret key storing the Google Cloud service account JSON key. + key: ~ + + # -- The oauth2 token secret. This is required when authType is ACCESS_TOKEN. + oauth2TokenSecret: + # # -- The secret name to pull a valid Google Cloud service account key from. + name: ~ + # # -- The secret key storing the token. + token: ~ + # # -- The secret key storing the token's expiresAt value (optional). + expiresAt: ~ + + # -- Customer-supplied AES256 key for blob encryption when writing. Currently unsupported. + encryptionKey: ~ + # -- Customer-supplied AES256 key for blob decryption when reading. Currently unsupported. + decryptionKey: ~ + + # -- The read chunk size in bytes. Must be a valid ISO duration. + readChunkSize: ~ + # -- The write chunk size in bytes. Must be a valid ISO duration. + writeChunkSize: ~ + # -- The delete batch size. + deleteBatchSize: ~ + + # -- Per-bucket GCS settings. Override the general settings above. + buckets: [] + # - name: bucket1 + # authority: bucket1 + # pathPrefix: path/in/the/bucket + # authType: ACCESS_TOKEN + # oauth2TokenSecret: + # name: gcs-creds + # key: token + # expiresAt: expiresAt + + # -- GCS transport settings. Not overridable on a per-bucket basis. + transport: + # -- Override the default maximum number of attempts. + maxAttempts: ~ + # -- Override the default connection timeout. Must be a valid ISO duration. + connectTimeout: ~ + # -- Override the default read timeout. Must be a valid ISO duration. + readTimeout: ~ + # -- Override the default initial retry delay. Must be a valid ISO duration. + initialRetryDelay: ~ + # -- Override the default maximum retry delay. Must be a valid ISO duration. + maxRetryDelay: ~ + # -- Override the default retry delay multiplier. Must be a valid ISO duration. + retryDelayMultiplier: ~ + # -- Override the default initial RPC timeout. Must be a valid ISO duration. + initialRpcTimeout: ~ + # -- Override the default maximum RPC timeout. Must be a valid ISO duration. + maxRpcTimeout: ~ + # -- Override the default RPC timeout multiplier. Must be a valid ISO duration. + rpcTimeoutMultiplier: ~ + # -- Override the default logical request timeout. Must be a valid ISO duration. + logicalTimeout: ~ + # -- Override the default total timeout. Must be a valid ISO duration. + totalTimeout: ~ + + adls: + + # Global ADLS settings. Can be overridden on a per-filesystem basis below. + defaultOptions: + # -- Custom HTTP endpoint. In case clients need to use a different URI, use externalEndpoint. + endpoint: ~ + # -- Custom HTTP endpoint to be used by clients. If not set, the endpoint value is used. + externalEndpoint: ~ + # -- The retry strategy to use. Valid values are: NONE, EXPONENTIAL_BACKOFF, FIXED_DELAY. + # The default is EXPONENTIAL_BACKOFF. + retryPolicy: ~ + # -- The maximum number of retries. Must be a positive integer. Default is 4. Optional. + # Valid if retryPolicy is EXPONENTIAL_BACKOFF or FIXED_DELAY. + maxRetries: ~ + # -- The maximum time allowed before a request is cancelled and assumed failed, default is + # Integer.MAX_VALUE. Optional. Must be a valid ISO duration. Valid if retryPolicy is + # EXPONENTIAL_BACKOFF or FIXED_DELAY. + tryTimeout: ~ + # -- Specifies the amount of delay to use before retrying an operation, default value is + # PT4S (4 seconds) when retryPolicy is EXPONENTIAL_BACKOFF and PT30S (30 seconds) when + # retryPolicy is FIXED_DELAY. Must be a valid ISO duration. + retryDelay: ~ + # -- Specifies the maximum delay allowed before retrying an operation, default value is + # PT120s (120 seconds). Must be a valid ISO duration. Valid if retryPolicy is + # EXPONENTIAL_BACKOFF. + maxRetryDelay: ~ + # -- The authentication type to use. Valid values are: NONE, STORAGE_SHARED_KEY, SAS_TOKEN, + # APPLICATION_DEFAULT. The default is NONE. + authType: ~ + # -- A secret containing the account name and key to use. Required when authType is + # STORAGE_SHARED_KEY. + accountSecret: + # -- Name of the secret containing the account name and key. + name: ~ + # -- Secret key containing the fully-qualified account name, e.g. "myaccount.dfs.core.windows.net". + accountName: ~ + # -- Secret key containing the account key. + accountKey: ~ + # -- A secret containing the SAS token to use. Required when authType is SAS_TOKEN. + sasTokenSecret: + # -- Name of the secret containing the SAS token. + name: ~ + # -- Secret key containing the SAS token. + sasToken: ~ + + # -- Per-filesystem ADLS settings. Override the general settings above. + filesystems: [] + # - name: filesystem1 + # authority: bucket1 + # pathPrefix: path/in/the/bucket + # endpoint: http://localhost/adlsgen2/bucket + # accountSecret: + # name: adls-account-secret + # accountName: accountName + # accountKey: accountKeyRef + + # -- ADLS transport settings. Not overridable on a per-bucket basis. + transport: + # -- The default maximum connection pool size is determined by the underlying HTTP client. + # Not overridable on a per-filesystem basis. + maxHttpConnections: ~ + # -- Sets the connection timeout for a request to be sent. The default is PT10S (10 + # seconds). Must be a valid ISO duration. Not overridable on a per-filesystem basis. + connectTimeout: ~ + # -- Sets the read timeout duration used when reading the server response. The default is + # PT60S (60 seconds). Must be a valid ISO duration. Not overridable on a per-filesystem + # basis. + readTimeout: ~ + # -- Sets the write timeout duration used when writing the request to the server. The + # default is PT60S (60 seconds). Must be a valid ISO duration. Not overridable on a + # per-filesystem basis. + writeTimeout: ~ + # -- Sets the maximum idle time for a connection to be kept alive. The default is PT60S (60 + # seconds). Must be a valid ISO duration. Not overridable on a per-filesystem basis. + connectionIdleTimeout: ~ + # -- The size of each data chunk returned from the service in bytes. The default value is 4 + # MB. Not overridable on a per-filesystem basis. + readBlockSize: ~ + # -- Sets the block size in bytes to transfer at a time. Not overridable on a per-filesystem + # basis. + writeBlockSize: ~ + + # -- Custom ADLS configuration options, see javadocs of com.azure.core.util.Configuration. + # Not overridable on a per-filesystem basis. + advancedConfig: {} + + +# -- Advanced configuration. +# You can pass here any valid Nessie or Quarkus configuration property. +# Any property that is defined here takes precedence over all the other configuration values generated by this chart. +# Properties can be passed "flattened" or as nested YAML objects (see examples below). +advancedConfig: + {} +# Nessie version store settings +# ----------------------------- +# +# See description of the various cache size parameters and their defaults. +# +# nessie.version.store.persist.cache-capacity-mb: (defaults to fractional size, based on max-heap size) +# nessie.version.store.persist.cache-capacity-fraction-of-heap: 0.7 +# nessie.version.store.persist.cache-capacity-fraction-adjust-mb: 256 +# nessie.version.store.persist.cache-capacity-fraction-min-size-mb: 64 +# +# nessie.server.default-branch: my-branch +# +# nessie.version.store.persist.repository-id: my-repository +# +# Reverse Proxy Settings +# ---------------------- +# +# These config options are mentioned only for documentation purposes. Consult the +# Quarkus documentation for "Running behind a reverse proxy" and configure those +# depending on your actual needs. +# +# See https://quarkus.io/guides/http-reference#reverse-proxy +# +# Do NOT enable these option unless your reverse proxy (for example istio or nginx) +# is properly setup to set these headers but also filter those from incoming requests. +# +# quarkus: +# http: +# proxy: +# proxy-address-forwarding: "true" +# allow-x-forwarded: "true" +# enable-forwarded-host: "true" +# enable-forwarded-prefix: "true" +# trusted-proxies: "127.0.0.1" + +# -- Advanced configuration via Environment Variables. +# Extra environment variables to add to the Nessie server container. +# You can pass here any valid EnvVar object: +# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core +# This can be useful to get configuration values from Kubernetes secrets or config maps. +extraEnv: + [] +# - name: QUARKUS_MONGODB_APPLICATION_NAME +# value: my-app +# - name: QUARKUS_MONGODB_TLS +# valueFrom: +# configMapKeyRef: +# name: mongodb-config +# key: tls + +authentication: + # -- Specifies whether authentication for the nessie server should be enabled. + enabled: false + # -- Sets the base URL of the OpenID Connect (OIDC) server. Required if authentication is enabled (unless local token introspection is enforced through advanced configuration). + oidcAuthServerUrl: ~ # http://example.com:8080/auth/realms/master + # -- Set the OIDC client ID. If Nessie must contact the OIDC server, this is the client ID that will be used to identify the application. + oidcClientId: nessie + # -- Set the OIDC client secret. Whether the client secret is required depends on the OIDC server configuration. + # For Keycloak, the client secret is generally not required as the returned tokens can be introspected locally by Nessie. + # If token introspection requires a round-trip to the OIDC server, the client secret is required. + oidcClientSecret: {} +# name: nessie-oidc-creds +# key: client-secret + +authorization: + # -- Specifies whether authorization for the nessie server should be enabled. + enabled: false + # -- The authorization rules when authorization.enabled=true. Example rules can be found at https://projectnessie.org/features/metadata_authorization/#authorization-rules + rules: + {} + # allowViewingBranch: op=='VIEW_REFERENCE' && role.startsWith('test_user') && ref.startsWith('allowedBranch') + # allowCommits: op=='COMMIT_CHANGE_AGAINST_REFERENCE' && role.startsWith('test_user') && ref.startsWith('allowedBranch') + +tracing: + # -- Specifies whether tracing for the nessie server should be enabled. + enabled: false + # -- The collector endpoint URL to connect to (required). + # The endpoint URL must have either the http:// or the https:// scheme. + # The collector must talk the OpenTelemetry protocol (OTLP) and the port must be its gRPC port (by default 4317). + # See https://quarkus.io/guides/opentelemetry for more information. + endpoint: "http://otlp-collector:4317" + # -- Which requests should be sampled. Valid values are: "all", "none", or a ratio between 0.0 and + # "1.0d" (inclusive). E.g. "0.5d" means that 50% of the requests will be sampled. + sample: "1.0d" + # -- Resource attributes to identify the nessie service among other tracing sources. + # See https://opentelemetry.io/docs/reference/specification/resource/semantic_conventions/#service. + # If left empty, traces will be attached to a service named "Nessie"; to change this, provide a service.name attribute here. + attributes: + {} + # service.name: my-nessie + +metrics: + # -- Specifies whether metrics for the nessie server should be enabled. + enabled: true + # -- Additional tags (dimensional labels) to add to the metrics. + tags: + {} + # service: nessie + # environment: production + + serviceMonitor: + # -- Specifies whether a ServiceMonitor for Prometheus operator should be created. + enabled: true + # -- The scrape interval; leave empty to let Prometheus decide. Must be a valid duration, e.g. 1d, 1h30m, 5m, 10s. + interval: "" + # -- Labels for the created ServiceMonitor so that Prometheus operator can properly pick it up. + labels: + {} + # release: prometheus + # -- Additional labels to add to the ServiceMonitor + additionalLabels: {} + # -- Relabeling rules to apply to metrics. Ref https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config. + metricRelabelings: [] + # - source_labels: [ __meta_kubernetes_namespace ] + # separator: ; + # regex: (.*) + # target_label: namespace + # replacement: $1 + # action: replace + +serviceAccount: + # -- Specifies whether a service account should be created. + create: true + # -- Annotations to add to the service account. + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template. + name: "" + +# -- Annotations to apply to nessie pods. +podAnnotations: {} + +# -- Additional Labels to apply to nessie pods. +podLabels: {} + +# -- Additional Labels to apply to nessie configmap. +configMapLabels: {} + +# -- Security context for the nessie pod. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. +podSecurityContext: + # GID 10001 is compatible with Nessie OSS default images starting with 0.95.1; change this if you + # are using a different image. + fsGroup: 10001 + seccompProfile: + type: RuntimeDefault + +# -- Security context for the nessie container. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. +securityContext: + # UID 10000 and GID 10001 are compatible with Nessie OSS default images starting with 0.95.1; + # change this if you are using a different image. + runAsUser: 10000 + runAsGroup: 10001 + runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + +# -- Nessie main service settings. +service: + # -- The type of service to create. + type: ClusterIP + # -- The ports the service will listen on. + # At least one port is required; the first port implicitly becomes the HTTP port that the + # application will use for serving API requests. By default, it's 19120. + # Note: port names must be unique and no more than 15 characters long. + ports: + - name: nessie-http + number: 19120 + # - name: nessie-https + # number: 19121 + # -- The session affinity for the service. Valid values are: None, ClientIP. + # ClientIP enables sticky sessions based on the client's IP address. + # This is generally beneficial to Nessie deployments, but some testing may be + # required in order to make sure that the load is distributed evenly among the pods. + # Also, this setting affects only internal clients, not external ones. + # If Ingress is enabled, it is recommended to set sessionAffinity to None. + sessionAffinity: None + # -- You can specify your own cluster IP address + # If you define a Service that has the .spec.clusterIP set to "None" then Kubernetes does not assign an IP address. + # Instead, DNS records for the service will return the IP addresses of each pod targeted by the server. This is + # called a headless service. + # See https://kubernetes.io/docs/concepts/services-networking/service/#headless-services + clusterIP: "" + # -- The traffic policy fields control how traffic from internal and external sources are routed respectively. + # Valid values are Cluster and Local. + # Set the field to Cluster to route traffic to all ready endpoints. + # Set the field to Local to only route to ready node-local endpoints. + # If the traffic policy is Local and there are no node-local endpoints, traffic is dropped by kube-proxy + internalTrafficPolicy: Cluster + externalTrafficPolicy: Cluster + # -- The traffic distribution field provides another way to influence traffic routing within a Kubernetes Service. + # While traffic policies focus on strict semantic guarantees, traffic distribution allows you to express preferences + # such as routing to topologically closer endpoints. + # Valid values are: PreferClose + trafficDistribution: PreferClose + # -- Annotations to add to the service. + annotations: {} + +# -- Management service settings. These settings are used to configure liveness and readiness probes, +# and to configure the dedicated headless service that will expose health checks and metrics, e.g. +# for metrics scraping and service monitoring. +managementService: + # -- The name of the management port. Required. + portName: nessie-mgmt + # -- The port the management service listens on. By default, the management interface is exposed + # on HTTP port 9000. + portNumber: 9000 + # -- Annotations to add to the service. + annotations: {} + +# -- Additional service definitions. All service definitions always select all Nessie pods. Use +# this if you need to expose specific ports with different configurations. +extraServices: [] + # - # -- The suffix to append to the service name. Required. + # nameSuffix: "-ext" + # # -- The type of service to create. + # type: LoadBalancer + # # -- The ports the service will listen on. + # ports: + # - name: nessie-http + # number: 19120 + # - name: nessie-https + # number: 19121 + # sessionAffinity: None + # clusterIP: "" + # internalTrafficPolicy: Cluster + # externalTrafficPolicy: Cluster + # trafficDistribution: PreferClose + # annotations: {} + +# -- Nessie Ingress settings. +# These settings generate an Ingress resource that routes external traffic to the Nessie service. +# Consider enabling sticky sessions based on the remote client's IP address; +# this is generally beneficial to Nessie deployments, but some testing may be +# required in order to make sure that the load is distributed evenly among the pods. +# Check your ingress controller's documentation. +ingress: + # -- Specifies whether an ingress should be created. + enabled: false + # -- Specifies the ingressClassName; leave empty if you don't want to customize it. + className: "" + # -- Annotations to add to the ingress. + annotations: { + # nginx.ingress.kubernetes.io/upstream-hash-by: "$binary_remote_addr" + } + # -- Specifies the path type of host paths. Valid values are: "Prefix", "Exact" or "ImplementationSpecific". + pathType: ImplementationSpecific + # -- A list of host paths used to configure the ingress. + hosts: + - host: chart-example.local + paths: [] + # -- The service target for the ingress. + service: + # -- The port name to route traffic to. Must match one of the ports in service.ports or in + # extraServices.ports. Optional; if not provided, the first port in service.ports will be used. + portName: nessie-http + # -- The target service name suffix. Optional; if not provided, the main service will be + # targeted. Change this only if you are targeting a service defined in extraServices. + nameSuffix: "" + # -- A list of TLS certificates; each entry has a list of hosts in the certificate, + # along with the secret name used to terminate TLS traffic on port 443. + tls: [] +# - hosts: +# - chart-example1.local +# - chart-example2.local +# secretName: secret1 + +# -- Override the strategy for nessie deployment. +# Valid values for type are: RollingUpdate and Recreate. +# If you are using the ROCKSDB version store type then you should use Recreate. +# Max Surge will allow new pods to be created before old ones are culled. Do not enable this when using ROCKSDB +# version store type. +# Max Unavailable will allow old pods to be culled before replacements are created +# See: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +deploymentStrategy: + {} + # type: RollingUpdate + # rollingUpdate: + # maxUnavailable: 0 + # maxSurge: 1 + +# -- Configures the resources requests and limits for nessie pods. +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + # -- Specifies whether automatic horizontal scaling should be enabled. + # Do not enable this when using ROCKSDB version store type. + enabled: false + # -- The minimum number of replicas to maintain. + minReplicas: 1 + # -- The maximum number of replicas to maintain. + maxReplicas: 3 + # -- Optional; set to zero or empty to disable. + targetCPUUtilizationPercentage: 80 + # -- Optional; set to zero or empty to disable. + targetMemoryUtilizationPercentage: + +# -- Node labels which must match for the nessie pod to be scheduled on that node. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. +nodeSelector: + {} + # kubernetes.io/os: linux + +# -- A list of tolerations to apply to nessie pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/. +tolerations: [] +# - key: "node-role.kubernetes.io/control-plane" +# operator: "Exists" +# effect: "NoSchedule" + +# -- Affinity and anti-affinity for nessie pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. +affinity: {} +# podAffinity: +# preferredDuringSchedulingIgnoredDuringExecution: +# - weight: 100 +# podAffinityTerm: +# topologyKey: kubernetes.io/hostname +# labelSelector: +# matchExpressions: +# - key: app.kubernetes.io/name +# operator: In +# values: +# - nessie + +# -- Configures the liveness probe for nessie pods. +livenessProbe: + # -- Number of seconds after the container has started before liveness probes are initiated. Minimum value is 0. + initialDelaySeconds: 5 + # -- How often (in seconds) to perform the probe. Minimum value is 1. + periodSeconds: 10 + # -- Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1. + successThreshold: 1 + # -- Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. + failureThreshold: 3 + # -- Number of seconds after which the probe times out. Minimum value is 1. + timeoutSeconds: 10 + # -- Optional duration in seconds the pod needs to terminate gracefully upon probe failure. Minimum value is 1. + terminationGracePeriodSeconds: 30 + +# -- Configures the readiness probe for nessie pods. +readinessProbe: + # -- Number of seconds after the container has started before readiness probes are initiated. Minimum value is 0. + initialDelaySeconds: 5 + # -- How often (in seconds) to perform the probe. Minimum value is 1. + periodSeconds: 10 + # -- Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1. + successThreshold: 1 + # -- Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. + failureThreshold: 3 + # -- Number of seconds after which the probe times out. Minimum value is 1. + timeoutSeconds: 10 + +# -- Extra volumes to add to the nessie pod. See https://kubernetes.io/docs/concepts/storage/volumes/. +extraVolumes: [] + # - name: extra-volume + # emptyDir: {} + +# -- Extra volume mounts to add to the nessie container. See https://kubernetes.io/docs/concepts/storage/volumes/. +extraVolumeMounts: [] + # - name: extra-volume + # mountPath: /usr/share/extra-volume + +# -- Add additional init containers to the nessie pod(s) See https://kubernetes.io/docs/concepts/workloads/pods/init-containers/. +extraInitContainers: [] + # - name: your-image-name + # image: your-image + # imagePullPolicy: Always + # command: ['sh', '-c', 'echo "hello world"'] diff --git a/addons/nessie/0.103/meta.yaml b/addons/nessie/0.103/meta.yaml new file mode 100644 index 00000000..1189d899 --- /dev/null +++ b/addons/nessie/0.103/meta.yaml @@ -0,0 +1,63 @@ +name: opensearch +version: "2.10" +id: 5975094d-45cc-4e85-8573-f93937d026c7 +description: "opensearch." +displayName: "opensearch" +metadata: + displayName: "opensearch" + provider: + name: drycc + supportURL: https://opensearch.org/ + documentationURL: https://github.com/drycc-addons/containers/tree/main/containers/opensearch +tags: opensearch +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "extraConfig" + required: false + description: "extraConfig config for values.yaml" +- name: "plugins" + required: false + description: "plugins config for values.yaml" +- name: "config" + required: false + description: "opensearch configuration for values.yaml" +- name: "master.nodeSelector" + required: false + description: "master nodeSelector config for values.yaml" +- name: "master.networkPolicy.allowNamespaces" + required: false + description: "master networkPolicy allowNamespaces config for values.yaml" +- name: "ingest.nodeSelector" + required: false + description: "ingest nodeSelector config for values.yaml" +- name: "ingest.networkPolicy.allowNamespaces" + required: false + description: "ingest networkPolicy allowNamespaces config for values.yaml" +- name: "data.nodeSelector" + required: false + description: "data nodeSelector config for values.yaml" +- name: "data.networkPolicy.allowNamespaces" + required: false + description: "data networkPolicy allowNamespaces config for values.yaml" +- name: "coordinating.nodeSelector" + required: false + description: "coordinating nodeSelector config for values.yaml" +- name: "coordinating.networkPolicy.allowNamespaces" + required: false + description: "coordinating networkPolicy allowNamespaces config for values.yaml" +- name: "dashboards.nodeSelector" + required: false + description: "dashboards nodeSelector config for values.yaml" +- name: "dashboards.networkPolicy.allowNamespaces" + required: false + description: "dashboards networkPolicy allowNamespaces config for values.yaml" +- name: "service.type" + required: false + description: "service type config for values.yaml" +- name: "dashboards.service.type" + required: false + description: "dashboards service type config for values.yaml" +archive: false diff --git a/addons/nessie/0.103/plans/standard-1c1g5/bind.yaml b/addons/nessie/0.103/plans/standard-1c1g5/bind.yaml new file mode 100644 index 00000000..ba4641b9 --- /dev/null +++ b/addons/nessie/0.103/plans/standard-1c1g5/bind.yaml @@ -0,0 +1,29 @@ +credential: + {{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.names.fullname" . }}-admin + jsonpath: '{ .data.GF_SECURITY_ADMIN_PASSWORD }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ include "common.names.fullname" . }}-admin + jsonpath: '{ .data.GF_SECURITY_ADMIN_USER }' + - name: PORT + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.ports[?(@.name=="http")].port }' + diff --git a/addons/nessie/0.103/plans/standard-1c1g5/meta.yaml b/addons/nessie/0.103/plans/standard-1c1g5/meta.yaml new file mode 100644 index 00000000..455ec32f --- /dev/null +++ b/addons/nessie/0.103/plans/standard-1c1g5/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1c1g5" +id: 1694a049-0f1d-40c6-8c56-59b8285f1654 +description: "grafana plan standard-1c1g5 which limit 1c1g ,default persistence size 5Gi." +displayName: "1c1g5" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/nessie/0.103/plans/standard-1c1g5/values.yaml b/addons/nessie/0.103/plans/standard-1c1g5/values.yaml new file mode 100644 index 00000000..9b947023 --- /dev/null +++ b/addons/nessie/0.103/plans/standard-1c1g5/values.yaml @@ -0,0 +1,50 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-nessie-standard-5 + +jdbc: + # -- The JDBC connection string. If you are using Nessie OSS images, then only + # PostgreSQL, MariaDB and MySQL URLs are supported. Check your JDBC driver documentation + # for the correct URL format. + jdbcUrl: jdbc:postgresql://10.43.205.80:5432/postgres + # -- The secret key storing the datasource username. + username: administrator + # -- The secret key storing the datasource password. + password: gvB7Ha9uP7 + +catalog: + # -- Whether to enable the REST catalog service. + enabled: true + iceberg: + # -- The default warehouse name. Required. This is just a symbolic name; it must refer to a + # declared warehouse below. + defaultWarehouse: warehouse + warehouses: + # -- Symbolic name of the warehouse. Required. + - name: warehouse + # -- Location of the warehouse. Required. Used to determine the base location of a table. + # Scheme must be either s3 (Amazon S3), gs (Google GCS) or abfs / abfss (Azure ADLS). Storage + # properties for each location can be defined below. + location: s3://bucket1/ + + storage: + s3: + # Global S3 settings. Can be overridden on a per-bucket basis below. + defaultOptions: + # -- DNS name of the region, required for AWS. + region: us-west-1 + # -- Endpoint URI, required for private clouds. Optional; if not provided, the default is + # used. + endpoint: "http://10.43.223.144:9000" + # -- The secret key storing the AWS secret key id. + awsAccessKeyId: admin + # -- The secret key storing the AWS secret access key. + awsSecretAccessKey: u929mrqXtb + +resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 100m + memory: 128Mi \ No newline at end of file From 33833c6be591d76183e31853128712a01ae7a66c Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 14 Mar 2025 17:13:41 +0800 Subject: [PATCH 143/176] chore(nessie): add plans --- .../0.103/chart/nessie/simple-values.yaml | 41 +++++++++++ .../0.103/chart/nessie/templates/_helpers.tpl | 6 +- .../chart/nessie/templates/deployment.yaml | 2 +- .../0.103/chart/nessie/templates/secrets.yaml | 4 +- .../nessie/templates/servicemonitor.yaml | 2 +- addons/nessie/0.103/meta.yaml | 68 +++++-------------- .../0.103/plans/standard-1c1g5/bind.yaml | 29 -------- .../0.103/plans/standard-1c1g5/meta.yaml | 6 -- .../0.103/plans/standard-1c1g5/values.yaml | 50 -------------- .../0.103/plans/standard-4c4g/bind.yaml | 19 ++++++ .../0.103/plans/standard-4c4g/meta.yaml | 6 ++ .../0.103/plans/standard-4c4g/values.yaml | 11 +++ .../0.103/plans/standard-8c8g/bind.yaml | 19 ++++++ .../0.103/plans/standard-8c8g/meta.yaml | 6 ++ .../0.103/plans/standard-8c8g/values.yaml | 11 +++ 15 files changed, 136 insertions(+), 144 deletions(-) delete mode 100644 addons/nessie/0.103/plans/standard-1c1g5/bind.yaml delete mode 100644 addons/nessie/0.103/plans/standard-1c1g5/meta.yaml delete mode 100644 addons/nessie/0.103/plans/standard-1c1g5/values.yaml create mode 100644 addons/nessie/0.103/plans/standard-4c4g/bind.yaml create mode 100644 addons/nessie/0.103/plans/standard-4c4g/meta.yaml create mode 100644 addons/nessie/0.103/plans/standard-4c4g/values.yaml create mode 100644 addons/nessie/0.103/plans/standard-8c8g/bind.yaml create mode 100644 addons/nessie/0.103/plans/standard-8c8g/meta.yaml create mode 100644 addons/nessie/0.103/plans/standard-8c8g/values.yaml diff --git a/addons/nessie/0.103/chart/nessie/simple-values.yaml b/addons/nessie/0.103/chart/nessie/simple-values.yaml index e69de29b..6b4b64db 100644 --- a/addons/nessie/0.103/chart/nessie/simple-values.yaml +++ b/addons/nessie/0.103/chart/nessie/simple-values.yaml @@ -0,0 +1,41 @@ +jdbc: + # -- The JDBC connection string. If you are using Nessie OSS images, then only + # PostgreSQL, MariaDB and MySQL URLs are supported. Check your JDBC driver documentation + # for the correct URL format. + jdbcUrl: jdbc:postgresql://10.43.205.80:5432/postgres + # -- The secret key storing the datasource username. + username: administrator + # -- The secret key storing the datasource password. + password: gvB7Ha9uP7 + +catalog: + # -- Whether to enable the REST catalog service. + enabled: true + iceberg: + # -- The default warehouse name. Required. This is just a symbolic name; it must refer to a + # declared warehouse below. + defaultWarehouse: warehouse + warehouses: + # -- Symbolic name of the warehouse. Required. + - name: warehouse + # -- Location of the warehouse. Required. Used to determine the base location of a table. + # Scheme must be either s3 (Amazon S3), gs (Google GCS) or abfs / abfss (Azure ADLS). Storage + # properties for each location can be defined below. + location: s3://bucket1/ + + storage: + s3: + # Global S3 settings. Can be overridden on a per-bucket basis below. + defaultOptions: + # -- DNS name of the region, required for AWS. + region: us-west-1 + # -- Endpoint URI, required for private clouds. Optional; if not provided, the default is + # used. + endpoint: "http://10.43.223.144:9000" + # -- The secret key storing the AWS secret key id. + awsAccessKeyId: admin + # -- The secret key storing the AWS secret access key. + awsSecretAccessKey: u929mrqXtb + +extraEnv: + [] \ No newline at end of file diff --git a/addons/nessie/0.103/chart/nessie/templates/_helpers.tpl b/addons/nessie/0.103/chart/nessie/templates/_helpers.tpl index fb2887f8..39b474b4 100644 --- a/addons/nessie/0.103/chart/nessie/templates/_helpers.tpl +++ b/addons/nessie/0.103/chart/nessie/templates/_helpers.tpl @@ -344,7 +344,7 @@ config types know about that symbolic name and resolve it via a SecretsProvider, {{- $addRef := index . 4 -}} {{- $global := index . 5 -}} {{- if $secret -}} -{{- $secretName := get $secret "name" -}} +{{- $secretName := printf "%s-%s" (include "nessie.fullname" $global) (get $secret "name") -}} {{- $secretKey := get $secret $key -}} {{- with $global -}} {{- if (and $secretName $secretKey) -}} @@ -375,7 +375,7 @@ Define an env var from secret key. {{- $envVarName := index . 2 -}} {{- $global := index . 3 -}} {{- if $secret -}} -{{- $secretName := get $secret "name" -}} +{{- $secretName := printf "%s-%s" (include "nessie.fullname" $global) (get $secret "name") -}} {{- $secretKey := get $secret $key -}} {{- with $global -}} {{- if (and $secretName $secretKey) -}} @@ -516,4 +516,4 @@ https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/ {{- else -}} {{- printf "%v" $n -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/addons/nessie/0.103/chart/nessie/templates/deployment.yaml b/addons/nessie/0.103/chart/nessie/templates/deployment.yaml index d054ae50..e163af32 100644 --- a/addons/nessie/0.103/chart/nessie/templates/deployment.yaml +++ b/addons/nessie/0.103/chart/nessie/templates/deployment.yaml @@ -40,7 +40,7 @@ spec: annotations: projectnessie.org/config-checksum: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} prometheus.io/scrape: "{{ .Values.metrics.enabled | default "false" }}" - prometheus.io/port: "{{ .Values.managementService.port }}" + prometheus.io/port: "{{ .Values.managementService.portNumber }}" prometheus.io/path: "/q/metrics" {{- if .Values.podAnnotations }} {{- tpl (toYaml .Values.podAnnotations) . | nindent 8 }} diff --git a/addons/nessie/0.103/chart/nessie/templates/secrets.yaml b/addons/nessie/0.103/chart/nessie/templates/secrets.yaml index 24cc8bbd..6c46c6a6 100644 --- a/addons/nessie/0.103/chart/nessie/templates/secrets.yaml +++ b/addons/nessie/0.103/chart/nessie/templates/secrets.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: datasource-creds + name: {{ include "nessie.fullname" . }}-datasource-creds namespace: {{ .Release.Namespace }} type: Opaque stringData: @@ -11,7 +11,7 @@ stringData: apiVersion: v1 kind: Secret metadata: - name: awscreds + name: {{ include "nessie.fullname" . }}-awscreds namespace: {{ .Release.Namespace }} type: Opaque stringData: diff --git a/addons/nessie/0.103/chart/nessie/templates/servicemonitor.yaml b/addons/nessie/0.103/chart/nessie/templates/servicemonitor.yaml index b823f213..f60b2a6f 100644 --- a/addons/nessie/0.103/chart/nessie/templates/servicemonitor.yaml +++ b/addons/nessie/0.103/chart/nessie/templates/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if .Values.metrics.enabled }} +{{- if false}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/addons/nessie/0.103/meta.yaml b/addons/nessie/0.103/meta.yaml index 1189d899..4b14bfe9 100644 --- a/addons/nessie/0.103/meta.yaml +++ b/addons/nessie/0.103/meta.yaml @@ -1,63 +1,27 @@ -name: opensearch -version: "2.10" -id: 5975094d-45cc-4e85-8573-f93937d026c7 -description: "opensearch." -displayName: "opensearch" +name: nessie +version: "0.103.0" +id: fd1cbeda-00a5-11f0-8a54-dbe6761671cc +description: "nessie." +displayName: "nessie" metadata: - displayName: "opensearch" + displayName: "nessie" provider: name: drycc - supportURL: https://opensearch.org/ - documentationURL: https://github.com/drycc-addons/containers/tree/main/containers/opensearch -tags: opensearch + supportURL: https://nessie.org/ + documentationURL: https://github.com/drycc-addons/containers/tree/main/containers/nessie +tags: nessie bindable: true instances_retrievable: true bindings_retrievable: true plan_updateable: true allow_parameters: -- name: "extraConfig" +- name: "jdbc" + required: true + description: "config nessie persist store" +- name: "catalog" required: false - description: "extraConfig config for values.yaml" -- name: "plugins" + description: "config nessie catalog" +- name: "extraEnv" required: false - description: "plugins config for values.yaml" -- name: "config" - required: false - description: "opensearch configuration for values.yaml" -- name: "master.nodeSelector" - required: false - description: "master nodeSelector config for values.yaml" -- name: "master.networkPolicy.allowNamespaces" - required: false - description: "master networkPolicy allowNamespaces config for values.yaml" -- name: "ingest.nodeSelector" - required: false - description: "ingest nodeSelector config for values.yaml" -- name: "ingest.networkPolicy.allowNamespaces" - required: false - description: "ingest networkPolicy allowNamespaces config for values.yaml" -- name: "data.nodeSelector" - required: false - description: "data nodeSelector config for values.yaml" -- name: "data.networkPolicy.allowNamespaces" - required: false - description: "data networkPolicy allowNamespaces config for values.yaml" -- name: "coordinating.nodeSelector" - required: false - description: "coordinating nodeSelector config for values.yaml" -- name: "coordinating.networkPolicy.allowNamespaces" - required: false - description: "coordinating networkPolicy allowNamespaces config for values.yaml" -- name: "dashboards.nodeSelector" - required: false - description: "dashboards nodeSelector config for values.yaml" -- name: "dashboards.networkPolicy.allowNamespaces" - required: false - description: "dashboards networkPolicy allowNamespaces config for values.yaml" -- name: "service.type" - required: false - description: "service type config for values.yaml" -- name: "dashboards.service.type" - required: false - description: "dashboards service type config for values.yaml" + description: "config nessie env" archive: false diff --git a/addons/nessie/0.103/plans/standard-1c1g5/bind.yaml b/addons/nessie/0.103/plans/standard-1c1g5/bind.yaml deleted file mode 100644 index ba4641b9..00000000 --- a/addons/nessie/0.103/plans/standard-1c1g5/bind.yaml +++ /dev/null @@ -1,29 +0,0 @@ -credential: - {{- if (eq .Values.service.type "LoadBalancer") }} - - name: EXTRANET_HOST - valueFrom: - serviceRef: - name: {{ include "common.names.fullname" . }} - jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- end }} - - name: HOST - valueFrom: - serviceRef: - name: {{ include "common.names.fullname" . }} - jsonpath: '{ .spec.clusterIP }' - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }}-admin - jsonpath: '{ .data.GF_SECURITY_ADMIN_PASSWORD }' - - name: USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }}-admin - jsonpath: '{ .data.GF_SECURITY_ADMIN_USER }' - - name: PORT - valueFrom: - serviceRef: - name: {{ include "common.names.fullname" . }} - jsonpath: '{ .spec.ports[?(@.name=="http")].port }' - diff --git a/addons/nessie/0.103/plans/standard-1c1g5/meta.yaml b/addons/nessie/0.103/plans/standard-1c1g5/meta.yaml deleted file mode 100644 index 455ec32f..00000000 --- a/addons/nessie/0.103/plans/standard-1c1g5/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-1c1g5" -id: 1694a049-0f1d-40c6-8c56-59b8285f1654 -description: "grafana plan standard-1c1g5 which limit 1c1g ,default persistence size 5Gi." -displayName: "1c1g5" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/nessie/0.103/plans/standard-1c1g5/values.yaml b/addons/nessie/0.103/plans/standard-1c1g5/values.yaml deleted file mode 100644 index 9b947023..00000000 --- a/addons/nessie/0.103/plans/standard-1c1g5/values.yaml +++ /dev/null @@ -1,50 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-nessie-standard-5 - -jdbc: - # -- The JDBC connection string. If you are using Nessie OSS images, then only - # PostgreSQL, MariaDB and MySQL URLs are supported. Check your JDBC driver documentation - # for the correct URL format. - jdbcUrl: jdbc:postgresql://10.43.205.80:5432/postgres - # -- The secret key storing the datasource username. - username: administrator - # -- The secret key storing the datasource password. - password: gvB7Ha9uP7 - -catalog: - # -- Whether to enable the REST catalog service. - enabled: true - iceberg: - # -- The default warehouse name. Required. This is just a symbolic name; it must refer to a - # declared warehouse below. - defaultWarehouse: warehouse - warehouses: - # -- Symbolic name of the warehouse. Required. - - name: warehouse - # -- Location of the warehouse. Required. Used to determine the base location of a table. - # Scheme must be either s3 (Amazon S3), gs (Google GCS) or abfs / abfss (Azure ADLS). Storage - # properties for each location can be defined below. - location: s3://bucket1/ - - storage: - s3: - # Global S3 settings. Can be overridden on a per-bucket basis below. - defaultOptions: - # -- DNS name of the region, required for AWS. - region: us-west-1 - # -- Endpoint URI, required for private clouds. Optional; if not provided, the default is - # used. - endpoint: "http://10.43.223.144:9000" - # -- The secret key storing the AWS secret key id. - awsAccessKeyId: admin - # -- The secret key storing the AWS secret access key. - awsSecretAccessKey: u929mrqXtb - -resources: - limits: - cpu: 2000m - memory: 4096Mi - requests: - cpu: 100m - memory: 128Mi \ No newline at end of file diff --git a/addons/nessie/0.103/plans/standard-4c4g/bind.yaml b/addons/nessie/0.103/plans/standard-4c4g/bind.yaml new file mode 100644 index 00000000..8f991267 --- /dev/null +++ b/addons/nessie/0.103/plans/standard-4c4g/bind.yaml @@ -0,0 +1,19 @@ +credential: +{{- if eq .Values.service.type "LoadBalancer" }} +- name: EXTERNAL_IP + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{.status.loadBalancer.ingress[0].ip}' +{{- end }} +- name: CLUSTER_IP + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{.spec.clusterIP}' +- name: PORT + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{.spec.ports[?(@.name=="http")].port}' + diff --git a/addons/nessie/0.103/plans/standard-4c4g/meta.yaml b/addons/nessie/0.103/plans/standard-4c4g/meta.yaml new file mode 100644 index 00000000..5c43e6ca --- /dev/null +++ b/addons/nessie/0.103/plans/standard-4c4g/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c4g" +id: dcaa216a-00a5-11f0-b8cd-9bd9f5fdeeed +description: "nessie plan standard-4c4g which limit 4c4g" +displayName: "4c4g" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/nessie/0.103/plans/standard-4c4g/values.yaml b/addons/nessie/0.103/plans/standard-4c4g/values.yaml new file mode 100644 index 00000000..65b92df4 --- /dev/null +++ b/addons/nessie/0.103/plans/standard-4c4g/values.yaml @@ -0,0 +1,11 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-nessie-standard-4c4g + +resources: + limits: + cpu: 4000m + memory: 4096Mi + requests: + cpu: 100m + memory: 128Mi \ No newline at end of file diff --git a/addons/nessie/0.103/plans/standard-8c8g/bind.yaml b/addons/nessie/0.103/plans/standard-8c8g/bind.yaml new file mode 100644 index 00000000..8f991267 --- /dev/null +++ b/addons/nessie/0.103/plans/standard-8c8g/bind.yaml @@ -0,0 +1,19 @@ +credential: +{{- if eq .Values.service.type "LoadBalancer" }} +- name: EXTERNAL_IP + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{.status.loadBalancer.ingress[0].ip}' +{{- end }} +- name: CLUSTER_IP + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{.spec.clusterIP}' +- name: PORT + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{.spec.ports[?(@.name=="http")].port}' + diff --git a/addons/nessie/0.103/plans/standard-8c8g/meta.yaml b/addons/nessie/0.103/plans/standard-8c8g/meta.yaml new file mode 100644 index 00000000..17ad8c26 --- /dev/null +++ b/addons/nessie/0.103/plans/standard-8c8g/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c8g" +id: c6ebd538-00b1-11f0-b921-d7a8e3333e3c +description: "nessie plan standard-8c8g which limit 8c8g" +displayName: "8c8g" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/nessie/0.103/plans/standard-8c8g/values.yaml b/addons/nessie/0.103/plans/standard-8c8g/values.yaml new file mode 100644 index 00000000..899f4068 --- /dev/null +++ b/addons/nessie/0.103/plans/standard-8c8g/values.yaml @@ -0,0 +1,11 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-nessie-standard-8c8g + +resources: + limits: + cpu: 8000m + memory: 8192Mi + requests: + cpu: 1000m + memory: 1024Mi \ No newline at end of file From 135cd4b817b5152474190546724773658cac3dc8 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 17 Mar 2025 10:46:28 +0800 Subject: [PATCH 144/176] chore(addons) add nessie --- addons/index.yaml | 5 ++++- .../{simple-values.yaml => simple-demo-values.yaml} | 3 +++ addons/nessie/0.103/meta.yaml | 3 +++ addons/nessie/0.103/plans/standard-4c4g/bind.yaml | 8 ++++---- 4 files changed, 14 insertions(+), 5 deletions(-) rename addons/nessie/0.103/chart/nessie/{simple-values.yaml => simple-demo-values.yaml} (94%) diff --git a/addons/index.yaml b/addons/index.yaml index a2128c03..128d481b 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -71,4 +71,7 @@ entries: description: "Apache Kvrocks is a distributed key value NoSQL database that uses RocksDB as storage engine and is compatible with Redis protocol." yugabytedb: - version: 2024 - description: "YugabyteDB is a high-performance distributed SQL database for powering global, internet-scale applications. " \ No newline at end of file + description: "YugabyteDB is a high-performance distributed SQL database for powering global, internet-scale applications. " + nessie: + - version: "0.103" + description: "Transactional Catalog for Data Lakes with Git-like semantics . " \ No newline at end of file diff --git a/addons/nessie/0.103/chart/nessie/simple-values.yaml b/addons/nessie/0.103/chart/nessie/simple-demo-values.yaml similarity index 94% rename from addons/nessie/0.103/chart/nessie/simple-values.yaml rename to addons/nessie/0.103/chart/nessie/simple-demo-values.yaml index 6b4b64db..497b66f3 100644 --- a/addons/nessie/0.103/chart/nessie/simple-values.yaml +++ b/addons/nessie/0.103/chart/nessie/simple-demo-values.yaml @@ -1,3 +1,6 @@ +service: + # -- The type of service to create.ClusterIP , LoadBalancer + type: LoadBalancer jdbc: # -- The JDBC connection string. If you are using Nessie OSS images, then only # PostgreSQL, MariaDB and MySQL URLs are supported. Check your JDBC driver documentation diff --git a/addons/nessie/0.103/meta.yaml b/addons/nessie/0.103/meta.yaml index 4b14bfe9..61e0f497 100644 --- a/addons/nessie/0.103/meta.yaml +++ b/addons/nessie/0.103/meta.yaml @@ -15,6 +15,9 @@ instances_retrievable: true bindings_retrievable: true plan_updateable: true allow_parameters: +- name: "service.type" + required: false + description: "config nessie service type" - name: "jdbc" required: true description: "config nessie persist store" diff --git a/addons/nessie/0.103/plans/standard-4c4g/bind.yaml b/addons/nessie/0.103/plans/standard-4c4g/bind.yaml index 8f991267..a3905b88 100644 --- a/addons/nessie/0.103/plans/standard-4c4g/bind.yaml +++ b/addons/nessie/0.103/plans/standard-4c4g/bind.yaml @@ -3,17 +3,17 @@ credential: - name: EXTERNAL_IP valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "nessie.fullname" . }} jsonpath: '{.status.loadBalancer.ingress[0].ip}' {{- end }} - name: CLUSTER_IP valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "nessie.fullname" . }} jsonpath: '{.spec.clusterIP}' - name: PORT valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} - jsonpath: '{.spec.ports[?(@.name=="http")].port}' + name: {{ include "nessie.fullname" . }} + jsonpath: '{.spec.ports[?(@.name=="nessie-http")].port}' From 8719c7b70bd169a7440dc9c0bc091efc72a9298a Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 17 Mar 2025 11:00:03 +0800 Subject: [PATCH 145/176] chore(nessie): fix bind yaml --- addons/nessie/0.103/plans/standard-8c8g/bind.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/addons/nessie/0.103/plans/standard-8c8g/bind.yaml b/addons/nessie/0.103/plans/standard-8c8g/bind.yaml index 8f991267..a3905b88 100644 --- a/addons/nessie/0.103/plans/standard-8c8g/bind.yaml +++ b/addons/nessie/0.103/plans/standard-8c8g/bind.yaml @@ -3,17 +3,17 @@ credential: - name: EXTERNAL_IP valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "nessie.fullname" . }} jsonpath: '{.status.loadBalancer.ingress[0].ip}' {{- end }} - name: CLUSTER_IP valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "nessie.fullname" . }} jsonpath: '{.spec.clusterIP}' - name: PORT valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} - jsonpath: '{.spec.ports[?(@.name=="http")].port}' + name: {{ include "nessie.fullname" . }} + jsonpath: '{.spec.ports[?(@.name=="nessie-http")].port}' From c7fae140b4d19905dbe859cc4fdc307ef48cb13e Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 17 Mar 2025 11:12:07 +0800 Subject: [PATCH 146/176] chore(postgresql-cluster): fix chart.yaml --- .../15/chart/postgresql-cluster/Chart.yaml | 4 ++-- .../16/chart/postgresql-cluster-16/Chart.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml index da518fb1..3d72445f 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml @@ -8,8 +8,8 @@ dependencies: version: ~1.1.1 description: PostgreSQL (Postgres) is an open source object-relational database known for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, views, triggers and stored procedures. engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/postgresql -icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png +home: https://github.com/drycc/charts/tree/master/drycc/postgresql +icon: https://drycc.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png keywords: - postgresql - postgres diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster-16/Chart.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/Chart.yaml index a718116f..3f8db7b6 100644 --- a/addons/postgresql-cluster/16/chart/postgresql-cluster-16/Chart.yaml +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/Chart.yaml @@ -8,8 +8,8 @@ dependencies: version: ~1.1.1 description: PostgreSQL (Postgres) is an open source object-relational database known for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, views, triggers and stored procedures. engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/postgresql -icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png +home: https://github.com/drycc/charts/tree/master/drycc/postgresql +icon: https://drycc.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png keywords: - postgresql - postgres @@ -25,4 +25,4 @@ name: postgresql sources: - https://github.com/drycc-addons/ - https://www.postgresql.org/ -version: 16.4 +version: "16.4" From 855559650371919b60f8b330f535a7eb3332b5db Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 17 Mar 2025 11:23:53 +0800 Subject: [PATCH 147/176] chore(addons): fix typo --- addons/grafana/10/README.md | 34 +++++++++---------- addons/grafana/10/chart/grafana/Chart.yaml | 2 +- addons/grafana/10/chart/grafana/values.yaml | 18 +++++----- .../8.0/chart/mysql-cluster/README.md | 18 +++++----- .../8.0/chart/mysql-cluster/values.yaml | 2 +- 5 files changed, 37 insertions(+), 37 deletions(-) diff --git a/addons/grafana/10/README.md b/addons/grafana/10/README.md index 3b1bd86a..eb3ba0bc 100644 --- a/addons/grafana/10/README.md +++ b/addons/grafana/10/README.md @@ -1,12 +1,12 @@ -# Grafana packaged by Bitnami +# Grafana packaged by Drycc Grafana is an open source metric analytics and visualization suite for visualizing time series data that supports various types of data sources. [Overview of Grafana](https://grafana.com/) -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. +Trademarks: This software listing is packaged by Drycc. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. ## TL;DR @@ -19,7 +19,7 @@ $ helm install my-release my-repo/grafana This chart bootstraps a [grafana](https://github.com/drycc/containers/tree/main/drycc/grafana) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +Drycc charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. ## Prerequisites @@ -51,9 +51,9 @@ $ helm delete my-release The command removes all the Kubernetes components associated with the chart and deletes the release. Use the option `--purge` to delete all persistent volumes too. -## Differences between the Bitnami Grafana chart and the Bitnami Grafana Operator chart +## Differences between the Drycc Grafana chart and the Drycc Grafana Operator chart -In the Bitnami catalog we offer both the drycc/grafana and drycc/grafana-operator charts. Each solution covers different needs and use cases. +In the Drycc catalog we offer both the drycc/grafana and drycc/grafana-operator charts. Each solution covers different needs and use cases. The *drycc/grafana* chart deploys a single Grafana installation (with grafana-image-renderer) using a Kubernetes Deployment object (together with Services, PVCs, ConfigMaps, etc.). The figure below shows the deployed objects in the cluster after executing *helm install*: @@ -441,12 +441,12 @@ This solution allows to easily deploy multiple Grafana instances compared to the | Name | Description | Value | | ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------- | ----------------------- | | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | -| `volumePermissions.image.repository` | Bitnami Shell image repository | `drycc/drycc-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r38` | -| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | +| `volumePermissions.image.registry` | Drycc Shell image registry | `docker.io` | +| `volumePermissions.image.repository` | Drycc Shell image repository | `drycc/drycc-shell` | +| `volumePermissions.image.tag` | Drycc Shell image tag (immutable tags are recommended) | `11-debian-11-r38` | +| `volumePermissions.image.digest` | Drycc Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Drycc Shell image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Drycc Shell image pull secrets | `[]` | | `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | | `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | | `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | @@ -486,7 +486,7 @@ $ helm install my-release -f values.yaml my-repo/grafana It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. +Drycc will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. ### Using custom configuration @@ -614,14 +614,14 @@ As an alternative, you can use of the preset configurations for pod affinity, po ## Persistence -The [Bitnami Grafana](https://github.com/drycc/containers/tree/main/drycc/grafana) image stores the Grafana data and configurations at the `/opt/drycc/grafana/data` path of the container. +The [Drycc Grafana](https://github.com/drycc/containers/tree/main/drycc/grafana) image stores the Grafana data and configurations at the `/opt/drycc/grafana/data` path of the container. Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. See the [Parameters](#parameters) section to configure the PVC or to disable persistence. ## Troubleshooting -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.drycc.com/general/how-to/troubleshoot-helm-chart-issues). +Find more information about how to deal with common errors related to Drycc's Helm charts in [this troubleshooting guide](https://docs.drycc.com/general/how-to/troubleshoot-helm-chart-issues). ## Upgrading @@ -631,7 +631,7 @@ This major release only bumps the Grafana version to 9.x. No major issues are ex ### To 7.0.0 -This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. +This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Drycc charts repository. Since the volume access mode when persistence is enabled is `ReadWriteOnce` in order to upgrade the deployment you will need to either use the `Recreate` strategy or delete the old deployment. @@ -651,7 +651,7 @@ This version also introduces `drycc/common`, a [library chart](https://helm.sh/d **What changes were introduced in this major version?** - Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Drycc Helm Charts **Considerations when upgrading to this version** @@ -677,7 +677,7 @@ This major version signifies this change. ## License -Copyright © 2022 Bitnami +Copyright © 2022 Drycc Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/addons/grafana/10/chart/grafana/Chart.yaml b/addons/grafana/10/chart/grafana/Chart.yaml index 250b38d0..cde08be8 100644 --- a/addons/grafana/10/chart/grafana/Chart.yaml +++ b/addons/grafana/10/chart/grafana/Chart.yaml @@ -18,7 +18,7 @@ keywords: - metrics - logs maintainers: - - name: Bitnami + - name: Drycc url: https://github.com/drycc/charts name: grafana sources: diff --git a/addons/grafana/10/chart/grafana/values.yaml b/addons/grafana/10/chart/grafana/values.yaml index 9b029425..753732fa 100644 --- a/addons/grafana/10/chart/grafana/values.yaml +++ b/addons/grafana/10/chart/grafana/values.yaml @@ -42,7 +42,7 @@ commonAnnotations: {} ## @section Grafana parameters -## Bitnami Grafana image version +## Drycc Grafana image version ## ref: https://hub.docker.com/r/drycc/grafana/tags/ ## @param image.registry Grafana image registry ## @param image.repository Grafana image repository @@ -816,7 +816,7 @@ imageRenderer: ## @param imageRenderer.enabled Enable using a remote rendering service to render PNG images ## enabled: false - ## Bitnami Grafana Image Renderer image + ## Drycc Grafana Image Renderer image ## ref: https://hub.docker.com/r/drycc/grafana-image-renderer/tags/ ## @param imageRenderer.image.registry Grafana Image Renderer image registry ## @param imageRenderer.image.repository Grafana Image Renderer image repository @@ -1155,14 +1155,14 @@ volumePermissions: ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` ## enabled: false - ## Bitnami Shell image + ## Drycc Shell image ## ref: https://hub.docker.com/r/drycc/drycc-shell/tags/ - ## @param volumePermissions.image.registry Bitnami Shell image registry - ## @param volumePermissions.image.repository Bitnami Shell image repository - ## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended) - ## @param volumePermissions.image.digest Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy - ## @param volumePermissions.image.pullSecrets Bitnami Shell image pull secrets + ## @param volumePermissions.image.registry Drycc Shell image registry + ## @param volumePermissions.image.repository Drycc Shell image repository + ## @param volumePermissions.image.tag Drycc Shell image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest Drycc Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Drycc Shell image pull policy + ## @param volumePermissions.image.pullSecrets Drycc Shell image pull secrets ## image: registry: docker.io diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/README.md b/addons/mysql-cluster/8.0/chart/mysql-cluster/README.md index c44f6211..2cb1f7fd 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/README.md +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/README.md @@ -1,12 +1,12 @@ -# MySQL packaged by Bitnami +# MySQL packaged by Drycc MySQL is a fast, reliable, scalable, and easy to use open source relational database system. Designed to handle mission-critical, heavy-load production applications. [Overview of MySQL](http://www.mysql.com) -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. +Trademarks: This software listing is packaged by Drycc. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. ## TL;DR @@ -19,7 +19,7 @@ $ helm install my-release my-repo/mysql This chart bootstraps a [MySQL](https://github.com/bitnami/containers/tree/main/bitnami/mysql) replication cluster deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +Drycc charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. ## Prerequisites @@ -386,7 +386,7 @@ $ helm install my-release -f values.yaml my-repo/mysql It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. +Drycc will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. ### Use a different MySQL version @@ -394,7 +394,7 @@ To modify the application version used in this chart, specify a different versio ### Customize a new MySQL instance -The [Bitnami MySQL](https://github.com/bitnami/containers/tree/main/bitnami/mysql) image allows you to use your custom scripts to initialize a fresh instance. Custom scripts may be specified using the `initdbScripts` parameter. Alternatively, an external ConfigMap may be created with all the initialization scripts and the ConfigMap passed to the chart via the `initdbScriptsConfigMap` parameter. Note that this will override the `initdbScripts` parameter. +The [Drycc MySQL](https://github.com/bitnami/containers/tree/main/bitnami/mysql) image allows you to use your custom scripts to initialize a fresh instance. Custom scripts may be specified using the `initdbScripts` parameter. Alternatively, an external ConfigMap may be created with all the initialization scripts and the ConfigMap passed to the chart via the `initdbScriptsConfigMap` parameter. Note that this will override the `initdbScripts` parameter. The allowed extensions are `.sh`, `.sql` and `.sql.gz`. @@ -430,7 +430,7 @@ initContainers: ## Persistence -The [Bitnami MySQL](https://github.com/bitnami/containers/tree/main/bitnami/mysql) image stores the MySQL data and configurations at the `/bitnami/mysql` path of the container. +The [Drycc MySQL](https://github.com/bitnami/containers/tree/main/bitnami/mysql) image stores the MySQL data and configurations at the `/bitnami/mysql` path of the container. The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning by default. An existing PersistentVolumeClaim can also be defined for this purpose. @@ -459,7 +459,7 @@ As an alternative, you can use the preset configurations for pod affinity, pod a ## Troubleshooting -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). +Find more information about how to deal with common errors related to Drycc's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). ## Upgrading @@ -473,7 +473,7 @@ $ helm upgrade my-release my-repo/mysql --set auth.rootPassword=[ROOT_PASSWORD] ### To 9.0.0 -This major release renames several values in this chart and adds missing features, in order to be aligned with the rest of the assets in the Bitnami charts repository. +This major release renames several values in this chart and adds missing features, in order to be aligned with the rest of the assets in the Drycc charts repository. Affected values: @@ -532,7 +532,7 @@ $ kubectl delete statefulset mysql-slave --cascade=false ## License -Copyright © 2022 Bitnami +Copyright © 2022 Drycc Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 1639f6bd..16bd4e37 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -65,7 +65,7 @@ diagnosticMode: ## @section MySQL common parameters -## Bitnami MySQL image +## Drycc MySQL image ## ref: https://hub.docker.com/r/drycc/mysql/tags/ ## @param image.registry MySQL image registry ## @param image.repository MySQL image repository From fd9c7b206f6357886081a5727fbf1cb51e906de6 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 31 Mar 2025 16:07:37 +0800 Subject: [PATCH 148/176] chore(addons): add lakefs --- addons/index.yaml | 5 +- addons/lakefs/1.52/chart/lakefs/Chart.yaml | 17 ++ .../1.52/chart/lakefs/templates/NOTES.txt | 20 ++ .../1.52/chart/lakefs/templates/_env.tpl | 111 ++++++++++ .../1.52/chart/lakefs/templates/_fluffy.tpl | 209 ++++++++++++++++++ .../lakefs/templates/_gcp_proxy_container.tpl | 18 ++ .../1.52/chart/lakefs/templates/_helpers.tpl | 82 +++++++ .../lakefs/templates/_proxy_container.tpl | 30 +++ .../templates/additional-resources.yaml | 7 + .../chart/lakefs/templates/configmap.yaml | 9 + .../chart/lakefs/templates/deployment.yaml | 122 ++++++++++ .../lakefs/templates/dev-postgresql.yaml | 46 ++++ .../lakefs/templates/fluffy-configmap.yaml | 11 + .../lakefs/templates/fluffy-deployment.yaml | 119 ++++++++++ .../chart/lakefs/templates/fluffy-secret.yaml | 47 ++++ .../lakefs/templates/fluffy-service.yaml | 35 +++ .../1.52/chart/lakefs/templates/ingress.yaml | 80 +++++++ .../1.52/chart/lakefs/templates/secret.yaml | 16 ++ .../1.52/chart/lakefs/templates/service.yaml | 20 ++ addons/lakefs/1.52/chart/lakefs/values.yaml | 127 +++++++++++ addons/lakefs/1.52/meta.yaml | 30 +++ .../lakefs/1.52/plans/standard-1c1g/bind.yaml | 17 ++ .../standard-1c1g/create-instance-schema.json | 12 + .../lakefs/1.52/plans/standard-1c1g/meta.yaml | 6 + .../1.52/plans/standard-1c1g/values.yaml | 28 +++ .../lakefs/1.52/plans/standard-4c4g/bind.yaml | 17 ++ .../standard-4c4g/create-instance-schema.json | 12 + .../lakefs/1.52/plans/standard-4c4g/meta.yaml | 6 + .../1.52/plans/standard-4c4g/values.yaml | 17 ++ .../lakefs/1.52/plans/standard-4c8g/bind.yaml | 17 ++ .../lakefs/1.52/plans/standard-4c8g/meta.yaml | 6 + .../1.52/plans/standard-4c8g/values.yaml | 18 ++ .../1.52/plans/standard-8c816g/bind.yaml | 17 ++ .../1.52/plans/standard-8c816g/meta.yaml | 6 + .../1.52/plans/standard-8c816g/values.yaml | 18 ++ 35 files changed, 1357 insertions(+), 1 deletion(-) create mode 100644 addons/lakefs/1.52/chart/lakefs/Chart.yaml create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/NOTES.txt create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/_env.tpl create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/_fluffy.tpl create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/_gcp_proxy_container.tpl create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/_helpers.tpl create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/_proxy_container.tpl create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/additional-resources.yaml create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/configmap.yaml create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/deployment.yaml create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/dev-postgresql.yaml create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/fluffy-configmap.yaml create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/fluffy-deployment.yaml create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/fluffy-secret.yaml create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/fluffy-service.yaml create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/ingress.yaml create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/secret.yaml create mode 100644 addons/lakefs/1.52/chart/lakefs/templates/service.yaml create mode 100644 addons/lakefs/1.52/chart/lakefs/values.yaml create mode 100644 addons/lakefs/1.52/meta.yaml create mode 100644 addons/lakefs/1.52/plans/standard-1c1g/bind.yaml create mode 100644 addons/lakefs/1.52/plans/standard-1c1g/create-instance-schema.json create mode 100644 addons/lakefs/1.52/plans/standard-1c1g/meta.yaml create mode 100644 addons/lakefs/1.52/plans/standard-1c1g/values.yaml create mode 100644 addons/lakefs/1.52/plans/standard-4c4g/bind.yaml create mode 100644 addons/lakefs/1.52/plans/standard-4c4g/create-instance-schema.json create mode 100644 addons/lakefs/1.52/plans/standard-4c4g/meta.yaml create mode 100644 addons/lakefs/1.52/plans/standard-4c4g/values.yaml create mode 100644 addons/lakefs/1.52/plans/standard-4c8g/bind.yaml create mode 100644 addons/lakefs/1.52/plans/standard-4c8g/meta.yaml create mode 100644 addons/lakefs/1.52/plans/standard-4c8g/values.yaml create mode 100644 addons/lakefs/1.52/plans/standard-8c816g/bind.yaml create mode 100644 addons/lakefs/1.52/plans/standard-8c816g/meta.yaml create mode 100644 addons/lakefs/1.52/plans/standard-8c816g/values.yaml diff --git a/addons/index.yaml b/addons/index.yaml index 128d481b..8aec83b4 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -74,4 +74,7 @@ entries: description: "YugabyteDB is a high-performance distributed SQL database for powering global, internet-scale applications. " nessie: - version: "0.103" - description: "Transactional Catalog for Data Lakes with Git-like semantics . " \ No newline at end of file + description: "Transactional Catalog for Data Lakes with Git-like semantics . " + lakefs: + - version: "1.52" + description: "LakeFS provides version control over the data lake, and uses Git-like semantics to create and access those versions. If you know git, you’ll be right at home with lakeFS. " \ No newline at end of file diff --git a/addons/lakefs/1.52/chart/lakefs/Chart.yaml b/addons/lakefs/1.52/chart/lakefs/Chart.yaml new file mode 100644 index 00000000..d6d7d678 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v2 +appVersion: 1.52.0 +description: A Helm chart for running LakeFS on Kubernetes +home: https://lakefs.io +icon: https://lakefs.io/wp-content/uploads/2020/07/lake-fs-color-2.svg +maintainers: +- email: services@treeverse.io + name: treeverse +name: lakefs +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + version: ~1.1.1 +sources: +- https://github.com/treeverse/lakeFS +type: application +version: 1.4.5 diff --git a/addons/lakefs/1.52/chart/lakefs/templates/NOTES.txt b/addons/lakefs/1.52/chart/lakefs/templates/NOTES.txt new file mode 100644 index 00000000..46996d04 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/NOTES.txt @@ -0,0 +1,20 @@ +Thank you for installing lakeFS! + +1. Run the following to get a url to start setting up lakeFS: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "lakefs.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT/setup +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "lakefs.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "lakefs.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }}/setup +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl wait --for=condition=ready pod $POD_NAME + echo "Visit http://127.0.0.1:{{ .Values.deployment.port }}/setup to use your application" + kubectl port-forward $POD_NAME {{ .Values.deployment.port }}:{{ .Values.deployment.port }} --namespace {{ .Release.Namespace }} +{{- end }} + +2. See the docs on how to create your first repository: https://docs.lakefs.io/quickstart/repository.html diff --git a/addons/lakefs/1.52/chart/lakefs/templates/_env.tpl b/addons/lakefs/1.52/chart/lakefs/templates/_env.tpl new file mode 100644 index 00000000..c003e433 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/_env.tpl @@ -0,0 +1,111 @@ +{{- define "lakefs.env" -}} +env: + {{- if and .Values.existingSecret .Values.secretKeys.databaseConnectionString }} + - name: LAKEFS_DATABASE_POSTGRES_CONNECTION_STRING + valueFrom: + secretKeyRef: + name: {{ .Values.existingSecret }} + key: {{ .Values.secretKeys.databaseConnectionString }} + {{- else if and .Values.secrets (.Values.secrets).databaseConnectionString }} + - name: LAKEFS_DATABASE_POSTGRES_CONNECTION_STRING + valueFrom: + secretKeyRef: + name: {{ include "lakefs.fullname" . }} + key: database_connection_string + {{- end }} + {{- if .Values.existingSecret }} + - name: LAKEFS_AUTH_ENCRYPT_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.existingSecret }} + key: {{ .Values.secretKeys.authEncryptSecretKey }} + {{- else if and .Values.secrets (.Values.secrets).authEncryptSecretKey }} + - name: LAKEFS_AUTH_ENCRYPT_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ include "lakefs.fullname" . }} + key: auth_encrypt_secret_key + {{- else }} + - name: LAKEFS_AUTH_ENCRYPT_SECRET_KEY + value: 0d48e811f0b11d7f18d8c905 + {{- end }} + {{- if (.Values.fluffy).enabled }} + - name: LAKEFS_USAGE_REPORT_ENABLED + value: "true" + {{- if (.Values.fluffy.sso).enabled }} + - name: LAKEFS_AUTH_AUTHENTICATION_API_ENDPOINT + value: {{ printf "http://%s/api/v1" (include "fluffy.ssoServiceName" .) | quote }} + {{- if and .Values.ingress.enabled (.Values.fluffy.sso.saml).enabled }} + - name: LAKEFS_AUTH_COOKIE_AUTH_VERIFICATION_AUTH_SOURCE + value: saml + - name: LAKEFS_AUTH_UI_CONFIG_LOGIN_URL + value: {{ printf "%s/sso/login-saml" .Values.fluffy.sso.saml.lakeFSServiceProviderIngress }} + - name: LAKEFS_AUTH_UI_CONFIG_LOGOUT_URL + value: {{ printf "%s/sso/logout-saml" .Values.fluffy.sso.saml.lakeFSServiceProviderIngress }} + {{- end }} + {{- if (.Values.fluffy.sso.oidc).enabled }} + - name: LAKEFS_AUTH_UI_CONFIG_LOGIN_URL + value: '/oidc/login' + - name: LAKEFS_AUTH_UI_CONFIG_LOGOUT_URL + value: '/oidc/logout' + {{- end }} + {{- if (.Values.fluffy.sso.ldap).enabled }} + - name: LAKEFS_AUTH_REMOTE_AUTHENTICATOR_ENDPOINT + value: {{ default (printf "http://%s/api/v1/ldap/login" (include "fluffy.ssoServiceName" .) | quote) (.Values.fluffy.sso.ldap).endpointOverride }} + - name: LAKEFS_AUTH_UI_CONFIG_LOGOUT_URL + value: /logout + {{- end }} + {{- end }} + {{- if (.Values.fluffy.rbac).enabled }} + - name: LAKEFS_AUTH_API_ENDPOINT + value: {{ printf "http://%s/api/v1" (include "fluffy.rbacServiceName" .) | quote }} + - name: LAKEFS_AUTH_UI_CONFIG_RBAC + value: internal + {{- end }} + {{- end }} + {{- if .Values.s3Fallback.enabled }} + - name: LAKEFS_GATEWAYS_S3_FALLBACK_URL + value: http://localhost:7001 + {{- end }} + {{- if .Values.committedLocalCacheVolume }} + - name: LAKEFS_COMMITTED_LOCAL_CACHE_DIR + value: /lakefs/cache + {{- end }} + {{- if .Values.useDevPostgres }} + {{- if and (.Values.fluffy).enabled (.Values.fluffy.rbac).enabled }} + - name: LAKEFS_DATABASE_TYPE + value: postgres + - name: LAKEFS_DATABASE_POSTGRES_CONNECTION_STRING + value: 'postgres://lakefs:lakefs@postgres-server:5432/postgres?sslmode=disable' + {{- end }} + {{- end }} + {{- if .Values.extraEnvVars }} + {{- toYaml .Values.extraEnvVars | nindent 2 }} + {{- end }} +{{- if .Values.extraEnvVarsSecret }} +envFrom: + - secretRef: + name: {{ .Values.extraEnvVarsSecret }} +{{- end }} +{{- end }} + +{{- define "lakefs.volumes" -}} +{{- if .Values.extraVolumes }} +{{ toYaml .Values.extraVolumes }} +{{- end }} +{{- if .Values.committedLocalCacheVolume }} +- name: committed-local-cache +{{- toYaml .Values.committedLocalCacheVolume | nindent 2 }} +{{- end }} +{{- if not .Values.lakefsConfig }} +- name: {{ .Chart.Name }}-local-data +{{- end}} +{{- if .Values.lakefsConfig }} +- name: config-volume + configMap: + name: {{ include "lakefs.fullname" . }} + items: + - key: config.yaml + path: config.yaml +{{- end }} +{{- end }} diff --git a/addons/lakefs/1.52/chart/lakefs/templates/_fluffy.tpl b/addons/lakefs/1.52/chart/lakefs/templates/_fluffy.tpl new file mode 100644 index 00000000..29c0accb --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/_fluffy.tpl @@ -0,0 +1,209 @@ +{{/* +fluffy resource full name +*/}} +{{- define "fluffy.fullname" -}} +{{- $name := include "lakefs.fullname" . }} +{{- printf "%s-fluffy" $name | trunc 63 }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "fluffy.labels" -}} +helm.sh/chart: {{ include "lakefs.chart" . }} +{{ include "fluffy.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "fluffy.selectorLabels" -}} +app.kubernetes.io/name: {{ include "lakefs.name" . }}-fluffy +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "fluffy.serviceAccountName" -}} +{{- $lakeFSAcc := include "lakefs.serviceAccountName" . }} +{{- default $lakeFSAcc .Values.fluffy.serviceAccountName }} +{{- end }} + +{{/* +fluffy SSO service name +*/}} +{{- define "fluffy.ssoServiceName" -}} +{{- printf "fluffy-sso" }} +{{- end }} + +{{/* +fluffy Authorization service name +*/}} +{{- define "fluffy.rbacServiceName" -}} +{{- printf "fluffy-rbac" }} +{{- end }} + + +{{/* +Fluffy environment variables +*/}} + +{{- define "fluffy.env" -}} +env: + {{- if (.Values.fluffy.sso).enabled }} + {{- if and .Values.ingress.enabled (.Values.fluffy.sso.saml).enabled }} + - name: FLUFFY_AUTH_SAML_ENABLED + value: "true" + - name: FLUFFY_AUTH_LOGOUT_REDIRECT_URL + value: {{ .Values.fluffy.sso.saml.lakeFSServiceProviderIngress }} + - name: FLUFFY_AUTH_POST_LOGIN_REDIRECT_URL + value: {{ .Values.fluffy.sso.saml.lakeFSServiceProviderIngress }} + - name: FLUFFY_AUTH_SAML_SP_ROOT_URL + value: {{ .Values.fluffy.sso.saml.lakeFSServiceProviderIngress }} + - name: FLUFFY_AUTH_SAML_SP_X509_KEY_PATH + value: '/etc/saml_certs/rsa_saml_private.key' + - name: FLUFFY_AUTH_SAML_SP_X509_CERT_PATH + value: '/etc/saml_certs/rsa_saml_public.pem' + {{- end }} + {{- if (.Values.fluffy.sso.oidc).enabled }} + - name: FLUFFY_AUTH_POST_LOGIN_REDIRECT_URL + value: '/' + {{- if (.Values.fluffy.sso.oidc).client_secret }} + - name: FLUFFY_AUTH_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "fluffy.fullname" . }} + key: oidc_client_secret + {{- end }} + {{- end }} + {{- if (.Values.fluffy.sso.ldap).enabled }} + - name: FLUFFY_AUTH_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "fluffy.fullname" . }} + key: ldap_bind_password + {{- end }} + {{- end }} + {{- if .Values.existingSecret }} + - name: FLUFFY_AUTH_ENCRYPT_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.existingSecret }} + key: {{ .Values.secretKeys.authEncryptSecretKey }} + {{- else if and .Values.secrets (.Values.secrets).authEncryptSecretKey }} + - name: FLUFFY_AUTH_ENCRYPT_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ include "lakefs.fullname" . }} + key: auth_encrypt_secret_key + {{- else }} + - name: FLUFFY_AUTH_ENCRYPT_SECRET_KEY + value: asdjfhjaskdhuioaweyuiorasdsjbaskcbkj + {{- end }} + {{- if and (.Values.fluffy.rbac).enabled }} + - name: FLUFFY_AUTH_SERVE_LISTEN_ADDRESS + value: {{ printf ":%s" (include "fluffy.rbac.containerPort" .) }} + {{- end }} + {{- if and .Values.existingSecret .Values.secretKeys.databaseConnectionString }} + - name: FLUFFY_DATABASE_POSTGRES_CONNECTION_STRING + valueFrom: + secretKeyRef: + name: {{ .Values.existingSecret }} + key: {{ .Values.secretKeys.databaseConnectionString }} + {{- else if and .Values.secrets (.Values.secrets).databaseConnectionString }} + - name: FLUFFY_DATABASE_POSTGRES_CONNECTION_STRING + valueFrom: + secretKeyRef: + name: {{ include "lakefs.fullname" . }} + key: database_connection_string + {{- else if and .Values.useDevPostgres (.Values.fluffy.rbac).enabled }} + - name: FLUFFY_DATABASE_TYPE + value: postgres + - name: FLUFFY_DATABASE_POSTGRES_CONNECTION_STRING + value: 'postgres://lakefs:lakefs@postgres-server:5432/postgres?sslmode=disable' + {{- end }} + {{- if .Values.fluffy.extraEnvVars }} + {{- toYaml .Values.fluffy.extraEnvVars | nindent 2 }} + {{- end }} +{{- if .Values.fluffy.extraEnvVarsSecret }} +envFrom: + - secretRef: + name: {{ .Values.fluffy.extraEnvVarsSecret }} +{{- end }} +{{- end }} + +{{- define "fluffy.volumes" -}} +{{- if .Values.fluffy.extraVolumes }} +{{ toYaml .Values.fluffy.extraVolumes }} +{{- end }} +{{- if not .Values.fluffy.fluffyConfig }} +- name: {{ .Chart.Name }}-local-data +{{- end}} +{{- if (.Values.fluffy.sso.saml).enabled }} +- name: secret-volume + secret: + secretName: saml-certificates +{{- end }} +{{- if .Values.fluffy.fluffyConfig }} +- name: {{ include "fluffy.fullname" . }}-config + configMap: + name: {{ include "fluffy.fullname" . }}-config + items: + - key: config.yaml + path: config.yaml +{{- end }} +{{- end }} + +{{- define "fluffy.ingressOverrides" -}} +{{- $serviceName := include "fluffy.ssoServiceName" . -}} +{{- $gitVersion := .Capabilities.KubeVersion.GitVersion -}} +{{- $pathsOverrides := list "/oidc/" "/api/v1/oidc/" "/saml/" "/sso/" "/api/v1/ldap/" }} +{{- range $pathsOverrides }} +- path: {{ . }} +{{- if semverCompare ">=1.19-0" $gitVersion }} + pathType: Prefix + backend: + service: + name: {{ $serviceName }} + port: + number: 80 +{{- else }} + backend: + serviceName: {{ $serviceName }} + servicePort: 80 +{{- end }} +{{- end }} +{{- end }} + +{{- define "fluffy.dockerConfigJson" }} +{{- $token := .Values.fluffy.image.privateRegistry.secretToken }} +{{- $username := "externallakefs" }} +{{- $registry := "https://index.docker.io/v1/" }} +{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" $registry $username $token (printf "%s:%s" $username $token | b64enc) | b64enc }} +{{- end }} + +{{- define "fluffy.sso.serviceType" }} +{{- default "ClusterIP" (.Values.fluffy.sso.service).type }} +{{- end }} +{{- define "fluffy.rbac.serviceType" }} +{{- default "ClusterIP" (.Values.fluffy.rbac.service).type }} +{{- end }} + +{{- define "fluffy.sso.port" }} +{{- default 80 (.Values.fluffy.sso.service).port }} +{{- end }} +{{- define "fluffy.rbac.port" }} +{{- default 80 (.Values.fluffy.rbac.service).port }} +{{- end }} + +{{- define "fluffy.sso.containerPort" }} +{{- default 8000 (.Values.fluffy.sso.service).containerPort }} +{{- end }} +{{- define "fluffy.rbac.containerPort" }} +{{- default 9000 (.Values.fluffy.rbac.service).containerPort }} +{{- end }} diff --git a/addons/lakefs/1.52/chart/lakefs/templates/_gcp_proxy_container.tpl b/addons/lakefs/1.52/chart/lakefs/templates/_gcp_proxy_container.tpl new file mode 100644 index 00000000..56ac84dd --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/_gcp_proxy_container.tpl @@ -0,0 +1,18 @@ +{{- define "lakefs.gcpProxyContainer" }} +{{- if .Values.lakefsConfig }} +{{ $config := .Values.lakefsConfig | fromYaml }} +{{- end }} +{{- if .Values.gcpFallback.enabled }} +- name: gcp-proxy + image: eu.gcr.io/cloudsql-docker/gce-proxy:1.33.4 + imagePullPolicy: IfNotPresent + command: + - /cloud_sql_proxy + - -term_timeout=10s + env: +{{- if .Values.gcpFallback.instance }} + - name: INSTANCES + value: {{ .Values.gcpFallback.instance }} +{{- end }} +{{- end }} +{{- end }} diff --git a/addons/lakefs/1.52/chart/lakefs/templates/_helpers.tpl b/addons/lakefs/1.52/chart/lakefs/templates/_helpers.tpl new file mode 100644 index 00000000..43c14f28 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/_helpers.tpl @@ -0,0 +1,82 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "lakefs.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "lakefs.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "lakefs.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "lakefs.labels" -}} +helm.sh/chart: {{ include "lakefs.chart" . }} +{{ include "lakefs.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "lakefs.selectorLabels" -}} +app: {{ include "lakefs.name" . }} +app.kubernetes.io/name: {{ include "lakefs.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "lakefs.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "lakefs.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Define which repository to use according to the following: +1. Explicitly defined +2. Otherwise if fluffy is enabled - take enterprise image +3. Otherwise use OSS image +*/}} +{{- define "lakefs.repository" -}} +{{- if not .Values.image.repository }} +{{- if (.Values.fluffy).enabled }} +{{- default "treeverse/lakefs-enterprise" .Values.image.repository }} +{{- else }} +{{- default "treeverse/lakefs" .Values.image.repository }} +{{- end }} +{{- else }} +{{- default .Values.image.repository }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/addons/lakefs/1.52/chart/lakefs/templates/_proxy_container.tpl b/addons/lakefs/1.52/chart/lakefs/templates/_proxy_container.tpl new file mode 100644 index 00000000..c9b8fd73 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/_proxy_container.tpl @@ -0,0 +1,30 @@ +{{- define "lakefs.s3proxyContainer" }} +{{- if .Values.lakefsConfig }} +{{ $config := .Values.lakefsConfig | fromYaml }} +{{- end }} +{{- if .Values.s3Fallback.enabled }} +- name: s3proxy + image: andrewgaul/s3proxy + ports: + - containerPort: 7001 + env: + - name: S3PROXY_AUTHORIZATION + value: none +{{- if .Values.s3Fallback.aws_access_key }} + - name: JCLOUDS_IDENTITY + value: {{ .Values.s3Fallback.aws_access_key }} + - name: JCLOUDS_CREDENTIAL + value: {{ .Values.s3Fallback.aws_secret_key }} +{{- end }} + - name: JCLOUDS_PROVIDER + value: s3 + - name: JCLOUDS_ENDPOINT + value: https://s3.amazonaws.com + - name: S3PROXY_ENDPOINT + value: "http://0.0.0.0:7001" + - name: S3PROXY_VIRTUALHOST + value: localhost + - name: LOG_LEVEL + value: {{ .Values.s3Fallback.log_level | default "info" }} +{{- end }} +{{- end }} diff --git a/addons/lakefs/1.52/chart/lakefs/templates/additional-resources.yaml b/addons/lakefs/1.52/chart/lakefs/templates/additional-resources.yaml new file mode 100644 index 00000000..b2009168 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/additional-resources.yaml @@ -0,0 +1,7 @@ +{{- range .Values.extraManifests }} +--- +{{ tpl (toYaml .) $ }} +{{- end }} + + + diff --git a/addons/lakefs/1.52/chart/lakefs/templates/configmap.yaml b/addons/lakefs/1.52/chart/lakefs/templates/configmap.yaml new file mode 100644 index 00000000..2813b7b9 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "lakefs.fullname" . }} +{{- with .Values.lakefsConfig }} +data: + config.yaml: + {{- toYaml . | nindent 2 }} +{{- end }} diff --git a/addons/lakefs/1.52/chart/lakefs/templates/deployment.yaml b/addons/lakefs/1.52/chart/lakefs/templates/deployment.yaml new file mode 100644 index 00000000..42cf8427 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/deployment.yaml @@ -0,0 +1,122 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "lakefs.fullname" . }} + labels: + {{- include "lakefs.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "lakefs.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "lakefs.selectorLabels" . | nindent 8 }} + spec: + {{- if eq ( include "lakefs.repository" .) "treeverse/lakefs-enterprise" }} + {{- if (.Values.fluffy.image.privateRegistry).enabled }} + imagePullSecrets: + {{- if (.Values.fluffy.image.privateRegistry).secretToken }} + - name: "docker-registry" + {{- else }} + - name: {{ .Values.fluffy.image.privateRegistry.secretName }} + {{- end }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "lakefs.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + {{- if .Values.lakefsConfig }} + args: ["run", "--config", "/etc/lakefs/config.yaml"] + {{- else }} + args: ["run"] + {{- end }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ include "lakefs.repository" . }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.deployment.port }} + protocol: TCP + readinessProbe: + {{- if ((.Values.readinessProbe).failureThreshold) }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + {{- if ((.Values.readinessProbe).periodSeconds) }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + {{- end }} + {{- if ((.Values.readinessProbe).successThreshold) }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + {{- end }} + {{- if ((.Values.readinessProbe).timeoutSeconds) }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + {{- end }} + httpGet: + path: /_health + port: http + livenessProbe: + {{- if ((.Values.livenessProbe).failureThreshold) }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if ((.Values.livenessProbe).periodSeconds) }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + {{- end }} + {{- if ((.Values.livenessProbe).successThreshold) }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + {{- end }} + {{- if ((.Values.livenessProbe).timeoutSeconds) }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if ((.Values.livenessProbe).initialDelaySeconds) }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + {{- end }} + httpGet: + path: /_health + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + {{- if .Values.extraVolumeMounts }} + {{ toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- if .Values.committedLocalCacheVolume }} + - name: committed-local-cache + mountPath: "/lakefs/cache" + {{- end }} + {{- if .Values.lakefsConfig }} + - name: config-volume + mountPath: /etc/lakefs + {{- else }} + - name: {{ .Chart.Name }}-local-data + mountPath: "/lakefs/data" + {{- end }} + {{- include "lakefs.env" . | nindent 10 }} + {{- include "lakefs.s3proxyContainer" . | nindent 8}} + {{- include "lakefs.gcpProxyContainer" . | nindent 8}} + volumes: + {{- include "lakefs.volumes" . | nindent 8 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/addons/lakefs/1.52/chart/lakefs/templates/dev-postgresql.yaml b/addons/lakefs/1.52/chart/lakefs/templates/dev-postgresql.yaml new file mode 100644 index 00000000..a99432cf --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/dev-postgresql.yaml @@ -0,0 +1,46 @@ +{{- if .Values.useDevPostgres }} +{{- if and (.Values.fluffy).enabled (.Values.fluffy.rbac).enabled }} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres +spec: + replicas: 1 + selector: + matchLabels: + app: postgres-lakefs + template: + metadata: + labels: + app: postgres-lakefs + spec: + containers: + - name: postgres + image: postgres:11 + imagePullPolicy: "IfNotPresent" + ports: + - containerPort: 5432 + env: + - name: POSTGRES_DB + value: postgres + - name: POSTGRES_USER + value: lakefs + - name: POSTGRES_PASSWORD + value: lakefs +--- +apiVersion: v1 +kind: Service +metadata: + name: postgres-server + labels: + app: postgres-lakefs +spec: + type: ClusterIP + ports: + - port: 5432 + selector: + app: postgres-lakefs + +{{- end}} +{{- end}} \ No newline at end of file diff --git a/addons/lakefs/1.52/chart/lakefs/templates/fluffy-configmap.yaml b/addons/lakefs/1.52/chart/lakefs/templates/fluffy-configmap.yaml new file mode 100644 index 00000000..014c84f6 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/fluffy-configmap.yaml @@ -0,0 +1,11 @@ +{{- if (.Values.fluffy).enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "fluffy.fullname" . }}-config +{{- with .Values.fluffy.fluffyConfig }} +data: + config.yaml: + {{- toYaml . | nindent 4 }} +{{- end }} +{{- end}} \ No newline at end of file diff --git a/addons/lakefs/1.52/chart/lakefs/templates/fluffy-deployment.yaml b/addons/lakefs/1.52/chart/lakefs/templates/fluffy-deployment.yaml new file mode 100644 index 00000000..176ae422 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/fluffy-deployment.yaml @@ -0,0 +1,119 @@ +{{- if (.Values.fluffy).enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "fluffy.fullname" . }} + labels: + {{- include "fluffy.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.fluffy.replicaCount }} + selector: + matchLabels: + {{- include "fluffy.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/fluffy-configmap.yaml") . | sha256sum }} + {{- with .Values.fluffy.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "fluffy.selectorLabels" . | nindent 8 }} + spec: + {{- if .Values.fluffy.image.privateRegistry.enabled }} + imagePullSecrets: + {{- if .Values.fluffy.image.privateRegistry.secretToken }} + - name: "docker-registry" + {{- else }} + - name: {{ .Values.fluffy.image.privateRegistry.secretName }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "fluffy.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + args: + - run + {{ range (.Values.fluffy).additionalArguments }} + - {{ . }} + {{ end }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.fluffy.image.repository }}:{{ .Values.fluffy.image.tag }}" + imagePullPolicy: {{ .Values.fluffy.image.pullPolicy }} + ports: + - name: http-sso + containerPort: {{ include "fluffy.sso.containerPort" . }} + protocol: TCP + - name: http-rbac + containerPort: {{ include "fluffy.rbac.containerPort" . }} + protocol: TCP + readinessProbe: + {{- if ((.Values.readinessProbe).failureThreshold) }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + {{- if ((.Values.readinessProbe).periodSeconds) }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + {{- end }} + {{- if ((.Values.readinessProbe).successThreshold) }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + {{- end }} + {{- if ((.Values.readinessProbe).timeoutSeconds) }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + {{- end }} + httpGet: + path: /_health + port: http-sso + livenessProbe: + {{- if ((.Values.livenessProbe).failureThreshold) }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if ((.Values.livenessProbe).periodSeconds) }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + {{- end }} + {{- if ((.Values.livenessProbe).successThreshold) }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + {{- end }} + {{- if ((.Values.livenessProbe).timeoutSeconds) }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if ((.Values.livenessProbe).initialDelaySeconds) }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + {{- end }} + httpGet: + path: /_health + port: http-sso + resources: + {{- toYaml .Values.fluffy.resources | nindent 12 }} + volumeMounts: + {{- if .Values.fluffy.extraVolumeMounts }} + {{ toYaml .Values.fluffy.extraVolumeMounts | nindent 12 }} + {{- end }} + - name: {{ include "fluffy.fullname" . }}-config + mountPath: /etc/fluffy/ + {{- if and .Values.fluffy.sso.enabled (.Values.fluffy.sso.saml).enabled }} + - name: secret-volume + readOnly: true + mountPath: /etc/saml_certs/ + {{- end }} + {{- include "fluffy.env" . | nindent 10 }} + volumes: + {{- include "fluffy.volumes" . | nindent 8 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end}} diff --git a/addons/lakefs/1.52/chart/lakefs/templates/fluffy-secret.yaml b/addons/lakefs/1.52/chart/lakefs/templates/fluffy-secret.yaml new file mode 100644 index 00000000..3150f5a1 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/fluffy-secret.yaml @@ -0,0 +1,47 @@ +{{- if (.Values.fluffy).enabled }} +{{- if (.Values.fluffy.secrets).create }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "fluffy.fullname" . }} + labels: + {{- include "fluffy.labels" . | nindent 4 }} +type: Opaque +data: +{{- if and .Values.fluffy.sso.enabled (.Values.fluffy.sso.oidc).client_secret }} + oidc_client_secret: {{ .Values.fluffy.sso.oidc.client_secret | b64enc }} +{{- end}} +{{- if and .Values.fluffy.sso.enabled (.Values.fluffy.sso.ldap).bind_password }} + ldap_bind_password: {{ .Values.fluffy.sso.ldap.bind_password | b64enc }} +{{- end}} +{{- end}} + +--- +# docker-registry secret for image pull + +{{- if and .Values.fluffy.image.privateRegistry.enabled .Values.fluffy.image.privateRegistry.secretToken }} +apiVersion: v1 +kind: Secret +metadata: + name: docker-registry +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "fluffy.dockerConfigJson" . }} +{{- end }} + +--- +# certificates to use with SAML SSO against server such as AD FS + +{{- if and (.Values.fluffy.sso).enabled (.Values.fluffy.sso.saml).enabled }} +{{- if .Values.fluffy.sso.saml.createSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: saml-certificates +data: + rsa_saml_public.pem: '{{ .Values.fluffy.sso.saml.certificate.saml_rsa_public_cert | b64enc }}' + rsa_saml_private.key: '{{ .Values.fluffy.sso.saml.certificate.saml_rsa_private_key | b64enc }}' +{{- end }} +{{- end }} + +{{- end}} \ No newline at end of file diff --git a/addons/lakefs/1.52/chart/lakefs/templates/fluffy-service.yaml b/addons/lakefs/1.52/chart/lakefs/templates/fluffy-service.yaml new file mode 100644 index 00000000..942d4212 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/fluffy-service.yaml @@ -0,0 +1,35 @@ +{{- if (.Values.fluffy).enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "fluffy.ssoServiceName" . }} + labels: + {{- include "fluffy.labels" . | nindent 4 }} +spec: + type: {{ include "fluffy.sso.serviceType" . }} + ports: + - port: {{ include "fluffy.sso.port" . }} + targetPort: http-sso + protocol: TCP + name: http-sso + selector: + {{- include "fluffy.selectorLabels" . | nindent 4 }} +--- +{{- if .Values.fluffy.rbac.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "fluffy.rbacServiceName" . }} + labels: + {{- include "fluffy.labels" . | nindent 4 }} +spec: + type: {{ include "fluffy.rbac.serviceType" . }} + ports: + - port: {{ include "fluffy.rbac.port" . }} + targetPort: http-rbac + protocol: TCP + name: http-rbac + selector: + {{- include "fluffy.selectorLabels" . | nindent 4 }} +{{- end }} +{{- end}} \ No newline at end of file diff --git a/addons/lakefs/1.52/chart/lakefs/templates/ingress.yaml b/addons/lakefs/1.52/chart/lakefs/templates/ingress.yaml new file mode 100644 index 00000000..0191fb21 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/ingress.yaml @@ -0,0 +1,80 @@ +{{- if .Values.ingress.enabled -}} + {{- $root := . -}} + {{- $fullName := include "lakefs.fullname" . -}} + {{- $svcPort := .Values.service.port -}} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 + {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 + {{- else -}} +apiVersion: extensions/v1beta1 + {{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "lakefs.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end }} + {{- with .Values.ingress.defaultBackend }} + defaultBackend: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- if ($.Values.fluffy).enabled }} + {{- include "fluffy.ingressOverrides" $root | nindent 10 }} + {{- end }} + {{- if (.pathsOverrides) }} + {{- range .pathsOverrides }} + - path: {{ .path }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + backend: + service: + name: {{ .serviceName }} + port: + number: {{ .servicePort }} + {{- else }} + backend: + serviceName: {{ .serviceName }} + servicePort: {{ .servicePort }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} diff --git a/addons/lakefs/1.52/chart/lakefs/templates/secret.yaml b/addons/lakefs/1.52/chart/lakefs/templates/secret.yaml new file mode 100644 index 00000000..33e18d26 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/secret.yaml @@ -0,0 +1,16 @@ +{{- if and (.Values.secrets) (not .Values.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "lakefs.fullname" . }} + labels: + {{- include "lakefs.labels" . | nindent 4 }} +type: Opaque +data: +{{- if .Values.secrets.databaseConnectionString }} + database_connection_string: {{ .Values.secrets.databaseConnectionString | default "" | b64enc }} +{{- end }} +{{- if .Values.secrets.authEncryptSecretKey }} + auth_encrypt_secret_key: {{ .Values.secrets.authEncryptSecretKey | default "" | b64enc }} +{{- end }} +{{- end }} diff --git a/addons/lakefs/1.52/chart/lakefs/templates/service.yaml b/addons/lakefs/1.52/chart/lakefs/templates/service.yaml new file mode 100644 index 00000000..281239ad --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "lakefs.fullname" . }} + labels: + {{- include "lakefs.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.service.annotations | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + protocol: TCP + name: http + selector: + {{- include "lakefs.selectorLabels" . | nindent 4 }} diff --git a/addons/lakefs/1.52/chart/lakefs/values.yaml b/addons/lakefs/1.52/chart/lakefs/values.yaml new file mode 100644 index 00000000..7a9d4f38 --- /dev/null +++ b/addons/lakefs/1.52/chart/lakefs/values.yaml @@ -0,0 +1,127 @@ +# Default values for lakefs. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + pullPolicy: IfNotPresent + repository: registry.drycc.cc/drycc-addons/lakefs + tag: "1.52.0" +nameOverride: "" +fullnameOverride: "" + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + ingressClassName: "" + defaultBackend: {} + hosts: + - host: chart-example.local + paths: [] + # redirect to a different service based on path prefix for advanced use cases only + # pathsOverrides: + # - path: /some/path + # serviceName: other-example.local + # servicePort: 80 + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + +podAnnotations: {} +jobPodAnnotations: + sidecar.istio.io/inject: "false" + +deployment: + port: 8000 + +service: + annotations: {} + type: ClusterIP + port: 80 + +resources: {} + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +## Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## +topologySpreadConstraints: [] + +s3Fallback: + enabled: false + +gcpFallback: + enabled: false + +lakefsConfig: | + database: + type: local + blockstore: + type: local + +# yamllint disable rule:comments + +# Example: using node instance storage for caching committed data: +# For more information: https://www.vipmind.me/infra/aws/how-to-use-ephemeral-disk-from-ec2-instance-in-eks.html +#committedLocalCacheVolume: +# hostPath: +# path: /media/ephemeral0 + +# yamllint enable + +serviceAccount: {} + +# to use an existing service account, replace the serviceAccount map above with the following: +# serviceAccount: +# name: "my-serviceaccount" + +# Extra Environment Values - allows yaml definitions +extraEnvVars: +# - name: VALUE_FROM_SECRET +# valueFrom: +# secretKeyRef: +# name: secret_name +# key: secret_key +# Override K8S defaults for readinessProbe +# readinessProbe: +# failureThreshold: 10 +# periodSeconds: 5 +# successThreshold: 4 +# timeoutSeconds: 1 +# Override K8S defaults for livenessProbe +# livenessProbe: +# failureThreshold: 20 +# periodSeconds: 5 +# successThreshold: 4 +# timeoutSeconds: 1 +# initialDelaySeconds: 5 + +# Everything under fluffy stanza is for lakeFS enterprise only https://docs.lakefs.io/enterprise/ +fluffy: + enabled: false + image: + repository: treeverse/fluffy + tag: '0.9.0' + pullPolicy: IfNotPresent + +# Start local postgres pod for quick start, not for production +useDevPostgres: true + +# Name of existing secret to use +existingSecret: null + +# Keys used for existingSecret +secretKeys: + authEncryptSecretKey: auth_encrypt_secret_key + # Use the following to fetch PostgreSQL connection string from an existing secret: + databaseConnectionString: null diff --git a/addons/lakefs/1.52/meta.yaml b/addons/lakefs/1.52/meta.yaml new file mode 100644 index 00000000..ee956aa2 --- /dev/null +++ b/addons/lakefs/1.52/meta.yaml @@ -0,0 +1,30 @@ +name: lakefs +version: 1.52 +id: 6e34d8ba-0dd4-11f0-9f70-9b985edbdcd7 +description: "lakefs" +displayName: "lakefs" +metadata: + displayName: "lakefs" + provider: + name: drycc + supportURL: https://docs.lakefs.io + documentationURL: https://github.com/drycc-addons/ +tags: lakefs +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "service.type" + required: false + description: "service type config for values.yaml" +- name: "lakefsConfig" + required: false + description: "lakefsConfig config for values.yaml" +- name: "replicaCount" + required: false + description: "replicaCount config for values.yaml" +- name: "extraEnvVars" + required: false + description: "extraEnvVars config for values.yaml" +archive: false diff --git a/addons/lakefs/1.52/plans/standard-1c1g/bind.yaml b/addons/lakefs/1.52/plans/standard-1c1g/bind.yaml new file mode 100644 index 00000000..3247afdd --- /dev/null +++ b/addons/lakefs/1.52/plans/standard-1c1g/bind.yaml @@ -0,0 +1,17 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: {{ printf "EXTRANET_HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: {{ printf "HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: SECRET_KEY + value: 0d48e811f0b11d7f18d8c905 + - name: PORT + value: 80 diff --git a/addons/lakefs/1.52/plans/standard-1c1g/create-instance-schema.json b/addons/lakefs/1.52/plans/standard-1c1g/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/lakefs/1.52/plans/standard-1c1g/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/lakefs/1.52/plans/standard-1c1g/meta.yaml b/addons/lakefs/1.52/plans/standard-1c1g/meta.yaml new file mode 100644 index 00000000..1b8ebe49 --- /dev/null +++ b/addons/lakefs/1.52/plans/standard-1c1g/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1c1g" +id: 0074ff96-0dd2-11f0-85dd-bff4b041926a +description: "lakefs plan standard-1c1g which limit 1c1g ." +displayName: "1c1g" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/lakefs/1.52/plans/standard-1c1g/values.yaml b/addons/lakefs/1.52/plans/standard-1c1g/values.yaml new file mode 100644 index 00000000..2de793ad --- /dev/null +++ b/addons/lakefs/1.52/plans/standard-1c1g/values.yaml @@ -0,0 +1,28 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-grafana-standard-1c1g + +resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 1000m + memory: 1Gi + +lakefsConfig: | + database: + type: "postgres" + + postgres: + connection_string: "xxxx" + + blockstore: + type: s3 + s3: + force_path_style: true + endpoint: xxx + discover_bucket_region: false + credentials: + access_key_id: xxx + secret_access_key: xx diff --git a/addons/lakefs/1.52/plans/standard-4c4g/bind.yaml b/addons/lakefs/1.52/plans/standard-4c4g/bind.yaml new file mode 100644 index 00000000..3247afdd --- /dev/null +++ b/addons/lakefs/1.52/plans/standard-4c4g/bind.yaml @@ -0,0 +1,17 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: {{ printf "EXTRANET_HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: {{ printf "HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: SECRET_KEY + value: 0d48e811f0b11d7f18d8c905 + - name: PORT + value: 80 diff --git a/addons/lakefs/1.52/plans/standard-4c4g/create-instance-schema.json b/addons/lakefs/1.52/plans/standard-4c4g/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/lakefs/1.52/plans/standard-4c4g/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/lakefs/1.52/plans/standard-4c4g/meta.yaml b/addons/lakefs/1.52/plans/standard-4c4g/meta.yaml new file mode 100644 index 00000000..ae6f1e7d --- /dev/null +++ b/addons/lakefs/1.52/plans/standard-4c4g/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c4g" +id: 07243b90-0dd2-11f0-b921-97ce1e5f9446 +description: "lakefs plan standard-4c4g ." +displayName: "4c4g" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/lakefs/1.52/plans/standard-4c4g/values.yaml b/addons/lakefs/1.52/plans/standard-4c4g/values.yaml new file mode 100644 index 00000000..2648d4d9 --- /dev/null +++ b/addons/lakefs/1.52/plans/standard-4c4g/values.yaml @@ -0,0 +1,17 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-grafana-standard-4c4g + +resources: + limits: + cpu: 4000m + memory: 4Gi + requests: + cpu: 1000m + memory: 1Gi + +lakefsConfig: | + database: + type: local1111 + blockstore: + type: localcd \ No newline at end of file diff --git a/addons/lakefs/1.52/plans/standard-4c8g/bind.yaml b/addons/lakefs/1.52/plans/standard-4c8g/bind.yaml new file mode 100644 index 00000000..3247afdd --- /dev/null +++ b/addons/lakefs/1.52/plans/standard-4c8g/bind.yaml @@ -0,0 +1,17 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: {{ printf "EXTRANET_HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: {{ printf "HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: SECRET_KEY + value: 0d48e811f0b11d7f18d8c905 + - name: PORT + value: 80 diff --git a/addons/lakefs/1.52/plans/standard-4c8g/meta.yaml b/addons/lakefs/1.52/plans/standard-4c8g/meta.yaml new file mode 100644 index 00000000..66e2b625 --- /dev/null +++ b/addons/lakefs/1.52/plans/standard-4c8g/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c8g" +id: 22327fd6-0dd3-11f0-86e5-ef33ac735b18 +description: "lakefs plan standard-4c8g ." +displayName: "4c8g" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/lakefs/1.52/plans/standard-4c8g/values.yaml b/addons/lakefs/1.52/plans/standard-4c8g/values.yaml new file mode 100644 index 00000000..62a4e303 --- /dev/null +++ b/addons/lakefs/1.52/plans/standard-4c8g/values.yaml @@ -0,0 +1,18 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-grafana-standard-4c8g + + +resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 1000m + memory: 1Gi + +lakefsConfig: | + database: + type: local1111 + blockstore: + type: localcd \ No newline at end of file diff --git a/addons/lakefs/1.52/plans/standard-8c816g/bind.yaml b/addons/lakefs/1.52/plans/standard-8c816g/bind.yaml new file mode 100644 index 00000000..3247afdd --- /dev/null +++ b/addons/lakefs/1.52/plans/standard-8c816g/bind.yaml @@ -0,0 +1,17 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: {{ printf "EXTRANET_HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: {{ printf "HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: SECRET_KEY + value: 0d48e811f0b11d7f18d8c905 + - name: PORT + value: 80 diff --git a/addons/lakefs/1.52/plans/standard-8c816g/meta.yaml b/addons/lakefs/1.52/plans/standard-8c816g/meta.yaml new file mode 100644 index 00000000..35e4c437 --- /dev/null +++ b/addons/lakefs/1.52/plans/standard-8c816g/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c16g" +id: 307d195c-0dd3-11f0-bfca-2f68dd3fac98 +description: "lakefs plan standard-8c16g ." +displayName: "8c16g" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/lakefs/1.52/plans/standard-8c816g/values.yaml b/addons/lakefs/1.52/plans/standard-8c816g/values.yaml new file mode 100644 index 00000000..c778c3b3 --- /dev/null +++ b/addons/lakefs/1.52/plans/standard-8c816g/values.yaml @@ -0,0 +1,18 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-grafana-standard-8c16g + + +resources: + limits: + cpu: 4000m + memory: 4Gi + requests: + cpu: 1000m + memory: 1Gi + +lakefsConfig: | + database: + type: local1111 + blockstore: + type: localcd \ No newline at end of file From 244da5e9cf77fa237550a02554d7e8a43d885e98 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 31 Mar 2025 16:15:26 +0800 Subject: [PATCH 149/176] chore(addons): add lakefs --- addons/lakefs/1.52/plans/standard-4c4g/values.yaml | 6 ------ .../{standard-8c816g => standard-8c16g}/bind.yaml | 0 .../{standard-8c816g => standard-8c16g}/meta.yaml | 0 .../{standard-8c816g => standard-8c16g}/values.yaml | 10 ++-------- 4 files changed, 2 insertions(+), 14 deletions(-) rename addons/lakefs/1.52/plans/{standard-8c816g => standard-8c16g}/bind.yaml (100%) rename addons/lakefs/1.52/plans/{standard-8c816g => standard-8c16g}/meta.yaml (100%) rename addons/lakefs/1.52/plans/{standard-8c816g => standard-8c16g}/values.yaml (63%) diff --git a/addons/lakefs/1.52/plans/standard-4c4g/values.yaml b/addons/lakefs/1.52/plans/standard-4c4g/values.yaml index 2648d4d9..d9008fa8 100644 --- a/addons/lakefs/1.52/plans/standard-4c4g/values.yaml +++ b/addons/lakefs/1.52/plans/standard-4c4g/values.yaml @@ -9,9 +9,3 @@ resources: requests: cpu: 1000m memory: 1Gi - -lakefsConfig: | - database: - type: local1111 - blockstore: - type: localcd \ No newline at end of file diff --git a/addons/lakefs/1.52/plans/standard-8c816g/bind.yaml b/addons/lakefs/1.52/plans/standard-8c16g/bind.yaml similarity index 100% rename from addons/lakefs/1.52/plans/standard-8c816g/bind.yaml rename to addons/lakefs/1.52/plans/standard-8c16g/bind.yaml diff --git a/addons/lakefs/1.52/plans/standard-8c816g/meta.yaml b/addons/lakefs/1.52/plans/standard-8c16g/meta.yaml similarity index 100% rename from addons/lakefs/1.52/plans/standard-8c816g/meta.yaml rename to addons/lakefs/1.52/plans/standard-8c16g/meta.yaml diff --git a/addons/lakefs/1.52/plans/standard-8c816g/values.yaml b/addons/lakefs/1.52/plans/standard-8c16g/values.yaml similarity index 63% rename from addons/lakefs/1.52/plans/standard-8c816g/values.yaml rename to addons/lakefs/1.52/plans/standard-8c16g/values.yaml index c778c3b3..001ff535 100644 --- a/addons/lakefs/1.52/plans/standard-8c816g/values.yaml +++ b/addons/lakefs/1.52/plans/standard-8c16g/values.yaml @@ -5,14 +5,8 @@ fullnameOverride: hb-grafana-standard-8c16g resources: limits: - cpu: 4000m - memory: 4Gi + cpu: 8000m + memory: 16Gi requests: cpu: 1000m memory: 1Gi - -lakefsConfig: | - database: - type: local1111 - blockstore: - type: localcd \ No newline at end of file From 43cacbc7fb7070d0b802434d44d0bb6cc2b4f208 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 31 Mar 2025 16:24:22 +0800 Subject: [PATCH 150/176] chore(addons): add lakefs --- addons/lakefs/1.52/plans/standard-4c8g/values.yaml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/addons/lakefs/1.52/plans/standard-4c8g/values.yaml b/addons/lakefs/1.52/plans/standard-4c8g/values.yaml index 62a4e303..8a954e1a 100644 --- a/addons/lakefs/1.52/plans/standard-4c8g/values.yaml +++ b/addons/lakefs/1.52/plans/standard-4c8g/values.yaml @@ -9,10 +9,4 @@ resources: memory: 8Gi requests: cpu: 1000m - memory: 1Gi - -lakefsConfig: | - database: - type: local1111 - blockstore: - type: localcd \ No newline at end of file + memory: 1Gi \ No newline at end of file From f3a0d7367078df2b0d4de15f1aef3ff710188bfd Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 13 May 2025 16:18:48 +0800 Subject: [PATCH 151/176] chore(addons): add mongodb info domain and replica set name --- addons/mongodb/7.0/plans/standard-16c64g400/bind.yaml | 8 ++++++++ addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml | 8 ++++++++ addons/mongodb/7.0/plans/standard-2c4g20/bind.yaml | 8 ++++++++ addons/mongodb/7.0/plans/standard-2c8g50/bind.yaml | 8 ++++++++ addons/mongodb/7.0/plans/standard-32c128g800/bind.yaml | 8 ++++++++ addons/mongodb/7.0/plans/standard-4c16g100/bind.yaml | 8 ++++++++ addons/mongodb/7.0/plans/standard-8c32g200/bind.yaml | 8 ++++++++ 7 files changed, 56 insertions(+) diff --git a/addons/mongodb/7.0/plans/standard-16c64g400/bind.yaml b/addons/mongodb/7.0/plans/standard-16c64g400/bind.yaml index 13939fc0..a8ce0395 100644 --- a/addons/mongodb/7.0/plans/standard-16c64g400/bind.yaml +++ b/addons/mongodb/7.0/plans/standard-16c64g400/bind.yaml @@ -10,6 +10,7 @@ credential: jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} {{- end }} + {{- range $i, $e := until $replicaCount }} - name: {{ printf "HOSTNAME_%d" $i }} valueFrom: @@ -17,6 +18,13 @@ credential: name: {{ printf "%s-%d" $fullName $i }} jsonpath: '{ .spec.clusterIP }' {{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "DOMAIN_%d" $i }} + value: {{ printf "%s-%d" $fullName $i }}.{{$fullName}}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} +{{- end }} + - name: REPLICA_SET_NAME + value: 'rs0' - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml index 13939fc0..a8ce0395 100644 --- a/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml +++ b/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml @@ -10,6 +10,7 @@ credential: jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} {{- end }} + {{- range $i, $e := until $replicaCount }} - name: {{ printf "HOSTNAME_%d" $i }} valueFrom: @@ -17,6 +18,13 @@ credential: name: {{ printf "%s-%d" $fullName $i }} jsonpath: '{ .spec.clusterIP }' {{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "DOMAIN_%d" $i }} + value: {{ printf "%s-%d" $fullName $i }}.{{$fullName}}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} +{{- end }} + - name: REPLICA_SET_NAME + value: 'rs0' - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mongodb/7.0/plans/standard-2c4g20/bind.yaml b/addons/mongodb/7.0/plans/standard-2c4g20/bind.yaml index 13939fc0..a8ce0395 100644 --- a/addons/mongodb/7.0/plans/standard-2c4g20/bind.yaml +++ b/addons/mongodb/7.0/plans/standard-2c4g20/bind.yaml @@ -10,6 +10,7 @@ credential: jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} {{- end }} + {{- range $i, $e := until $replicaCount }} - name: {{ printf "HOSTNAME_%d" $i }} valueFrom: @@ -17,6 +18,13 @@ credential: name: {{ printf "%s-%d" $fullName $i }} jsonpath: '{ .spec.clusterIP }' {{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "DOMAIN_%d" $i }} + value: {{ printf "%s-%d" $fullName $i }}.{{$fullName}}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} +{{- end }} + - name: REPLICA_SET_NAME + value: 'rs0' - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mongodb/7.0/plans/standard-2c8g50/bind.yaml b/addons/mongodb/7.0/plans/standard-2c8g50/bind.yaml index 13939fc0..a8ce0395 100644 --- a/addons/mongodb/7.0/plans/standard-2c8g50/bind.yaml +++ b/addons/mongodb/7.0/plans/standard-2c8g50/bind.yaml @@ -10,6 +10,7 @@ credential: jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} {{- end }} + {{- range $i, $e := until $replicaCount }} - name: {{ printf "HOSTNAME_%d" $i }} valueFrom: @@ -17,6 +18,13 @@ credential: name: {{ printf "%s-%d" $fullName $i }} jsonpath: '{ .spec.clusterIP }' {{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "DOMAIN_%d" $i }} + value: {{ printf "%s-%d" $fullName $i }}.{{$fullName}}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} +{{- end }} + - name: REPLICA_SET_NAME + value: 'rs0' - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mongodb/7.0/plans/standard-32c128g800/bind.yaml b/addons/mongodb/7.0/plans/standard-32c128g800/bind.yaml index 13939fc0..a8ce0395 100644 --- a/addons/mongodb/7.0/plans/standard-32c128g800/bind.yaml +++ b/addons/mongodb/7.0/plans/standard-32c128g800/bind.yaml @@ -10,6 +10,7 @@ credential: jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} {{- end }} + {{- range $i, $e := until $replicaCount }} - name: {{ printf "HOSTNAME_%d" $i }} valueFrom: @@ -17,6 +18,13 @@ credential: name: {{ printf "%s-%d" $fullName $i }} jsonpath: '{ .spec.clusterIP }' {{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "DOMAIN_%d" $i }} + value: {{ printf "%s-%d" $fullName $i }}.{{$fullName}}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} +{{- end }} + - name: REPLICA_SET_NAME + value: 'rs0' - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mongodb/7.0/plans/standard-4c16g100/bind.yaml b/addons/mongodb/7.0/plans/standard-4c16g100/bind.yaml index 13939fc0..a8ce0395 100644 --- a/addons/mongodb/7.0/plans/standard-4c16g100/bind.yaml +++ b/addons/mongodb/7.0/plans/standard-4c16g100/bind.yaml @@ -10,6 +10,7 @@ credential: jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} {{- end }} + {{- range $i, $e := until $replicaCount }} - name: {{ printf "HOSTNAME_%d" $i }} valueFrom: @@ -17,6 +18,13 @@ credential: name: {{ printf "%s-%d" $fullName $i }} jsonpath: '{ .spec.clusterIP }' {{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "DOMAIN_%d" $i }} + value: {{ printf "%s-%d" $fullName $i }}.{{$fullName}}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} +{{- end }} + - name: REPLICA_SET_NAME + value: 'rs0' - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mongodb/7.0/plans/standard-8c32g200/bind.yaml b/addons/mongodb/7.0/plans/standard-8c32g200/bind.yaml index 13939fc0..a8ce0395 100644 --- a/addons/mongodb/7.0/plans/standard-8c32g200/bind.yaml +++ b/addons/mongodb/7.0/plans/standard-8c32g200/bind.yaml @@ -10,6 +10,7 @@ credential: jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} {{- end }} + {{- range $i, $e := until $replicaCount }} - name: {{ printf "HOSTNAME_%d" $i }} valueFrom: @@ -17,6 +18,13 @@ credential: name: {{ printf "%s-%d" $fullName $i }} jsonpath: '{ .spec.clusterIP }' {{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "DOMAIN_%d" $i }} + value: {{ printf "%s-%d" $fullName $i }}.{{$fullName}}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} +{{- end }} + - name: REPLICA_SET_NAME + value: 'rs0' - name: PASSWORD valueFrom: secretKeyRef: From 357ca86a83c22913a64279e145e621a0de6aa8ee Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 29 May 2025 09:39:15 +0800 Subject: [PATCH 152/176] chore(postgresql-cluster): add extentions timescaledb --- .../15/chart/postgresql-cluster/values.yaml | 2 +- .../16/chart/postgresql-cluster-16/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 95d57e54..7d103fd1 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -90,7 +90,7 @@ preInitScript: | archive_timeout: 300s archive_command: sh /opt/drycc/postgresql/walbackup.sh %p # timescaledb.license: 'timescale' - shared_preload_libraries: 'auto_explain,pg_stat_statements' + shared_preload_libraries: 'auto_explain,pg_stat_statements,timescaledb' log_destination: 'csvlog' log_filename: postgresql.log logging_collector: on diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster-16/values.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/values.yaml index 9ab405f3..fcf73961 100644 --- a/addons/postgresql-cluster/16/chart/postgresql-cluster-16/values.yaml +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/values.yaml @@ -89,8 +89,8 @@ preInitScript: | archive_mode: "on" archive_timeout: 300s archive_command: sh /opt/drycc/postgresql/walbackup.sh %p - # timescaledb.license: 'timescale' - shared_preload_libraries: 'auto_explain,pg_stat_statements' + # timescaledb.license: 'timescale' + shared_preload_libraries: 'auto_explain,pg_stat_statements,timescaledb' log_destination: 'csvlog' log_filename: postgresql.log logging_collector: on From aa7226d279b28246df4baddfaa1dabdf715a27c5 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 29 May 2025 10:26:45 +0800 Subject: [PATCH 153/176] chore(mysql-cluster): reset default configuration parameters --- addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml | 3 ++- addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml | 4 +++- addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml | 3 ++- .../mysql-cluster/8.0/plans/standard-32c128g800/values.yaml | 3 ++- addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml | 3 ++- addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml | 3 ++- 6 files changed, 13 insertions(+), 6 deletions(-) diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml index e897821a..b7bfb0ea 100644 --- a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml @@ -19,7 +19,8 @@ primary: max_connect_errors=1000000 open_files_limit=2000000 performance_schema_max_table_instances=200 - thread_cache_size=200 + thread_cache_size=0 + innodb_flush_method=O_DIRECT innodb_read_io_threads=32 innodb_write_io_threads=32 innodb_buffer_pool_instances=16 diff --git a/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml b/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml index 40a62583..5c34d122 100644 --- a/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml @@ -19,11 +19,13 @@ primary: max_connect_errors=1000000 open_files_limit=2000000 performance_schema_max_table_instances=200 - thread_cache_size=200 + thread_cache_size=0 + innodb_flush_method=O_DIRECT innodb_read_io_threads=4 innodb_write_io_threads=4 innodb_buffer_pool_instances=2 innodb_buffer_pool_size=2147483648 + group_replication_message_cache_size=536870912 max_connections=1000 resources: limits: diff --git a/addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml b/addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml index 5cd7245b..98bc94c8 100644 --- a/addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml @@ -19,7 +19,8 @@ primary: max_connect_errors=1000000 open_files_limit=2000000 performance_schema_max_table_instances=200 - thread_cache_size=200 + thread_cache_size=0 + innodb_flush_method=O_DIRECT innodb_read_io_threads=4 innodb_write_io_threads=4 innodb_buffer_pool_instances=2 diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml index 92916170..d854cec1 100644 --- a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml @@ -19,7 +19,8 @@ primary: max_connect_errors=1000000 open_files_limit=2000000 performance_schema_max_table_instances=200 - thread_cache_size=200 + thread_cache_size=0 + innodb_flush_method=O_DIRECT innodb_read_io_threads=64 innodb_write_io_threads=64 innodb_buffer_pool_instances=32 diff --git a/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml index 9fdcd02b..6312e572 100644 --- a/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml @@ -19,7 +19,8 @@ primary: max_connect_errors=1000000 open_files_limit=2000000 performance_schema_max_table_instances=200 - thread_cache_size=200 + thread_cache_size=0 + innodb_flush_method=O_DIRECT innodb_read_io_threads=8 innodb_write_io_threads=8 innodb_buffer_pool_instances=4 diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml index 5bd7daef..7c7f49a0 100644 --- a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml @@ -19,7 +19,8 @@ primary: max_connect_errors=1000000 open_files_limit=2000000 performance_schema_max_table_instances=200 - thread_cache_size=200 + thread_cache_size=0 + innodb_flush_method=O_DIRECT innodb_read_io_threads=16 innodb_write_io_threads=16 innodb_buffer_pool_instances=8 From 17243c566d78555e201ae5e6371bb57a9647403c Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 4 Jun 2025 11:36:08 +0800 Subject: [PATCH 154/176] fix(mysql-cluster): fix param group_replication_meesage_cache_size --- addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml b/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml index 5c34d122..20775ba1 100644 --- a/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml @@ -25,7 +25,7 @@ primary: innodb_write_io_threads=4 innodb_buffer_pool_instances=2 innodb_buffer_pool_size=2147483648 - group_replication_message_cache_size=536870912 + loose-group_replication_message_cache_size=536870912 max_connections=1000 resources: limits: From 3a7ddfcd2dc915e511b054f7e3af13a2b77b4aae Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 6 Jun 2025 11:55:03 +0800 Subject: [PATCH 155/176] chore(fluentbit): adjust input mem --- addons/fluentbit/2/chart/fluentbit/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/addons/fluentbit/2/chart/fluentbit/values.yaml b/addons/fluentbit/2/chart/fluentbit/values.yaml index d665a248..52f9d738 100644 --- a/addons/fluentbit/2/chart/fluentbit/values.yaml +++ b/addons/fluentbit/2/chart/fluentbit/values.yaml @@ -189,6 +189,7 @@ daemonset: Tag_Regex (?[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?[^_]+)_(?.+)-(?[a-z0-9]{64})\.log$ Read_from_Head false multiline.parser docker,cri + Mem_Buf_Limit 30M ## https://docs.fluentbit.io/manual/pipeline/filters filters_base: | From db1ec04f65f504b45cf5679f8d06d1e06446d034 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 10 Jun 2025 16:46:37 +0800 Subject: [PATCH 156/176] chore(mongodb): Optimize mongodb --- .../7.0/chart/mongodb/templates/replicaset/statefulset.yaml | 2 +- addons/mongodb/7.0/chart/mongodb/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml index c45daffe..eddaae09 100644 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml @@ -403,7 +403,7 @@ spec: {{- else }} args: - | - mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + mongodb_exporter --collector.replicasetstatus --collector.dbstats --collector.indexstats --collector.collstats --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} {{- end }} env: {{- if .Values.auth.enabled }} diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index ae599f98..ac06f422 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -1912,7 +1912,7 @@ metrics: ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: - enabled: true + enabled: false initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 5 @@ -1928,7 +1928,7 @@ metrics: ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: - enabled: true + enabled: false initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 5 From 60f381f3c7b35f520a1c8823376a2d48fc52c285 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 12 Jun 2025 11:40:21 +0800 Subject: [PATCH 157/176] chore(grafana): add store data in pg --- .../chart/grafana/templates/configmap-ini.yaml | 18 ++++++++++++++++++ .../10/chart/grafana/templates/deployment.yaml | 2 +- addons/grafana/10/chart/grafana/values.yaml | 7 ++++--- addons/grafana/10/meta.yaml | 3 +++ 4 files changed, 26 insertions(+), 4 deletions(-) create mode 100644 addons/grafana/10/chart/grafana/templates/configmap-ini.yaml diff --git a/addons/grafana/10/chart/grafana/templates/configmap-ini.yaml b/addons/grafana/10/chart/grafana/templates/configmap-ini.yaml new file mode 100644 index 00000000..980d0878 --- /dev/null +++ b/addons/grafana/10/chart/grafana/templates/configmap-ini.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-ini + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: grafana + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + grafana.ini: | + [database] + type = postgres + url = {{ .Values.pg_url | quote }} diff --git a/addons/grafana/10/chart/grafana/templates/deployment.yaml b/addons/grafana/10/chart/grafana/templates/deployment.yaml index 38426a73..cf1594a9 100644 --- a/addons/grafana/10/chart/grafana/templates/deployment.yaml +++ b/addons/grafana/10/chart/grafana/templates/deployment.yaml @@ -321,7 +321,7 @@ spec: - name: grafana-ini {{- if .Values.config.grafanaIniConfigMap }} configMap: - name: {{ .Values.config.grafanaIniConfigMap }} + name: {{ include "common.names.fullname" . }}-ini {{- else if .Values.config.grafanaIniSecret }} secret: secretName: {{ .Values.config.grafanaIniSecret }} diff --git a/addons/grafana/10/chart/grafana/values.yaml b/addons/grafana/10/chart/grafana/values.yaml index 753732fa..9bec5e4d 100644 --- a/addons/grafana/10/chart/grafana/values.yaml +++ b/addons/grafana/10/chart/grafana/values.yaml @@ -209,14 +209,15 @@ ldap: ## @param config.grafanaIniSecret Name of the Secret containing the `grafana.ini` file ## config: - useGrafanaIniFile: false - grafanaIniConfigMap: "" + useGrafanaIniFile: true + grafanaIniConfigMap: "grafana-ini" grafanaIniSecret: "" ## Create dasboard provider to load dashboards, a default one is created to load dashboards ## from "/opt/drycc/grafana/dashboards" ## @param dashboardsProvider.enabled Enable the use of a Grafana dashboard provider ## @param dashboardsProvider.configMapName Name of a ConfigMap containing a custom dashboard provider ## +pg_url: "postgres://user:secret@host:port/database" dashboardsProvider: enabled: false ## Important to set the Path to "/opt/drycc/grafana/dashboards" @@ -542,7 +543,7 @@ grafana: ## @param persistence.size Size for the PV ## persistence: - enabled: true + enabled: false ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is diff --git a/addons/grafana/10/meta.yaml b/addons/grafana/10/meta.yaml index 8e4a9eac..848290eb 100644 --- a/addons/grafana/10/meta.yaml +++ b/addons/grafana/10/meta.yaml @@ -23,4 +23,7 @@ allow_parameters: description: "service type config for values.yaml" - name: "grafana.nodeSelector" required: false +- name: "pg_url" + required: true + description: "Postgres URL for Grafana to connect to" archive: false From 7262fdf49b50aff5a337cbe856d8f18729110251 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 12 Jun 2025 16:43:42 +0800 Subject: [PATCH 158/176] chore(grafana): Adjusting the number of replicas to support high availability --- addons/grafana/10/chart/grafana/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/grafana/10/chart/grafana/values.yaml b/addons/grafana/10/chart/grafana/values.yaml index 9bec5e4d..f76a5b7a 100644 --- a/addons/grafana/10/chart/grafana/values.yaml +++ b/addons/grafana/10/chart/grafana/values.yaml @@ -269,7 +269,7 @@ notifiers: grafana: ## @param grafana.replicaCount Number of Grafana nodes ## - replicaCount: 1 + replicaCount: 2 ## @param grafana.updateStrategy.type Set up update strategy for Grafana installation. ## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to make sure the pods is destroyed first. ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy From dbb188dde8bb1a6f322c8cdf2f6e2e076ca9dd60 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 17 Jun 2025 14:42:42 +0800 Subject: [PATCH 159/176] chore(grafana): add support ha --- .../10/chart/grafana/templates/configmap-ini.yaml | 7 +++++++ .../grafana/10/chart/grafana/templates/deployment.yaml | 10 ++++++++++ addons/grafana/10/chart/grafana/templates/service.yaml | 8 ++++++++ addons/grafana/10/chart/grafana/values.yaml | 6 +++++- addons/grafana/10/meta.yaml | 2 +- 5 files changed, 31 insertions(+), 2 deletions(-) diff --git a/addons/grafana/10/chart/grafana/templates/configmap-ini.yaml b/addons/grafana/10/chart/grafana/templates/configmap-ini.yaml index 980d0878..edc57af1 100644 --- a/addons/grafana/10/chart/grafana/templates/configmap-ini.yaml +++ b/addons/grafana/10/chart/grafana/templates/configmap-ini.yaml @@ -13,6 +13,13 @@ metadata: {{- end }} data: grafana.ini: | + [unified_alerting] + enabled = true + ha_listen_address = "${POD_IP}:9094" + ha_peers = "{{ include "common.names.fullname" . }}:9094" + ha_advertise_address = "${POD_IP}:9094" + ha_peer_timeout = 15s + ha_reconnect_timeout = 2m [database] type = postgres url = {{ .Values.pg_url | quote }} diff --git a/addons/grafana/10/chart/grafana/templates/deployment.yaml b/addons/grafana/10/chart/grafana/templates/deployment.yaml index cf1594a9..b354727b 100644 --- a/addons/grafana/10/chart/grafana/templates/deployment.yaml +++ b/addons/grafana/10/chart/grafana/templates/deployment.yaml @@ -128,6 +128,10 @@ spec: name: {{ include "common.tplvalues.render" (dict "value" .Values.grafana.extraEnvVarsSecret "context" $) }} {{- end }} env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: GF_SECURITY_ADMIN_PASSWORD valueFrom: secretKeyRef: @@ -217,6 +221,12 @@ spec: - name: dashboard containerPort: {{ .Values.grafana.containerPorts.grafana }} protocol: TCP + - name: gossip-tcp + containerPort: {{ .Values.grafana.containerPorts.gossipTCP }} + protocol: TCP + - name: gossip-udp + containerPort: {{ .Values.grafana.containerPorts.gossipUDP }} + protocol: UDP {{- if .Values.grafana.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.customLivenessProbe "context" $) | nindent 12 }} {{- else if .Values.grafana.livenessProbe.enabled }} diff --git a/addons/grafana/10/chart/grafana/templates/service.yaml b/addons/grafana/10/chart/grafana/templates/service.yaml index 8eb7182d..5a7c9dc8 100644 --- a/addons/grafana/10/chart/grafana/templates/service.yaml +++ b/addons/grafana/10/chart/grafana/templates/service.yaml @@ -45,6 +45,14 @@ spec: targetPort: dashboard protocol: TCP name: http + - port: {{ .Values.service.ports.gossipTCP }} + targetPort: gossip-tcp + protocol: TCP + name: gossip-tcp + - port: {{ .Values.service.ports.gossipUDP }} + targetPort: gossip-udp + protocol: UDP + name: gossip-udp {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.grafana)) }} nodePort: {{ .Values.service.nodePorts.grafana }} {{- else if eq .Values.service.type "ClusterIP" }} diff --git a/addons/grafana/10/chart/grafana/values.yaml b/addons/grafana/10/chart/grafana/values.yaml index f76a5b7a..4f2c4be7 100644 --- a/addons/grafana/10/chart/grafana/values.yaml +++ b/addons/grafana/10/chart/grafana/values.yaml @@ -318,6 +318,8 @@ grafana: ## containerPorts: grafana: 3000 + gossipTCP: 9094 + gossipUDP: 9094 ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## @param grafana.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` @@ -586,6 +588,8 @@ service: ## ports: grafana: 3000 + gossipTCP: 9094 + gossipUDP: 9094 ## @param service.nodePorts.grafana Specify the nodePort value for the LoadBalancer and NodePort service types ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## @@ -733,7 +737,7 @@ ingress: metrics: ## @param metrics.enabled Enable the export of Prometheus metrics ## - enabled: false + enabled: true ## Prometheus Operator ServiceMonitor configuration ## @param metrics.service.annotations [object] Annotations for Prometheus metrics service ## diff --git a/addons/grafana/10/meta.yaml b/addons/grafana/10/meta.yaml index 848290eb..888100cd 100644 --- a/addons/grafana/10/meta.yaml +++ b/addons/grafana/10/meta.yaml @@ -13,7 +13,7 @@ tags: grafana bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: - name: "networkPolicy.allowNamespaces" required: false From 1e409856fabf3f80eac42501be06da104385372b Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Jun 2025 11:21:08 +0800 Subject: [PATCH 160/176] chore(addons) add victoriametrics --- addons/index.yaml | 5 +- .../1/chart/victoriametrics/.helmignore | 25 + .../1/chart/victoriametrics/Chart.yaml | 28 + .../1/chart/victoriametrics/README.md | 1159 ++++++ .../chart/victoriametrics/templates/NOTES.txt | 168 + .../victoriametrics/templates/_helpers.tpl | 283 ++ .../chart/victoriametrics/templates/bind.yaml | 24 + .../victoriametrics/templates/extra-list.yaml | 9 + .../templates/vmagent/configmap.yaml | 215 + .../templates/vmagent/dep-ds.yaml | 215 + .../templates/vmagent/hpa.yaml | 42 + .../templates/vmagent/networkpolicy.yaml | 99 + .../templates/vmagent/pdb.yaml | 29 + .../templates/vmagent/rbac.yaml | 72 + .../templates/vmagent/service-account.yaml | 20 + .../templates/vmagent/service.yaml | 92 + .../templates/vmagent/servicemonitor.yaml | 48 + .../templates/vmagent/vpa.yaml | 50 + .../templates/vmalert/configmap.yaml | 31 + .../templates/vmalert/deployment.yaml | 185 + .../templates/vmalert/hpa.yaml | 42 + .../templates/vmalert/networkpolicy.yaml | 76 + .../templates/vmalert/pdb.yaml | 29 + .../templates/vmalert/service-account.yaml | 20 + .../templates/vmalert/service.yaml | 59 + .../templates/vmalert/servicemonitor.yaml | 48 + .../templates/vmalert/vpa.yaml | 45 + .../templates/vmauth/dep-ds.yaml | 178 + .../victoriametrics/templates/vmauth/hpa.yaml | 42 + .../templates/vmauth/ingress-tls-secret.yaml | 48 + .../templates/vmauth/ingress.yaml | 57 + .../templates/vmauth/networkpolicy.yaml | 100 + .../victoriametrics/templates/vmauth/pdb.yaml | 29 + .../templates/vmauth/secret.yaml | 42 + .../templates/vmauth/service-account.yaml | 20 + .../templates/vmauth/service.yaml | 59 + .../templates/vmauth/servicemonitor.yaml | 48 + .../victoriametrics/templates/vmauth/vpa.yaml | 50 + .../templates/vminsert/deployment.yaml | 160 + .../templates/vminsert/hpa.yaml | 42 + .../vminsert/ingress-tls-secret.yaml | 48 + .../templates/vminsert/ingress.yaml | 57 + .../templates/vminsert/networkpolicy.yaml | 79 + .../templates/vminsert/pdb.yaml | 29 + .../templates/vminsert/service-account.yaml | 20 + .../templates/vminsert/service.yaml | 57 + .../templates/vminsert/servicemonitor.yaml | 48 + .../templates/vminsert/vpa.yaml | 45 + .../templates/vmselect/dep-sts.yaml | 178 + .../templates/vmselect/headless-service.yaml | 30 + .../templates/vmselect/hpa.yaml | 47 + .../vmselect/ingress-tls-secret.yaml | 48 + .../templates/vmselect/ingress.yaml | 57 + .../templates/vmselect/networkpolicy.yaml | 79 + .../templates/vmselect/pdb.yaml | 29 + .../templates/vmselect/service-account.yaml | 20 + .../templates/vmselect/service.yaml | 57 + .../templates/vmselect/servicemonitor.yaml | 48 + .../templates/vmselect/vpa.yaml | 50 + .../templates/vmstorage/headless-service.yaml | 36 + .../templates/vmstorage/hpa.yaml | 42 + .../templates/vmstorage/networkpolicy.yaml | 73 + .../templates/vmstorage/pdb.yaml | 29 + .../templates/vmstorage/service-account.yaml | 20 + .../templates/vmstorage/service.yaml | 57 + .../templates/vmstorage/servicemonitor.yaml | 48 + .../templates/vmstorage/statefulset.yaml | 225 + .../templates/vmstorage/vpa.yaml | 45 + .../1/chart/victoriametrics/values.yaml | 3670 +++++++++++++++++ addons/victoriametrics/1/demo.yaml | 17 + addons/victoriametrics/1/meta.yaml | 45 + .../1/plans/standard-16c32g500/bind.yaml | 24 + .../create-instance-schema.json | 12 + .../1/plans/standard-16c32g500/meta.yaml | 6 + .../1/plans/standard-16c32g500/values.yaml | 44 + .../1/plans/standard-1c1g10/bind.yaml | 24 + .../create-instance-schema.json | 12 + .../1/plans/standard-1c1g10/meta.yaml | 6 + .../1/plans/standard-1c1g10/values.yaml | 44 + .../1/plans/standard-2c4g50/bind.yaml | 24 + .../create-instance-schema.json | 12 + .../1/plans/standard-2c4g50/meta.yaml | 6 + .../1/plans/standard-2c4g50/values.yaml | 44 + .../1/plans/standard-4c8g100/bind.yaml | 24 + .../create-instance-schema.json | 12 + .../1/plans/standard-4c8g100/meta.yaml | 6 + .../1/plans/standard-4c8g100/values.yaml | 44 + .../1/plans/standard-8c16g200/bind.yaml | 24 + .../create-instance-schema.json | 12 + .../1/plans/standard-8c16g200/meta.yaml | 6 + .../1/plans/standard-8c16g200/values.yaml | 44 + 91 files changed, 9755 insertions(+), 1 deletion(-) create mode 100644 addons/victoriametrics/1/chart/victoriametrics/.helmignore create mode 100644 addons/victoriametrics/1/chart/victoriametrics/Chart.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/README.md create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/NOTES.txt create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/_helpers.tpl create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/bind.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/extra-list.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/configmap.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/dep-ds.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/hpa.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/networkpolicy.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/pdb.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/rbac.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/service-account.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/service.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/servicemonitor.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/vpa.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/configmap.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/deployment.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/hpa.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/networkpolicy.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/pdb.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/service-account.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/service.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/servicemonitor.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/vpa.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/dep-ds.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/hpa.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/ingress-tls-secret.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/ingress.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/networkpolicy.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/pdb.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/secret.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/service-account.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/service.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/servicemonitor.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/vpa.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/deployment.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/hpa.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/ingress-tls-secret.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/ingress.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/networkpolicy.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/pdb.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/service-account.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/service.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/servicemonitor.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/vpa.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/dep-sts.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/headless-service.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/hpa.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/ingress-tls-secret.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/ingress.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/networkpolicy.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/pdb.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/service-account.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/service.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/servicemonitor.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/vpa.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/headless-service.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/hpa.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/networkpolicy.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/pdb.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/service-account.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/service.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/servicemonitor.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/statefulset.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/vpa.yaml create mode 100644 addons/victoriametrics/1/chart/victoriametrics/values.yaml create mode 100644 addons/victoriametrics/1/demo.yaml create mode 100644 addons/victoriametrics/1/meta.yaml create mode 100644 addons/victoriametrics/1/plans/standard-16c32g500/bind.yaml create mode 100644 addons/victoriametrics/1/plans/standard-16c32g500/create-instance-schema.json create mode 100644 addons/victoriametrics/1/plans/standard-16c32g500/meta.yaml create mode 100644 addons/victoriametrics/1/plans/standard-16c32g500/values.yaml create mode 100644 addons/victoriametrics/1/plans/standard-1c1g10/bind.yaml create mode 100644 addons/victoriametrics/1/plans/standard-1c1g10/create-instance-schema.json create mode 100644 addons/victoriametrics/1/plans/standard-1c1g10/meta.yaml create mode 100644 addons/victoriametrics/1/plans/standard-1c1g10/values.yaml create mode 100644 addons/victoriametrics/1/plans/standard-2c4g50/bind.yaml create mode 100644 addons/victoriametrics/1/plans/standard-2c4g50/create-instance-schema.json create mode 100644 addons/victoriametrics/1/plans/standard-2c4g50/meta.yaml create mode 100644 addons/victoriametrics/1/plans/standard-2c4g50/values.yaml create mode 100644 addons/victoriametrics/1/plans/standard-4c8g100/bind.yaml create mode 100644 addons/victoriametrics/1/plans/standard-4c8g100/create-instance-schema.json create mode 100644 addons/victoriametrics/1/plans/standard-4c8g100/meta.yaml create mode 100644 addons/victoriametrics/1/plans/standard-4c8g100/values.yaml create mode 100644 addons/victoriametrics/1/plans/standard-8c16g200/bind.yaml create mode 100644 addons/victoriametrics/1/plans/standard-8c16g200/create-instance-schema.json create mode 100644 addons/victoriametrics/1/plans/standard-8c16g200/meta.yaml create mode 100644 addons/victoriametrics/1/plans/standard-8c16g200/values.yaml diff --git a/addons/index.yaml b/addons/index.yaml index 3c5fee53..ef1f050f 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -81,4 +81,7 @@ entries: description: "Transactional Catalog for Data Lakes with Git-like semantics . " lakefs: - version: "1.52" - description: "LakeFS provides version control over the data lake, and uses Git-like semantics to create and access those versions. If you know git, you’ll be right at home with lakeFS. " \ No newline at end of file + description: "LakeFS provides version control over the data lake, and uses Git-like semantics to create and access those versions. If you know git, you’ll be right at home with lakeFS. " + victoriametrics: + - version: "1" + description: "VictoriaMetrics is a fast, cost-effective and scalable monitoring solution and time series database. It is designed to handle large amounts of data with high performance and low resource usage." diff --git a/addons/victoriametrics/1/chart/victoriametrics/.helmignore b/addons/victoriametrics/1/chart/victoriametrics/.helmignore new file mode 100644 index 00000000..207983f3 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# img folder +img/ +# Changelog +CHANGELOG.md diff --git a/addons/victoriametrics/1/chart/victoriametrics/Chart.yaml b/addons/victoriametrics/1/chart/victoriametrics/Chart.yaml new file mode 100644 index 00000000..e56e7ff1 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/Chart.yaml @@ -0,0 +1,28 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +annotations: + category: Infrastructure + licenses: Apache-2.0 +apiVersion: v2 +appVersion: 1.118.0 +dependencies: +- name: common + repository: oci://registry-1.docker.io/drycccharts + tags: + - drycc-common + version: 2.x.x +description: VictoriaMetrics is a fast, cost-effective, and scalable monitoring solution + and time series database, compatible with Prometheus and Graphite +home: https://drycc.com +icon: https://dyltqmyl993wv.cloudfront.net/assets/stacks/victoriametrics/img/victoriametrics-stack-220x234.png +keywords: +- monitoring +- metrics +maintainers: +- name: Broadcom, Inc. All Rights Reserved. + url: https://github.com/drycc/charts +name: victoriametrics +sources: +- https://github.com/drycc/charts/tree/main/drycc/victoriametrics +version: 0.1.13 diff --git a/addons/victoriametrics/1/chart/victoriametrics/README.md b/addons/victoriametrics/1/chart/victoriametrics/README.md new file mode 100644 index 00000000..3d92c67c --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/README.md @@ -0,0 +1,1159 @@ + + +# Drycc package for VictoriaMetrics + +VictoriaMetrics is a fast, cost-effective, and scalable monitoring solution and time series database, compatible with Prometheus and Graphite + +[Overview of VictoriaMetrics](https://victoriametrics.com/) + +Trademarks: This software listing is packaged by Drycc. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +helm install my-release oci://registry-1.docker.io/Drycccharts/victoriametrics +``` + +Looking to use VictoriaMetrics in production? Try [VMware Tanzu Application Catalog](https://Drycc.com/enterprise), the commercial edition of the Drycc catalog. + +## Introduction + +This chart bootstraps a [VictoriaMetrics](https://github.com/Drycc/containers/tree/main/Drycc/victoriametrics-vmselect) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/victoriametrics +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Drycc, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=Drycccharts`. + +The command deploys VictoriaMetrics on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Configuration and installation details + +### Available VictoriaMetrics components + +The VictoriaMetrics chart always deploys the `vminsert`, `vmstorage` and `vmselect` components, as part of the basic [open-source VictoriaMetrics cluster installation](https://docs.victoriametrics.com/cluster-victoriametrics/). Additionally, it is possible to deploy the [`vmauth`](https://docs.victoriametrics.com/vmauth/), [`vmalert`](https://docs.victoriametrics.com/vmalert/) or [`vmagent`](https://docs.victoriametrics.com/vmagent/) components by setting `vmauth.enabled=true`, `vmagent.enabled=true` or `vmalert.enabled=true`. + +### Resource requests and limits + +Drycc charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the Drycc/common chart](https://github.com/Drycc/charts/blob/main/Drycc/common/templates/_resources.tpl#L15). However, in production workloads using `resourcesPreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + +### [Rolling VS Immutable tags](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Drycc will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Backup and restore + +To back up and restore Helm chart deployments on Kubernetes, you need to back up the persistent volumes from the source deployment and attach them to a new deployment using [Velero](https://velero.io/), a Kubernetes backup/restore tool. Find the instructions for using Velero in [this guide](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-backup-restore-deployments-velero-index.html). + +### Prometheus metrics + +This chart can be integrated with Prometheus by setting `*.metrics.enabled` (under the `vminsert`, `vmselect`, `vmstorage`, `vmagent`, `vmalert` and `vmauth` sections) to `true`. This will expose VictoriaMetrics native Prometheus ports in the containers. Additionally, it will deploy several `metrics` services, which can be configured under the `*.metrics.service` section (under the `vminsert`, `vmselect`, `vmstorage`, `vmagent`, `vmalert` and `vmauth` sections). These `metrics` services will have the necessary annotations to be automatically scraped by Prometheus. + +#### Prometheus requirements + +It is necessary to have a working installation of Prometheus or Prometheus Operator for the integration to work. Install the [Drycc Prometheus helm chart](https://github.com/Drycc/charts/tree/main/Drycc/prometheus) or the [Drycc Kube Prometheus helm chart](https://github.com/Drycc/charts/tree/main/Drycc/kube-prometheus) to easily have a working Prometheus in your cluster. + +#### Integration with Prometheus Operator + +The chart can deploy `ServiceMonitor` objects for integration with Prometheus Operator installations. To do so, set the value `*.metrics.serviceMonitor.enabled=true` (`vminsert`, `vmselect`, `vmstorage`, `vmagent`, `vmalert` and `vmauth`). Ensure that the Prometheus Operator `CustomResourceDefinitions` are installed in the cluster or it will fail with the following error: + +```text +no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1" +``` + +Install the [Drycc Kube Prometheus helm chart](https://github.com/Drycc/charts/tree/main/Drycc/kube-prometheus) for having the necessary CRDs and the Prometheus Operator. + +### Ingress + +This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/Drycc/charts/tree/main/Drycc/nginx-ingress-controller) or [contour](https://github.com/Drycc/charts/tree/main/Drycc/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `*.ingress.enabled` (under the `vmselect`, `vmauth` and `vmselect` sections) to `true`. + +The most common scenario is to have one host name mapped to the deployment. In this case, the `*.ingress.hostname` (under the `vmselect`, `vmauth` and `vmselect` sections) property can be used to set the host name. The `*.ingress.tls` parameter can be used to add the TLS configuration for this host. + +However, it is also possible to have more than one host. To facilitate this, the `*.ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `*.ingress.extraTLS` (under the `vmselect`, `vmauth` and `vmselect` sections) parameter (if available) can also be used to add the TLS configuration for extra hosts. + +> NOTE: For each host specified in the `*.ingress.extraHosts` (under the `vmselect`, `vmauth` and `vmselect` sections) parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers. + +Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists. + +[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). + +### Securing traffic using TLS + +This chart facilitates the creation of TLS secrets for use with the Ingress controller (although this is not mandatory). There are several common use cases: + +- Generate certificate secrets based on chart parameters. +- Enable externally generated certificates. +- Manage application certificates via an external service (like [cert-manager](https://github.com/jetstack/cert-manager/)). +- Create self-signed certificates within the chart (if supported). + +In the first two cases, a certificate and a key are needed. Files are expected in `.pem` format. + +Here is an example of a certificate file: + +> NOTE: There may be more than one certificate if there is a certificate chain. + +```text +-----BEGIN CERTIFICATE----- +MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +... +jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 +-----END CERTIFICATE----- +``` + +Here is an example of a certificate key: + +```text +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 +... +wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= +-----END RSA PRIVATE KEY----- +``` + +- If using Helm to manage the certificates based on the parameters, copy these values into the `certificate` and `key` values for a given `*.ingress.secrets` (under the `vmselect`, `vmauth` and `vmselect` sections) entry. +- If managing TLS secrets separately, it is necessary to create a TLS secret with name `INGRESS_HOSTNAME-tls` (where INGRESS_HOSTNAME is a placeholder to be replaced with the hostname you set using the `*.ingress.hostname` (under the `vmselect`, `vmauth` and `vmselect` sections) parameter). +- If your cluster has a [cert-manager](https://github.com/jetstack/cert-manager) add-on to automate the management and issuance of TLS certificates, add to `*.ingress.annotations` (under the `vmselect`, `vmauth` and `vmselect` sections) the [corresponding ones](https://cert-manager.io/docs/usage/ingress/#supported-annotations) for cert-manager. +- If using self-signed certificates created by Helm, set both `*.ingress.tls` and `*.ingress.selfSigned` (under the `vmselect`, `vmauth` and `vmselect` sections) to `true`. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.security.allowInsecureImages` | Allows skipping image verification | `false` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | + +### Common parameters + +| Name | Description | Value | +| ------------------- | ---------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `apiVersions` | Override Kubernetes API versions reported by .Capabilities | `[]` | +| `nameOverride` | String to partially override common.names.name | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | + +### VictoriaMetrics common parameters + +| Name | Description | Value | +| --------------- | ----------------------------------- | ------ | +| `envflagEnable` | Enable envflag | `true` | +| `envflagPrefix` | Prefix used for the envflag entries | `VM_` | +| `loggerFormat` | Set format of the logs | `json` | + +### VictoriaMetrics Select Parameters + +| Name | Description | Value | +| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------ | +| `vmselect.image.registry` | VictoriaMetrics Select image registry | `REGISTRY_NAME` | +| `vmselect.image.repository` | VictoriaMetrics Select image repository | `REPOSITORY_NAME/victoriametrics-vmselect` | +| `vmselect.image.digest` | VictoriaMetrics Select image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `vmselect.image.pullPolicy` | VictoriaMetrics Select image pull policy | `IfNotPresent` | +| `vmselect.image.pullSecrets` | VictoriaMetrics Select image pull secrets | `[]` | +| `vmselect.replicaCount` | Number of VictoriaMetrics Select replicas to deploy | `1` | +| `vmselect.containerPorts.http` | VictoriaMetrics Select http container port | `8481` | +| `vmselect.livenessProbe.enabled` | Enable livenessProbe on VictoriaMetrics Select containers | `true` | +| `vmselect.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `vmselect.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `vmselect.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `vmselect.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `vmselect.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `vmselect.readinessProbe.enabled` | Enable readinessProbe on VictoriaMetrics Select containers | `true` | +| `vmselect.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `vmselect.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `vmselect.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `vmselect.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `vmselect.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `vmselect.startupProbe.enabled` | Enable startupProbe on VictoriaMetrics Select containers | `false` | +| `vmselect.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `vmselect.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `vmselect.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `vmselect.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `vmselect.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `vmselect.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `vmselect.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `vmselect.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `vmselect.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if vmselect.resources is set (vmselect.resources is recommended for production). | `nano` | +| `vmselect.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `vmselect.kind` | Define how to deploy VictoriaMetrics Select (allowed values: deployment or statefulset) | `deployment` | +| `vmselect.podManagementPolicy` | Pod management policy for VictoriaMetrics Storage statefulset | `Parallel` | +| `vmselect.annotations` | Annotations for VictoriaMetrics Select Deployment or StatefulSet | `{}` | +| `vmselect.podSecurityContext.enabled` | Enabled VictoriaMetrics Select pods' Security Context | `true` | +| `vmselect.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `vmselect.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `vmselect.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `vmselect.podSecurityContext.fsGroup` | Set VictoriaMetrics Select pod's Security Context fsGroup | `1001` | +| `vmselect.containerSecurityContext.enabled` | Enabled VictoriaMetrics Select containers' Security Context | `true` | +| `vmselect.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `vmselect.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `vmselect.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `vmselect.containerSecurityContext.runAsNonRoot` | Set VictoriaMetrics Select containers' Security Context runAsNonRoot | `true` | +| `vmselect.containerSecurityContext.privileged` | Set VictoriaMetrics Select containers' Security Context privileged | `false` | +| `vmselect.containerSecurityContext.readOnlyRootFilesystem` | Set VictoriaMetrics Select containers' Security Context runAsNonRoot | `true` | +| `vmselect.containerSecurityContext.allowPrivilegeEscalation` | Set VictoriaMetrics Select container's privilege escalation | `false` | +| `vmselect.containerSecurityContext.capabilities.drop` | Set VictoriaMetrics Select container's Security Context runAsNonRoot | `["ALL"]` | +| `vmselect.containerSecurityContext.seccompProfile.type` | Set VictoriaMetrics Select container's Security Context seccomp profile | `RuntimeDefault` | +| `vmselect.command` | Override default container command (useful when using custom images) | `[]` | +| `vmselect.args` | Override default container args (useful when using custom images) | `[]` | +| `vmselect.extraArgs` | Add extra arguments to the default command | `[]` | +| `vmselect.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `vmselect.hostAliases` | VictoriaMetrics Select pods host aliases | `[]` | +| `vmselect.podLabels` | Extra labels for VictoriaMetrics Select pods | `{}` | +| `vmselect.podAnnotations` | Annotations for VictoriaMetrics Select pods | `{}` | +| `vmselect.podAffinityPreset` | Pod affinity preset. Ignored if `vmselect.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `vmselect.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `vmselect.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `vmselect.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `vmselect.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `vmselect.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `vmselect.autoscaling.vpa.enabled` | Enable VPA for VictoriaMetrics Select pods | `false` | +| `vmselect.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` | +| `vmselect.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` | +| `vmselect.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` | +| `vmselect.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` | +| `vmselect.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy | `Auto` | +| `vmselect.autoscaling.hpa.enabled` | Enable HPA for VictoriaMetrics Select pods | `false` | +| `vmselect.autoscaling.hpa.minReplicas` | Minimum number of replicas | `""` | +| `vmselect.autoscaling.hpa.maxReplicas` | Maximum number of replicas | `""` | +| `vmselect.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` | +| `vmselect.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` | +| `vmselect.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `vmselect.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `vmselect.nodeAffinityPreset.key` | Node label key to match. Ignored if `vmselect.affinity` is set | `""` | +| `vmselect.nodeAffinityPreset.values` | Node label values to match. Ignored if `vmselect.affinity` is set | `[]` | +| `vmselect.affinity` | Affinity for VictoriaMetrics Select pods assignment | `{}` | +| `vmselect.nodeSelector` | Node labels for VictoriaMetrics Select pods assignment | `{}` | +| `vmselect.tolerations` | Tolerations for VictoriaMetrics Select pods assignment | `[]` | +| `vmselect.updateStrategy.type` | VictoriaMetrics Select statefulset strategy type | `RollingUpdate` | +| `vmselect.priorityClassName` | VictoriaMetrics Select pods' priorityClassName | `""` | +| `vmselect.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `vmselect.schedulerName` | Name of the k8s scheduler (other than default) for VictoriaMetrics Select pods | `""` | +| `vmselect.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `vmselect.lifecycleHooks` | for the VictoriaMetrics Select container(s) to automate configuration before or after startup | `{}` | +| `vmselect.extraEnvVars` | Array with extra environment variables to add to VictoriaMetrics Select nodes | `[]` | +| `vmselect.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for VictoriaMetrics Select nodes | `""` | +| `vmselect.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for VictoriaMetrics Select nodes | `""` | +| `vmselect.extraVolumes` | Optionally specify extra list of additional volumes for the VictoriaMetrics Select pod(s) | `[]` | +| `vmselect.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the VictoriaMetrics Select container(s) | `[]` | +| `vmselect.sidecars` | Add additional sidecar containers to the VictoriaMetrics Select pod(s) | `[]` | +| `vmselect.initContainers` | Add additional init containers to the VictoriaMetrics Select pod(s) | `[]` | + +### VictoriaMetrics Select RBAC Parameters + +| Name | Description | Value | +| ------------------------------------------------------ | ---------------------------------------------------------------- | ------- | +| `vmselect.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `vmselect.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `vmselect.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `vmselect.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | + +### VictoriaMetrics Select Traffic Exposure Parameters + +| Name | Description | Value | +| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `vmselect.service.type` | VictoriaMetrics Select service type | `ClusterIP` | +| `vmselect.service.ports.http` | VictoriaMetrics Select service http port | `8481` | +| `vmselect.service.nodePorts.http` | Node port for HTTP | `""` | +| `vmselect.service.clusterIP` | VictoriaMetrics Select service Cluster IP | `""` | +| `vmselect.service.loadBalancerIP` | VictoriaMetrics Select service Load Balancer IP | `""` | +| `vmselect.service.loadBalancerSourceRanges` | VictoriaMetrics Select service Load Balancer sources | `[]` | +| `vmselect.service.externalTrafficPolicy` | VictoriaMetrics Select service external traffic policy | `Cluster` | +| `vmselect.service.annotations` | Additional custom annotations for VictoriaMetrics Select service | `{}` | +| `vmselect.service.extraPorts` | Extra ports to expose in VictoriaMetrics Select service (normally used with the `sidecars` value) | `[]` | +| `vmselect.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `vmselect.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `vmselect.service.headless.annotations` | Annotations for the headless service. | `{}` | +| `vmselect.ingress.enabled` | Enable ingress record generation for VictoriaMetrics Select | `false` | +| `vmselect.ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `vmselect.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `vmselect.ingress.hostname` | Default host for the ingress record | `vmselect.local` | +| `vmselect.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `vmselect.ingress.path` | Default path for the ingress record | `/` | +| `vmselect.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `vmselect.ingress.tls` | Enable TLS configuration for the host defined at `vmselect.ingress.hostname` parameter | `false` | +| `vmselect.ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `vmselect.ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | +| `vmselect.ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | +| `vmselect.ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | +| `vmselect.ingress.secrets` | Custom TLS certificates as secrets | `[]` | +| `vmselect.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `vmselect.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `vmselect.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `vmselect.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `vmselect.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `vmselect.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `vmselect.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `vmselect.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | + +### VictoriaMetrics Select Metrics Parameters + +| Name | Description | Value | +| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- | +| `vmselect.metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `vmselect.metrics.annotations` | Additional custom annotations for the service | `{}` | +| `vmselect.metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `vmselect.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `vmselect.metrics.serviceMonitor.annotations` | Additional custom annotations for the ServiceMonitor | `{}` | +| `vmselect.metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `vmselect.metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `vmselect.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `vmselect.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `vmselect.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `vmselect.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `vmselect.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `vmselect.metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | + +### VictoriaMetrics Insert Parameters + +| Name | Description | Value | +| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------ | +| `vminsert.image.registry` | VictoriaMetrics Insert image registry | `REGISTRY_NAME` | +| `vminsert.image.repository` | VictoriaMetrics Insert image repository | `REPOSITORY_NAME/victoriametrics-vminsert` | +| `vminsert.image.digest` | VictoriaMetrics Insert image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `vminsert.image.pullPolicy` | VictoriaMetrics Insert image pull policy | `IfNotPresent` | +| `vminsert.image.pullSecrets` | VictoriaMetrics Insert image pull secrets | `[]` | +| `vminsert.replicaCount` | Number of VictoriaMetrics Insert replicas to deploy | `1` | +| `vminsert.containerPorts.http` | VictoriaMetrics Insert http container port | `8480` | +| `vminsert.livenessProbe.enabled` | Enable livenessProbe on VictoriaMetrics Insert containers | `true` | +| `vminsert.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `vminsert.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `vminsert.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `vminsert.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `vminsert.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `vminsert.readinessProbe.enabled` | Enable readinessProbe on VictoriaMetrics Insert containers | `true` | +| `vminsert.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `vminsert.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `vminsert.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `vminsert.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `vminsert.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `vminsert.startupProbe.enabled` | Enable startupProbe on VictoriaMetrics Insert containers | `false` | +| `vminsert.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `vminsert.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `vminsert.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `vminsert.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `vminsert.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `vminsert.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `vminsert.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `vminsert.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `vminsert.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if vminsert.resources is set (vminsert.resources is recommended for production). | `nano` | +| `vminsert.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `vminsert.deploymentAnnotations` | Annotations for VictoriaMetrics Insert Deployment | `{}` | +| `vminsert.podSecurityContext.enabled` | Enabled VictoriaMetrics Insert pods' Security Context | `true` | +| `vminsert.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `vminsert.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `vminsert.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `vminsert.podSecurityContext.fsGroup` | Set VictoriaMetrics Insert pod's Security Context fsGroup | `1001` | +| `vminsert.containerSecurityContext.enabled` | Enabled VictoriaMetrics Insert containers' Security Context | `true` | +| `vminsert.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `vminsert.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `vminsert.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `vminsert.containerSecurityContext.runAsNonRoot` | Set VictoriaMetrics Insert containers' Security Context runAsNonRoot | `true` | +| `vminsert.containerSecurityContext.privileged` | Set VictoriaMetrics Insert containers' Security Context privileged | `false` | +| `vminsert.containerSecurityContext.readOnlyRootFilesystem` | Set VictoriaMetrics Insert containers' Security Context runAsNonRoot | `true` | +| `vminsert.containerSecurityContext.allowPrivilegeEscalation` | Set VictoriaMetrics Insert container's privilege escalation | `false` | +| `vminsert.containerSecurityContext.capabilities.drop` | Set VictoriaMetrics Insert container's Security Context runAsNonRoot | `["ALL"]` | +| `vminsert.containerSecurityContext.seccompProfile.type` | Set VictoriaMetrics Insert container's Security Context seccomp profile | `RuntimeDefault` | +| `vminsert.command` | Override default container command (useful when using custom images) | `[]` | +| `vminsert.args` | Override default container args (useful when using custom images) | `[]` | +| `vminsert.extraArgs` | Add extra arguments to the default command | `[]` | +| `vminsert.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `vminsert.hostAliases` | VictoriaMetrics Insert pods host aliases | `[]` | +| `vminsert.podLabels` | Extra labels for VictoriaMetrics Insert pods | `{}` | +| `vminsert.podAnnotations` | Annotations for VictoriaMetrics Insert pods | `{}` | +| `vminsert.podAffinityPreset` | Pod affinity preset. Ignored if `vminsert.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `vminsert.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `vminsert.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `vminsert.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `vminsert.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `vminsert.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `vminsert.autoscaling.vpa.enabled` | Enable VPA for VictoriaMetrics Insert pods | `false` | +| `vminsert.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` | +| `vminsert.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` | +| `vminsert.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` | +| `vminsert.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` | +| `vminsert.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy | `Auto` | +| `vminsert.autoscaling.hpa.enabled` | Enable HPA for VictoriaMetrics Insert pods | `false` | +| `vminsert.autoscaling.hpa.minReplicas` | Minimum number of replicas | `""` | +| `vminsert.autoscaling.hpa.maxReplicas` | Maximum number of replicas | `""` | +| `vminsert.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` | +| `vminsert.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` | +| `vminsert.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `vminsert.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `vminsert.nodeAffinityPreset.key` | Node label key to match. Ignored if `vminsert.affinity` is set | `""` | +| `vminsert.nodeAffinityPreset.values` | Node label values to match. Ignored if `vminsert.affinity` is set | `[]` | +| `vminsert.affinity` | Affinity for VictoriaMetrics Insert pods assignment | `{}` | +| `vminsert.nodeSelector` | Node labels for VictoriaMetrics Insert pods assignment | `{}` | +| `vminsert.tolerations` | Tolerations for VictoriaMetrics Insert pods assignment | `[]` | +| `vminsert.updateStrategy.type` | VictoriaMetrics Insert statefulset strategy type | `RollingUpdate` | +| `vminsert.priorityClassName` | VictoriaMetrics Insert pods' priorityClassName | `""` | +| `vminsert.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `vminsert.schedulerName` | Name of the k8s scheduler (other than default) for VictoriaMetrics Insert pods | `""` | +| `vminsert.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `vminsert.lifecycleHooks` | for the VictoriaMetrics Insert container(s) to automate configuration before or after startup | `{}` | +| `vminsert.extraEnvVars` | Array with extra environment variables to add to VictoriaMetrics Insert nodes | `[]` | +| `vminsert.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for VictoriaMetrics Insert nodes | `""` | +| `vminsert.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for VictoriaMetrics Insert nodes | `""` | +| `vminsert.extraVolumes` | Optionally specify extra list of additional volumes for the VictoriaMetrics Insert pod(s) | `[]` | +| `vminsert.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the VictoriaMetrics Insert container(s) | `[]` | +| `vminsert.sidecars` | Add additional sidecar containers to the VictoriaMetrics Insert pod(s) | `[]` | +| `vminsert.initContainers` | Add additional init containers to the VictoriaMetrics Insert pod(s) | `[]` | +| `vminsert.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `vminsert.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `vminsert.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `vminsert.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | + +### VictoriaMetrics Insert Traffic Exposure Parameters + +| Name | Description | Value | +| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `vminsert.service.type` | VictoriaMetrics Insert service type | `ClusterIP` | +| `vminsert.service.ports.http` | VictoriaMetrics Insert service http port | `8480` | +| `vminsert.service.nodePorts.http` | Node port for HTTP | `""` | +| `vminsert.service.clusterIP` | VictoriaMetrics Insert service Cluster IP | `""` | +| `vminsert.service.loadBalancerIP` | VictoriaMetrics Insert service Load Balancer IP | `""` | +| `vminsert.service.loadBalancerSourceRanges` | VictoriaMetrics Insert service Load Balancer sources | `[]` | +| `vminsert.service.externalTrafficPolicy` | VictoriaMetrics Insert service external traffic policy | `Cluster` | +| `vminsert.service.annotations` | Additional custom annotations for VictoriaMetrics Insert service | `{}` | +| `vminsert.service.extraPorts` | Extra ports to expose in VictoriaMetrics Insert service (normally used with the `sidecars` value) | `[]` | +| `vminsert.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `vminsert.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `vminsert.ingress.enabled` | Enable ingress record generation for VictoriaMetrics Insert | `false` | +| `vminsert.ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `vminsert.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `vminsert.ingress.hostname` | Default host for the ingress record | `vminsert.local` | +| `vminsert.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `vminsert.ingress.path` | Default path for the ingress record | `/` | +| `vminsert.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `vminsert.ingress.tls` | Enable TLS configuration for the host defined at `vminsert.ingress.hostname` parameter | `false` | +| `vminsert.ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `vminsert.ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | +| `vminsert.ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | +| `vminsert.ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | +| `vminsert.ingress.secrets` | Custom TLS certificates as secrets | `[]` | +| `vminsert.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `vminsert.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `vminsert.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `vminsert.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `vminsert.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `vminsert.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `vminsert.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `vminsert.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | + +### VictoriaMetrics Insert Metrics Parameters + +| Name | Description | Value | +| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- | +| `vminsert.metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `vminsert.metrics.annotations` | Additional custom annotations for the service | `{}` | +| `vminsert.metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `vminsert.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `vminsert.metrics.serviceMonitor.annotations` | Additional custom annotations for the ServiceMonitor | `{}` | +| `vminsert.metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `vminsert.metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `vminsert.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `vminsert.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `vminsert.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `vminsert.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `vminsert.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `vminsert.metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | + +### VictoriaMetrics Storage Parameters + +| Name | Description | Value | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------- | +| `vmstorage.image.registry` | VictoriaMetrics Storage image registry | `REGISTRY_NAME` | +| `vmstorage.image.repository` | VictoriaMetrics Storage image repository | `REPOSITORY_NAME/victoriametrics-vmstorage` | +| `vmstorage.image.digest` | VictoriaMetrics Storage image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `vmstorage.image.pullPolicy` | VictoriaMetrics Storage image pull policy | `IfNotPresent` | +| `vmstorage.image.pullSecrets` | VictoriaMetrics Storage image pull secrets | `[]` | +| `vmstorage.replicaCount` | Number of VictoriaMetrics Storage replicas to deploy | `1` | +| `vmstorage.containerPorts.http` | VictoriaMetrics Storage http container port | `8482` | +| `vmstorage.containerPorts.vmselect` | VictoriaMetrics Storage vmselect container port | `8401` | +| `vmstorage.containerPorts.vminsert` | VictoriaMetrics Storage vminsert container port | `8400` | +| `vmstorage.livenessProbe.enabled` | Enable livenessProbe on VictoriaMetrics Storage containers | `true` | +| `vmstorage.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `vmstorage.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `vmstorage.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `vmstorage.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `vmstorage.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `vmstorage.readinessProbe.enabled` | Enable readinessProbe on VictoriaMetrics Storage containers | `true` | +| `vmstorage.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `vmstorage.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `vmstorage.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `vmstorage.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `vmstorage.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `vmstorage.startupProbe.enabled` | Enable startupProbe on VictoriaMetrics Storage containers | `false` | +| `vmstorage.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `vmstorage.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `vmstorage.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `vmstorage.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `vmstorage.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `vmstorage.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `vmstorage.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `vmstorage.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `vmstorage.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if vmstorage.resources is set (vmstorage.resources is recommended for production). | `small` | +| `vmstorage.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `vmstorage.retentionPeriod` | Data retention period | `1` | +| `vmstorage.statefulsetAnnotations` | Annotations for VictoriaMetrics Storage statefulset | `{}` | +| `vmstorage.podSecurityContext.enabled` | Enabled VictoriaMetrics Storage pods' Security Context | `true` | +| `vmstorage.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `vmstorage.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `vmstorage.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `vmstorage.podSecurityContext.fsGroup` | Set VictoriaMetrics Storage pod's Security Context fsGroup | `1001` | +| `vmstorage.containerSecurityContext.enabled` | Enabled VictoriaMetrics Storage containers' Security Context | `true` | +| `vmstorage.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `vmstorage.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `vmstorage.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `vmstorage.containerSecurityContext.runAsNonRoot` | Set VictoriaMetrics Storage containers' Security Context runAsNonRoot | `true` | +| `vmstorage.containerSecurityContext.privileged` | Set VictoriaMetrics Storage containers' Security Context privileged | `false` | +| `vmstorage.containerSecurityContext.readOnlyRootFilesystem` | Set VictoriaMetrics Storage containers' Security Context runAsNonRoot | `true` | +| `vmstorage.containerSecurityContext.allowPrivilegeEscalation` | Set VictoriaMetrics Storage container's privilege escalation | `false` | +| `vmstorage.containerSecurityContext.capabilities.drop` | Set VictoriaMetrics Storage container's Security Context runAsNonRoot | `["ALL"]` | +| `vmstorage.containerSecurityContext.seccompProfile.type` | Set VictoriaMetrics Storage container's Security Context seccomp profile | `RuntimeDefault` | +| `vmstorage.command` | Override default container command (useful when using custom images) | `[]` | +| `vmstorage.args` | Override default container args (useful when using custom images) | `[]` | +| `vmstorage.extraArgs` | Add extra arguments to the default command | `[]` | +| `vmstorage.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `vmstorage.hostAliases` | VictoriaMetrics Storage pods host aliases | `[]` | +| `vmstorage.podLabels` | Extra labels for VictoriaMetrics Storage pods | `{}` | +| `vmstorage.podAnnotations` | Annotations for VictoriaMetrics Storage pods | `{}` | +| `vmstorage.podAffinityPreset` | Pod affinity preset. Ignored if `vmstorage.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `vmstorage.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `vmstorage.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `vmstorage.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `vmstorage.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `vmstorage.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `vmstorage.autoscaling.vpa.enabled` | Enable VPA for VictoriaMetrics Storage pods | `false` | +| `vmstorage.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` | +| `vmstorage.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` | +| `vmstorage.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` | +| `vmstorage.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` | +| `vmstorage.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy | `Auto` | +| `vmstorage.autoscaling.hpa.enabled` | Enable HPA for VictoriaMetrics Storage pods | `false` | +| `vmstorage.autoscaling.hpa.minReplicas` | Minimum number of replicas | `""` | +| `vmstorage.autoscaling.hpa.maxReplicas` | Maximum number of replicas | `""` | +| `vmstorage.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` | +| `vmstorage.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` | +| `vmstorage.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `vmstorage.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `vmstorage.nodeAffinityPreset.key` | Node label key to match. Ignored if `vmstorage.affinity` is set | `""` | +| `vmstorage.nodeAffinityPreset.values` | Node label values to match. Ignored if `vmstorage.affinity` is set | `[]` | +| `vmstorage.affinity` | Affinity for VictoriaMetrics Storage pods assignment | `{}` | +| `vmstorage.nodeSelector` | Node labels for VictoriaMetrics Storage pods assignment | `{}` | +| `vmstorage.podManagementPolicy` | Pod management policy for VictoriaMetrics Storage statefulset | `Parallel` | +| `vmstorage.tolerations` | Tolerations for VictoriaMetrics Storage pods assignment | `[]` | +| `vmstorage.updateStrategy.type` | VictoriaMetrics Storage statefulset strategy type | `RollingUpdate` | +| `vmstorage.priorityClassName` | VictoriaMetrics Storage pods' priorityClassName | `""` | +| `vmstorage.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `vmstorage.schedulerName` | Name of the k8s scheduler (other than default) for VictoriaMetrics Storage pods | `""` | +| `vmstorage.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `vmstorage.lifecycleHooks` | for the VictoriaMetrics Storage container(s) to automate configuration before or after startup | `{}` | +| `vmstorage.extraEnvVars` | Array with extra environment variables to add to VictoriaMetrics Storage nodes | `[]` | +| `vmstorage.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for VictoriaMetrics Storage nodes | `""` | +| `vmstorage.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for VictoriaMetrics Storage nodes | `""` | +| `vmstorage.extraVolumes` | Optionally specify extra list of additional volumes for the VictoriaMetrics Storage pod(s) | `[]` | +| `vmstorage.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the VictoriaMetrics Storage container(s) | `[]` | +| `vmstorage.sidecars` | Add additional sidecar containers to the VictoriaMetrics Storage pod(s) | `[]` | +| `vmstorage.initContainers` | Add additional init containers to the VictoriaMetrics Storage pod(s) | `[]` | +| `vmstorage.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `vmstorage.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `vmstorage.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `vmstorage.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | + +### VictoriaMetrics Storage Traffic Exposure Parameters + +| Name | Description | Value | +| ------------------------------------------------- | -------------------------------------------------------------------------------------------------- | ----------- | +| `vmstorage.service.type` | VictoriaMetrics Storage service type | `ClusterIP` | +| `vmstorage.service.ports.http` | VictoriaMetrics Storage service http port | `80` | +| `vmstorage.service.nodePorts.http` | Node port for HTTP | `""` | +| `vmstorage.service.clusterIP` | VictoriaMetrics Storage service Cluster IP | `""` | +| `vmstorage.service.loadBalancerIP` | VictoriaMetrics Storage service Load Balancer IP | `""` | +| `vmstorage.service.loadBalancerSourceRanges` | VictoriaMetrics Storage service Load Balancer sources | `[]` | +| `vmstorage.service.externalTrafficPolicy` | VictoriaMetrics Storage service external traffic policy | `Cluster` | +| `vmstorage.service.annotations` | Additional custom annotations for VictoriaMetrics Storage service | `{}` | +| `vmstorage.service.extraPorts` | Extra ports to expose in VictoriaMetrics Storage service (normally used with the `sidecars` value) | `[]` | +| `vmstorage.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `vmstorage.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `vmstorage.service.headless.annotations` | Annotations for the headless service. | `{}` | +| `vmstorage.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `vmstorage.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `vmstorage.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `vmstorage.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `vmstorage.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `vmstorage.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `vmstorage.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | + +### VictoriaMetrics Storage Persistence Parameters + +| Name | Description | Value | +| ------------------------------------------------- | --------------------------------------------------------------------------------------- | ------- | +| `vmstorage.persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` | +| `vmstorage.persistence.mountPath` | Persistent Volume mount root path | `/data` | +| `vmstorage.persistence.storageClass` | Persistent Volume storage class | `""` | +| `vmstorage.persistence.accessModes` | Persistent Volume access modes | `[]` | +| `vmstorage.persistence.size` | Persistent Volume size | `10Gi` | +| `vmstorage.persistence.dataSource` | Custom PVC data source | `{}` | +| `vmstorage.persistence.annotations` | Annotations for the PVC | `{}` | +| `vmstorage.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | +| `vmstorage.persistence.existingClaim` | The name of an existing PVC to use for persistence | `""` | +| `vmstorage.persistence.extraVolumeClaimTemplates` | Add additional VolumeClaimTemplates for enabling any plugins or any other purpose | `[]` | + +### VictoriaMetrics Storage Metrics Parameters + +| Name | Description | Value | +| ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- | +| `vmstorage.metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `vmstorage.metrics.annotations` | Additional custom annotations for the service | `{}` | +| `vmstorage.metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `vmstorage.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `vmstorage.metrics.serviceMonitor.annotations` | Additional custom annotations for the ServiceMonitor | `{}` | +| `vmstorage.metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `vmstorage.metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `vmstorage.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `vmstorage.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `vmstorage.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `vmstorage.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `vmstorage.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `vmstorage.metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | + +### VictoriaMetrics Auth Parameters + +| Name | Description | Value | +| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------- | +| `vmauth.enabled` | Enable VictoriaMetrics Auth | `true` | +| `vmauth.image.registry` | VictoriaMetrics Auth image registry | `REGISTRY_NAME` | +| `vmauth.image.repository` | VictoriaMetrics Auth image repository | `REPOSITORY_NAME/victoriametrics-vmauth` | +| `vmauth.image.digest` | VictoriaMetrics Auth image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `vmauth.image.pullPolicy` | VictoriaMetrics Auth image pull policy | `IfNotPresent` | +| `vmauth.image.pullSecrets` | VictoriaMetrics Auth image pull secrets | `[]` | +| `vmauth.replicaCount` | Number of VictoriaMetrics Auth replicas to deploy | `1` | +| `vmauth.containerPorts.http` | VictoriaMetrics Auth http container port | `8427` | +| `vmauth.livenessProbe.enabled` | Enable livenessProbe on VictoriaMetrics Auth containers | `true` | +| `vmauth.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `vmauth.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `vmauth.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `vmauth.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `vmauth.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `vmauth.readinessProbe.enabled` | Enable readinessProbe on VictoriaMetrics Auth containers | `true` | +| `vmauth.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `vmauth.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `vmauth.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `vmauth.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `vmauth.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `vmauth.startupProbe.enabled` | Enable startupProbe on VictoriaMetrics Auth containers | `false` | +| `vmauth.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `vmauth.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `vmauth.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `vmauth.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `vmauth.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `vmauth.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `vmauth.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `vmauth.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `vmauth.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if vmauth.resources is set (vmauth.resources is recommended for production). | `nano` | +| `vmauth.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `vmauth.kind` | Define how to deploy VictoriaMetrics Auth (allowed values: deployment or daemonset) | `deployment` | +| `vmauth.annotations` | Annotations for VictoriaMetrics Auth Deployment or StatefulSet | `{}` | +| `vmauth.podSecurityContext.enabled` | Enabled VictoriaMetrics Auth pods' Security Context | `true` | +| `vmauth.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `vmauth.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `vmauth.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `vmauth.podSecurityContext.fsGroup` | Set VictoriaMetrics Auth pod's Security Context fsGroup | `1001` | +| `vmauth.containerSecurityContext.enabled` | Enabled VictoriaMetrics Auth containers' Security Context | `true` | +| `vmauth.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `vmauth.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `vmauth.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `vmauth.containerSecurityContext.runAsNonRoot` | Set VictoriaMetrics Auth containers' Security Context runAsNonRoot | `true` | +| `vmauth.containerSecurityContext.privileged` | Set VictoriaMetrics Auth containers' Security Context privileged | `false` | +| `vmauth.containerSecurityContext.readOnlyRootFilesystem` | Set VictoriaMetrics Auth containers' Security Context runAsNonRoot | `true` | +| `vmauth.containerSecurityContext.allowPrivilegeEscalation` | Set VictoriaMetrics Auth container's privilege escalation | `false` | +| `vmauth.containerSecurityContext.capabilities.drop` | Set VictoriaMetrics Auth container's Security Context runAsNonRoot | `["ALL"]` | +| `vmauth.containerSecurityContext.seccompProfile.type` | Set VictoriaMetrics Auth container's Security Context seccomp profile | `RuntimeDefault` | +| `vmauth.command` | Override default container command (useful when using custom images) | `[]` | +| `vmauth.args` | Override default container args (useful when using custom images) | `[]` | +| `vmauth.extraArgs` | Add extra arguments to the default command | `[]` | +| `vmauth.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `vmauth.hostAliases` | VictoriaMetrics Auth pods host aliases | `[]` | +| `vmauth.podLabels` | Extra labels for VictoriaMetrics Auth pods | `{}` | +| `vmauth.podAnnotations` | Annotations for VictoriaMetrics Auth pods | `{}` | +| `vmauth.podAffinityPreset` | Pod affinity preset. Ignored if `vmauth.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `vmauth.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `vmauth.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `vmauth.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `vmauth.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `vmauth.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `vmauth.configOverrides` | Overwrite or add extra configuration options to the chart default | `{}` | +| `vmauth.existingSecret` | The name of an existing Secret with configuration | `""` | +| `vmauth.autoscaling.vpa.enabled` | Enable VPA for VictoriaMetrics Auth pods | `false` | +| `vmauth.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` | +| `vmauth.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` | +| `vmauth.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` | +| `vmauth.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` | +| `vmauth.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy | `Auto` | +| `vmauth.autoscaling.hpa.enabled` | Enable HPA for VictoriaMetrics Auth pods | `false` | +| `vmauth.autoscaling.hpa.minReplicas` | Minimum number of replicas | `""` | +| `vmauth.autoscaling.hpa.maxReplicas` | Maximum number of replicas | `""` | +| `vmauth.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` | +| `vmauth.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` | +| `vmauth.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `vmauth.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `vmauth.nodeAffinityPreset.key` | Node label key to match. Ignored if `vmauth.affinity` is set | `""` | +| `vmauth.nodeAffinityPreset.values` | Node label values to match. Ignored if `vmauth.affinity` is set | `[]` | +| `vmauth.affinity` | Affinity for VictoriaMetrics Auth pods assignment | `{}` | +| `vmauth.nodeSelector` | Node labels for VictoriaMetrics Auth pods assignment | `{}` | +| `vmauth.tolerations` | Tolerations for VictoriaMetrics Auth pods assignment | `[]` | +| `vmauth.updateStrategy.type` | VictoriaMetrics Auth statefulset strategy type | `RollingUpdate` | +| `vmauth.priorityClassName` | VictoriaMetrics Auth pods' priorityClassName | `""` | +| `vmauth.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `vmauth.schedulerName` | Name of the k8s scheduler (other than default) for VictoriaMetrics Auth pods | `""` | +| `vmauth.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `vmauth.lifecycleHooks` | for the VictoriaMetrics Auth container(s) to automate configuration before or after startup | `{}` | +| `vmauth.extraEnvVars` | Array with extra environment variables to add to VictoriaMetrics Auth nodes | `[]` | +| `vmauth.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for VictoriaMetrics Auth nodes | `""` | +| `vmauth.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for VictoriaMetrics Auth nodes | `""` | +| `vmauth.extraVolumes` | Optionally specify extra list of additional volumes for the VictoriaMetrics Auth pod(s) | `[]` | +| `vmauth.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the VictoriaMetrics Auth container(s) | `[]` | +| `vmauth.sidecars` | Add additional sidecar containers to the VictoriaMetrics Auth pod(s) | `[]` | +| `vmauth.initContainers` | Add additional init containers to the VictoriaMetrics Auth pod(s) | `[]` | + +### VictoriaMetrics Auth RBAC Parameters + +| Name | Description | Value | +| ---------------------------------------------------- | ---------------------------------------------------------------- | ------- | +| `vmauth.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `vmauth.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `vmauth.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `vmauth.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | + +### VictoriaMetrics Auth Traffic Exposure Parameters + +| Name | Description | Value | +| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `vmauth.service.type` | VictoriaMetrics Auth service type | `ClusterIP` | +| `vmauth.service.ports.http` | VictoriaMetrics Auth service http port | `8427` | +| `vmauth.service.nodePorts.http` | Node port for HTTP | `""` | +| `vmauth.service.clusterIP` | VictoriaMetrics Auth service Cluster IP | `""` | +| `vmauth.service.loadBalancerIP` | VictoriaMetrics Auth service Load Balancer IP | `""` | +| `vmauth.service.loadBalancerSourceRanges` | VictoriaMetrics Auth service Load Balancer sources | `[]` | +| `vmauth.service.externalTrafficPolicy` | VictoriaMetrics Auth service external traffic policy | `Cluster` | +| `vmauth.service.annotations` | Additional custom annotations for VictoriaMetrics Auth service | `{}` | +| `vmauth.service.extraPorts` | Extra ports to expose in VictoriaMetrics Auth service (normally used with the `sidecars` value) | `[]` | +| `vmauth.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `vmauth.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `vmauth.ingress.enabled` | Enable ingress record generation for VictoriaMetrics Auth | `false` | +| `vmauth.ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `vmauth.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `vmauth.ingress.hostname` | Default host for the ingress record | `vmauth.local` | +| `vmauth.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `vmauth.ingress.path` | Default path for the ingress record | `/` | +| `vmauth.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `vmauth.ingress.tls` | Enable TLS configuration for the host defined at `vmauth.ingress.hostname` parameter | `false` | +| `vmauth.ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `vmauth.ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | +| `vmauth.ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | +| `vmauth.ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | +| `vmauth.ingress.secrets` | Custom TLS certificates as secrets | `[]` | +| `vmauth.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `vmauth.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `vmauth.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `vmauth.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `vmauth.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `vmauth.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `vmauth.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `vmauth.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | + +### VictoriaMetrics Auth Metrics Parameters + +| Name | Description | Value | +| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- | +| `vmauth.metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `vmauth.metrics.annotations` | Additional custom annotations for the service | `{}` | +| `vmauth.metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `vmauth.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `vmauth.metrics.serviceMonitor.annotations` | Additional custom annotations for the ServiceMonitor | `{}` | +| `vmauth.metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `vmauth.metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `vmauth.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `vmauth.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `vmauth.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `vmauth.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `vmauth.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `vmauth.metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | + +### VictoriaMetrics Agent Parameters + +| Name | Description | Value | +| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- | +| `vmagent.enabled` | Enable VictoriaMetrics Agent | `true` | +| `vmagent.image.registry` | VictoriaMetrics Agent image registry | `REGISTRY_NAME` | +| `vmagent.image.repository` | VictoriaMetrics Agent image repository | `REPOSITORY_NAME/victoriametrics-vmagent` | +| `vmagent.image.digest` | VictoriaMetrics Agent image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `vmagent.image.pullPolicy` | VictoriaMetrics Agent image pull policy | `IfNotPresent` | +| `vmagent.image.pullSecrets` | VictoriaMetrics Agent image pull secrets | `[]` | +| `vmagent.replicaCount` | Number of VictoriaMetrics Agent replicas to deploy | `1` | +| `vmagent.containerPorts.http` | VictoriaMetrics Agent http container port | `8429` | +| `vmagent.containerPorts.graphite` | VictoriaMetrics Agent graphite container port | `2003` | +| `vmagent.containerPorts.opentsdb` | VictoriaMetrics Agent opentsdb container port | `4242` | +| `vmagent.containerPorts.influxdb` | VictoriaMetrics Agent influxdb container port | `8089` | +| `vmagent.livenessProbe.enabled` | Enable livenessProbe on VictoriaMetrics Agent containers | `true` | +| `vmagent.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `vmagent.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `vmagent.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `vmagent.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `vmagent.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `vmagent.readinessProbe.enabled` | Enable readinessProbe on VictoriaMetrics Agent containers | `true` | +| `vmagent.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `vmagent.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `vmagent.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `vmagent.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `vmagent.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `vmagent.startupProbe.enabled` | Enable startupProbe on VictoriaMetrics Agent containers | `false` | +| `vmagent.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `vmagent.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `vmagent.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `vmagent.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `vmagent.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `vmagent.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `vmagent.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `vmagent.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `vmagent.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if vmagent.resources is set (vmagent.resources is recommended for production). | `nano` | +| `vmagent.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `vmagent.kind` | Define how to deploy VictoriaMetrics Agent (allowed values: deployment or daemonset) | `deployment` | +| `vmagent.annotations` | Annotations for VictoriaMetrics Agent Deployment or StatefulSet | `{}` | +| `vmagent.podSecurityContext.enabled` | Enabled VictoriaMetrics Agent pods' Security Context | `true` | +| `vmagent.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `vmagent.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `vmagent.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `vmagent.podSecurityContext.fsGroup` | Set VictoriaMetrics Agent pod's Security Context fsGroup | `1001` | +| `vmagent.containerSecurityContext.enabled` | Enabled VictoriaMetrics Agent containers' Security Context | `true` | +| `vmagent.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `vmagent.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `vmagent.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `vmagent.containerSecurityContext.runAsNonRoot` | Set VictoriaMetrics Agent containers' Security Context runAsNonRoot | `true` | +| `vmagent.containerSecurityContext.privileged` | Set VictoriaMetrics Agent containers' Security Context privileged | `false` | +| `vmagent.containerSecurityContext.readOnlyRootFilesystem` | Set VictoriaMetrics Agent containers' Security Context runAsNonRoot | `true` | +| `vmagent.containerSecurityContext.allowPrivilegeEscalation` | Set VictoriaMetrics Agent container's privilege escalation | `false` | +| `vmagent.containerSecurityContext.capabilities.drop` | Set VictoriaMetrics Agent container's Security Context runAsNonRoot | `["ALL"]` | +| `vmagent.containerSecurityContext.seccompProfile.type` | Set VictoriaMetrics Agent container's Security Context seccomp profile | `RuntimeDefault` | +| `vmagent.command` | Override default container command (useful when using custom images) | `[]` | +| `vmagent.args` | Override default container args (useful when using custom images) | `[]` | +| `vmagent.extraArgs` | Add extra arguments to the default command | `[]` | +| `vmagent.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `vmagent.hostAliases` | VictoriaMetrics Agent pods host aliases | `[]` | +| `vmagent.podLabels` | Extra labels for VictoriaMetrics Agent pods | `{}` | +| `vmagent.podAnnotations` | Annotations for VictoriaMetrics Agent pods | `{}` | +| `vmagent.podAffinityPreset` | Pod affinity preset. Ignored if `vmagent.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `vmagent.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `vmagent.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `vmagent.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `vmagent.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `vmagent.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `vmagent.scrapeConfigOverrides` | Overwrite or add extra scraping configuration options to the chart default | `{}` | +| `vmagent.enableListeners.influxdb` | Enable influxdb listener | `false` | +| `vmagent.enableListeners.opentsdb` | Enable graphite listener | `false` | +| `vmagent.enableListeners.graphite` | Enable opentsdb listener | `false` | +| `vmagent.existingScrapeConfigMap` | The name of an existing ConfigMap with the scrape configuration | `""` | +| `vmagent.namespaced` | Only scrape in the deployed namespace | `false` | +| `vmagent.allowedMetricsEndpoints` | Allowed metrics endpoints to scrape (when not namespaced) | `[]` | +| `vmagent.autoscaling.vpa.enabled` | Enable VPA for VictoriaMetrics Agent pods | `false` | +| `vmagent.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` | +| `vmagent.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` | +| `vmagent.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` | +| `vmagent.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` | +| `vmagent.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy | `Auto` | +| `vmagent.autoscaling.hpa.enabled` | Enable HPA for VictoriaMetrics Agent pods | `false` | +| `vmagent.autoscaling.hpa.minReplicas` | Minimum number of replicas | `""` | +| `vmagent.autoscaling.hpa.maxReplicas` | Maximum number of replicas | `""` | +| `vmagent.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` | +| `vmagent.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` | +| `vmagent.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `vmagent.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `vmagent.nodeAffinityPreset.key` | Node label key to match. Ignored if `vmagent.affinity` is set | `""` | +| `vmagent.nodeAffinityPreset.values` | Node label values to match. Ignored if `vmagent.affinity` is set | `[]` | +| `vmagent.affinity` | Affinity for VictoriaMetrics Agent pods assignment | `{}` | +| `vmagent.nodeSelector` | Node labels for VictoriaMetrics Agent pods assignment | `{}` | +| `vmagent.tolerations` | Tolerations for VictoriaMetrics Agent pods assignment | `[]` | +| `vmagent.updateStrategy.type` | VictoriaMetrics Agent statefulset strategy type | `RollingUpdate` | +| `vmagent.priorityClassName` | VictoriaMetrics Agent pods' priorityClassName | `""` | +| `vmagent.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `vmagent.schedulerName` | Name of the k8s scheduler (other than default) for VictoriaMetrics Agent pods | `""` | +| `vmagent.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `vmagent.lifecycleHooks` | for the VictoriaMetrics Agent container(s) to automate configuration before or after startup | `{}` | +| `vmagent.extraEnvVars` | Array with extra environment variables to add to VictoriaMetrics Agent nodes | `[]` | +| `vmagent.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for VictoriaMetrics Agent nodes | `""` | +| `vmagent.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for VictoriaMetrics Agent nodes | `""` | +| `vmagent.extraVolumes` | Optionally specify extra list of additional volumes for the VictoriaMetrics Agent pod(s) | `[]` | +| `vmagent.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the VictoriaMetrics Agent container(s) | `[]` | +| `vmagent.sidecars` | Add additional sidecar containers to the VictoriaMetrics Agent pod(s) | `[]` | +| `vmagent.initContainers` | Add additional init containers to the VictoriaMetrics Agent pod(s) | `[]` | + +### VictoriaMetrics Agent RBAC Parameters + +| Name | Description | Value | +| ----------------------------------------------------- | ---------------------------------------------------------------- | ------- | +| `vmagent.rbac.create` | Specifies whether RBAC resources should be created | `true` | +| `vmagent.rbac.rules` | Custom RBAC rules to set | `[]` | +| `vmagent.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `vmagent.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `vmagent.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `vmagent.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | + +### VictoriaMetrics Agent Traffic Exposure Parameters + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------------------ | ----------- | +| `vmagent.service.type` | VictoriaMetrics Agent service type | `ClusterIP` | +| `vmagent.service.ports.http` | VictoriaMetrics Agent service http port | `8429` | +| `vmagent.service.ports.graphite` | VictoriaMetrics Agent service graphite port | `2003` | +| `vmagent.service.ports.opentsdb` | VictoriaMetrics Agent service opentsdb port | `4242` | +| `vmagent.service.ports.influxdb` | VictoriaMetrics Agent service influxdb port | `8089` | +| `vmagent.service.nodePorts.http` | Node port for HTTP | `""` | +| `vmagent.service.nodePorts.graphite` | Node port for graphite | `""` | +| `vmagent.service.nodePorts.opentsdb` | Node port for opentsdb | `""` | +| `vmagent.service.nodePorts.influxdb` | Node port for influxdb | `""` | +| `vmagent.service.clusterIP` | VictoriaMetrics Agent service Cluster IP | `""` | +| `vmagent.service.loadBalancerIP` | VictoriaMetrics Agent service Load Balancer IP | `""` | +| `vmagent.service.loadBalancerSourceRanges` | VictoriaMetrics Agent service Load Balancer sources | `[]` | +| `vmagent.service.externalTrafficPolicy` | VictoriaMetrics Agent service external traffic policy | `Cluster` | +| `vmagent.service.annotations` | Additional custom annotations for VictoriaMetrics Agent service | `{}` | +| `vmagent.service.extraPorts` | Extra ports to expose in VictoriaMetrics Agent service (normally used with the `sidecars` value) | `[]` | +| `vmagent.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `vmagent.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `vmagent.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `vmagent.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `vmagent.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `vmagent.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `vmagent.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `vmagent.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `vmagent.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | + +### VictoriaMetrics Agent Metrics Parameters + +| Name | Description | Value | +| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- | +| `vmagent.metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `vmagent.metrics.annotations` | Additional custom annotations for the service | `{}` | +| `vmagent.metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `vmagent.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `vmagent.metrics.serviceMonitor.annotations` | Additional custom annotations for the ServiceMonitor | `{}` | +| `vmagent.metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `vmagent.metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `vmagent.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `vmagent.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `vmagent.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `vmagent.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `vmagent.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `vmagent.metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | + +### VictoriaMetrics Alert Parameters + +| Name | Description | Value | +| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- | +| `vmalert.enabled` | Enable VictoriaMetrics Alert | `false` | +| `vmalert.image.registry` | VictoriaMetrics Alert image registry | `REGISTRY_NAME` | +| `vmalert.image.repository` | VictoriaMetrics Alert image repository | `REPOSITORY_NAME/victoriametrics-vmalert` | +| `vmalert.image.digest` | VictoriaMetrics Alert image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `vmalert.image.pullPolicy` | VictoriaMetrics Alert image pull policy | `IfNotPresent` | +| `vmalert.image.pullSecrets` | VictoriaMetrics Alert image pull secrets | `[]` | +| `vmalert.replicaCount` | Number of VictoriaMetrics Alert replicas to deploy | `1` | +| `vmalert.containerPorts.http` | VictoriaMetrics Alert http container port | `8429` | +| `vmalert.livenessProbe.enabled` | Enable livenessProbe on VictoriaMetrics Alert containers | `true` | +| `vmalert.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `vmalert.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `vmalert.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `vmalert.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `vmalert.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `vmalert.readinessProbe.enabled` | Enable readinessProbe on VictoriaMetrics Alert containers | `true` | +| `vmalert.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `vmalert.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `vmalert.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `vmalert.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `vmalert.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `vmalert.startupProbe.enabled` | Enable startupProbe on VictoriaMetrics Alert containers | `false` | +| `vmalert.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `vmalert.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `vmalert.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `vmalert.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `vmalert.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `vmalert.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `vmalert.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `vmalert.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `vmalert.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if vmalert.resources is set (vmalert.resources is recommended for production). | `nano` | +| `vmalert.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `vmalert.datasourceUrl` | URL to an external datasource (uses VictoriaMetrics Insert if not set) | `""` | +| `vmalert.notifierUrl` | URL to a notifier like AlertManager (necessary when alert rules are set) | `""` | +| `vmalert.deploymentAnnotations` | Annotations for VictoriaMetrics Alert Deployment | `{}` | +| `vmalert.podSecurityContext.enabled` | Enabled VictoriaMetrics Alert pods' Security Context | `true` | +| `vmalert.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `vmalert.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `vmalert.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `vmalert.podSecurityContext.fsGroup` | Set VictoriaMetrics Alert pod's Security Context fsGroup | `1001` | +| `vmalert.containerSecurityContext.enabled` | Enabled VictoriaMetrics Alert containers' Security Context | `true` | +| `vmalert.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `vmalert.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `vmalert.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `vmalert.containerSecurityContext.runAsNonRoot` | Set VictoriaMetrics Alert containers' Security Context runAsNonRoot | `true` | +| `vmalert.containerSecurityContext.privileged` | Set VictoriaMetrics Alert containers' Security Context privileged | `false` | +| `vmalert.containerSecurityContext.readOnlyRootFilesystem` | Set VictoriaMetrics Alert containers' Security Context runAsNonRoot | `true` | +| `vmalert.containerSecurityContext.allowPrivilegeEscalation` | Set VictoriaMetrics Alert container's privilege escalation | `false` | +| `vmalert.containerSecurityContext.capabilities.drop` | Set VictoriaMetrics Alert container's Security Context runAsNonRoot | `["ALL"]` | +| `vmalert.containerSecurityContext.seccompProfile.type` | Set VictoriaMetrics Alert container's Security Context seccomp profile | `RuntimeDefault` | +| `vmalert.command` | Override default container command (useful when using custom images) | `[]` | +| `vmalert.args` | Override default container args (useful when using custom images) | `[]` | +| `vmalert.extraArgs` | Add extra arguments to the default command | `[]` | +| `vmalert.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `vmalert.hostAliases` | VictoriaMetrics Alert pods host aliases | `[]` | +| `vmalert.podLabels` | Extra labels for VictoriaMetrics Alert pods | `{}` | +| `vmalert.podAnnotations` | Annotations for VictoriaMetrics Alert pods | `{}` | +| `vmalert.podAffinityPreset` | Pod affinity preset. Ignored if `vmalert.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `vmalert.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `vmalert.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `vmalert.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `vmalert.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `vmalert.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `vmalert.rulesConfigOverrides` | Overwrite or add extra rules configuration options to the chart default | `{}` | +| `vmalert.existingRulesConfigMap` | The name of an existing ConfigMap with the rules configuration | `""` | +| `vmalert.autoscaling.vpa.enabled` | Enable VPA for VictoriaMetrics Alert pods | `false` | +| `vmalert.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` | +| `vmalert.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` | +| `vmalert.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` | +| `vmalert.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` | +| `vmalert.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy | `Auto` | +| `vmalert.autoscaling.hpa.enabled` | Enable HPA for VictoriaMetrics Alert pods | `false` | +| `vmalert.autoscaling.hpa.minReplicas` | Minimum number of replicas | `""` | +| `vmalert.autoscaling.hpa.maxReplicas` | Maximum number of replicas | `""` | +| `vmalert.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` | +| `vmalert.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` | +| `vmalert.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `vmalert.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `vmalert.nodeAffinityPreset.key` | Node label key to match. Ignored if `vmalert.affinity` is set | `""` | +| `vmalert.nodeAffinityPreset.values` | Node label values to match. Ignored if `vmalert.affinity` is set | `[]` | +| `vmalert.affinity` | Affinity for VictoriaMetrics Alert pods assignment | `{}` | +| `vmalert.nodeSelector` | Node labels for VictoriaMetrics Alert pods assignment | `{}` | +| `vmalert.tolerations` | Tolerations for VictoriaMetrics Alert pods assignment | `[]` | +| `vmalert.updateStrategy.type` | VictoriaMetrics Alert statefulset strategy type | `RollingUpdate` | +| `vmalert.priorityClassName` | VictoriaMetrics Alert pods' priorityClassName | `""` | +| `vmalert.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `vmalert.schedulerName` | Name of the k8s scheduler (other than default) for VictoriaMetrics Alert pods | `""` | +| `vmalert.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `vmalert.lifecycleHooks` | for the VictoriaMetrics Alert container(s) to automate configuration before or after startup | `{}` | +| `vmalert.extraEnvVars` | Array with extra environment variables to add to VictoriaMetrics Alert nodes | `[]` | +| `vmalert.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for VictoriaMetrics Alert nodes | `""` | +| `vmalert.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for VictoriaMetrics Alert nodes | `""` | +| `vmalert.extraVolumes` | Optionally specify extra list of additional volumes for the VictoriaMetrics Alert pod(s) | `[]` | +| `vmalert.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the VictoriaMetrics Alert container(s) | `[]` | +| `vmalert.sidecars` | Add additional sidecar containers to the VictoriaMetrics Alert pod(s) | `[]` | +| `vmalert.initContainers` | Add additional init containers to the VictoriaMetrics Alert pod(s) | `[]` | +| `vmalert.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `vmalert.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `vmalert.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `vmalert.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | + +### VictoriaMetrics Alert Traffic Exposure Parameters + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------------------ | ----------- | +| `vmalert.service.type` | VictoriaMetrics Alert service type | `ClusterIP` | +| `vmalert.service.ports.http` | VictoriaMetrics Alert service http port | `8429` | +| `vmalert.service.nodePorts.http` | Node port for HTTP | `""` | +| `vmalert.service.clusterIP` | VictoriaMetrics Alert service Cluster IP | `""` | +| `vmalert.service.loadBalancerIP` | VictoriaMetrics Alert service Load Balancer IP | `""` | +| `vmalert.service.loadBalancerSourceRanges` | VictoriaMetrics Alert service Load Balancer sources | `[]` | +| `vmalert.service.externalTrafficPolicy` | VictoriaMetrics Alert service external traffic policy | `Cluster` | +| `vmalert.service.annotations` | Additional custom annotations for VictoriaMetrics Alert service | `{}` | +| `vmalert.service.extraPorts` | Extra ports to expose in VictoriaMetrics Alert service (normally used with the `sidecars` value) | `[]` | +| `vmalert.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `vmalert.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `vmalert.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `vmalert.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `vmalert.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `vmalert.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `vmalert.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `vmalert.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `vmalert.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | + +### VictoriaMetrics Alert Metrics Parameters + +| Name | Description | Value | +| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- | +| `vmalert.metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `vmalert.metrics.annotations` | Additional custom annotations for the service | `{}` | +| `vmalert.metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `vmalert.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `vmalert.metrics.serviceMonitor.annotations` | Additional custom annotations for the ServiceMonitor | `{}` | +| `vmalert.metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `vmalert.metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `vmalert.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `vmalert.metrics.serviceMonitor.interval` | Interval at which metrics should be rulesd. | `""` | +| `vmalert.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `vmalert.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `vmalert.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `vmalert.metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | + +### Default Init Containers Parameters + +| Name | Description | Value | +| --------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `defaultInitContainers.volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | +| `defaultInitContainers.volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | +| `defaultInitContainers.volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | +| `defaultInitContainers.volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `defaultInitContainers.volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | +| `defaultInitContainers.volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | +| `defaultInitContainers.volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` | +| `defaultInitContainers.volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `defaultInitContainers.volumePermissions.containerSecurityContext.enabled` | Enable securityContext in the init container | `true` | +| `defaultInitContainers.volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `defaultInitContainers.volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release --set vmagent.enableListeners.influxdb=true oci://REGISTRY_NAME/REPOSITORY_NAME/victoriametrics +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Drycc, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=Drycccharts`. + +The above command install VictoriaMetrics chart with the InfluxDB listener enabled in the `vmagent` component. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/victoriametrics +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Drycc, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=Drycccharts`. +> **Tip**: You can use the default [values.yaml](https://github.com/Drycc/charts/tree/main/Drycc/victoriametrics/values.yaml) + +## Troubleshooting + +Find more information about how to deal with common errors related to Drycc's Helm charts in [this troubleshooting guide](https://docs.Drycc.com/general/how-to/troubleshoot-helm-chart-issues). + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/NOTES.txt b/addons/victoriametrics/1/chart/victoriametrics/templates/NOTES.txt new file mode 100644 index 00000000..f555e028 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/NOTES.txt @@ -0,0 +1,168 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +Did you know there are enterprise versions of the Drycc catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Drycc Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/drycc for more information. + +** Please be patient while the chart is being deployed ** + +The following controllers have been deployed: + + - vmselect + - vminsert + - vmstorage + {{- if .Values.vmauth.enabled }} + - vmauth + {{- end }} + {{- if .Values.vmagent.enabled }} + - vmagent + {{- end }} + {{- if .Values.vmalert.enabled }} + - vmalert + {{- end }} + +Check the status of the pods by running this command: + + kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ .Release.Name }} + +{{- if .Values.vmauth.enabled }} +Your VictoriaMetrics site can be accessed through the following DNS name from within your cluster: + + {{ include "victoriametrics.vmauth.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.vmauth.service.ports.http }}) + +To access your VictoriaMetrics site from outside the cluster follow the steps below: + +{{- if .Values.vmauth.ingress.enabled }} + +Get the VictoriaMetrics URL and associate VictoriaMetrics hostname to your cluster external IP: + + export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters + echo "VictoriaMetrics Select URL: http{{ if .Values.vmauth.ingress.tls }}s{{ end }}://{{ .Values.vmauth.ingress.hostname }}/select" + echo "VictoriaMetrics Insert URL: http{{ if .Values.vmauth.ingress.tls }}s{{ end }}://{{ .Values.vmauth.ingress.hostname }}/insert" + echo "$CLUSTER_IP {{ .Values.vmauth.ingress.hostname }}" | sudo tee -a /etc/hosts + +{{- else }} +{{- $port := .Values.vmauth.service.ports.http | toString }} + +Get the VictoriaMetrics URL by running these commands: + +{{- if contains "NodePort" .Values.vmauth.service.type }} + + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "victoriametrics.vmauth.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo "VictoriaMetrics Select URL: http://$NODE_IP:$NODE_PORT/select" + echo "VictoriaMetrics Insert URL: http://$NODE_IP:$NODE_PORT/insert" + +{{- else if contains "LoadBalancer" .Values.vmauth.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "victoriametrics.vmauth.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "victoriametrics.vmauth.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + echo "VictoriaMetrics Select URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.vmauth.service.ports.http }}{{ end }}/select" + echo "VictoriaMetrics Insert URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.vmauth.service.ports.http }}{{ end }}/select" + +{{- else if contains "ClusterIP" .Values.vmauth.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "victoriametrics.vmauth.fullname" . }} {{ .Values.vmauth.service.ports.http }}:{{ .Values.vmauth.service.ports.http }} & + echo "VictoriaMetrics Select URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.vmauth.service.ports.http }}{{ end }}/select" + echo "VictoriaMetrics Insert URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.vmauth.service.ports.http }}{{ end }}/insert" + +{{- end }} +{{- end }} +{{- else }} + +Your VictoriaMetrics Select site can be accessed through the following DNS name from within your cluster: + + {{ include "victoriametrics.vmselect.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.vmselect.service.ports.http }}) + +To access your VictoriaMetrics site from outside the cluster follow the steps below: + +{{- if .Values.vmselect.ingress.enabled }} + +Get the VictoriaMetrics URL and associate VictoriaMetrics hostname to your cluster external IP: + + export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters + echo "VictoriaMetrics Select URL: http{{ if .Values.vmselect.ingress.tls }}s{{ end }}://{{ .Values.vmselect.ingress.hostname }}/select" + echo "$CLUSTER_IP {{ .Values.vmselect.ingress.hostname }}" | sudo tee -a /etc/hosts + +{{- else }} +{{- $port := .Values.vmselect.service.ports.http | toString }} + +Get the VictoriaMetrics URL by running these commands: + +{{- if contains "NodePort" .Values.vmselect.service.type }} + + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "victoriametrics.vmselect.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo "VictoriaMetrics Select URL: http://$NODE_IP:$NODE_PORT/select" + +{{- else if contains "LoadBalancer" .Values.vmselect.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "victoriametrics.vmselect.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "victoriametrics.vmselect.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + echo "VictoriaMetrics Select URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.vmselect.service.ports.http }}{{ end }}/select" + +{{- else if contains "ClusterIP" .Values.vmselect.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "victoriametrics.vmselect.fullname" . }} {{ .Values.vmselect.service.ports.http }}:{{ .Values.vmselect.service.ports.http }} & + echo "VictoriaMetrics Select URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.vmselect.service.ports.http }}{{ end }}/select" + +{{- end }} +{{- end }} + +Your VictoriaMetrics Insert site can be accessed through the following DNS name from within your cluster: + + {{ include "victoriametrics.vminsert.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.vminsert.service.ports.http }}) + +To access your VictoriaMetrics site from outside the cluster follow the steps below: + +{{- if .Values.vminsert.ingress.enabled }} + +Get the VictoriaMetrics URL and associate VictoriaMetrics hostname to your cluster external IP: + + export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters + echo "VictoriaMetrics Insert URL: http{{ if .Values.vminsert.ingress.tls }}s{{ end }}://{{ .Values.vminsert.ingress.hostname }}/insert" + echo "$CLUSTER_IP {{ .Values.vminsert.ingress.hostname }}" | sudo tee -a /etc/hosts + +{{- else }} +{{- $port := .Values.vminsert.service.ports.http | toString }} + +Get the VictoriaMetrics URL by running these commands: + +{{- if contains "NodePort" .Values.vminsert.service.type }} + + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "victoriametrics.vminsert.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo "VictoriaMetrics Insert URL: http://$NODE_IP:$NODE_PORT/insert" + +{{- else if contains "LoadBalancer" .Values.vminsert.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "victoriametrics.vminsert.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "victoriametrics.vminsert.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + echo "VictoriaMetrics Insert URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.vminsert.service.ports.http }}{{ end }}/insert" + +{{- else if contains "ClusterIP" .Values.vminsert.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "victoriametrics.vminsert.fullname" . }} {{ .Values.vminsert.service.ports.http }}:{{ .Values.vminsert.service.ports.http }} & + echo "VictoriaMetrics Insert URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.vminsert.service.ports.http }}{{ end }}/insert" + +{{- end }} +{{- end }} + +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.vmselect.image }} +{{- include "common.warnings.rollingTag" .Values.vminsert.image }} +{{- include "common.warnings.rollingTag" .Values.vmstorage.image }} +{{- include "common.warnings.rollingTag" .Values.vmauth.image }} +{{- include "common.warnings.rollingTag" .Values.vmagent.image }} +{{- include "common.warnings.rollingTag" .Values.vmalert.image }} +{{- include "victoriametrics.validateValues" . }} +{{- include "common.warnings.resources" (dict "sections" (list "vmselect" "vmstorage" "vminsert" "vmauth" "vmagent" "vmalert" "defaultInitContainers.volumePermissions") "context" $) }} +{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.vmselect.image .Values.vminsert.image .Values.vmstorage.image .Values.vmauth.image .Values.vmagent.image .Values.vmalert.image .Values.defaultInitContainers.volumePermissions.image) "context" $) }} +{{- include "common.errors.insecureImages" (dict "images" (list .Values.vmselect.image .Values.vminsert.image .Values.vmstorage.image .Values.vmauth.image .Values.vmagent.image .Values.vmalert.image .Values.defaultInitContainers.volumePermissions.image) "context" $) }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/_helpers.tpl b/addons/victoriametrics/1/chart/victoriametrics/templates/_helpers.tpl new file mode 100644 index 00000000..c2b9873a --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/_helpers.tpl @@ -0,0 +1,283 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "victoriametrics.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.vmselect.image .Values.vminsert.image .Values.vmstorage.image .Values.vmauth.image .Values.vmagent.image .Values.defaultInitContainers.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper victoriametrics.vmselect.fullname +*/}} +{{- define "victoriametrics.vmselect.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "vmselect" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper VictoriaMetrics Select image name +*/}} +{{- define "victoriametrics.vmselect.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.vmselect.image "global" .Values.global) }} +{{- end -}} + +{{/* +Create the name of the service account to use (VictoriaMetrics Select) +*/}} +{{- define "victoriametrics.vmselect.serviceAccountName" -}} +{{- if .Values.vmselect.serviceAccount.create -}} + {{ default (include "victoriametrics.vmselect.fullname" .) .Values.vmselect.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.vmselect.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the proper VictoriaMetrics Insert fullname +*/}} +{{- define "victoriametrics.vminsert.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "vminsert" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper VictoriaMetrics Insert image name +*/}} +{{- define "victoriametrics.vminsert.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.vminsert.image "global" .Values.global) }} +{{- end -}} + +{{/* +Create the name of the service account to use (VictoriaMetrics Insert) +*/}} +{{- define "victoriametrics.vminsert.serviceAccountName" -}} +{{- if .Values.vminsert.serviceAccount.create -}} + {{ default (include "victoriametrics.vminsert.fullname" .) .Values.vminsert.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.vminsert.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the proper VictoriaMetrics Storage fullname +*/}} +{{- define "victoriametrics.vmstorage.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "vmstorage" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper VictoriaMetrics Storage image name +*/}} +{{- define "victoriametrics.vmstorage.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.vmstorage.image "global" .Values.global) }} +{{- end -}} + +{{/* +Create the name of the service account to use (VictoriaMetrics Storage) +*/}} +{{- define "victoriametrics.vmstorage.serviceAccountName" -}} +{{- if .Values.vmstorage.serviceAccount.create -}} + {{ default (include "victoriametrics.vmstorage.fullname" .) .Values.vmstorage.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.vmstorage.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the proper VictoriaMetrics Auth fullname +*/}} +{{- define "victoriametrics.vmauth.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "vmauth" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper VictoriaMetrics Auth image name +*/}} +{{- define "victoriametrics.vmauth.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.vmauth.image "global" .Values.global) }} +{{- end -}} + +{{/* +Create the name of the service account to use (VictoriaMetrics Auth) +*/}} +{{- define "victoriametrics.vmauth.serviceAccountName" -}} +{{- if .Values.vmauth.serviceAccount.create -}} + {{ default (include "victoriametrics.vmauth.fullname" .) .Values.vmauth.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.vmauth.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Name of the VictoriaMetrics Auth Secret +*/}} +{{- define "victoriametrics.vmauth.secretName" -}} +{{- if .Values.vmauth.existingSecret -}} + {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.existingSecret "context" $) -}} +{{- else -}} + {{- include "victoriametrics.vmauth.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper VictoriaMetrics Agent fullname +*/}} +{{- define "victoriametrics.vmagent.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "vmagent" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper VictoriaMetrics Agent image name +*/}} +{{- define "victoriametrics.vmagent.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.vmagent.image "global" .Values.global) }} +{{- end -}} + +{{/* +Create the name of the service account to use (VictoriaMetrics Agent) +*/}} +{{- define "victoriametrics.vmagent.serviceAccountName" -}} +{{- if .Values.vmagent.serviceAccount.create -}} + {{ default (include "victoriametrics.vmagent.fullname" .) .Values.vmagent.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.vmagent.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Name of the VictoriaMetrics Agent Secret +*/}} +{{- define "victoriametrics.vmagent.scrapeConfigMapName" -}} +{{- if .Values.vmagent.existingScrapeConfigMap -}} + {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.existingScrapeConfigMap "context" $) -}} +{{- else -}} + {{- include "victoriametrics.vmagent.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper VictoriaMetrics Alert fullname +*/}} +{{- define "victoriametrics.vmalert.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "vmalert" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper VictoriaMetrics Alert image name +*/}} +{{- define "victoriametrics.vmalert.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.vmalert.image "global" .Values.global) }} +{{- end -}} + +{{/* +Create the name of the service account to use (VictoriaMetrics Alert) +*/}} +{{- define "victoriametrics.vmalert.serviceAccountName" -}} +{{- if .Values.vmalert.serviceAccount.create -}} + {{ default (include "victoriametrics.vmalert.fullname" .) .Values.vmalert.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.vmalert.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Name of the VictoriaMetrics Alert Secret +*/}} +{{- define "victoriametrics.vmalert.rulesConfigMapName" -}} +{{- if .Values.vmalert.existingRulesConfigMap -}} + {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.existingRulesConfigMap "context" $) -}} +{{- else -}} + {{- include "victoriametrics.vmalert.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "victoriametrics.volume-permissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.defaultInitContainers.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{- define "victoriametrics.init-containers.volume-permissions" -}} +{{- /* As most Drycc charts have volumePermissions in the root, we add this overwrite to maintain a similar UX */}} +- name: volume-permissions + image: {{ include "victoriametrics.volume-permissions.image" . }} + imagePullPolicy: {{ .context.Values.defaultInitContainers.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + {{- if eq ( toString ( .Values.defaultInitContainers.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` {{ .componentValues.persistence.mountPath }} + {{- else }} + chown -R {{ .componentValues.containerSecurityContext.runAsUser }}:{{ .componentValues.podSecurityContext.fsGroup }} {{ .componentValues.persistence.mountPath }} + {{- end }} + {{- if .Values.defaultInitContainers.volumePermissions.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.defaultInitContainers.volumePermissions.containerSecurityContext "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.defaultInitContainers.volumePermissions.resources }} + resources: {{- toYaml .Values.defaultInitContainers.volumePermissions.resources | nindent 4 }} + {{- else if ne .Values.defaultInitContainers.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.defaultInitContainers.volumePermissions.resourcesPreset) | nindent 4 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .componentValues.persistence.mountPath }} + {{- if .componentValues.persistence.subPath }} + subPath: {{ .componentValues.persistence.subPath }} + {{- end }} +{{- end -}} + +{{/* +Validate values for victoriametrics. +*/}} +{{- define "victoriametrics.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "victoriametrics.vmselect.kind" .) -}} +{{- $messages := append $messages (include "victoriametrics.vmauth.kind" .) -}} +{{- $messages := append $messages (include "victoriametrics.vmagent.kind" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Function to validate the vmagent kind +*/}} +{{- define "victoriametrics.vmagent.kind" -}} +{{- if .Values.vmagent.enabled -}} +{{- $kind := lower .Values.vmagent.kind -}} +{{- $allowedKinds := list "daemonset" "deployment" -}} +{{- if not (has $kind $allowedKinds) -}} +vmagent: Incorrect kind {{ $kind }}. Allowed values: {{ join "," $allowedKinds }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Function to validate the vmselect kind +*/}} +{{- define "victoriametrics.vmselect.kind" -}} +{{- $kind := lower .Values.vmselect.kind -}} +{{- $allowedKinds := list "statefulset" "deployment" -}} +{{- if not (has $kind $allowedKinds) -}} +vmselect: Incorrect kind {{ $kind }}. Allowed values: {{ join "," $allowedKinds }} +{{- end -}} +{{- end -}} + +{{/* +Function to validate the vmauth kind +*/}} +{{- define "victoriametrics.vmauth.kind" -}} +{{- if .Values.vmauth.enabled -}} +{{- $kind := lower .Values.vmauth.kind -}} +{{- $allowedKinds := list "deployment" "daemonset" -}} +{{- if not (has $kind $allowedKinds) -}} +vmauth: Incorrect kind {{ $kind }}. Allowed values: {{ join "," $allowedKinds }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/bind.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/bind.yaml new file mode 100644 index 00000000..2889e803 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/bind.yaml @@ -0,0 +1,24 @@ +credential: + - name: {{ printf "DOMAIN" }} + value: {{ printf "%s" (include "common.names.fullname" .) }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} +{{- if (eq .Values.vmauth.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.vmauth.user.username }} + - name: PASSWORD + value: {{ .Values.vmauth.user.password }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/extra-list.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/extra-list.yaml new file mode 100644 index 00000000..329f5c65 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/extra-list.yaml @@ -0,0 +1,9 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/configmap.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/configmap.yaml new file mode 100644 index 00000000..17631a7b --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/configmap.yaml @@ -0,0 +1,215 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* Adding the helper in configmap.yaml for better readability */}} +{{- define "victoriametrics.vmagent.defaultScrapeConfig" -}} +global: + scrape_interval: {{ .Values.vmagent.scrapeInterval | default "30s" }} + scrape_timeout: {{ .Values.vmagent.scrapeTimeout | default "30s" }} +scrape_configs: + - job_name: vmagent + static_configs: + - targets: ["localhost:{{ .Values.vmagent.containerPorts.http }}"] + + ## COPY from Prometheus helm chart https://github.com/helm/charts/blob/master/stable/prometheus/values.yaml + + # Scrape config for API servers. + # + # Kubernetes exposes API servers as endpoints to the default/kubernetes + # service so this uses `endpoints` role and uses relabelling to only keep + # the endpoints associated with the default/kubernetes service using the + # default named port `https`. This works for single API server deployments as + # well as HA API server deployments. + - job_name: "kubernetes-service-endpoints" + kubernetes_sd_configs: + - role: endpointslices + namespaces: + own_namespace: true + relabel_configs: + - action: drop + source_labels: [__meta_kubernetes_pod_container_init] + regex: true + - action: keep_if_equal + source_labels: [__meta_kubernetes_service_annotation_prometheus_io_port, __meta_kubernetes_pod_container_port_number] + - source_labels: + [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: + [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: + [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: + [ + __address__, + __meta_kubernetes_service_annotation_prometheus_io_port, + ] + action: replace + target_label: __address__ + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_pod_name] + target_label: pod + - source_labels: [__meta_kubernetes_pod_container_name] + target_label: container + - source_labels: [__meta_kubernetes_namespace] + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + target_label: service + - source_labels: [__meta_kubernetes_service_name] + target_label: job + replacement: ${1} + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node + # Scrape config for slow service endpoints; same as above, but with a larger + # timeout and a larger interval + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/scrape-slow`: Only scrape services that have a value of `true` + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: If the metrics are exposed on a different port to the + # service then set this appropriately. + # + - job_name: "kubernetes-service-endpoints-slow" + scrape_interval: 5m + scrape_timeout: 30s + kubernetes_sd_configs: + - role: endpointslices + namespaces: + own_namespace: true + relabel_configs: + - action: drop + source_labels: [__meta_kubernetes_pod_container_init] + regex: true + - action: keep_if_equal + source_labels: [__meta_kubernetes_service_annotation_prometheus_io_port, __meta_kubernetes_pod_container_port_number] + - source_labels: + [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: keep + regex: true + - source_labels: + [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: + [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: + [ + __address__, + __meta_kubernetes_service_annotation_prometheus_io_port, + ] + action: replace + target_label: __address__ + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_pod_name] + target_label: pod + - source_labels: [__meta_kubernetes_pod_container_name] + target_label: container + - source_labels: [__meta_kubernetes_namespace] + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + target_label: service + - source_labels: [__meta_kubernetes_service_name] + target_label: job + replacement: ${1} + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node + + # Example scrape config for pods + # + # The relabeling allows the actual pod scrape endpoint to be configured via the + # following annotations: + # + # * `prometheus.io/scrape`: Only scrape pods that have a value of `true` + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`. + # + - job_name: "kubernetes-pods" + kubernetes_sd_configs: + - role: pod + namespaces: + own_namespace: true + relabel_configs: + - action: drop + source_labels: [__meta_kubernetes_pod_container_init] + regex: true + - action: keep_if_equal + source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_container_port_number] + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: + [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_pod_name] + target_label: pod + - source_labels: [__meta_kubernetes_pod_container_name] + target_label: container + - source_labels: [__meta_kubernetes_namespace] + target_label: namespace + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node + ## End of COPY +{{- end }} + + +{{- if and .Values.vmagent.enabled (not .Values.vmagent.existingScrapeConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "victoriametrics.vmagent.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmagent + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- /* Convert the default configuration and extra overrides */ -}} + {{- $defaultConfiguration := include "victoriametrics.vmagent.defaultScrapeConfig" . | fromYaml -}} + {{- $overrideConfiguration := include "common.tplvalues.render" (dict "value" .Values.vmagent.scrapeConfigOverrides "context" $) | fromYaml -}} + {{- /* add extraJobs */}} + {{- $extraJobs := .Values.vmagent.extraJobs | default list -}} + {{- if $extraJobs -}} + {{- $defaultJobs := $defaultConfiguration.scrape_configs | default list -}} + {{- $mergedJobs := concat $defaultJobs $extraJobs -}} + {{- $defaultConfiguration = set $defaultConfiguration "scrape_configs" $mergedJobs -}} + {{- end -}} + {{- /* Merge both maps and render the configuration */}} + scrape.yml: | + {{- mergeOverwrite $defaultConfiguration $overrideConfiguration | toYaml | nindent 4 }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/dep-ds.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/dep-ds.yaml new file mode 100644 index 00000000..cb5de41e --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/dep-ds.yaml @@ -0,0 +1,215 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmagent.enabled }} +{{- $kind := lower .Values.vmagent.kind }} +{{- if eq $kind "daemonset" }} +apiVersion: {{ include "common.capabilities.daemonset.apiVersion" . }} +kind: DaemonSet +{{- else }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: StatefulSet +{{- end }} +metadata: + name: {{ template "victoriametrics.vmagent.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmagent + {{- if or .Values.vmagent.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.vmagent.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if and (not .Values.vmagent.autoscaling.hpa.enabled) (eq $kind "deployment") }} + replicas: {{ .Values.vmagent.replicaCount }} + {{- end }} + {{- if .Values.vmagent.updateStrategy }} + {{ ternary "strategy" "updateStrategy" (eq $kind "deployment")}}: {{- toYaml .Values.vmagent.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" (list .Values.vmagent.podLabels .Values.commonLabels) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vmagent + template: + metadata: + {{- if or .Values.vmagent.podAnnotations (not .Values.vmagent.existingScrapeConfigMap) }} + annotations: + {{- if .Values.vmagent.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if not .Values.vmagent.existingScrapeConfigMap }} + checksum/scrape-config: {{ include (print $.Template.BasePath "/vmagent/configmap.yaml") $ | sha256sum }} + {{- end }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmagent + spec: + serviceAccountName: {{ template "victoriametrics.vmagent.serviceAccountName" . }} + {{- include "victoriametrics.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.vmagent.automountServiceAccountToken }} + {{- if .Values.vmagent.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmagent.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.vmagent.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmagent.podAffinityPreset "component" "vmagent" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmagent.podAntiAffinityPreset "component" "vmagent" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.vmagent.nodeAffinityPreset.type "key" .Values.vmagent.nodeAffinityPreset.key "values" .Values.vmagent.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.vmagent.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.vmagent.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmagent.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.vmagent.priorityClassName }} + priorityClassName: {{ .Values.vmagent.priorityClassName | quote }} + {{- end }} + {{- if .Values.vmagent.schedulerName }} + schedulerName: {{ .Values.vmagent.schedulerName | quote }} + {{- end }} + {{- if .Values.vmagent.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.vmagent.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.vmagent.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmagent.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.vmagent.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.vmagent.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: vmagent + image: {{ template "victoriametrics.vmagent.image" . }} + imagePullPolicy: {{ .Values.vmagent.image.pullPolicy }} + {{- if .Values.vmagent.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.vmagent.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmagent.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmagent.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.args "context" $) | nindent 12 }} + {{- else }} + args: + {{- if .Values.envflagEnable }} + - vmagent + - --envflag.enable + - --envflag.prefix={{ .Values.envflagPrefix }} + {{- end }} + - --loggerFormat={{ .Values.loggerFormat }} + - --httpListenAddr=:{{ .Values.vmagent.containerPorts.http }} + - --promscrape.config=/opt/drycc/scrape/scrape.yml + - --remoteWrite.tmpDataPath=/opt/drycc/data/tmpData + - --remoteWrite.maxDiskUsagePerURL=2GiB + - --promscrape.cluster.membersCount={{.Values.vmagent.replicaCount}} + - --promscrape.cluster.memberNum=$(SHARD_NUM) + {{- $remoteHost := (include "victoriametrics.vminsert.fullname" .) }} + {{- $remotePort := .Values.vminsert.service.ports.http }} + - --remoteWrite.url=http://{{ $remoteHost }}:{{ $remotePort }}/insert/0/prometheus + {{- if .Values.vmagent.enableListeners.influxdb }} + - --influxListenAddr=:{{ .Values.vmagent.containerPorts.influxdb }} + {{- end }} + {{- if .Values.vmagent.enableListeners.graphite }} + - --graphiteListenAddr=:{{ .Values.vmagent.containerPorts.graphite }} + {{- end }} + {{- if .Values.vmagent.enableListeners.opentsdb }} + - --opentsdbListenAddr=:{{ .Values.vmagent.containerPorts.opentsdb }} + {{- end }} + {{- if .Values.vmagent.extraArgs }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.extraArgs "context" $) | nindent 12 }} + {{- end }} + {{- end }} + env: + - name: SHARD_NUM + valueFrom: + fieldRef: + fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] + {{- if .Values.vmagent.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.vmagent.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.vmagent.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.vmagent.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.vmagent.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.vmagent.resources }} + resources: {{- toYaml .Values.vmagent.resources | nindent 12 }} + {{- else if ne .Values.vmagent.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.vmagent.resourcesPreset) | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.vmagent.containerPorts.http }} + {{- if .Values.vmagent.enableListeners.influxdb }} + - name: tcp-influxdb + containerPort: {{ .Values.vmagent.containerPorts.influxdb }} + {{- end }} + {{- if .Values.vmagent.enableListeners.graphite }} + - name: tcp-graphite + containerPort: {{ .Values.vmagent.containerPorts.graphite }} + {{- end }} + {{- if .Values.vmagent.enableListeners.opentsdb }} + - name: tcp-opentsdb + containerPort: {{ .Values.vmagent.containerPorts.opentsdb }} + {{- end }} + {{- if .Values.vmagent.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.vmagent.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmagent.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: http + {{- end }} + {{- if .Values.vmagent.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.vmagent.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmagent.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /health + port: http + {{- end }} + {{- if .Values.vmagent.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.vmagent.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmagent.startupProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /health + port: http + {{- end }} + {{- if .Values.vmagent.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: scrape-configuration + mountPath: /opt/drycc/scrape/ + - name: empty-dir + mountPath: /opt/drycc/data/tmpData + subPath: app-tmpdata-dir + {{- if .Values.vmagent.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmagent.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmagent.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: scrape-configuration + configMap: + name: {{ include "victoriametrics.vmagent.scrapeConfigMapName" . }} + - name: empty-dir + emptyDir: {} + {{- if .Values.vmagent.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/hpa.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/hpa.yaml new file mode 100644 index 00000000..41267c88 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/hpa.yaml @@ -0,0 +1,42 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmagent.enabled (eq .Values.vmagent.kind "deployment") .Values.vmagent.autoscaling.hpa.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" (dict "context" $) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "victoriametrics.vmagent.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmagent + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "victoriametrics.vmagent.fullname" . }} + minReplicas: {{ .Values.vmagent.autoscaling.hpa.minReplicas }} + maxReplicas: {{ .Values.vmagent.autoscaling.hpa.maxReplicas }} + metrics: + {{- if .Values.vmagent.autoscaling.hpa.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.vmagent.autoscaling.hpa.targetMemory }} + {{- end }} + {{- if .Values.vmagent.autoscaling.hpa.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.vmagent.autoscaling.hpa.targetCPU }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/networkpolicy.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/networkpolicy.yaml new file mode 100644 index 00000000..757ccd98 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/networkpolicy.yaml @@ -0,0 +1,99 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmagent.enabled .Values.vmagent.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "victoriametrics.vmagent.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmagent + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + policyTypes: + - Ingress + - Egress + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmagent.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmagent + {{- if .Values.vmagent.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + {{- if .Values.vmauth.enabled }} + # Allow outbound connections to victoriametrics insert controller + - ports: + - port: {{ .Values.vmauth.containerPorts.http }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + {{- else }} + # Allow outbound connections to victoriametrics insert controller + - ports: + - port: {{ .Values.vminsert.containerPorts.http }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + {{- end }} + {{- if .Values.vmagent.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmagent.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.vmagent.containerPorts.http }} + {{- if .Values.vmagent.enableListeners.graphite }} + - port: {{ .Values.vmagent.containerPorts.graphite }} + {{- end }} + {{- if .Values.vmagent.enableListeners.influxdb }} + - port: {{ .Values.vmagent.containerPorts.influxdb }} + {{- end }} + {{- if .Values.vmagent.enableListeners.opentsdb }} + - port: {{ .Values.vmagent.containerPorts.opentsdb }} + {{- end }} + {{- if not .Values.vmagent.networkPolicy.allowExternal }} + from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.vmagent.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.vmagent.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.vmagent.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.vmagent.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.vmagent.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmagent.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/pdb.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/pdb.yaml new file mode 100644 index 00000000..3046ff8d --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/pdb.yaml @@ -0,0 +1,29 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmagent.enabled (eq .Values.vmagent.kind "deployment") .Values.vmagent.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "victoriametrics.vmagent.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmagent + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.vmagent.pdb.minAvailable }} + minAvailable: {{ .Values.vmagent.pdb.minAvailable }} + {{- end }} + {{- if or .Values.vmagent.pdb.maxUnavailable ( not .Values.vmagent.pdb.minAvailable ) }} + maxUnavailable: {{ .Values.vmagent.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmagent.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vmagent +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/rbac.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/rbac.yaml new file mode 100644 index 00000000..2327e178 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/rbac.yaml @@ -0,0 +1,72 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmagent.enabled .Values.vmagent.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: {{ ternary "Role" "ClusterRole" .Values.vmagent.namespaced }} +metadata: + name: {{ include "victoriametrics.vmagent.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmagent + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: ["get", "list", "watch"] + {{- if not .Values.vmagent.namespaced }} + - apiGroups: [""] + resources: + - nodes + - nodes/proxy + - nodes/metrics + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "watch"] + resourceNames: ["zhangjint"] + - nonResourceURLs: {{ include "common.tplvalues.render" ( dict "value" .Values.vmagent.allowedMetricsEndpoints "context" $ ) | nindent 6 }} + verbs: ["get"] + {{- end }} + {{- if .Values.vmagent.rbac.rules }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmagent.rbac.rules "context" $ ) | nindent 2 }} + {{- end }} +--- +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: {{ ternary "RoleBinding" "ClusterRoleBinding" .Values.vmagent.namespaced }} +metadata: + name: {{ include "victoriametrics.vmagent.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmagent + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +subjects: + - kind: ServiceAccount + name: {{ include "victoriametrics.vmagent.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ ternary "Role" "ClusterRole" .Values.vmagent.namespaced }} + name: {{ include "victoriametrics.vmagent.fullname" . }} +{{- end -}} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/service-account.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/service-account.yaml new file mode 100644 index 00000000..6ae16900 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/service-account.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmagent.enabled .Values.vmagent.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "victoriametrics.vmagent.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmagent + {{- if or .Values.vmagent.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmagent.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.vmagent.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/service.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/service.yaml new file mode 100644 index 00000000..953ef79c --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/service.yaml @@ -0,0 +1,92 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmagent.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "victoriametrics.vmagent.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmagent + {{- if or .Values.vmagent.service.annotations .Values.commonAnnotations .Values.vmagent.metrics.enabled .Values.vmagent.metrics.annotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.vmagent.service.annotations .Values.commonAnnotations .Values.vmagent.metrics.annotations) "context" .) }} + {{- if .Values.vmagent.metrics.enabled }} + {{- $defaultMetricsAnnotations := dict "prometheus.io/scrape" "true" "prometheus.io/port" .Values.vmagent.service.ports.http "prometheus.io/path" "/metrics" }} + {{- $annotations = include "common.tplvalues.merge" (dict "values" (list $annotations $defaultMetricsAnnotations) "context" .) }} + {{- end }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.vmagent.service.type }} + {{- if and .Values.vmagent.service.clusterIP (eq .Values.vmagent.service.type "ClusterIP") }} + clusterIP: {{ .Values.vmagent.service.clusterIP }} + {{- end }} + {{- if .Values.vmagent.service.sessionAffinity }} + sessionAffinity: {{ .Values.vmagent.service.sessionAffinity }} + {{- end }} + {{- if .Values.vmagent.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.vmagent.service.type "LoadBalancer") (eq .Values.vmagent.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.vmagent.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.vmagent.service.type "LoadBalancer") (not (empty .Values.vmagent.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.vmagent.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.vmagent.service.type "LoadBalancer") (not (empty .Values.vmagent.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.vmagent.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + port: {{ .Values.vmagent.service.ports.http }} + protocol: TCP + {{- if and (or (eq .Values.vmagent.service.type "NodePort") (eq .Values.vmagent.service.type "LoadBalancer")) (not (empty .Values.vmagent.service.nodePorts.http)) }} + nodePort: {{ .Values.vmagent.service.nodePorts.http }} + {{- else if eq .Values.vmagent.service.type "ClusterIP" }} + nodePort: null + {{- end }} + targetPort: http + {{- if .Values.vmagent.enableListeners.graphite }} + - name: tcp-graphite + port: {{ .Values.vmagent.service.ports.graphite }} + protocol: TCP + {{- if and (or (eq .Values.vmagent.service.type "NodePort") (eq .Values.vmagent.service.type "LoadBalancer")) (not (empty .Values.vmagent.service.nodePorts.graphite)) }} + nodePort: {{ .Values.vmagent.service.nodePorts.graphite }} + {{- else if eq .Values.vmagent.service.type "ClusterIP" }} + nodePort: null + {{- end }} + targetPort: tcp-graphite + {{- end }} + {{- if .Values.vmagent.enableListeners.opentsdb }} + - name: tcp-opentsdb + port: {{ .Values.vmagent.service.ports.opentsdb }} + protocol: TCP + {{- if and (or (eq .Values.vmagent.service.type "NodePort") (eq .Values.vmagent.service.type "LoadBalancer")) (not (empty .Values.vmagent.service.nodePorts.opentsdb)) }} + nodePort: {{ .Values.vmagent.service.nodePorts.opentsdb }} + {{- else if eq .Values.vmagent.service.type "ClusterIP" }} + nodePort: null + {{- end }} + targetPort: tcp-opentsdb + {{- end }} + {{- if .Values.vmagent.enableListeners.influxdb }} + - name: tcp-influxdb + port: {{ .Values.vmagent.service.ports.influxdb }} + protocol: TCP + {{- if and (or (eq .Values.vmagent.service.type "NodePort") (eq .Values.vmagent.service.type "LoadBalancer")) (not (empty .Values.vmagent.service.nodePorts.influxdb)) }} + nodePort: {{ .Values.vmagent.service.nodePorts.influxdb }} + {{- else if eq .Values.vmagent.service.type "ClusterIP" }} + nodePort: null + {{- end }} + targetPort: tcp-influxdb + {{- end }} + {{- if .Values.vmagent.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmagent.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: vmagent +{{- end }} \ No newline at end of file diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/servicemonitor.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/servicemonitor.yaml new file mode 100644 index 00000000..b69bcbc2 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmagent.enabled .Values.vmagent.metrics.enabled .Values.vmagent.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "victoriametrics.vmagent.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.vmagent.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmagent + {{- if or .Values.vmagent.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmagent.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.vmagent.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vmagent + {{- if .Values.vmagent.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmagent.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: http-metrics + path: "/metrics" + {{- if .Values.vmagent.metrics.serviceMonitor.interval }} + interval: {{ .Values.vmagent.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.vmagent.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.vmagent.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.vmagent.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.vmagent.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.vmagent.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.vmagent.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmagent.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.vmagent.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/vpa.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/vpa.yaml new file mode 100644 index 00000000..23ec617f --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmagent/vpa.yaml @@ -0,0 +1,50 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmagent.enabled (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.vmagent.autoscaling.vpa.enabled }} +apiVersion: {{ include "common.capabilities.vpa.apiVersion" (dict "context" $) }} +kind: VerticalPodAutoscaler +metadata: + name: {{ include "victoriametrics.vmagent.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmagent + {{- if or .Values.vmagent.autoscaling.vpa.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmagent.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + resourcePolicy: + containerPolicies: + - containerName: vmagent + {{- with .Values.vmagent.autoscaling.vpa.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.vmagent.autoscaling.vpa.maxAllowed }} + maxAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.vmagent.autoscaling.vpa.minAllowed }} + minAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + targetRef: + {{- if eq .Values.vmagent.kind "daemonset" }} + apiVersion: {{ include "common.capabilities.daemonset.apiVersion" . }} + kind: DaemonSet + {{- else }} + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + {{- end }} + name: {{ include "victoriametrics.vmagent.fullname" . }} + {{- if .Values.vmagent.autoscaling.vpa.updatePolicy }} + updatePolicy: + {{- with .Values.vmagent.autoscaling.vpa.updatePolicy.updateMode }} + updateMode: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/configmap.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/configmap.yaml new file mode 100644 index 00000000..b223e86f --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/configmap.yaml @@ -0,0 +1,31 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* Adding the helper in configmap.yaml for better readability */}} +{{- define "victoriametrics.vmalert.defaultRulesConfig" -}} +groups: [] +{{- end }} + +{{- if and .Values.vmalert.enabled (not .Values.vmalert.existingRulesConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "victoriametrics.vmalert.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmalert + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- /* Convert the default configuration and extra overrides */ -}} + {{- $defaultConfiguration := include "victoriametrics.vmalert.defaultRulesConfig" . | fromYaml -}} + {{- $overrideConfiguration := include "common.tplvalues.render" (dict "value" .Values.vmalert.rulesConfigOverrides "context" $) | fromYaml -}} + + {{- /* Merge both maps and render the configuration */}} + alert-rules.yaml: | + {{- mergeOverwrite $defaultConfiguration $overrideConfiguration | toYaml | nindent 4 }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/deployment.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/deployment.yaml new file mode 100644 index 00000000..a01b0398 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/deployment.yaml @@ -0,0 +1,185 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmalert.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "victoriametrics.vmalert.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmalert + {{- if or .Values.vmalert.deploymentAnnotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.vmalert.deploymentAnnotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.vmalert.autoscaling.hpa.enabled }} + replicas: {{ .Values.vmalert.replicaCount }} + {{- end }} + {{- if .Values.vmalert.updateStrategy }} + strategy: {{- toYaml .Values.vmalert.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.vmalert.podLabels .Values.commonLabels) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vmalert + template: + metadata: + {{- if or .Values.vmalert.podAnnotations (not .Values.vmalert.existingRulesConfigMap) }} + annotations: + {{- if .Values.vmalert.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if not .Values.vmalert.existingRulesConfigMap }} + checksum/rules-config: {{ include (print $.Template.BasePath "/vmalert/configmap.yaml") $ | sha256sum }} + {{- end }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmalert + spec: + serviceAccountName: {{ template "victoriametrics.vmalert.serviceAccountName" . }} + {{- include "victoriametrics.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.vmalert.automountServiceAccountToken }} + {{- if .Values.vmalert.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmalert.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.vmalert.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmalert.podAffinityPreset "component" "vmalert" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmalert.podAntiAffinityPreset "component" "vmalert" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.vmalert.nodeAffinityPreset.type "key" .Values.vmalert.nodeAffinityPreset.key "values" .Values.vmalert.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.vmalert.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.vmalert.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmalert.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.vmalert.priorityClassName }} + priorityClassName: {{ .Values.vmalert.priorityClassName | quote }} + {{- end }} + {{- if .Values.vmalert.schedulerName }} + schedulerName: {{ .Values.vmalert.schedulerName | quote }} + {{- end }} + {{- if .Values.vmalert.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.vmalert.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.vmalert.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmalert.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.vmalert.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.vmalert.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: vmalert + image: {{ template "victoriametrics.vmalert.image" . }} + imagePullPolicy: {{ .Values.vmalert.image.pullPolicy }} + {{- if .Values.vmalert.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.vmalert.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmalert.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmalert.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.args "context" $) | nindent 12 }} + {{- else }} + args: + {{- if .Values.envflagEnable }} + - --envflag.enable + - --envflag.prefix={{ .Values.envflagPrefix }} + {{- end }} + - --loggerFormat={{ .Values.loggerFormat }} + - --httpListenAddr=:{{ .Values.vmalert.containerPorts.http }} + - --rule=/config/alert-rules.yaml + {{- $remoteWriteHost := ternary (include "victoriametrics.vmauth.fullname" .) (include "victoriametrics.vminsert.fullname" .) .Values.vmauth.enabled }} + {{- $remoteWritePort := ternary .Values.vmauth.service.ports.http .Values.vminsert.service.ports.http .Values.vmauth.enabled }} + - --remoteWrite.url=http://{{ $remoteWriteHost }}:{{ $remoteWritePort }}/insert/0/prometheus + {{- $remoteReadHost := ternary (include "victoriametrics.vmauth.fullname" .) (include "victoriametrics.vmselect.fullname" .) .Values.vmauth.enabled }} + {{- $remoteReadPort := ternary .Values.vmauth.service.ports.http .Values.vmselect.service.ports.http .Values.vmauth.enabled }} + - --remoteWrite.url=http://{{ $remoteWriteHost }}:{{ $remoteWritePort }}/select/0/prometheus + {{- if .Values.vmalert.datasourceUrl }} + - --datasource.url={{ .Values.vmalert.datasourceUrl }} + {{- else }} + - --datasource.url=http://{{ $remoteWriteHost }}:{{ $remoteWritePort }}/select/0/prometheus + {{- end }} + {{- if .Values.vmalert.notifierUrl }} + - --notifier.url={{ .Values.vmalert.notifierUrl }} + {{- end }} + {{- if .Values.vmalert.extraArgs }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.extraArgs "context" $) | nindent 12 }} + {{- end }} + {{- end }} + env: + {{- if .Values.vmalert.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.vmalert.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.vmalert.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.vmalert.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.vmalert.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.vmalert.resources }} + resources: {{- toYaml .Values.vmalert.resources | nindent 12 }} + {{- else if ne .Values.vmalert.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.vmalert.resourcesPreset) | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.vmalert.containerPorts.http }} + {{- if .Values.vmalert.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.vmalert.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmalert.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: http + {{- end }} + {{- if .Values.vmalert.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.vmalert.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmalert.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /health + port: http + {{- end }} + {{- if .Values.vmalert.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.vmalert.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmalert.startupProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /health + port: http + {{- end }} + {{- if .Values.vmalert.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: rules-configuration + mountPath: /config + {{- if .Values.vmalert.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmalert.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmalert.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: rules-configuration + configMap: + name: {{ include "victoriametrics.vmalert.rulesConfigMapName" . }} + {{- if .Values.vmalert.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/hpa.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/hpa.yaml new file mode 100644 index 00000000..d65175b8 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/hpa.yaml @@ -0,0 +1,42 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmalert.enabled .Values.vmalert.autoscaling.hpa.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" (dict "context" $) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "victoriametrics.vmalert.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmalert + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "victoriametrics.vmalert.fullname" . }} + minReplicas: {{ .Values.vmalert.autoscaling.hpa.minReplicas }} + maxReplicas: {{ .Values.vmalert.autoscaling.hpa.maxReplicas }} + metrics: + {{- if .Values.vmalert.autoscaling.hpa.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.vmalert.autoscaling.hpa.targetMemory }} + {{- end }} + {{- if .Values.vmalert.autoscaling.hpa.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.vmalert.autoscaling.hpa.targetCPU }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/networkpolicy.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/networkpolicy.yaml new file mode 100644 index 00000000..7653a9ef --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/networkpolicy.yaml @@ -0,0 +1,76 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmalert.enabled .Values.vmalert.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "victoriametrics.vmalert.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmalert + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + policyTypes: + - Ingress + - Egress + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmalert.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmalert + {{- if .Values.vmalert.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to victoriametrics storage controller + - ports: + - port: {{ .Values.vmstorage.containerPorts.http }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + {{- if .Values.vmalert.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmalert.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.vmalert.containerPorts.http }} + {{- if not .Values.vmalert.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.vmalert.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.vmalert.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.vmalert.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.vmalert.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.vmalert.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmalert.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/pdb.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/pdb.yaml new file mode 100644 index 00000000..718863da --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/pdb.yaml @@ -0,0 +1,29 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmalert.enabled .Values.vmalert.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "victoriametrics.vmalert.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmalert + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.vmalert.pdb.minAvailable }} + minAvailable: {{ .Values.vmalert.pdb.minAvailable }} + {{- end }} + {{- if or .Values.vmalert.pdb.maxUnavailable ( not .Values.vmalert.pdb.minAvailable ) }} + maxUnavailable: {{ .Values.vmalert.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmalert.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vmalert +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/service-account.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/service-account.yaml new file mode 100644 index 00000000..939a7915 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/service-account.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmalert.enabled .Values.vmalert.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "victoriametrics.vmalert.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmalert + {{- if or .Values.vmalert.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmalert.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.vmalert.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/service.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/service.yaml new file mode 100644 index 00000000..2e3b7864 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/service.yaml @@ -0,0 +1,59 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmalert.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "victoriametrics.vmalert.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmalert + {{- if or .Values.vmalert.service.annotations .Values.commonAnnotations .Values.vmalert.metrics.enabled .Values.vmalert.metrics.annotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.vmalert.service.annotations .Values.commonAnnotations .Values.vmalert.metrics.annotations) "context" .) }} + {{- if .Values.vmalert.metrics.enabled }} + {{- $defaultMetricsAnnotations := dict "prometheus.io/scrape" "true" "prometheus.io/port" .Values.vmalert.service.ports.http "prometheus.io/path" "/metrics" }} + {{- $annotations = include "common.tplvalues.merge" (dict "values" (list $annotations $defaultMetricsAnnotations) "context" .) }} + {{- end }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.vmalert.service.type }} + {{- if and .Values.vmalert.service.clusterIP (eq .Values.vmalert.service.type "ClusterIP") }} + clusterIP: {{ .Values.vmalert.service.clusterIP }} + {{- end }} + {{- if .Values.vmalert.service.sessionAffinity }} + sessionAffinity: {{ .Values.vmalert.service.sessionAffinity }} + {{- end }} + {{- if .Values.vmalert.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.vmalert.service.type "LoadBalancer") (eq .Values.vmalert.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.vmalert.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.vmalert.service.type "LoadBalancer") (not (empty .Values.vmalert.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.vmalert.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.vmalert.service.type "LoadBalancer") (not (empty .Values.vmalert.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.vmalert.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + port: {{ .Values.vmalert.service.ports.http }} + protocol: TCP + {{- if and (or (eq .Values.vmalert.service.type "NodePort") (eq .Values.vmalert.service.type "LoadBalancer")) (not (empty .Values.vmalert.service.nodePorts.http)) }} + nodePort: {{ .Values.vmalert.service.nodePorts.http }} + {{- else if eq .Values.vmalert.service.type "ClusterIP" }} + nodePort: null + {{- end }} + targetPort: http + {{- if .Values.vmalert.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmalert.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: vmalert +{{- end }} \ No newline at end of file diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/servicemonitor.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/servicemonitor.yaml new file mode 100644 index 00000000..d040f7ed --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmalert.enabled .Values.vmalert.metrics.enabled .Values.vmalert.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "victoriametrics.vmalert.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.vmalert.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmalert + {{- if or .Values.vmalert.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmalert.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.vmalert.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vmalert + {{- if .Values.vmalert.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmalert.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: http-metrics + path: "/metrics" + {{- if .Values.vmalert.metrics.serviceMonitor.interval }} + interval: {{ .Values.vmalert.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.vmalert.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.vmalert.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.vmalert.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.vmalert.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.vmalert.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.vmalert.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmalert.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.vmalert.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/vpa.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/vpa.yaml new file mode 100644 index 00000000..64bae63c --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmalert/vpa.yaml @@ -0,0 +1,45 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmalert.enabled (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.vmalert.autoscaling.vpa.enabled }} +apiVersion: {{ include "common.capabilities.vpa.apiVersion" (dict "context" $) }} +kind: VerticalPodAutoscaler +metadata: + name: {{ include "victoriametrics.vmalert.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmalert + {{- if or .Values.vmalert.autoscaling.vpa.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmalert.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + resourcePolicy: + containerPolicies: + - containerName: vmalert + {{- with .Values.vmalert.autoscaling.vpa.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.vmalert.autoscaling.vpa.maxAllowed }} + maxAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.vmalert.autoscaling.vpa.minAllowed }} + minAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + targetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "victoriametrics.vmalert.fullname" . }} + {{- if .Values.vmalert.autoscaling.vpa.updatePolicy }} + updatePolicy: + {{- with .Values.vmalert.autoscaling.vpa.updatePolicy.updateMode }} + updateMode: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/dep-ds.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/dep-ds.yaml new file mode 100644 index 00000000..bd72864e --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/dep-ds.yaml @@ -0,0 +1,178 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmauth.enabled }} +{{- $kind := lower .Values.vmauth.kind }} +{{- if eq $kind "daemonset" }} +apiVersion: {{ include "common.capabilities.daemonset.apiVersion" . }} +kind: DaemonSet +{{- else }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +{{- end }} +metadata: + name: {{ template "victoriametrics.vmauth.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + {{- if or .Values.vmauth.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.vmauth.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if and (not .Values.vmauth.autoscaling.hpa.enabled) (eq $kind "deployment") }} + replicas: {{ .Values.vmauth.replicaCount }} + {{- end }} + {{- if .Values.vmauth.updateStrategy }} + {{ ternary "strategy" "updateStrategy" (eq $kind "deployment")}}: {{- toYaml .Values.vmauth.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.vmauth.podLabels .Values.commonLabels) "context" .) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vmauth + template: + metadata: + {{- if or .Values.vmauth.podAnnotations (not .Values.vmauth.existingSecret) }} + annotations: + {{- if .Values.vmauth.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if not .Values.vmauth.existingSecret }} + checksum/secret: {{ include (print $.Template.BasePath "/vmauth/secret.yaml") $ | sha256sum }} + {{- end }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + spec: + serviceAccountName: {{ template "victoriametrics.vmauth.serviceAccountName" . }} + {{- include "victoriametrics.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.vmauth.automountServiceAccountToken }} + {{- if .Values.vmauth.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmauth.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.vmauth.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmauth.podAffinityPreset "component" "vmauth" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmauth.podAntiAffinityPreset "component" "vmauth" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.vmauth.nodeAffinityPreset.type "key" .Values.vmauth.nodeAffinityPreset.key "values" .Values.vmauth.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.vmauth.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.vmauth.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmauth.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.vmauth.priorityClassName }} + priorityClassName: {{ .Values.vmauth.priorityClassName | quote }} + {{- end }} + {{- if .Values.vmauth.schedulerName }} + schedulerName: {{ .Values.vmauth.schedulerName | quote }} + {{- end }} + {{- if .Values.vmauth.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.vmauth.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.vmauth.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmauth.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.vmauth.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.vmauth.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: vmauth + image: {{ template "victoriametrics.vmauth.image" . }} + imagePullPolicy: {{ .Values.vmauth.image.pullPolicy }} + {{- if .Values.vmauth.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.vmauth.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmauth.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmauth.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.args "context" $) | nindent 12 }} + {{- else }} + args: + {{- if .Values.envflagEnable }} + - vmauth + - --envflag.enable + - --envflag.prefix={{ .Values.envflagPrefix }} + {{- end }} + - --loggerFormat={{ .Values.loggerFormat }} + - --httpListenAddr=:{{ .Values.vmauth.containerPorts.http }} + - --auth.config=/config/auth.yml + {{- if .Values.vmauth.extraArgs }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.extraArgs "context" $) | nindent 12 }} + {{- end }} + {{- end }} + env: + {{- if .Values.vmauth.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.vmauth.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.vmauth.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.vmauth.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.vmauth.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.vmauth.resources }} + resources: {{- toYaml .Values.vmauth.resources | nindent 12 }} + {{- else if ne .Values.vmauth.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.vmauth.resourcesPreset) | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.vmauth.containerPorts.http }} + {{- if .Values.vmauth.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.vmauth.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmauth.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: http + {{- end }} + {{- if .Values.vmauth.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.vmauth.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmauth.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /health + port: http + {{- end }} + {{- if .Values.vmauth.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.vmauth.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmauth.startupProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /health + port: http + {{- end }} + {{- if .Values.vmauth.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: configuration + mountPath: /config + {{- if .Values.vmauth.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmauth.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmauth.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: configuration + secret: + secretName: {{ include "victoriametrics.vmauth.secretName" . }} + {{- if .Values.vmauth.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/hpa.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/hpa.yaml new file mode 100644 index 00000000..552326cf --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/hpa.yaml @@ -0,0 +1,42 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmauth.enabled (eq .Values.vmauth.kind "deployment") .Values.vmauth.autoscaling.hpa.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" (dict "context" $) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "victoriametrics.vmauth.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "victoriametrics.vmauth.fullname" . }} + minReplicas: {{ .Values.vmauth.autoscaling.hpa.minReplicas }} + maxReplicas: {{ .Values.vmauth.autoscaling.hpa.maxReplicas }} + metrics: + {{- if .Values.vmauth.autoscaling.hpa.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.vmauth.autoscaling.hpa.targetMemory }} + {{- end }} + {{- if .Values.vmauth.autoscaling.hpa.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.vmauth.autoscaling.hpa.targetCPU }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/ingress-tls-secret.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/ingress-tls-secret.yaml new file mode 100644 index 00000000..fd5705c2 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/ingress-tls-secret.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmauth.ingress.enabled }} +{{- if .Values.vmauth.ingress.secrets }} +{{- range .Values.vmauth.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" $.Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.vmauth.ingress.tls .Values.vmauth.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.vmauth.ingress.hostname }} +{{- $ca := genCA "vmauth-ca" 365 }} +{{- $cert := genSignedCert .Values.vmauth.ingress.hostname nil (list .Values.vmauth.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/ingress.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/ingress.yaml new file mode 100644 index 00000000..01c01f0f --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/ingress.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmauth.enabled .Values.vmauth.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ template "victoriametrics.vmauth.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + {{- if or .Values.vmauth.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmauth.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.vmauth.ingress.ingressClassName }} + ingressClassName: {{ .Values.vmauth.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.vmauth.ingress.hostname }} + - host: {{ .Values.vmauth.ingress.hostname }} + http: + paths: + {{- if .Values.vmauth.ingress.extraPaths }} + {{- toYaml .Values.vmauth.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.vmauth.ingress.path }} + pathType: {{ .Values.vmauth.ingress.pathType }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "victoriametrics.vmauth.fullname" . | trunc 63 | trimSuffix "-") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.vmauth.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + pathType: {{ default "ImplementationSpecific" .pathType }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "victoriametrics.vmauth.fullname" $ | trunc 63 | trimSuffix "-") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.vmauth.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.vmauth.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.vmauth.ingress.annotations )) .Values.vmauth.ingress.selfSigned)) .Values.vmauth.ingress.extraTls }} + tls: + {{- if and .Values.vmauth.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.vmauth.ingress.annotations )) .Values.vmauth.ingress.selfSigned) }} + - hosts: + - {{ .Values.vmauth.ingress.hostname | quote }} + secretName: {{ printf "%s-tls" .Values.vmauth.ingress.hostname }} + {{- end }} + {{- if .Values.vmauth.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/networkpolicy.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/networkpolicy.yaml new file mode 100644 index 00000000..6b016dd7 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/networkpolicy.yaml @@ -0,0 +1,100 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmauth.enabled .Values.vmauth.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "victoriametrics.vmauth.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + policyTypes: + - Ingress + - Egress + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmauth.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + {{- if .Values.vmauth.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to victoriametrics insert controller + - ports: + - port: {{ .Values.vminsert.containerPorts.http }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + # Allow outbound connections to victoriametrics select controller + - ports: + - port: {{ .Values.vmselect.containerPorts.http }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + {{- if .Values.vmauth.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmauth.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + {{- if eq .Values.vmauth.service.type "ClusterIP" }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.vmauth.containerPorts.http }} + {{- if not .Values.vmauth.networkPolicy.allowExternal }} + from: + {{- range $namespace := .Values.vmauth.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.vmauth.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.vmauth.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.vmauth.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.vmauth.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.vmauth.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmauth.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + {{- if eq .Values.vmauth.service.type "LoadBalancer" }} + ingress: + - {} + {{- end}} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/pdb.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/pdb.yaml new file mode 100644 index 00000000..82882e27 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/pdb.yaml @@ -0,0 +1,29 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmauth.enabled (eq .Values.vmauth.kind "deployment") .Values.vmauth.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "victoriametrics.vmauth.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.vmauth.pdb.minAvailable }} + minAvailable: {{ .Values.vmauth.pdb.minAvailable }} + {{- end }} + {{- if or .Values.vmauth.pdb.maxUnavailable ( not .Values.vmauth.pdb.minAvailable ) }} + maxUnavailable: {{ .Values.vmauth.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmauth.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vmauth +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/secret.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/secret.yaml new file mode 100644 index 00000000..a0da2f30 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/secret.yaml @@ -0,0 +1,42 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* Adding the helper in configmap.yaml for better readability */}} +{{- define "victoriametrics.vmauth.defaultConfig" -}} +users: +- username: {{ .Values.vmauth.user.username | quote }} + password: {{ .Values.vmauth.user.password | quote }} + url_map: + - discover_backend_ips: true + src_paths: + - /select/.* + url_prefix: http://{{ include "victoriametrics.vmselect.fullname" . }}:{{ .Values.vmselect.service.ports.http }} + - discover_backend_ips: true + src_paths: + - /insert/.* + url_prefix: http://{{ include "victoriametrics.vminsert.fullname" . }}:{{ .Values.vminsert.service.ports.http }} +{{- end }} + +{{- if and .Values.vmauth.enabled (not .Values.vmauth.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "victoriametrics.vmauth.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +stringData: + {{- /* Convert the default configuration and extra overrides */ -}} + {{- $defaultConfiguration := include "victoriametrics.vmauth.defaultConfig" . | fromYaml -}} + {{- $overrideConfiguration := include "common.tplvalues.render" (dict "value" .Values.vmauth.configOverrides "context" $) | fromYaml -}} + + {{- /* Merge both maps and render the configuration */}} + auth.yml: | + {{- mergeOverwrite $defaultConfiguration $overrideConfiguration | toYaml | nindent 4 }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/service-account.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/service-account.yaml new file mode 100644 index 00000000..451acd98 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/service-account.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmauth.enabled .Values.vmauth.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "victoriametrics.vmauth.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + {{- if or .Values.vmauth.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmauth.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.vmauth.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/service.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/service.yaml new file mode 100644 index 00000000..b10555b5 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/service.yaml @@ -0,0 +1,59 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmauth.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "victoriametrics.vmauth.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + {{- if or .Values.vmauth.service.annotations .Values.commonAnnotations .Values.vmauth.metrics.enabled .Values.vmauth.metrics.annotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.vmauth.service.annotations .Values.commonAnnotations .Values.vmauth.metrics.annotations) "context" .) }} + {{- if .Values.vmauth.metrics.enabled }} + {{- $defaultMetricsAnnotations := dict "prometheus.io/scrape" "true" "prometheus.io/port" .Values.vmauth.service.ports.http "prometheus.io/path" "/metrics" }} + {{- $annotations = include "common.tplvalues.merge" (dict "values" (list $annotations $defaultMetricsAnnotations) "context" .) }} + {{- end }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.vmauth.service.type }} + {{- if and .Values.vmauth.service.clusterIP (eq .Values.vmauth.service.type "ClusterIP") }} + clusterIP: {{ .Values.vmauth.service.clusterIP }} + {{- end }} + {{- if .Values.vmauth.service.sessionAffinity }} + sessionAffinity: {{ .Values.vmauth.service.sessionAffinity }} + {{- end }} + {{- if .Values.vmauth.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.vmauth.service.type "LoadBalancer") (eq .Values.vmauth.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.vmauth.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.vmauth.service.type "LoadBalancer") (not (empty .Values.vmauth.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.vmauth.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.vmauth.service.type "LoadBalancer") (not (empty .Values.vmauth.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.vmauth.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + port: {{ .Values.vmauth.service.ports.http }} + protocol: TCP + {{- if and (or (eq .Values.vmauth.service.type "NodePort") (eq .Values.vmauth.service.type "LoadBalancer")) (not (empty .Values.vmauth.service.nodePorts.http)) }} + nodePort: {{ .Values.vmauth.service.nodePorts.http }} + {{- else if eq .Values.vmauth.service.type "ClusterIP" }} + nodePort: null + {{- end }} + targetPort: http + {{- if .Values.vmauth.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmauth.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: vmauth +{{- end }} \ No newline at end of file diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/servicemonitor.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/servicemonitor.yaml new file mode 100644 index 00000000..e6bdebbc --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmauth.enabled .Values.vmauth.metrics.enabled .Values.vmauth.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "victoriametrics.vmauth.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.vmauth.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + {{- if or .Values.vmauth.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmauth.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.vmauth.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vmauth + {{- if .Values.vmauth.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: http-metrics + path: "/metrics" + {{- if .Values.vmauth.metrics.serviceMonitor.interval }} + interval: {{ .Values.vmauth.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.vmauth.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.vmauth.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.vmauth.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.vmauth.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.vmauth.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.vmauth.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmauth.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.vmauth.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/vpa.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/vpa.yaml new file mode 100644 index 00000000..558adcac --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmauth/vpa.yaml @@ -0,0 +1,50 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmauth.enabled (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.vmauth.autoscaling.vpa.enabled }} +apiVersion: {{ include "common.capabilities.vpa.apiVersion" (dict "context" $) }} +kind: VerticalPodAutoscaler +metadata: + name: {{ include "victoriametrics.vmauth.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmauth + {{- if or .Values.vmauth.autoscaling.vpa.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmauth.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + resourcePolicy: + containerPolicies: + - containerName: vmauth + {{- with .Values.vmauth.autoscaling.vpa.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.vmauth.autoscaling.vpa.maxAllowed }} + maxAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.vmauth.autoscaling.vpa.minAllowed }} + minAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + targetRef: + {{- if eq .Values.vmauth.kind "daemonset" }} + apiVersion: {{ include "common.capabilities.daemonset.apiVersion" . }} + kind: DaemonSet + {{- else }} + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + {{- end }} + name: {{ include "victoriametrics.vmauth.fullname" . }} + {{- if .Values.vmauth.autoscaling.vpa.updatePolicy }} + updatePolicy: + {{- with .Values.vmauth.autoscaling.vpa.updatePolicy.updateMode }} + updateMode: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/deployment.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/deployment.yaml new file mode 100644 index 00000000..23a0697b --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/deployment.yaml @@ -0,0 +1,160 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "victoriametrics.vminsert.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + {{- if or .Values.vminsert.deploymentAnnotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.vminsert.deploymentAnnotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.vminsert.autoscaling.hpa.enabled }} + replicas: {{ .Values.vminsert.replicaCount }} + {{- end }} + {{- if .Values.vminsert.updateStrategy }} + strategy: {{- toYaml .Values.vminsert.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.vminsert.podLabels .Values.commonLabels) "context" .) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vminsert + template: + metadata: + {{- if .Values.vminsert.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + spec: + serviceAccountName: {{ template "victoriametrics.vminsert.serviceAccountName" . }} + {{- include "victoriametrics.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.vminsert.automountServiceAccountToken }} + {{- if .Values.vminsert.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vminsert.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.vminsert.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vminsert.podAffinityPreset "component" "vminsert" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vminsert.podAntiAffinityPreset "component" "vminsert" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.vminsert.nodeAffinityPreset.type "key" .Values.vminsert.nodeAffinityPreset.key "values" .Values.vminsert.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.vminsert.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.vminsert.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vminsert.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.vminsert.priorityClassName }} + priorityClassName: {{ .Values.vminsert.priorityClassName | quote }} + {{- end }} + {{- if .Values.vminsert.schedulerName }} + schedulerName: {{ .Values.vminsert.schedulerName | quote }} + {{- end }} + {{- if .Values.vminsert.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.vminsert.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.vminsert.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vminsert.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.vminsert.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.vminsert.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: vminsert + image: {{ template "victoriametrics.vminsert.image" . }} + imagePullPolicy: {{ .Values.vminsert.image.pullPolicy }} + {{- if .Values.vminsert.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.vminsert.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vminsert.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vminsert.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.args "context" $) | nindent 12 }} + {{- else }} + args: + - vminsert + - --replicationFactor=2 + {{- if .Values.envflagEnable }} + - --envflag.enable + - --envflag.prefix={{ .Values.envflagPrefix }} + {{- end }} + - --loggerFormat={{ .Values.loggerFormat }} + - --httpListenAddr=:{{ .Values.vminsert.containerPorts.http }} + {{- range $e, $i := until (int .Values.vmstorage.replicaCount) }} + - --storageNode={{ include "victoriametrics.vmstorage.fullname" $ }}-{{ int $i }}.{{ printf "%s-headless" (include "victoriametrics.vmstorage.fullname" $) | trunc 63 | trimSuffix "-" }}:{{ $.Values.vmstorage.containerPorts.vminsert }} + {{- end }} + {{- if .Values.vminsert.extraArgs }} + {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.extraArgs "context" $) | nindent 12 }} + {{- end }} + {{- end }} + env: + {{- if .Values.vminsert.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.vminsert.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.vminsert.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.vminsert.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.vminsert.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.vminsert.resources }} + resources: {{- toYaml .Values.vminsert.resources | nindent 12 }} + {{- else if ne .Values.vminsert.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.vminsert.resourcesPreset) | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.vminsert.containerPorts.http }} + {{- if .Values.vminsert.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.vminsert.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vminsert.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: http + {{- end }} + {{- if .Values.vminsert.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.vminsert.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vminsert.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /health + port: http + {{- end }} + {{- if .Values.vminsert.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.vminsert.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vminsert.startupProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /health + port: http + {{- end }} + {{- if .Values.vminsert.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vminsert.extraVolumeMounts }} + volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vminsert.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vminsert.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vminsert.extraVolumes }} + volumes: {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/hpa.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/hpa.yaml new file mode 100644 index 00000000..54611f67 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/hpa.yaml @@ -0,0 +1,42 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vminsert.autoscaling.hpa.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" (dict "context" $) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "victoriametrics.vminsert.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "victoriametrics.vminsert.fullname" . }} + minReplicas: {{ .Values.vminsert.autoscaling.hpa.minReplicas }} + maxReplicas: {{ .Values.vminsert.autoscaling.hpa.maxReplicas }} + metrics: + {{- if .Values.vminsert.autoscaling.hpa.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.vminsert.autoscaling.hpa.targetMemory }} + {{- end }} + {{- if .Values.vminsert.autoscaling.hpa.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.vminsert.autoscaling.hpa.targetCPU }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/ingress-tls-secret.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/ingress-tls-secret.yaml new file mode 100644 index 00000000..261aafe4 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/ingress-tls-secret.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vminsert.ingress.enabled }} +{{- if .Values.vminsert.ingress.secrets }} +{{- range .Values.vminsert.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" $.Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.vminsert.ingress.tls .Values.vminsert.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.vminsert.ingress.hostname }} +{{- $ca := genCA "vminsert-ca" 365 }} +{{- $cert := genSignedCert .Values.vminsert.ingress.hostname nil (list .Values.vminsert.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/ingress.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/ingress.yaml new file mode 100644 index 00000000..32cecc8f --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/ingress.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vminsert.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ template "victoriametrics.vminsert.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + {{- if or .Values.vminsert.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vminsert.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.vminsert.ingress.ingressClassName }} + ingressClassName: {{ .Values.vminsert.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.vminsert.ingress.hostname }} + - host: {{ .Values.vminsert.ingress.hostname }} + http: + paths: + {{- if .Values.vminsert.ingress.extraPaths }} + {{- toYaml .Values.vminsert.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.vminsert.ingress.path }} + pathType: {{ .Values.vminsert.ingress.pathType }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "victoriametrics.vminsert.fullname" . | trunc 63 | trimSuffix "-") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.vminsert.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + pathType: {{ default "ImplementationSpecific" .pathType }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "victoriametrics.vminsert.fullname" $ | trunc 63 | trimSuffix "-") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.vminsert.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.vminsert.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.vminsert.ingress.annotations )) .Values.vminsert.ingress.selfSigned)) .Values.vminsert.ingress.extraTls }} + tls: + {{- if and .Values.vminsert.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.vminsert.ingress.annotations )) .Values.vminsert.ingress.selfSigned) }} + - hosts: + - {{ .Values.vminsert.ingress.hostname | quote }} + secretName: {{ printf "%s-tls" .Values.vminsert.ingress.hostname }} + {{- end }} + {{- if .Values.vminsert.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/networkpolicy.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/networkpolicy.yaml new file mode 100644 index 00000000..11c01b23 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/networkpolicy.yaml @@ -0,0 +1,79 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vminsert.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "victoriametrics.vminsert.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + policyTypes: + - Ingress + - Egress + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vminsert.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + {{- if .Values.vminsert.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to victoriametrics storage controller + - ports: + - port: {{ .Values.vmstorage.containerPorts.http }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + {{- if .Values.vminsert.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vminsert.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.vminsert.containerPorts.http }} + {{- if not .Values.vminsert.networkPolicy.allowExternal }} + from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.vminsert.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.vminsert.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.vminsert.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.vminsert.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.vminsert.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vminsert.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/pdb.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/pdb.yaml new file mode 100644 index 00000000..27b94864 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/pdb.yaml @@ -0,0 +1,29 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vminsert.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "victoriametrics.vminsert.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.vminsert.pdb.minAvailable }} + minAvailable: {{ .Values.vminsert.pdb.minAvailable }} + {{- end }} + {{- if or .Values.vminsert.pdb.maxUnavailable ( not .Values.vminsert.pdb.minAvailable ) }} + maxUnavailable: {{ .Values.vminsert.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vminsert.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vminsert +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/service-account.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/service-account.yaml new file mode 100644 index 00000000..ce874398 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/service-account.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vminsert.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "victoriametrics.vminsert.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + {{- if or .Values.vminsert.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vminsert.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.vminsert.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/service.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/service.yaml new file mode 100644 index 00000000..22412e0d --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/service.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "victoriametrics.vminsert.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + {{- if or .Values.vminsert.service.annotations .Values.commonAnnotations .Values.vminsert.metrics.enabled .Values.vminsert.metrics.annotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.vminsert.service.annotations .Values.commonAnnotations .Values.vminsert.metrics.annotations) "context" .) }} + {{- if .Values.vminsert.metrics.enabled }} + {{- $defaultMetricsAnnotations := dict "prometheus.io/scrape" "true" "prometheus.io/port" .Values.vminsert.service.ports.http "prometheus.io/path" "/metrics" }} + {{- $annotations = include "common.tplvalues.merge" (dict "values" (list $annotations $defaultMetricsAnnotations) "context" .) }} + {{- end }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.vminsert.service.type }} + {{- if and .Values.vminsert.service.clusterIP (eq .Values.vminsert.service.type "ClusterIP") }} + clusterIP: {{ .Values.vminsert.service.clusterIP }} + {{- end }} + {{- if .Values.vminsert.service.sessionAffinity }} + sessionAffinity: {{ .Values.vminsert.service.sessionAffinity }} + {{- end }} + {{- if .Values.vminsert.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.vminsert.service.type "LoadBalancer") (eq .Values.vminsert.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.vminsert.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.vminsert.service.type "LoadBalancer") (not (empty .Values.vminsert.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.vminsert.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.vminsert.service.type "LoadBalancer") (not (empty .Values.vminsert.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.vminsert.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + port: {{ .Values.vminsert.service.ports.http }} + protocol: TCP + {{- if and (or (eq .Values.vminsert.service.type "NodePort") (eq .Values.vminsert.service.type "LoadBalancer")) (not (empty .Values.vminsert.service.nodePorts.http)) }} + nodePort: {{ .Values.vminsert.service.nodePorts.http }} + {{- else if eq .Values.vminsert.service.type "ClusterIP" }} + nodePort: null + {{- end }} + targetPort: http + {{- if .Values.vminsert.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vminsert.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: vminsert diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/servicemonitor.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/servicemonitor.yaml new file mode 100644 index 00000000..4284fa93 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vminsert.metrics.enabled .Values.vminsert.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "victoriametrics.vminsert.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.vminsert.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + {{- if or .Values.vminsert.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vminsert.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.vminsert.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vminsert + {{- if .Values.vminsert.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.vminsert.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: http-metrics + path: "/metrics" + {{- if .Values.vminsert.metrics.serviceMonitor.interval }} + interval: {{ .Values.vminsert.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.vminsert.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.vminsert.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.vminsert.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.vminsert.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.vminsert.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.vminsert.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vminsert.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.vminsert.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/vpa.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/vpa.yaml new file mode 100644 index 00000000..d6e07f71 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vminsert/vpa.yaml @@ -0,0 +1,45 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.vminsert.autoscaling.vpa.enabled }} +apiVersion: {{ include "common.capabilities.vpa.apiVersion" (dict "context" $) }} +kind: VerticalPodAutoscaler +metadata: + name: {{ include "victoriametrics.vminsert.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vminsert + {{- if or .Values.vminsert.autoscaling.vpa.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vminsert.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + resourcePolicy: + containerPolicies: + - containerName: vminsert + {{- with .Values.vminsert.autoscaling.vpa.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.vminsert.autoscaling.vpa.maxAllowed }} + maxAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.vminsert.autoscaling.vpa.minAllowed }} + minAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + targetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "victoriametrics.vminsert.fullname" . }} + {{- if .Values.vminsert.autoscaling.vpa.updatePolicy }} + updatePolicy: + {{- with .Values.vminsert.autoscaling.vpa.updatePolicy.updateMode }} + updateMode: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/dep-sts.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/dep-sts.yaml new file mode 100644 index 00000000..896a6ad3 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/dep-sts.yaml @@ -0,0 +1,178 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- $kind := lower .Values.vmselect.kind }} +{{- if eq $kind "statefulset" }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +{{- else }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +{{- end }} +metadata: + name: {{ template "victoriametrics.vmselect.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + {{- if or .Values.vmselect.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.vmselect.annotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.vmselect.autoscaling.hpa.enabled }} + replicas: {{ .Values.vmselect.replicaCount }} + {{- end }} + {{- if eq $kind "statefulset" }} + serviceName: {{ printf "%s-headless" (include "victoriametrics.vmstorage.fullname" .) | trunc 63 | trimSuffix "-" }} + podManagementPolicy: {{ .Values.vmselect.podManagementPolicy }} + {{- end }} + {{- if .Values.vmselect.updateStrategy }} + {{ ternary "strategy" "updateStrategy" (eq $kind "deployment")}}: {{- toYaml .Values.vmselect.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.vmselect.podLabels .Values.commonLabels) "context" .) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vmselect + template: + metadata: + {{- if .Values.vmselect.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + spec: + serviceAccountName: {{ template "victoriametrics.vmselect.serviceAccountName" . }} + {{- include "victoriametrics.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.vmselect.automountServiceAccountToken }} + {{- if .Values.vmselect.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmselect.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.vmselect.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmselect.podAffinityPreset "component" "vmselect" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmselect.podAntiAffinityPreset "component" "vmselect" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.vmselect.nodeAffinityPreset.type "key" .Values.vmselect.nodeAffinityPreset.key "values" .Values.vmselect.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.vmselect.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.vmselect.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmselect.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.vmselect.priorityClassName }} + priorityClassName: {{ .Values.vmselect.priorityClassName | quote }} + {{- end }} + {{- if .Values.vmselect.schedulerName }} + schedulerName: {{ .Values.vmselect.schedulerName | quote }} + {{- end }} + {{- if .Values.vmselect.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.vmselect.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.vmselect.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmselect.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.vmselect.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.vmselect.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: vmselect + image: {{ template "victoriametrics.vmselect.image" . }} + imagePullPolicy: {{ .Values.vmselect.image.pullPolicy }} + {{- if .Values.vmselect.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.vmselect.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmselect.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmselect.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.args "context" $) | nindent 12 }} + {{- else }} + args: + - vmselect + - --replicationFactor=2 + - --dedup.minScrapeInterval=1ms + {{- if .Values.envflagEnable }} + - --envflag.enable + - --envflag.prefix={{ .Values.envflagPrefix }} + {{- end }} + - --loggerFormat={{ .Values.loggerFormat }} + - --cacheDataPath=/opt/drycc/cache + - --httpListenAddr=:{{ .Values.vmselect.containerPorts.http }} + {{- range $e, $i := until (int .Values.vmstorage.replicaCount) }} + - --storageNode={{ include "victoriametrics.vmstorage.fullname" $ }}-{{ int $i }}.{{ printf "%s-headless" (include "victoriametrics.vmstorage.fullname" $) | trunc 63 | trimSuffix "-" }}:{{ $.Values.vmstorage.containerPorts.vmselect }} + {{- end }} + {{- if .Values.vmselect.extraArgs }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.extraArgs "context" $) | nindent 12 }} + {{- end }} + {{- end }} + env: + {{- if .Values.vmselect.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.vmselect.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.vmselect.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.vmselect.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.vmselect.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.vmselect.resources }} + resources: {{- toYaml .Values.vmselect.resources | nindent 12 }} + {{- else if ne .Values.vmselect.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.vmselect.resourcesPreset) | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.vmselect.containerPorts.http }} + {{- if .Values.vmselect.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.vmselect.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmselect.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: http + {{- end }} + {{- if .Values.vmselect.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.vmselect.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmselect.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /health + port: http + {{- end }} + {{- if .Values.vmselect.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.vmselect.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmselect.startupProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /health + port: http + {{- end }} + {{- if .Values.vmselect.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /opt/drycc/cache + subPath: app-cache-dir + {{- if .Values.vmselect.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmselect.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmselect.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: empty-dir + emptyDir: {} + {{- if .Values.vmselect.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/headless-service.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/headless-service.yaml new file mode 100644 index 00000000..68ce140f --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/headless-service.yaml @@ -0,0 +1,30 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (eq .Values.vmselect.kind "statefulset") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-headless" (include "victoriametrics.vmselect.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + {{- if or .Values.commonAnnotations .Values.vmselect.service.headless.annotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmselect.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + publishNotReadyAddresses: true + clusterIP: None + ports: + - name: http + port: {{ .Values.vmselect.containerPorts.http }} + targetPort: http + protocol: TCP + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: vmselect +{{- end }} \ No newline at end of file diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/hpa.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/hpa.yaml new file mode 100644 index 00000000..aad19d9f --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/hpa.yaml @@ -0,0 +1,47 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmselect.autoscaling.hpa.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" (dict "context" $) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "victoriametrics.vmselect.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + {{- if eq .Values.vmselect.kind "statefulset" }} + apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} + kind: StatefulSet + {{- else }} + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + {{- end }} + name: {{ include "victoriametrics.vmselect.fullname" . }} + minReplicas: {{ .Values.vmselect.autoscaling.hpa.minReplicas }} + maxReplicas: {{ .Values.vmselect.autoscaling.hpa.maxReplicas }} + metrics: + {{- if .Values.vmselect.autoscaling.hpa.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.vmselect.autoscaling.hpa.targetMemory }} + {{- end }} + {{- if .Values.vmselect.autoscaling.hpa.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.vmselect.autoscaling.hpa.targetCPU }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/ingress-tls-secret.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/ingress-tls-secret.yaml new file mode 100644 index 00000000..afd30458 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/ingress-tls-secret.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmselect.ingress.enabled }} +{{- if .Values.vmselect.ingress.secrets }} +{{- range .Values.vmselect.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" $.Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.vmselect.ingress.tls .Values.vmselect.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.vmselect.ingress.hostname }} +{{- $ca := genCA "vmselect-ca" 365 }} +{{- $cert := genSignedCert .Values.vmselect.ingress.hostname nil (list .Values.vmselect.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/ingress.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/ingress.yaml new file mode 100644 index 00000000..5a068658 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/ingress.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmselect.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ template "victoriametrics.vmselect.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + {{- if or .Values.vmselect.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmselect.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.vmselect.ingress.ingressClassName }} + ingressClassName: {{ .Values.vmselect.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.vmselect.ingress.hostname }} + - host: {{ .Values.vmselect.ingress.hostname }} + http: + paths: + {{- if .Values.vmselect.ingress.extraPaths }} + {{- toYaml .Values.vmselect.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.vmselect.ingress.path }} + pathType: {{ .Values.vmselect.ingress.pathType }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "victoriametrics.vmselect.fullname" . | trunc 63 | trimSuffix "-") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.vmselect.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + pathType: {{ default "ImplementationSpecific" .pathType }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "victoriametrics.vmselect.fullname" $ | trunc 63 | trimSuffix "-") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.vmselect.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.vmselect.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.vmselect.ingress.annotations )) .Values.vmselect.ingress.selfSigned)) .Values.vmselect.ingress.extraTls }} + tls: + {{- if and .Values.vmselect.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.vmselect.ingress.annotations )) .Values.vmselect.ingress.selfSigned) }} + - hosts: + - {{ .Values.vmselect.ingress.hostname | quote }} + secretName: {{ printf "%s-tls" .Values.vmselect.ingress.hostname }} + {{- end }} + {{- if .Values.vmselect.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/networkpolicy.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/networkpolicy.yaml new file mode 100644 index 00000000..a1814be3 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/networkpolicy.yaml @@ -0,0 +1,79 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmselect.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "victoriametrics.vmselect.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + policyTypes: + - Ingress + - Egress + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmselect.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + {{- if .Values.vmselect.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to victoriametrics storage controller + - ports: + - port: {{ .Values.vmstorage.containerPorts.http }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + {{- if .Values.vmselect.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmselect.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.vmselect.containerPorts.http }} + {{- if not .Values.vmselect.networkPolicy.allowExternal }} + from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.vmselect.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.vmselect.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.vmselect.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.vmselect.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.vmselect.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmselect.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/pdb.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/pdb.yaml new file mode 100644 index 00000000..cd08d62e --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/pdb.yaml @@ -0,0 +1,29 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmselect.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "victoriametrics.vmselect.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.vmselect.pdb.minAvailable }} + minAvailable: {{ .Values.vmselect.pdb.minAvailable }} + {{- end }} + {{- if or .Values.vmselect.pdb.maxUnavailable ( not .Values.vmselect.pdb.minAvailable ) }} + maxUnavailable: {{ .Values.vmselect.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmselect.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vmselect +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/service-account.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/service-account.yaml new file mode 100644 index 00000000..3a5d6cf7 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/service-account.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmselect.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "victoriametrics.vmselect.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + {{- if or .Values.vmselect.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmselect.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.vmselect.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/service.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/service.yaml new file mode 100644 index 00000000..0bb2407a --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/service.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "victoriametrics.vmselect.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + {{- if or .Values.vmselect.service.annotations .Values.commonAnnotations .Values.vmselect.metrics.enabled .Values.vmselect.metrics.annotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.vmselect.service.annotations .Values.commonAnnotations .Values.vmselect.metrics.annotations) "context" .) }} + {{- if .Values.vmselect.metrics.enabled }} + {{- $defaultMetricsAnnotations := dict "prometheus.io/scrape" "true" "prometheus.io/port" .Values.vmselect.service.ports.http "prometheus.io/path" "/metrics" }} + {{- $annotations = include "common.tplvalues.merge" (dict "values" (list $annotations $defaultMetricsAnnotations) "context" .) }} + {{- end }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.vmselect.service.type }} + {{- if and .Values.vmselect.service.clusterIP (eq .Values.vmselect.service.type "ClusterIP") }} + clusterIP: {{ .Values.vmselect.service.clusterIP }} + {{- end }} + {{- if .Values.vmselect.service.sessionAffinity }} + sessionAffinity: {{ .Values.vmselect.service.sessionAffinity }} + {{- end }} + {{- if .Values.vmselect.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.vmselect.service.type "LoadBalancer") (eq .Values.vmselect.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.vmselect.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.vmselect.service.type "LoadBalancer") (not (empty .Values.vmselect.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.vmselect.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.vmselect.service.type "LoadBalancer") (not (empty .Values.vmselect.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.vmselect.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + port: {{ .Values.vmselect.service.ports.http }} + protocol: TCP + {{- if and (or (eq .Values.vmselect.service.type "NodePort") (eq .Values.vmselect.service.type "LoadBalancer")) (not (empty .Values.vmselect.service.nodePorts.http)) }} + nodePort: {{ .Values.vmselect.service.nodePorts.http }} + {{- else if eq .Values.vmselect.service.type "ClusterIP" }} + nodePort: null + {{- end }} + targetPort: http + {{- if .Values.vmselect.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmselect.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: vmselect diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/servicemonitor.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/servicemonitor.yaml new file mode 100644 index 00000000..d5f8ffdd --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmselect.metrics.enabled .Values.vmselect.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "victoriametrics.vmselect.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.vmselect.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + {{- if or .Values.vmselect.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmselect.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.vmselect.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vmselect + {{- if .Values.vmselect.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmselect.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: http-metrics + path: "/metrics" + {{- if .Values.vmselect.metrics.serviceMonitor.interval }} + interval: {{ .Values.vmselect.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.vmselect.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.vmselect.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.vmselect.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.vmselect.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.vmselect.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.vmselect.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmselect.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.vmselect.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/vpa.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/vpa.yaml new file mode 100644 index 00000000..2f4cedc6 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmselect/vpa.yaml @@ -0,0 +1,50 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.vmselect.autoscaling.vpa.enabled }} +apiVersion: {{ include "common.capabilities.vpa.apiVersion" (dict "context" $) }} +kind: VerticalPodAutoscaler +metadata: + name: {{ include "victoriametrics.vmselect.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmselect + {{- if or .Values.vmselect.autoscaling.vpa.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmselect.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + resourcePolicy: + containerPolicies: + - containerName: vmselect + {{- with .Values.vmselect.autoscaling.vpa.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.vmselect.autoscaling.vpa.maxAllowed }} + maxAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.vmselect.autoscaling.vpa.minAllowed }} + minAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + targetRef: + {{- if eq .Values.vmselect.kind "statefulset" }} + apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} + kind: StatefulSet + {{- else }} + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + {{- end }} + name: {{ include "victoriametrics.vmselect.fullname" . }} + {{- if .Values.vmselect.autoscaling.vpa.updatePolicy }} + updatePolicy: + {{- with .Values.vmselect.autoscaling.vpa.updatePolicy.updateMode }} + updateMode: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/headless-service.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/headless-service.yaml new file mode 100644 index 00000000..78013fdd --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/headless-service.yaml @@ -0,0 +1,36 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-headless" (include "victoriametrics.vmstorage.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + {{- if or .Values.commonAnnotations .Values.vmstorage.service.headless.annotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmstorage.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + publishNotReadyAddresses: true + clusterIP: None + ports: + - name: http + port: {{ .Values.vmstorage.containerPorts.http }} + targetPort: http + protocol: TCP + - name: tcp-vminsert + port: {{ .Values.vmstorage.containerPorts.vminsert }} + targetPort: tcp-vminsert + protocol: TCP + - name: tcp-vmselect + port: {{ .Values.vmstorage.containerPorts.vmselect }} + targetPort: tcp-vmselect + protocol: TCP + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: vmstorage diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/hpa.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/hpa.yaml new file mode 100644 index 00000000..83b4eae8 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/hpa.yaml @@ -0,0 +1,42 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmstorage.autoscaling.hpa.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" (dict "context" $) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "victoriametrics.vmstorage.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} + kind: StatefulSet + name: {{ include "victoriametrics.vmstorage.fullname" . }} + minReplicas: {{ .Values.vmstorage.autoscaling.hpa.minReplicas }} + maxReplicas: {{ .Values.vmstorage.autoscaling.hpa.maxReplicas }} + metrics: + {{- if .Values.vmstorage.autoscaling.hpa.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.vmstorage.autoscaling.hpa.targetMemory }} + {{- end }} + {{- if .Values.vmstorage.autoscaling.hpa.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.vmstorage.autoscaling.hpa.targetCPU }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/networkpolicy.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/networkpolicy.yaml new file mode 100644 index 00000000..684c9c5a --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/networkpolicy.yaml @@ -0,0 +1,73 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmstorage.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "victoriametrics.vmstorage.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + policyTypes: + - Ingress + - Egress + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmstorage.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + {{- if .Values.vmstorage.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + {{- if .Values.vmstorage.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmstorage.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.vmstorage.containerPorts.http }} + - port: {{ .Values.vmstorage.containerPorts.vminsert }} + - port: {{ .Values.vmstorage.containerPorts.vmselect }} + {{- if not .Values.vmstorage.networkPolicy.allowExternal }} + from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.vmstorage.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.vmstorage.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.vmstorage.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.vmstorage.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.vmstorage.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmstorage.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/pdb.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/pdb.yaml new file mode 100644 index 00000000..f85245a5 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/pdb.yaml @@ -0,0 +1,29 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmstorage.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "victoriametrics.vmstorage.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.vmstorage.pdb.minAvailable }} + minAvailable: {{ .Values.vmstorage.pdb.minAvailable }} + {{- end }} + {{- if or .Values.vmstorage.pdb.maxUnavailable ( not .Values.vmstorage.pdb.minAvailable ) }} + maxUnavailable: {{ .Values.vmstorage.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmstorage.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vmstorage +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/service-account.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/service-account.yaml new file mode 100644 index 00000000..3d7867c8 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/service-account.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.vmstorage.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "victoriametrics.vmstorage.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + {{- if or .Values.vmstorage.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmstorage.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.vmstorage.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/service.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/service.yaml new file mode 100644 index 00000000..40abf629 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/service.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "victoriametrics.vmstorage.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + {{- if or .Values.vmstorage.service.annotations .Values.commonAnnotations .Values.vmstorage.metrics.enabled .Values.vmstorage.metrics.annotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.vmstorage.service.annotations .Values.commonAnnotations .Values.vmstorage.metrics.annotations) "context" .) }} + {{- if .Values.vmstorage.metrics.enabled }} + {{- $defaultMetricsAnnotations := dict "prometheus.io/scrape" "true" "prometheus.io/port" (.Values.vmstorage.service.ports.http ) "prometheus.io/path" "/metrics" }} + {{- $annotations = include "common.tplvalues.merge" (dict "values" (list $annotations $defaultMetricsAnnotations) "context" .) }} + {{- end }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.vmstorage.service.type }} + {{- if and .Values.vmstorage.service.clusterIP (eq .Values.vmstorage.service.type "ClusterIP") }} + clusterIP: {{ .Values.vmstorage.service.clusterIP }} + {{- end }} + {{- if .Values.vmstorage.service.sessionAffinity }} + sessionAffinity: {{ .Values.vmstorage.service.sessionAffinity }} + {{- end }} + {{- if .Values.vmstorage.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.vmstorage.service.type "LoadBalancer") (eq .Values.vmstorage.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.vmstorage.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.vmstorage.service.type "LoadBalancer") (not (empty .Values.vmstorage.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.vmstorage.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.vmstorage.service.type "LoadBalancer") (not (empty .Values.vmstorage.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.vmstorage.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + port: {{ .Values.vmstorage.service.ports.http }} + protocol: TCP + {{- if and (or (eq .Values.vmstorage.service.type "NodePort") (eq .Values.vmstorage.service.type "LoadBalancer")) (not (empty .Values.vmstorage.service.nodePorts.http)) }} + nodePort: {{ .Values.vmstorage.service.nodePorts.http }} + {{- else if eq .Values.vmstorage.service.type "ClusterIP" }} + nodePort: null + {{- end }} + targetPort: http + {{- if .Values.vmstorage.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmstorage.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: vmstorage diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/servicemonitor.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/servicemonitor.yaml new file mode 100644 index 00000000..63ea54c1 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.vmstorage.metrics.enabled .Values.vmstorage.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "victoriametrics.vmstorage.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.vmstorage.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + {{- if or .Values.vmstorage.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmstorage.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.vmstorage.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: vmstorage + {{- if .Values.vmstorage.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: http-metrics + path: "/metrics" + {{- if .Values.vmstorage.metrics.serviceMonitor.interval }} + interval: {{ .Values.vmstorage.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.vmstorage.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.vmstorage.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.vmstorage.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.vmstorage.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.vmstorage.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.vmstorage.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmstorage.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.vmstorage.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/statefulset.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/statefulset.yaml new file mode 100644 index 00000000..40f409ec --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/statefulset.yaml @@ -0,0 +1,225 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "victoriametrics.vmstorage.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + {{- if or .Values.vmstorage.statefulsetAnnotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.vmstorage.statefulsetAnnotations .Values.commonAnnotations) "context" .) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.vmstorage.autoscaling.hpa.enabled }} + replicas: {{ .Values.vmstorage.replicaCount }} + {{- end }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: Delete + whenScaled: Retain + serviceName: {{ printf "%s-headless" (include "victoriametrics.vmstorage.fullname" .) | trunc 63 | trimSuffix "-" }} + podManagementPolicy: {{ .Values.vmstorage.podManagementPolicy }} + {{- if .Values.vmstorage.updateStrategy }} + updateStrategy: {{- toYaml .Values.vmstorage.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmstorage.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + template: + metadata: + {{- if .Values.vmstorage.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + spec: + serviceAccountName: {{ template "victoriametrics.vmstorage.serviceAccountName" . }} + {{- include "victoriametrics.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.vmstorage.automountServiceAccountToken }} + {{- if .Values.vmstorage.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmstorage.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.vmstorage.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmstorage.podAffinityPreset "component" "vmstorage" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmstorage.podAntiAffinityPreset "component" "vmstorage" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.vmstorage.nodeAffinityPreset.type "key" .Values.vmstorage.nodeAffinityPreset.key "values" .Values.vmstorage.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.vmstorage.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.vmstorage.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmstorage.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.vmstorage.priorityClassName }} + priorityClassName: {{ .Values.vmstorage.priorityClassName | quote }} + {{- end }} + {{- if .Values.vmstorage.schedulerName }} + schedulerName: {{ .Values.vmstorage.schedulerName | quote }} + {{- end }} + {{- if .Values.vmstorage.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.vmstorage.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.vmstorage.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.vmstorage.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.vmstorage.terminationGracePeriodSeconds }} + {{- end }} + {{- if or (and .Values.defaultInitContainers.volumePermissions.enabled .Values.vmstorage.persistence.enabled) .Values.vmstorage.initContainers }} + initContainers: + {{- if and .Values.defaultInitContainers.volumePermissions.enabled .Values.vmstorage.persistence.enabled }} + {{- include "victoriametrics.init-containers.volume-permissions" (dict "context" . "componentValues" .Values.vmstorage) | nindent 8 }} + {{- end }} + {{- if .Values.vmstorage.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: vmstorage + image: {{ template "victoriametrics.vmstorage.image" . }} + imagePullPolicy: {{ .Values.vmstorage.image.pullPolicy }} + {{- if .Values.vmstorage.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.vmstorage.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmstorage.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmstorage.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.args "context" $) | nindent 12 }} + {{- else }} + args: + - vmstorage + {{- if .Values.envflagEnable }} + - --envflag.enable + - --envflag.prefix={{ .Values.envflagPrefix }} + {{- end }} + - --loggerFormat={{ .Values.loggerFormat }} + - --httpListenAddr=:{{ .Values.vmstorage.containerPorts.http }} + - --vminsertAddr=:{{ .Values.vmstorage.containerPorts.vminsert }} + - --vmselectAddr=:{{ .Values.vmstorage.containerPorts.vmselect }} + - --retentionPeriod={{ .Values.vmstorage.retentionPeriod }} + - --storageDataPath={{ .Values.vmstorage.persistence.mountPath }} + {{- if .Values.vmstorage.extraArgs }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.extraArgs "context" $) | nindent 12 }} + {{- end }} + {{- end }} + env: + {{- if .Values.vmstorage.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.vmstorage.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.vmstorage.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.vmstorage.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.vmstorage.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.vmstorage.resources }} + resources: {{- toYaml .Values.vmstorage.resources | nindent 12 }} + {{- else if ne .Values.vmstorage.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.vmstorage.resourcesPreset) | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.vmstorage.containerPorts.http }} + - name: tcp-vminsert + containerPort: {{ .Values.vmstorage.containerPorts.vminsert }} + - name: tcp-vmselect + containerPort: {{ .Values.vmstorage.containerPorts.vmselect }} + {{- if .Values.vmstorage.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.vmstorage.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmstorage.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: http + {{- end }} + {{- if .Values.vmstorage.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.vmstorage.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmstorage.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /health + port: http + {{- end }} + {{- if .Values.vmstorage.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.vmstorage.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.vmstorage.startupProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /health + port: http + {{- end }} + {{- if .Values.vmstorage.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.vmstorage.persistence.enabled }} + - name: data + mountPath: {{ .Values.vmstorage.persistence.mountPath }} + {{- end }} + {{- if .Values.vmstorage.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.vmstorage.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.vmstorage.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if and .Values.vmstorage.persistence.enabled .Values.vmstorage.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.vmstorage.persistence.existingClaim }} + {{- else if (not .Values.vmstorage.persistence.enabled) }} + - name: data + emptyDir: {} + {{- end }} + {{- if .Values.vmstorage.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.vmstorage.persistence.enabled (not .Values.vmstorage.persistence.existingClaim) }} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + annotations: + {{- if .Values.vmstorage.persistence.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.commonLabels }} + labels: {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 10 }} + {{- end }} + spec: + {{- if .Values.vmstorage.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.persistence.dataSource "context" $) | nindent 4 }} + {{- end }} + accessModes: + {{- range .Values.vmstorage.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.vmstorage.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.vmstorage.persistence "global" .Values.global) | nindent 8 }} + {{- if .Values.vmstorage.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.vmstorage.persistence.extraVolumeClaimTemplates }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmstorage.persistence.extraVolumeClaimTemplates "context" $) | nindent 4 }} + {{- end }} + {{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/vpa.yaml b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/vpa.yaml new file mode 100644 index 00000000..b88c0b75 --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/templates/vmstorage/vpa.yaml @@ -0,0 +1,45 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.vmstorage.autoscaling.vpa.enabled }} +apiVersion: {{ include "common.capabilities.vpa.apiVersion" (dict "context" $) }} +kind: VerticalPodAutoscaler +metadata: + name: {{ include "victoriametrics.vmstorage.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: victoriametrics + app.kubernetes.io/component: vmstorage + {{- if or .Values.vmstorage.autoscaling.vpa.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.vmstorage.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + resourcePolicy: + containerPolicies: + - containerName: vmstorage + {{- with .Values.vmstorage.autoscaling.vpa.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.vmstorage.autoscaling.vpa.maxAllowed }} + maxAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.vmstorage.autoscaling.vpa.minAllowed }} + minAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + targetRef: + apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} + kind: StatefulSet + name: {{ include "victoriametrics.vmstorage.fullname" . }} + {{- if .Values.vmstorage.autoscaling.vpa.updatePolicy }} + updatePolicy: + {{- with .Values.vmstorage.autoscaling.vpa.updatePolicy.updateMode }} + updateMode: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/victoriametrics/1/chart/victoriametrics/values.yaml b/addons/victoriametrics/1/chart/victoriametrics/values.yaml new file mode 100644 index 00000000..225c4b3c --- /dev/null +++ b/addons/victoriametrics/1/chart/victoriametrics/values.yaml @@ -0,0 +1,3670 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + defaultStorageClass: "" + ## Security parameters + ## + security: + ## @param global.security.allowInsecureImages Allows skipping image verification + allowInsecureImages: true + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param apiVersions Override Kubernetes API versions reported by .Capabilities +## +apiVersions: [] +## @param nameOverride String to partially override common.names.name +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + +## @section VictoriaMetrics common parameters +## +## @param envflagEnable Enable envflag +## +envflagEnable: true +## @param envflagPrefix Prefix used for the envflag entries +## +envflagPrefix: VM_ +## @param loggerFormat Set format of the logs +## +loggerFormat: json + +## @section VictoriaMetrics Select Parameters +## +vmselect: + ## Drycc VictoriaMetrics Select image + ## ref: https://hub.docker.com/r/drycc/victoriametrics-vmselect/tags/ + ## @param vmselect.image.registry [default: REGISTRY_NAME] VictoriaMetrics Select image registry + ## @param vmselect.image.repository [default: REPOSITORY_NAME/victoriametrics-vmselect] VictoriaMetrics Select image repository + ## @skip vmselect.image.tag VictoriaMetrics Select image tag (immutable tags are recommended) + ## @param vmselect.image.digest VictoriaMetrics Select image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) + ## @param vmselect.image.pullPolicy VictoriaMetrics Select image pull policy + ## @param vmselect.image.pullSecrets VictoriaMetrics Select image pull secrets + ## + image: + registry: registry.drycc.cc + repository: drycc/victoriametrics + tag: 0.0.1 + digest: "" + ## Specify a imagePullPolicy + ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param vmselect.replicaCount Number of VictoriaMetrics Select replicas to deploy + ## + replicaCount: 2 + ## @param vmselect.containerPorts.http VictoriaMetrics Select http container port + ## + containerPorts: + http: 8481 + ## Configure extra options for VictoriaMetrics Select containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param vmselect.livenessProbe.enabled Enable livenessProbe on VictoriaMetrics Select containers + ## @param vmselect.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param vmselect.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param vmselect.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param vmselect.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param vmselect.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmselect.readinessProbe.enabled Enable readinessProbe on VictoriaMetrics Select containers + ## @param vmselect.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param vmselect.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param vmselect.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param vmselect.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param vmselect.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmselect.startupProbe.enabled Enable startupProbe on VictoriaMetrics Select containers + ## @param vmselect.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param vmselect.startupProbe.periodSeconds Period seconds for startupProbe + ## @param vmselect.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param vmselect.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param vmselect.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmselect.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param vmselect.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param vmselect.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## VictoriaMetrics Select resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param vmselect.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if vmselect.resources is set (vmselect.resources is recommended for production). + ## More information: https://github.com/drycc/charts/blob/main/drycc/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param vmselect.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param vmselect.kind Define how to deploy VictoriaMetrics Select (allowed values: deployment or statefulset) + ## + kind: "deployment" + ## @param vmselect.podManagementPolicy Pod management policy for VictoriaMetrics Storage statefulset + ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: Parallel + ## @param vmselect.annotations Annotations for VictoriaMetrics Select Deployment or StatefulSet + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param vmselect.podSecurityContext.enabled Enabled VictoriaMetrics Select pods' Security Context + ## @param vmselect.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param vmselect.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param vmselect.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param vmselect.podSecurityContext.fsGroup Set VictoriaMetrics Select pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param vmselect.containerSecurityContext.enabled Enabled VictoriaMetrics Select containers' Security Context + ## @param vmselect.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param vmselect.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param vmselect.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param vmselect.containerSecurityContext.runAsNonRoot Set VictoriaMetrics Select containers' Security Context runAsNonRoot + ## @param vmselect.containerSecurityContext.privileged Set VictoriaMetrics Select containers' Security Context privileged + ## @param vmselect.containerSecurityContext.readOnlyRootFilesystem Set VictoriaMetrics Select containers' Security Context runAsNonRoot + ## @param vmselect.containerSecurityContext.allowPrivilegeEscalation Set VictoriaMetrics Select container's privilege escalation + ## @param vmselect.containerSecurityContext.capabilities.drop Set VictoriaMetrics Select container's Security Context runAsNonRoot + ## @param vmselect.containerSecurityContext.seccompProfile.type Set VictoriaMetrics Select container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: RuntimeDefault + ## @param vmselect.command Override default container command (useful when using custom images) + ## + command: [] + ## @param vmselect.args Override default container args (useful when using custom images) + ## + args: [] + ## @param vmselect.extraArgs Add extra arguments to the default command + ## + extraArgs: [] + ## @param vmselect.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false + ## @param vmselect.hostAliases VictoriaMetrics Select pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param vmselect.podLabels Extra labels for VictoriaMetrics Select pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param vmselect.podAnnotations Annotations for VictoriaMetrics Select pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param vmselect.podAffinityPreset Pod affinity preset. Ignored if `vmselect.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param vmselect.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `vmselect.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param vmselect.pdb.create Enable/disable a Pod Disruption Budget creation + ## @param vmselect.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param vmselect.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## Autoscaling configuration + ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/ + ## + autoscaling: + ## @param vmselect.autoscaling.vpa.enabled Enable VPA for VictoriaMetrics Select pods + ## @param vmselect.autoscaling.vpa.annotations Annotations for VPA resource + ## @param vmselect.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + ## @param vmselect.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod + ## @param vmselect.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod + ## + vpa: + enabled: false + annotations: {} + controlledResources: [] + maxAllowed: {} + minAllowed: {} + ## @param vmselect.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy + ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod + ## Possible values are "Off", "Initial", "Recreate", and "Auto". + ## + updatePolicy: + updateMode: Auto + ## @param vmselect.autoscaling.hpa.enabled Enable HPA for VictoriaMetrics Select pods + ## @param vmselect.autoscaling.hpa.minReplicas Minimum number of replicas + ## @param vmselect.autoscaling.hpa.maxReplicas Maximum number of replicas + ## @param vmselect.autoscaling.hpa.targetCPU Target CPU utilization percentage + ## @param vmselect.autoscaling.hpa.targetMemory Target Memory utilization percentage + ## + hpa: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + ## Node vmselect.affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param vmselect.nodeAffinityPreset.type Node affinity preset type. Ignored if `vmselect.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param vmselect.nodeAffinityPreset.key Node label key to match. Ignored if `vmselect.affinity` is set + ## + key: "" + ## @param vmselect.nodeAffinityPreset.values Node label values to match. Ignored if `vmselect.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param vmselect.affinity Affinity for VictoriaMetrics Select pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `vmselect.podAffinityPreset`, `vmselect.podAntiAffinityPreset`, and `vmselect.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param vmselect.nodeSelector Node labels for VictoriaMetrics Select pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param vmselect.tolerations Tolerations for VictoriaMetrics Select pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param vmselect.updateStrategy.type VictoriaMetrics Select statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + ## @param vmselect.priorityClassName VictoriaMetrics Select pods' priorityClassName + ## + priorityClassName: "" + ## @param vmselect.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param vmselect.schedulerName Name of the k8s scheduler (other than default) for VictoriaMetrics Select pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param vmselect.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param vmselect.lifecycleHooks for the VictoriaMetrics Select container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param vmselect.extraEnvVars Array with extra environment variables to add to VictoriaMetrics Select nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param vmselect.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for VictoriaMetrics Select nodes + ## + extraEnvVarsCM: "" + ## @param vmselect.extraEnvVarsSecret Name of existing Secret containing extra env vars for VictoriaMetrics Select nodes + ## + extraEnvVarsSecret: "" + ## @param vmselect.extraVolumes Optionally specify extra list of additional volumes for the VictoriaMetrics Select pod(s) + ## + extraVolumes: [] + ## @param vmselect.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the VictoriaMetrics Select container(s) + ## + extraVolumeMounts: [] + ## @param vmselect.sidecars Add additional sidecar containers to the VictoriaMetrics Select pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param vmselect.initContainers Add additional init containers to the VictoriaMetrics Select pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## @section VictoriaMetrics Select RBAC Parameters + ## + + ## ServiceAccount configuration + ## + serviceAccount: + ## @param vmselect.serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param vmselect.serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param vmselect.serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param vmselect.serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: false + ## @section VictoriaMetrics Select Traffic Exposure Parameters + ## + service: + ## @param vmselect.service.type VictoriaMetrics Select service type + ## + type: ClusterIP + ## @param vmselect.service.ports.http VictoriaMetrics Select service http port + ## + ports: + http: "8481" + ## Node ports to expose + ## @param vmselect.service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## @param vmselect.service.clusterIP VictoriaMetrics Select service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param vmselect.service.loadBalancerIP VictoriaMetrics Select service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param vmselect.service.loadBalancerSourceRanges VictoriaMetrics Select service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param vmselect.service.externalTrafficPolicy VictoriaMetrics Select service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param vmselect.service.annotations [object] Additional custom annotations for VictoriaMetrics Select service + ## + annotations: {} + ## @param vmselect.service.extraPorts Extra ports to expose in VictoriaMetrics Select service (normally used with the `sidecars` value) + ## + extraPorts: [] + ## @param vmselect.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param vmselect.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## Headless service properties + ## + headless: + ## @param vmselect.service.headless.annotations Annotations for the headless service. + ## + annotations: {} + ## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/ + ## + ingress: + ## @param vmselect.ingress.enabled Enable ingress record generation for VictoriaMetrics Select + ## + enabled: false + ## @param vmselect.ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param vmselect.ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param vmselect.ingress.hostname Default host for the ingress record + ## + hostname: vmselect.local + ## @param vmselect.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param vmselect.ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + ## + path: / + ## @param vmselect.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param vmselect.ingress.tls Enable TLS configuration for the host defined at `vmselect.ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `vmselect.ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `vmselect.ingress.selfSigned=true` + ## + tls: false + ## @param vmselect.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param vmselect.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: victoriametrics select.local + ## path: / + ## + extraHosts: [] + ## @param vmselect.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param vmselect.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - victoriametrics select.local + ## secretName: victoriametrics select.local-tls + ## + extraTls: [] + ## @param vmselect.ingress.secrets Custom TLS certificates as secrets + ## NOTE: 'key' and 'certificate' are expected in PEM format + ## NOTE: 'name' should line up with a 'secretName' set further up + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## secrets: + ## - name: victoriametrics select.local-tls + ## key: |- + ## -----BEGIN RSA PRIVATE KEY----- + ## ... + ## -----END RSA PRIVATE KEY----- + ## certificate: |- + ## -----BEGIN CERTIFICATE----- + ## ... + ## -----END CERTIFICATE----- + ## + secrets: [] + ## @param vmselect.ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param vmselect.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param vmselect.networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: false + ## @param vmselect.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param vmselect.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param vmselect.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param vmselect.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param vmselect.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + + ## @section VictoriaMetrics Select Metrics Parameters + ## + ## Prometheus metrics + ## + metrics: + ## @param vmselect.metrics.enabled Enable the export of Prometheus metrics + ## + enabled: true + ## @param vmselect.metrics.annotations Additional custom annotations for the service + ## + annotations: {} + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param vmselect.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param vmselect.metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param vmselect.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor + ## + annotations: {} + ## @param vmselect.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param vmselect.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param vmselect.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param vmselect.metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param vmselect.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param vmselect.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param vmselect.metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param vmselect.metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/drycc/charts/tree/main/drycc/prometheus-operator#prometheus-configuration + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + +## @section VictoriaMetrics Insert Parameters +## +vminsert: + ## Drycc VictoriaMetrics Insert image + ## ref: https://hub.docker.com/r/drycc/victoriametrics-vminsert/tags/ + ## @param vminsert.image.registry [default: REGISTRY_NAME] VictoriaMetrics Insert image registry + ## @param vminsert.image.repository [default: REPOSITORY_NAME/victoriametrics-vminsert] VictoriaMetrics Insert image repository + ## @skip vminsert.image.tag VictoriaMetrics Insert image tag (immutable tags are recommended) + ## @param vminsert.image.digest VictoriaMetrics Insert image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) + ## @param vminsert.image.pullPolicy VictoriaMetrics Insert image pull policy + ## @param vminsert.image.pullSecrets VictoriaMetrics Insert image pull secrets + ## + image: + registry: registry.drycc.cc + repository: drycc/victoriametrics + tag: 0.0.1 + digest: "" + ## Specify a imagePullPolicy + ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param vminsert.replicaCount Number of VictoriaMetrics Insert replicas to deploy + ## + replicaCount: 2 + ## @param vminsert.containerPorts.http VictoriaMetrics Insert http container port + ## + containerPorts: + http: 8480 + ## Configure extra options for VictoriaMetrics Insert containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param vminsert.livenessProbe.enabled Enable livenessProbe on VictoriaMetrics Insert containers + ## @param vminsert.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param vminsert.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param vminsert.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param vminsert.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param vminsert.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vminsert.readinessProbe.enabled Enable readinessProbe on VictoriaMetrics Insert containers + ## @param vminsert.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param vminsert.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param vminsert.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param vminsert.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param vminsert.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vminsert.startupProbe.enabled Enable startupProbe on VictoriaMetrics Insert containers + ## @param vminsert.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param vminsert.startupProbe.periodSeconds Period seconds for startupProbe + ## @param vminsert.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param vminsert.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param vminsert.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vminsert.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param vminsert.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param vminsert.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## VictoriaMetrics Insert resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param vminsert.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if vminsert.resources is set (vminsert.resources is recommended for production). + ## More information: https://github.com/drycc/charts/blob/main/drycc/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param vminsert.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param vminsert.deploymentAnnotations Annotations for VictoriaMetrics Insert Deployment + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + deploymentAnnotations: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param vminsert.podSecurityContext.enabled Enabled VictoriaMetrics Insert pods' Security Context + ## @param vminsert.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param vminsert.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param vminsert.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param vminsert.podSecurityContext.fsGroup Set VictoriaMetrics Insert pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param vminsert.containerSecurityContext.enabled Enabled VictoriaMetrics Insert containers' Security Context + ## @param vminsert.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param vminsert.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param vminsert.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param vminsert.containerSecurityContext.runAsNonRoot Set VictoriaMetrics Insert containers' Security Context runAsNonRoot + ## @param vminsert.containerSecurityContext.privileged Set VictoriaMetrics Insert containers' Security Context privileged + ## @param vminsert.containerSecurityContext.readOnlyRootFilesystem Set VictoriaMetrics Insert containers' Security Context runAsNonRoot + ## @param vminsert.containerSecurityContext.allowPrivilegeEscalation Set VictoriaMetrics Insert container's privilege escalation + ## @param vminsert.containerSecurityContext.capabilities.drop Set VictoriaMetrics Insert container's Security Context runAsNonRoot + ## @param vminsert.containerSecurityContext.seccompProfile.type Set VictoriaMetrics Insert container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: RuntimeDefault + ## @param vminsert.command Override default container command (useful when using custom images) + ## + command: [] + ## @param vminsert.args Override default container args (useful when using custom images) + ## + args: [] + ## @param vminsert.extraArgs Add extra arguments to the default command + ## + extraArgs: [] + ## @param vminsert.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false + ## @param vminsert.hostAliases VictoriaMetrics Insert pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param vminsert.podLabels Extra labels for VictoriaMetrics Insert pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param vminsert.podAnnotations Annotations for VictoriaMetrics Insert pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param vminsert.podAffinityPreset Pod affinity preset. Ignored if `vminsert.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param vminsert.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `vminsert.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param vminsert.pdb.create Enable/disable a Pod Disruption Budget creation + ## @param vminsert.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param vminsert.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## Autoscaling configuration + ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/ + ## + autoscaling: + ## @param vminsert.autoscaling.vpa.enabled Enable VPA for VictoriaMetrics Insert pods + ## @param vminsert.autoscaling.vpa.annotations Annotations for VPA resource + ## @param vminsert.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + ## @param vminsert.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod + ## @param vminsert.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod + ## + vpa: + enabled: false + annotations: {} + controlledResources: [] + maxAllowed: {} + minAllowed: {} + ## @param vminsert.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy + ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod + ## Possible values are "Off", "Initial", "Recreate", and "Auto". + ## + updatePolicy: + updateMode: Auto + ## @param vminsert.autoscaling.hpa.enabled Enable HPA for VictoriaMetrics Insert pods + ## @param vminsert.autoscaling.hpa.minReplicas Minimum number of replicas + ## @param vminsert.autoscaling.hpa.maxReplicas Maximum number of replicas + ## @param vminsert.autoscaling.hpa.targetCPU Target CPU utilization percentage + ## @param vminsert.autoscaling.hpa.targetMemory Target Memory utilization percentage + ## + hpa: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + ## Node vminsert.affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param vminsert.nodeAffinityPreset.type Node affinity preset type. Ignored if `vminsert.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param vminsert.nodeAffinityPreset.key Node label key to match. Ignored if `vminsert.affinity` is set + ## + key: "" + ## @param vminsert.nodeAffinityPreset.values Node label values to match. Ignored if `vminsert.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param vminsert.affinity Affinity for VictoriaMetrics Insert pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `vminsert.podAffinityPreset`, `vminsert.podAntiAffinityPreset`, and `vminsert.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param vminsert.nodeSelector Node labels for VictoriaMetrics Insert pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param vminsert.tolerations Tolerations for VictoriaMetrics Insert pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param vminsert.updateStrategy.type VictoriaMetrics Insert statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + ## @param vminsert.priorityClassName VictoriaMetrics Insert pods' priorityClassName + ## + priorityClassName: "" + ## @param vminsert.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param vminsert.schedulerName Name of the k8s scheduler (other than default) for VictoriaMetrics Insert pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param vminsert.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param vminsert.lifecycleHooks for the VictoriaMetrics Insert container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param vminsert.extraEnvVars Array with extra environment variables to add to VictoriaMetrics Insert nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param vminsert.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for VictoriaMetrics Insert nodes + ## + extraEnvVarsCM: "" + ## @param vminsert.extraEnvVarsSecret Name of existing Secret containing extra env vars for VictoriaMetrics Insert nodes + ## + extraEnvVarsSecret: "" + ## @param vminsert.extraVolumes Optionally specify extra list of additional volumes for the VictoriaMetrics Insert pod(s) + ## + extraVolumes: [] + ## @param vminsert.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the VictoriaMetrics Insert container(s) + ## + extraVolumeMounts: [] + ## @param vminsert.sidecars Add additional sidecar containers to the VictoriaMetrics Insert pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param vminsert.initContainers Add additional init containers to the VictoriaMetrics Insert pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + + ## ServiceAccount configuration + ## + serviceAccount: + ## @param vminsert.serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param vminsert.serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param vminsert.serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param vminsert.serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: false + ## @section VictoriaMetrics Insert Traffic Exposure Parameters + ## + service: + ## @param vminsert.service.type VictoriaMetrics Insert service type + ## + type: ClusterIP + ## @param vminsert.service.ports.http VictoriaMetrics Insert service http port + ## + ports: + http: "8480" + ## Node ports to expose + ## @param vminsert.service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## @param vminsert.service.clusterIP VictoriaMetrics Insert service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param vminsert.service.loadBalancerIP VictoriaMetrics Insert service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param vminsert.service.loadBalancerSourceRanges VictoriaMetrics Insert service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param vminsert.service.externalTrafficPolicy VictoriaMetrics Insert service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param vminsert.service.annotations [object] Additional custom annotations for VictoriaMetrics Insert service + ## + annotations: {} + ## @param vminsert.service.extraPorts Extra ports to expose in VictoriaMetrics Insert service (normally used with the `sidecars` value) + ## + extraPorts: [] + ## @param vminsert.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param vminsert.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/ + ## + ingress: + ## @param vminsert.ingress.enabled Enable ingress record generation for VictoriaMetrics Insert + ## + enabled: false + ## @param vminsert.ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param vminsert.ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param vminsert.ingress.hostname Default host for the ingress record + ## + hostname: vminsert.local + ## @param vminsert.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param vminsert.ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + ## + path: / + ## @param vminsert.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param vminsert.ingress.tls Enable TLS configuration for the host defined at `vminsert.ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `vminsert.ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `vminsert.ingress.selfSigned=true` + ## + tls: false + ## @param vminsert.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param vminsert.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: victoriametrics select.local + ## path: / + ## + extraHosts: [] + ## @param vminsert.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param vminsert.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - victoriametrics select.local + ## secretName: victoriametrics select.local-tls + ## + extraTls: [] + ## @param vminsert.ingress.secrets Custom TLS certificates as secrets + ## NOTE: 'key' and 'certificate' are expected in PEM format + ## NOTE: 'name' should line up with a 'secretName' set further up + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## secrets: + ## - name: victoriametrics select.local-tls + ## key: |- + ## -----BEGIN RSA PRIVATE KEY----- + ## ... + ## -----END RSA PRIVATE KEY----- + ## certificate: |- + ## -----BEGIN CERTIFICATE----- + ## ... + ## -----END CERTIFICATE----- + ## + secrets: [] + ## @param vminsert.ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param vminsert.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param vminsert.networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: false + ## @param vminsert.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param vminsert.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param vminsert.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param vminsert.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param vminsert.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + + ## @section VictoriaMetrics Insert Metrics Parameters + ## + ## Prometheus metrics + ## + metrics: + ## @param vminsert.metrics.enabled Enable the export of Prometheus metrics + ## + enabled: true + ## @param vminsert.metrics.annotations Additional custom annotations for the service + ## + annotations: {} + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param vminsert.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param vminsert.metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param vminsert.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor + ## + annotations: {} + ## @param vminsert.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param vminsert.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param vminsert.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param vminsert.metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param vminsert.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param vminsert.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param vminsert.metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param vminsert.metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/drycc/charts/tree/main/drycc/prometheus-operator#prometheus-configuration + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + +## @section VictoriaMetrics Storage Parameters +## +vmstorage: + ## Drycc VictoriaMetrics Storage image + ## ref: https://hub.docker.com/r/drycc/victoriametrics-vmstorage/tags/ + ## @param vmstorage.image.registry [default: REGISTRY_NAME] VictoriaMetrics Storage image registry + ## @param vmstorage.image.repository [default: REPOSITORY_NAME/victoriametrics-vmstorage] VictoriaMetrics Storage image repository + ## @skip vmstorage.image.tag VictoriaMetrics Storage image tag (immutable tags are recommended) + ## @param vmstorage.image.digest VictoriaMetrics Storage image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) + ## @param vmstorage.image.pullPolicy VictoriaMetrics Storage image pull policy + ## @param vmstorage.image.pullSecrets VictoriaMetrics Storage image pull secrets + ## + image: + registry: registry.drycc.cc + repository: drycc/victoriametrics + tag: 0.0.1 + digest: "" + ## Specify a imagePullPolicy + ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param vmstorage.replicaCount Number of VictoriaMetrics Storage replicas to deploy + ## + replicaCount: 3 + ## @param vmstorage.containerPorts.http VictoriaMetrics Storage http container port + ## @param vmstorage.containerPorts.vmselect VictoriaMetrics Storage vmselect container port + ## @param vmstorage.containerPorts.vminsert VictoriaMetrics Storage vminsert container port + ## + containerPorts: + http: 8482 + vmselect: 8401 + vminsert: 8400 + ## Configure extra options for VictoriaMetrics Storage containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param vmstorage.livenessProbe.enabled Enable livenessProbe on VictoriaMetrics Storage containers + ## @param vmstorage.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param vmstorage.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param vmstorage.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param vmstorage.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param vmstorage.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmstorage.readinessProbe.enabled Enable readinessProbe on VictoriaMetrics Storage containers + ## @param vmstorage.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param vmstorage.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param vmstorage.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param vmstorage.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param vmstorage.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmstorage.startupProbe.enabled Enable startupProbe on VictoriaMetrics Storage containers + ## @param vmstorage.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param vmstorage.startupProbe.periodSeconds Period seconds for startupProbe + ## @param vmstorage.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param vmstorage.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param vmstorage.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmstorage.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param vmstorage.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param vmstorage.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## VictoriaMetrics Storage resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param vmstorage.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if vmstorage.resources is set (vmstorage.resources is recommended for production). + ## More information: https://github.com/drycc/charts/blob/main/drycc/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "small" + ## @param vmstorage.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param vmstorage.retentionPeriod Data retention period + ## + retentionPeriod: 30 + ## @param vmstorage.statefulsetAnnotations Annotations for VictoriaMetrics Storage statefulset + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + statefulsetAnnotations: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param vmstorage.podSecurityContext.enabled Enabled VictoriaMetrics Storage pods' Security Context + ## @param vmstorage.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param vmstorage.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param vmstorage.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param vmstorage.podSecurityContext.fsGroup Set VictoriaMetrics Storage pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param vmstorage.containerSecurityContext.enabled Enabled VictoriaMetrics Storage containers' Security Context + ## @param vmstorage.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param vmstorage.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param vmstorage.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param vmstorage.containerSecurityContext.runAsNonRoot Set VictoriaMetrics Storage containers' Security Context runAsNonRoot + ## @param vmstorage.containerSecurityContext.privileged Set VictoriaMetrics Storage containers' Security Context privileged + ## @param vmstorage.containerSecurityContext.readOnlyRootFilesystem Set VictoriaMetrics Storage containers' Security Context runAsNonRoot + ## @param vmstorage.containerSecurityContext.allowPrivilegeEscalation Set VictoriaMetrics Storage container's privilege escalation + ## @param vmstorage.containerSecurityContext.capabilities.drop Set VictoriaMetrics Storage container's Security Context runAsNonRoot + ## @param vmstorage.containerSecurityContext.seccompProfile.type Set VictoriaMetrics Storage container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: RuntimeDefault + ## @param vmstorage.command Override default container command (useful when using custom images) + ## + command: [] + ## @param vmstorage.args Override default container args (useful when using custom images) + ## + args: [] + ## @param vmstorage.extraArgs Add extra arguments to the default command + ## + extraArgs: [] + ## @param vmstorage.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false + ## @param vmstorage.hostAliases VictoriaMetrics Storage pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param vmstorage.podLabels Extra labels for VictoriaMetrics Storage pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param vmstorage.podAnnotations Annotations for VictoriaMetrics Storage pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param vmstorage.podAffinityPreset Pod affinity preset. Ignored if `vmstorage.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param vmstorage.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `vmstorage.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param vmstorage.pdb.create Enable/disable a Pod Disruption Budget creation + ## @param vmstorage.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param vmstorage.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## Autoscaling configuration + ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/ + ## + autoscaling: + ## @param vmstorage.autoscaling.vpa.enabled Enable VPA for VictoriaMetrics Storage pods + ## @param vmstorage.autoscaling.vpa.annotations Annotations for VPA resource + ## @param vmstorage.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + ## @param vmstorage.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod + ## @param vmstorage.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod + ## + vpa: + enabled: false + annotations: {} + controlledResources: [] + maxAllowed: {} + minAllowed: {} + ## @param vmstorage.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy + ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod + ## Possible values are "Off", "Initial", "Recreate", and "Auto". + ## + updatePolicy: + updateMode: Auto + ## @param vmstorage.autoscaling.hpa.enabled Enable HPA for VictoriaMetrics Storage pods + ## @param vmstorage.autoscaling.hpa.minReplicas Minimum number of replicas + ## @param vmstorage.autoscaling.hpa.maxReplicas Maximum number of replicas + ## @param vmstorage.autoscaling.hpa.targetCPU Target CPU utilization percentage + ## @param vmstorage.autoscaling.hpa.targetMemory Target Memory utilization percentage + ## + hpa: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + ## Node vmstorage.affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param vmstorage.nodeAffinityPreset.type Node affinity preset type. Ignored if `vmstorage.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param vmstorage.nodeAffinityPreset.key Node label key to match. Ignored if `vmstorage.affinity` is set + ## + key: "" + ## @param vmstorage.nodeAffinityPreset.values Node label values to match. Ignored if `vmstorage.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param vmstorage.affinity Affinity for VictoriaMetrics Storage pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `vmstorage.podAffinityPreset`, `vmstorage.podAntiAffinityPreset`, and `vmstorage.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param vmstorage.nodeSelector Node labels for VictoriaMetrics Storage pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param vmstorage.podManagementPolicy Pod management policy for VictoriaMetrics Storage statefulset + ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: Parallel + ## @param vmstorage.tolerations Tolerations for VictoriaMetrics Storage pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param vmstorage.updateStrategy.type VictoriaMetrics Storage statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + ## @param vmstorage.priorityClassName VictoriaMetrics Storage pods' priorityClassName + ## + priorityClassName: "" + ## @param vmstorage.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param vmstorage.schedulerName Name of the k8s scheduler (other than default) for VictoriaMetrics Storage pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param vmstorage.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param vmstorage.lifecycleHooks for the VictoriaMetrics Storage container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param vmstorage.extraEnvVars Array with extra environment variables to add to VictoriaMetrics Storage nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param vmstorage.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for VictoriaMetrics Storage nodes + ## + extraEnvVarsCM: "" + ## @param vmstorage.extraEnvVarsSecret Name of existing Secret containing extra env vars for VictoriaMetrics Storage nodes + ## + extraEnvVarsSecret: "" + ## @param vmstorage.extraVolumes Optionally specify extra list of additional volumes for the VictoriaMetrics Storage pod(s) + ## + extraVolumes: [] + ## @param vmstorage.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the VictoriaMetrics Storage container(s) + ## + extraVolumeMounts: [] + ## @param vmstorage.sidecars Add additional sidecar containers to the VictoriaMetrics Storage pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param vmstorage.initContainers Add additional init containers to the VictoriaMetrics Storage pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## ServiceAccount configuration + ## + serviceAccount: + ## @param vmstorage.serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param vmstorage.serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param vmstorage.serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param vmstorage.serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: false + ## @section VictoriaMetrics Storage Traffic Exposure Parameters + ## + service: + ## @param vmstorage.service.type VictoriaMetrics Storage service type + ## + type: ClusterIP + ## @param vmstorage.service.ports.http VictoriaMetrics Storage service http port + ## + ports: + http: "80" + ## Node ports to expose + ## @param vmstorage.service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## @param vmstorage.service.clusterIP VictoriaMetrics Storage service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param vmstorage.service.loadBalancerIP VictoriaMetrics Storage service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param vmstorage.service.loadBalancerSourceRanges VictoriaMetrics Storage service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param vmstorage.service.externalTrafficPolicy VictoriaMetrics Storage service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param vmstorage.service.annotations [object] Additional custom annotations for VictoriaMetrics Storage service + ## + annotations: {} + ## @param vmstorage.service.extraPorts Extra ports to expose in VictoriaMetrics Storage service (normally used with the `sidecars` value) + ## + extraPorts: [] + ## @param vmstorage.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param vmstorage.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## Headless service properties + ## + headless: + ## @param vmstorage.service.headless.annotations Annotations for the headless service. + ## + annotations: {} + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param vmstorage.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param vmstorage.networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: false + ## @param vmstorage.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param vmstorage.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param vmstorage.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param vmstorage.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param vmstorage.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + + ## @section VictoriaMetrics Storage Persistence Parameters + ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ + ## + persistence: + ## @param vmstorage.persistence.enabled Enable persistence using Persistent Volume Claims + ## + enabled: true + ## @param vmstorage.persistence.mountPath Persistent Volume mount root path + ## + mountPath: /opt/drycc/victoriametrics/data + ## @param vmstorage.persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner + ## + storageClass: "" + ## @param vmstorage.persistence.accessModes [array] Persistent Volume access modes + ## + accessModes: + - ReadWriteOnce + ## @param vmstorage.persistence.size Persistent Volume size + ## + size: 10Gi + ## @param vmstorage.persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## @param vmstorage.persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param vmstorage.persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template) + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param vmstorage.persistence.existingClaim The name of an existing PVC to use for persistence + ## + existingClaim: "" + ## @param vmstorage.persistence.extraVolumeClaimTemplates Add additional VolumeClaimTemplates for enabling any plugins or any other purpose + ## + extraVolumeClaimTemplates: [] + + ## @section VictoriaMetrics Storage Metrics Parameters + ## + + ## Prometheus metrics + ## + metrics: + ## @param vmstorage.metrics.enabled Enable the export of Prometheus metrics + ## + enabled: true + ## @param vmstorage.metrics.annotations Additional custom annotations for the service + ## + annotations: {} + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param vmstorage.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param vmstorage.metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param vmstorage.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor + ## + annotations: {} + ## @param vmstorage.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param vmstorage.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param vmstorage.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param vmstorage.metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param vmstorage.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param vmstorage.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param vmstorage.metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param vmstorage.metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/drycc/charts/tree/main/drycc/prometheus-operator#prometheus-configuration + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + +## @section VictoriaMetrics Auth Parameters +## +vmauth: + ## @param vmauth.enabled Enable VictoriaMetrics Auth + ## + enabled: true + ## Drycc VictoriaMetrics Auth image + ## ref: https://hub.docker.com/r/drycc/victoriametrics-vmauth/tags/ + ## @param vmauth.image.registry [default: REGISTRY_NAME] VictoriaMetrics Auth image registry + ## @param vmauth.image.repository [default: REPOSITORY_NAME/victoriametrics-vmauth] VictoriaMetrics Auth image repository + ## @skip vmauth.image.tag VictoriaMetrics Auth image tag (immutable tags are recommended) + ## @param vmauth.image.digest VictoriaMetrics Auth image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) + ## @param vmauth.image.pullPolicy VictoriaMetrics Auth image pull policy + ## @param vmauth.image.pullSecrets VictoriaMetrics Auth image pull secrets + ## + user: + username: "admin1" + password: "admin" + image: + registry: registry.drycc.cc + repository: drycc/victoriametrics + tag: 0.0.1 + digest: "" + ## Specify a imagePullPolicy + ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param vmauth.replicaCount Number of VictoriaMetrics Auth replicas to deploy + ## + replicaCount: 2 + ## @param vmauth.containerPorts.http VictoriaMetrics Auth http container port + ## + containerPorts: + http: 8427 + ## Configure extra options for VictoriaMetrics Auth containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param vmauth.livenessProbe.enabled Enable livenessProbe on VictoriaMetrics Auth containers + ## @param vmauth.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param vmauth.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param vmauth.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param vmauth.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param vmauth.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmauth.readinessProbe.enabled Enable readinessProbe on VictoriaMetrics Auth containers + ## @param vmauth.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param vmauth.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param vmauth.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param vmauth.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param vmauth.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmauth.startupProbe.enabled Enable startupProbe on VictoriaMetrics Auth containers + ## @param vmauth.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param vmauth.startupProbe.periodSeconds Period seconds for startupProbe + ## @param vmauth.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param vmauth.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param vmauth.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmauth.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param vmauth.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param vmauth.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## VictoriaMetrics Auth resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param vmauth.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if vmauth.resources is set (vmauth.resources is recommended for production). + ## More information: https://github.com/drycc/charts/blob/main/drycc/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param vmauth.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param vmauth.kind Define how to deploy VictoriaMetrics Auth (allowed values: deployment or daemonset) + ## + kind: "deployment" + ## @param vmauth.annotations Annotations for VictoriaMetrics Auth Deployment or StatefulSet + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param vmauth.podSecurityContext.enabled Enabled VictoriaMetrics Auth pods' Security Context + ## @param vmauth.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param vmauth.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param vmauth.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param vmauth.podSecurityContext.fsGroup Set VictoriaMetrics Auth pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param vmauth.containerSecurityContext.enabled Enabled VictoriaMetrics Auth containers' Security Context + ## @param vmauth.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param vmauth.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param vmauth.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param vmauth.containerSecurityContext.runAsNonRoot Set VictoriaMetrics Auth containers' Security Context runAsNonRoot + ## @param vmauth.containerSecurityContext.privileged Set VictoriaMetrics Auth containers' Security Context privileged + ## @param vmauth.containerSecurityContext.readOnlyRootFilesystem Set VictoriaMetrics Auth containers' Security Context runAsNonRoot + ## @param vmauth.containerSecurityContext.allowPrivilegeEscalation Set VictoriaMetrics Auth container's privilege escalation + ## @param vmauth.containerSecurityContext.capabilities.drop Set VictoriaMetrics Auth container's Security Context runAsNonRoot + ## @param vmauth.containerSecurityContext.seccompProfile.type Set VictoriaMetrics Auth container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: RuntimeDefault + ## @param vmauth.command Override default container command (useful when using custom images) + ## + command: [] + ## @param vmauth.args Override default container args (useful when using custom images) + ## + args: [] + ## @param vmauth.extraArgs Add extra arguments to the default command + ## + extraArgs: [] + ## @param vmauth.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false + ## @param vmauth.hostAliases VictoriaMetrics Auth pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param vmauth.podLabels Extra labels for VictoriaMetrics Auth pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param vmauth.podAnnotations Annotations for VictoriaMetrics Auth pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param vmauth.podAffinityPreset Pod affinity preset. Ignored if `vmauth.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param vmauth.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `vmauth.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param vmauth.pdb.create Enable/disable a Pod Disruption Budget creation + ## @param vmauth.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param vmauth.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## @param vmauth.configOverrides Overwrite or add extra configuration options to the chart default + ## Example: + ## configOverrides: + ## ip_filters: + ## allow_list: ["1.2.3.0/24", "127.0.0.1"] + ## + configOverrides: {} + ## @param vmauth.existingSecret The name of an existing Secret with configuration + ## + existingSecret: "" + ## Autoscaling configuration + ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/ + ## + autoscaling: + ## @param vmauth.autoscaling.vpa.enabled Enable VPA for VictoriaMetrics Auth pods + ## @param vmauth.autoscaling.vpa.annotations Annotations for VPA resource + ## @param vmauth.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + ## @param vmauth.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod + ## @param vmauth.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod + ## + vpa: + enabled: false + annotations: {} + controlledResources: [] + maxAllowed: {} + minAllowed: {} + ## @param vmauth.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy + ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod + ## Possible values are "Off", "Initial", "Recreate", and "Auto". + ## + updatePolicy: + updateMode: Auto + ## @param vmauth.autoscaling.hpa.enabled Enable HPA for VictoriaMetrics Auth pods + ## @param vmauth.autoscaling.hpa.minReplicas Minimum number of replicas + ## @param vmauth.autoscaling.hpa.maxReplicas Maximum number of replicas + ## @param vmauth.autoscaling.hpa.targetCPU Target CPU utilization percentage + ## @param vmauth.autoscaling.hpa.targetMemory Target Memory utilization percentage + ## + hpa: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + ## Node vmauth.affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param vmauth.nodeAffinityPreset.type Node affinity preset type. Ignored if `vmauth.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param vmauth.nodeAffinityPreset.key Node label key to match. Ignored if `vmauth.affinity` is set + ## + key: "" + ## @param vmauth.nodeAffinityPreset.values Node label values to match. Ignored if `vmauth.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param vmauth.affinity Affinity for VictoriaMetrics Auth pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `vmauth.podAffinityPreset`, `vmauth.podAntiAffinityPreset`, and `vmauth.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param vmauth.nodeSelector Node labels for VictoriaMetrics Auth pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param vmauth.tolerations Tolerations for VictoriaMetrics Auth pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param vmauth.updateStrategy.type VictoriaMetrics Auth statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + ## @param vmauth.priorityClassName VictoriaMetrics Auth pods' priorityClassName + ## + priorityClassName: "" + ## @param vmauth.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param vmauth.schedulerName Name of the k8s scheduler (other than default) for VictoriaMetrics Auth pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param vmauth.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param vmauth.lifecycleHooks for the VictoriaMetrics Auth container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param vmauth.extraEnvVars Array with extra environment variables to add to VictoriaMetrics Auth nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param vmauth.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for VictoriaMetrics Auth nodes + ## + extraEnvVarsCM: "" + ## @param vmauth.extraEnvVarsSecret Name of existing Secret containing extra env vars for VictoriaMetrics Auth nodes + ## + extraEnvVarsSecret: "" + ## @param vmauth.extraVolumes Optionally specify extra list of additional volumes for the VictoriaMetrics Auth pod(s) + ## + extraVolumes: [] + ## @param vmauth.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the VictoriaMetrics Auth container(s) + ## + extraVolumeMounts: [] + ## @param vmauth.sidecars Add additional sidecar containers to the VictoriaMetrics Auth pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param vmauth.initContainers Add additional init containers to the VictoriaMetrics Auth pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## @section VictoriaMetrics Auth RBAC Parameters + ## + + ## ServiceAccount configuration + ## + serviceAccount: + ## @param vmauth.serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param vmauth.serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param vmauth.serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param vmauth.serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: false + ## @section VictoriaMetrics Auth Traffic Exposure Parameters + ## + service: + ## @param vmauth.service.type VictoriaMetrics Auth service type + ## + type: LoadBalancer + ## @param vmauth.service.ports.http VictoriaMetrics Auth service http port + ## + ports: + http: "8427" + ## Node ports to expose + ## @param vmauth.service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## @param vmauth.service.clusterIP VictoriaMetrics Auth service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param vmauth.service.loadBalancerIP VictoriaMetrics Auth service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param vmauth.service.loadBalancerSourceRanges VictoriaMetrics Auth service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param vmauth.service.externalTrafficPolicy VictoriaMetrics Auth service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param vmauth.service.annotations [object] Additional custom annotations for VictoriaMetrics Auth service + ## + annotations: {} + ## @param vmauth.service.extraPorts Extra ports to expose in VictoriaMetrics Auth service (normally used with the `sidecars` value) + ## + extraPorts: [] + ## @param vmauth.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param vmauth.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/ + ## + ingress: + ## @param vmauth.ingress.enabled Enable ingress record generation for VictoriaMetrics Auth + ## + enabled: false + ## @param vmauth.ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param vmauth.ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param vmauth.ingress.hostname Default host for the ingress record + ## + hostname: vmauth.local + ## @param vmauth.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param vmauth.ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + ## + path: / + ## @param vmauth.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param vmauth.ingress.tls Enable TLS configuration for the host defined at `vmauth.ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `vmauth.ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `vmauth.ingress.selfSigned=true` + ## + tls: false + ## @param vmauth.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param vmauth.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: victoriametrics select.local + ## path: / + ## + extraHosts: [] + ## @param vmauth.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param vmauth.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - victoriametrics select.local + ## secretName: victoriametrics select.local-tls + ## + extraTls: [] + ## @param vmauth.ingress.secrets Custom TLS certificates as secrets + ## NOTE: 'key' and 'certificate' are expected in PEM format + ## NOTE: 'name' should line up with a 'secretName' set further up + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## secrets: + ## - name: victoriametrics select.local-tls + ## key: |- + ## -----BEGIN RSA PRIVATE KEY----- + ## ... + ## -----END RSA PRIVATE KEY----- + ## certificate: |- + ## -----BEGIN CERTIFICATE----- + ## ... + ## -----END CERTIFICATE----- + ## + secrets: [] + ## @param vmauth.ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param vmauth.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param vmauth.networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: false + ## @param vmauth.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param vmauth.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param vmauth.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param vmauth.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param vmauth.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + allowNamespaces: + - "aaa" + - "bbb" + ## @section VictoriaMetrics Auth Metrics Parameters + ## + ## Prometheus metrics + ## + metrics: + ## @param vmauth.metrics.enabled Enable the export of Prometheus metrics + ## + enabled: true + ## @param vmauth.metrics.annotations Additional custom annotations for the service + ## + annotations: {} + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param vmauth.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param vmauth.metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param vmauth.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor + ## + annotations: {} + ## @param vmauth.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param vmauth.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param vmauth.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param vmauth.metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param vmauth.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param vmauth.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param vmauth.metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param vmauth.metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/drycc/charts/tree/main/drycc/prometheus-operator#prometheus-configuration + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + +## @section VictoriaMetrics Agent Parameters +## +vmagent: + ## @param vmagent.enabled Enable VictoriaMetrics Agent + ## + enabled: true + ## Drycc VictoriaMetrics Agent image + ## ref: https://hub.docker.com/r/drycc/victoriametrics-vmagent/tags/ + ## @param vmagent.image.registry [default: REGISTRY_NAME] VictoriaMetrics Agent image registry + ## @param vmagent.image.repository [default: REPOSITORY_NAME/victoriametrics-vmagent] VictoriaMetrics Agent image repository + ## @skip vmagent.image.tag VictoriaMetrics Agent image tag (immutable tags are recommended) + ## @param vmagent.image.digest VictoriaMetrics Agent image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) + ## @param vmagent.image.pullPolicy VictoriaMetrics Agent image pull policy + ## @param vmagent.image.pullSecrets VictoriaMetrics Agent image pull secrets + ## + image: + registry: registry.drycc.cc + repository: drycc/victoriametrics + tag: 0.0.1 + digest: "" + ## Specify a imagePullPolicy + ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param vmagent.replicaCount Number of VictoriaMetrics Agent replicas to deploy + ## + replicaCount: 1 + ## @param vmagent.containerPorts.http VictoriaMetrics Agent http container port + ## @param vmagent.containerPorts.graphite VictoriaMetrics Agent graphite container port + ## @param vmagent.containerPorts.opentsdb VictoriaMetrics Agent opentsdb container port + ## @param vmagent.containerPorts.influxdb VictoriaMetrics Agent influxdb container port + ## + containerPorts: + http: 8429 + graphite: 2003 + opentsdb: 4242 + influxdb: 8089 + ## Configure extra options for VictoriaMetrics Agent containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param vmagent.livenessProbe.enabled Enable livenessProbe on VictoriaMetrics Agent containers + ## @param vmagent.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param vmagent.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param vmagent.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param vmagent.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param vmagent.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmagent.readinessProbe.enabled Enable readinessProbe on VictoriaMetrics Agent containers + ## @param vmagent.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param vmagent.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param vmagent.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param vmagent.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param vmagent.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmagent.startupProbe.enabled Enable startupProbe on VictoriaMetrics Agent containers + ## @param vmagent.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param vmagent.startupProbe.periodSeconds Period seconds for startupProbe + ## @param vmagent.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param vmagent.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param vmagent.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmagent.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param vmagent.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param vmagent.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## VictoriaMetrics Agent resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param vmagent.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if vmagent.resources is set (vmagent.resources is recommended for production). + ## More information: https://github.com/drycc/charts/blob/main/drycc/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param vmagent.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param vmagent.kind Define how to deploy VictoriaMetrics Agent (allowed values: deployment or daemonset) + ## + kind: "deployment" + ## @param vmagent.annotations Annotations for VictoriaMetrics Agent Deployment or StatefulSet + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param vmagent.podSecurityContext.enabled Enabled VictoriaMetrics Agent pods' Security Context + ## @param vmagent.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param vmagent.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param vmagent.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param vmagent.podSecurityContext.fsGroup Set VictoriaMetrics Agent pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param vmagent.containerSecurityContext.enabled Enabled VictoriaMetrics Agent containers' Security Context + ## @param vmagent.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param vmagent.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param vmagent.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param vmagent.containerSecurityContext.runAsNonRoot Set VictoriaMetrics Agent containers' Security Context runAsNonRoot + ## @param vmagent.containerSecurityContext.privileged Set VictoriaMetrics Agent containers' Security Context privileged + ## @param vmagent.containerSecurityContext.readOnlyRootFilesystem Set VictoriaMetrics Agent containers' Security Context runAsNonRoot + ## @param vmagent.containerSecurityContext.allowPrivilegeEscalation Set VictoriaMetrics Agent container's privilege escalation + ## @param vmagent.containerSecurityContext.capabilities.drop Set VictoriaMetrics Agent container's Security Context runAsNonRoot + ## @param vmagent.containerSecurityContext.seccompProfile.type Set VictoriaMetrics Agent container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: RuntimeDefault + ## @param vmagent.command Override default container command (useful when using custom images) + ## + command: [] + ## @param vmagent.args Override default container args (useful when using custom images) + ## + args: [] + ## @param vmagent.extraArgs Add extra arguments to the default command + ## + extraArgs: [] + ## @param vmagent.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: true + ## @param vmagent.hostAliases VictoriaMetrics Agent pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param vmagent.podLabels Extra labels for VictoriaMetrics Agent pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param vmagent.podAnnotations Annotations for VictoriaMetrics Agent pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param vmagent.podAffinityPreset Pod affinity preset. Ignored if `vmagent.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param vmagent.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `vmagent.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param vmagent.pdb.create Enable/disable a Pod Disruption Budget creation + ## @param vmagent.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param vmagent.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## @param vmagent.scrapeConfigOverrides Overwrite or add extra scraping configuration options to the chart default + ## Example: + # configOverrides: + # ip_filters: + # allow_list: ["1.2.3.0/24", "127.0.0.1"] + # + scrapeConfigOverrides: {} + extraJobs: [] + ## @param vmagent.enableListeners.influxdb Enable influxdb listener + ## @param vmagent.enableListeners.opentsdb Enable graphite listener + ## @param vmagent.enableListeners.graphite Enable opentsdb listener + enableListeners: + influxdb: false + opentsdb: false + graphite: false + ## @param vmagent.existingScrapeConfigMap The name of an existing ConfigMap with the scrape configuration + ## + existingScrapeConfigMap: "" + ## @param vmagent.namespaced Only scrape in the deployed namespace + ## + namespaced: true + ## @param vmagent.allowedMetricsEndpoints [array] Allowed metrics endpoints to scrape (when not namespaced) + ## + allowedMetricsEndpoints: + - /metrics + ## Autoscaling configuration + ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/ + ## + autoscaling: + ## @param vmagent.autoscaling.vpa.enabled Enable VPA for VictoriaMetrics Agent pods + ## @param vmagent.autoscaling.vpa.annotations Annotations for VPA resource + ## @param vmagent.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + ## @param vmagent.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod + ## @param vmagent.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod + ## + vpa: + enabled: false + annotations: {} + controlledResources: [] + maxAllowed: {} + minAllowed: {} + ## @param vmagent.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy + ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod + ## Possible values are "Off", "Initial", "Recreate", and "Auto". + ## + updatePolicy: + updateMode: Auto + ## @param vmagent.autoscaling.hpa.enabled Enable HPA for VictoriaMetrics Agent pods + ## @param vmagent.autoscaling.hpa.minReplicas Minimum number of replicas + ## @param vmagent.autoscaling.hpa.maxReplicas Maximum number of replicas + ## @param vmagent.autoscaling.hpa.targetCPU Target CPU utilization percentage + ## @param vmagent.autoscaling.hpa.targetMemory Target Memory utilization percentage + ## + hpa: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + ## Node vmagent.affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param vmagent.nodeAffinityPreset.type Node affinity preset type. Ignored if `vmagent.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param vmagent.nodeAffinityPreset.key Node label key to match. Ignored if `vmagent.affinity` is set + ## + key: "" + ## @param vmagent.nodeAffinityPreset.values Node label values to match. Ignored if `vmagent.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param vmagent.affinity Affinity for VictoriaMetrics Agent pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `vmagent.podAffinityPreset`, `vmagent.podAntiAffinityPreset`, and `vmagent.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param vmagent.nodeSelector Node labels for VictoriaMetrics Agent pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param vmagent.tolerations Tolerations for VictoriaMetrics Agent pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param vmagent.updateStrategy.type VictoriaMetrics Agent statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + ## @param vmagent.priorityClassName VictoriaMetrics Agent pods' priorityClassName + ## + priorityClassName: "" + ## @param vmagent.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param vmagent.schedulerName Name of the k8s scheduler (other than default) for VictoriaMetrics Agent pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param vmagent.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param vmagent.lifecycleHooks for the VictoriaMetrics Agent container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param vmagent.extraEnvVars Array with extra environment variables to add to VictoriaMetrics Agent nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param vmagent.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for VictoriaMetrics Agent nodes + ## + extraEnvVarsCM: "" + ## @param vmagent.extraEnvVarsSecret Name of existing Secret containing extra env vars for VictoriaMetrics Agent nodes + ## + extraEnvVarsSecret: "" + ## @param vmagent.extraVolumes Optionally specify extra list of additional volumes for the VictoriaMetrics Agent pod(s) + ## + extraVolumes: [] + ## @param vmagent.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the VictoriaMetrics Agent container(s) + ## + extraVolumeMounts: [] + ## @param vmagent.sidecars Add additional sidecar containers to the VictoriaMetrics Agent pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param vmagent.initContainers Add additional init containers to the VictoriaMetrics Agent pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## @section VictoriaMetrics Agent RBAC Parameters + ## + ## RBAC configuration + ## + rbac: + ## @param vmagent.rbac.create Specifies whether RBAC resources should be created + ## + create: true + ## @param vmagent.rbac.rules Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] + + ## ServiceAccount configuration + ## + serviceAccount: + ## @param vmagent.serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param vmagent.serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param vmagent.serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param vmagent.serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: false + ## @section VictoriaMetrics Agent Traffic Exposure Parameters + ## + service: + ## @param vmagent.service.type VictoriaMetrics Agent service type + ## + type: ClusterIP + ## @param vmagent.service.ports.http VictoriaMetrics Agent service http port + ## @param vmagent.service.ports.graphite VictoriaMetrics Agent service graphite port + ## @param vmagent.service.ports.opentsdb VictoriaMetrics Agent service opentsdb port + ## @param vmagent.service.ports.influxdb VictoriaMetrics Agent service influxdb port + ## + ports: + http: "8429" + graphite: 2003 + opentsdb: 4242 + influxdb: 8089 + ## Node ports to expose + ## @param vmagent.service.nodePorts.http Node port for HTTP + ## @param vmagent.service.nodePorts.graphite Node port for graphite + ## @param vmagent.service.nodePorts.opentsdb Node port for opentsdb + ## @param vmagent.service.nodePorts.influxdb Node port for influxdb + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + graphite: "" + opentsdb: "" + influxdb: "" + ## @param vmagent.service.clusterIP VictoriaMetrics Agent service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param vmagent.service.loadBalancerIP VictoriaMetrics Agent service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param vmagent.service.loadBalancerSourceRanges VictoriaMetrics Agent service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param vmagent.service.externalTrafficPolicy VictoriaMetrics Agent service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param vmagent.service.annotations [object] Additional custom annotations for VictoriaMetrics Agent service + ## + annotations: {} + ## @param vmagent.service.extraPorts Extra ports to expose in VictoriaMetrics Agent service (normally used with the `sidecars` value) + ## + extraPorts: [] + ## @param vmagent.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param vmagent.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param vmagent.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param vmagent.networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: false + ## @param vmagent.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param vmagent.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param vmagent.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param vmagent.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param vmagent.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + + ## @section VictoriaMetrics Agent Metrics Parameters + ## + ## Prometheus metrics + ## + metrics: + ## @param vmagent.metrics.enabled Enable the export of Prometheus metrics + ## + enabled: true + ## @param vmagent.metrics.annotations Additional custom annotations for the service + ## + annotations: {} + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param vmagent.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param vmagent.metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param vmagent.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor + ## + annotations: {} + ## @param vmagent.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param vmagent.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param vmagent.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param vmagent.metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param vmagent.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param vmagent.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param vmagent.metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param vmagent.metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/drycc/charts/tree/main/drycc/prometheus-operator#prometheus-configuration + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + scrapeInterval: 30s + scrapeTimeout: 30s +## @section VictoriaMetrics Alert Parameters +## +vmalert: + ## @param vmalert.enabled Enable VictoriaMetrics Alert + ## + enabled: false + ## Drycc VictoriaMetrics Alert image + ## ref: https://hub.docker.com/r/drycc/victoriametrics-vmalert/tags/ + ## @param vmalert.image.registry [default: REGISTRY_NAME] VictoriaMetrics Alert image registry + ## @param vmalert.image.repository [default: REPOSITORY_NAME/victoriametrics-vmalert] VictoriaMetrics Alert image repository + ## @skip vmalert.image.tag VictoriaMetrics Alert image tag (immutable tags are recommended) + ## @param vmalert.image.digest VictoriaMetrics Alert image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) + ## @param vmalert.image.pullPolicy VictoriaMetrics Alert image pull policy + ## @param vmalert.image.pullSecrets VictoriaMetrics Alert image pull secrets + ## + image: + registry: registry.drycc.cc + repository: drycc/victoriametrics + tag: 0.0.1 + digest: "" + ## Specify a imagePullPolicy + ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param vmalert.replicaCount Number of VictoriaMetrics Alert replicas to deploy + ## + replicaCount: 1 + ## @param vmalert.containerPorts.http VictoriaMetrics Alert http container port + ## + containerPorts: + http: 8429 + ## Configure extra options for VictoriaMetrics Alert containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param vmalert.livenessProbe.enabled Enable livenessProbe on VictoriaMetrics Alert containers + ## @param vmalert.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param vmalert.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param vmalert.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param vmalert.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param vmalert.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmalert.readinessProbe.enabled Enable readinessProbe on VictoriaMetrics Alert containers + ## @param vmalert.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param vmalert.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param vmalert.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param vmalert.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param vmalert.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmalert.startupProbe.enabled Enable startupProbe on VictoriaMetrics Alert containers + ## @param vmalert.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param vmalert.startupProbe.periodSeconds Period seconds for startupProbe + ## @param vmalert.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param vmalert.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param vmalert.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## @param vmalert.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param vmalert.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param vmalert.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## VictoriaMetrics Alert resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param vmalert.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if vmalert.resources is set (vmalert.resources is recommended for production). + ## More information: https://github.com/drycc/charts/blob/main/drycc/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param vmalert.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param vmalert.datasourceUrl URL to an external datasource (uses VictoriaMetrics Insert if not set) + ## + datasourceUrl: "" + ## @param vmalert.notifierUrl URL to a notifier like AlertManager (necessary when alert rules are set) + ## + notifierUrl: "" + ## @param vmalert.deploymentAnnotations Annotations for VictoriaMetrics Alert Deployment + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + deploymentAnnotations: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param vmalert.podSecurityContext.enabled Enabled VictoriaMetrics Alert pods' Security Context + ## @param vmalert.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param vmalert.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param vmalert.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param vmalert.podSecurityContext.fsGroup Set VictoriaMetrics Alert pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param vmalert.containerSecurityContext.enabled Enabled VictoriaMetrics Alert containers' Security Context + ## @param vmalert.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param vmalert.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param vmalert.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param vmalert.containerSecurityContext.runAsNonRoot Set VictoriaMetrics Alert containers' Security Context runAsNonRoot + ## @param vmalert.containerSecurityContext.privileged Set VictoriaMetrics Alert containers' Security Context privileged + ## @param vmalert.containerSecurityContext.readOnlyRootFilesystem Set VictoriaMetrics Alert containers' Security Context runAsNonRoot + ## @param vmalert.containerSecurityContext.allowPrivilegeEscalation Set VictoriaMetrics Alert container's privilege escalation + ## @param vmalert.containerSecurityContext.capabilities.drop Set VictoriaMetrics Alert container's Security Context runAsNonRoot + ## @param vmalert.containerSecurityContext.seccompProfile.type Set VictoriaMetrics Alert container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: RuntimeDefault + ## @param vmalert.command Override default container command (useful when using custom images) + ## + command: [] + ## @param vmalert.args Override default container args (useful when using custom images) + ## + args: [] + ## @param vmalert.extraArgs Add extra arguments to the default command + ## + extraArgs: [] + ## @param vmalert.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: true + ## @param vmalert.hostAliases VictoriaMetrics Alert pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param vmalert.podLabels Extra labels for VictoriaMetrics Alert pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param vmalert.podAnnotations Annotations for VictoriaMetrics Alert pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param vmalert.podAffinityPreset Pod affinity preset. Ignored if `vmalert.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param vmalert.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `vmalert.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param vmalert.pdb.create Enable/disable a Pod Disruption Budget creation + ## @param vmalert.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param vmalert.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## @param vmalert.rulesConfigOverrides Overwrite or add extra rules configuration options to the chart default + ## Example: + ## rulesonfigOverrides: + ## groups: + ## - name: AlertGroupName + ## rules: + ## - alert: AlertName + ## expr: any_metric > 100 + ## for: 30s + ## labels: + ## alertname: 'Any metric is too high' + ## severity: 'warning' + ## + rulesConfigOverrides: {} + ## @param vmalert.existingRulesConfigMap The name of an existing ConfigMap with the rules configuration + ## + existingRulesConfigMap: "" + ## Autoscaling configuration + ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/ + ## + autoscaling: + ## @param vmalert.autoscaling.vpa.enabled Enable VPA for VictoriaMetrics Alert pods + ## @param vmalert.autoscaling.vpa.annotations Annotations for VPA resource + ## @param vmalert.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + ## @param vmalert.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod + ## @param vmalert.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod + ## + vpa: + enabled: false + annotations: {} + controlledResources: [] + maxAllowed: {} + minAllowed: {} + ## @param vmalert.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy + ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod + ## Possible values are "Off", "Initial", "Recreate", and "Auto". + ## + updatePolicy: + updateMode: Auto + ## @param vmalert.autoscaling.hpa.enabled Enable HPA for VictoriaMetrics Alert pods + ## @param vmalert.autoscaling.hpa.minReplicas Minimum number of replicas + ## @param vmalert.autoscaling.hpa.maxReplicas Maximum number of replicas + ## @param vmalert.autoscaling.hpa.targetCPU Target CPU utilization percentage + ## @param vmalert.autoscaling.hpa.targetMemory Target Memory utilization percentage + ## + hpa: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + ## Node vmalert.affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param vmalert.nodeAffinityPreset.type Node affinity preset type. Ignored if `vmalert.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param vmalert.nodeAffinityPreset.key Node label key to match. Ignored if `vmalert.affinity` is set + ## + key: "" + ## @param vmalert.nodeAffinityPreset.values Node label values to match. Ignored if `vmalert.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param vmalert.affinity Affinity for VictoriaMetrics Alert pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `vmalert.podAffinityPreset`, `vmalert.podAntiAffinityPreset`, and `vmalert.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param vmalert.nodeSelector Node labels for VictoriaMetrics Alert pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param vmalert.tolerations Tolerations for VictoriaMetrics Alert pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param vmalert.updateStrategy.type VictoriaMetrics Alert statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + ## @param vmalert.priorityClassName VictoriaMetrics Alert pods' priorityClassName + ## + priorityClassName: "" + ## @param vmalert.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param vmalert.schedulerName Name of the k8s scheduler (other than default) for VictoriaMetrics Alert pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param vmalert.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param vmalert.lifecycleHooks for the VictoriaMetrics Alert container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param vmalert.extraEnvVars Array with extra environment variables to add to VictoriaMetrics Alert nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param vmalert.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for VictoriaMetrics Alert nodes + ## + extraEnvVarsCM: "" + ## @param vmalert.extraEnvVarsSecret Name of existing Secret containing extra env vars for VictoriaMetrics Alert nodes + ## + extraEnvVarsSecret: "" + ## @param vmalert.extraVolumes Optionally specify extra list of additional volumes for the VictoriaMetrics Alert pod(s) + ## + extraVolumes: [] + ## @param vmalert.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the VictoriaMetrics Alert container(s) + ## + extraVolumeMounts: [] + ## @param vmalert.sidecars Add additional sidecar containers to the VictoriaMetrics Alert pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param vmalert.initContainers Add additional init containers to the VictoriaMetrics Alert pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + + ## ServiceAccount configuration + ## + serviceAccount: + ## @param vmalert.serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param vmalert.serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param vmalert.serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param vmalert.serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: false + ## @section VictoriaMetrics Alert Traffic Exposure Parameters + ## + service: + ## @param vmalert.service.type VictoriaMetrics Alert service type + ## + type: ClusterIP + ## @param vmalert.service.ports.http VictoriaMetrics Alert service http port + ## + ports: + http: "8429" + ## Node ports to expose + ## @param vmalert.service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## @param vmalert.service.clusterIP VictoriaMetrics Alert service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param vmalert.service.loadBalancerIP VictoriaMetrics Alert service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param vmalert.service.loadBalancerSourceRanges VictoriaMetrics Alert service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param vmalert.service.externalTrafficPolicy VictoriaMetrics Alert service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param vmalert.service.annotations [object] Additional custom annotations for VictoriaMetrics Alert service + ## + annotations: {} + ## @param vmalert.service.extraPorts Extra ports to expose in VictoriaMetrics Alert service (normally used with the `sidecars` value) + ## + extraPorts: [] + ## @param vmalert.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ + ## + sessionAffinity: None + ## @param vmalert.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param vmalert.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param vmalert.networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param vmalert.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param vmalert.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param vmalert.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param vmalert.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param vmalert.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + + ## @section VictoriaMetrics Alert Metrics Parameters + ## + ## Prometheus metrics + ## + metrics: + ## @param vmalert.metrics.enabled Enable the export of Prometheus metrics + ## + enabled: false + ## @param vmalert.metrics.annotations Additional custom annotations for the service + ## + annotations: {} + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param vmalert.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param vmalert.metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param vmalert.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor + ## + annotations: {} + ## @param vmalert.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param vmalert.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param vmalert.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param vmalert.metrics.serviceMonitor.interval Interval at which metrics should be rulesd. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param vmalert.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param vmalert.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param vmalert.metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param vmalert.metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/drycc/charts/tree/main/drycc/prometheus-operator#prometheus-configuration + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + +## @section Default Init Containers Parameters +## +defaultInitContainers: + ## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node + ## + volumePermissions: + ## @param defaultInitContainers.volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` + ## + enabled: false + ## OS Shell + Utility image + ## ref: https://hub.docker.com/r/drycc/os-shell/tags/ + ## @param defaultInitContainers.volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry + ## @param defaultInitContainers.volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository + ## @skip defaultInitContainers.volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) + ## @param defaultInitContainers.volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param defaultInitContainers.volumePermissions.image.pullPolicy OS Shell + Utility image pull policy + ## @param defaultInitContainers.volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets + ## + image: + registry: registry.drycc.cc + repository: drycc/victoriametrics + tag: 0.0.1 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container's resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param defaultInitContainers.volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/drycc/charts/blob/main/drycc/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param defaultInitContainers.volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Init container' Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.containerSecurityContext.runAsUser + ## @param defaultInitContainers.volumePermissions.containerSecurityContext.enabled Enable securityContext in the init container + ## @param defaultInitContainers.volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param defaultInitContainers.volumePermissions.containerSecurityContext.runAsUser User ID for the init container + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 0 diff --git a/addons/victoriametrics/1/demo.yaml b/addons/victoriametrics/1/demo.yaml new file mode 100644 index 00000000..0ad18c8d --- /dev/null +++ b/addons/victoriametrics/1/demo.yaml @@ -0,0 +1,17 @@ +vmauth: + user: + username: admin + password: admin + networkPolicy: + allowNamespaces: + - "ns1" + - "ns2" + service: + type: LoadBalancer + +vmagent: + scrapeInterval: 60s + scrapeTimeout: 10s + +vmstorage: + retentionPeriod: 30d \ No newline at end of file diff --git a/addons/victoriametrics/1/meta.yaml b/addons/victoriametrics/1/meta.yaml new file mode 100644 index 00000000..377b83d7 --- /dev/null +++ b/addons/victoriametrics/1/meta.yaml @@ -0,0 +1,45 @@ +name: victoriametrics +version: "1.0" +id: 6ee5a947-61b6-47ce-b27d-fe7a5246ea3b +description: "victoriametrics" +displayName: "victoriametrics" +metadata: + displayName: "victoriametrics" + provider: + name: drycc + supportURL: https://victoriametrics.com/ + documentationURL: https://github.com/drycc-addons/containers/tree/main/containers/victoriametrics +tags: victoriametrics +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "vmauth.user.username" + required: false + description: "username for mvauth" +- name: "vmauth.user.password" + required: false + description: "password for mvauth" +- name: "vmauth.networkPolicy.allowNamespaces" + required: false + description: "networkPolicy allowNamespaces" +- name: "vmauth.service.type" + required: false + description: "networkPolicy ClusterIP or LoadBalancer" +- name: "vmagent.scrapeInterval" + required: false + description: "scrape interval for vmagent" +- name: "vmagent.scrapeTimeout" + required: false + description: "scrape timeout for vmagent" +- name: "vmagent.scrapeConfigOverrides" + required: false + description: "scrape config overrides for vmagent" +- name: "vmagent.extraJobs" + required: false + description: "extra jobs for vmagent" +- name: "vmstorage.retentionPeriod" + required: false + description: "retention period for vmstorage" +archive: false diff --git a/addons/victoriametrics/1/plans/standard-16c32g500/bind.yaml b/addons/victoriametrics/1/plans/standard-16c32g500/bind.yaml new file mode 100644 index 00000000..2889e803 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-16c32g500/bind.yaml @@ -0,0 +1,24 @@ +credential: + - name: {{ printf "DOMAIN" }} + value: {{ printf "%s" (include "common.names.fullname" .) }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} +{{- if (eq .Values.vmauth.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.vmauth.user.username }} + - name: PASSWORD + value: {{ .Values.vmauth.user.password }} diff --git a/addons/victoriametrics/1/plans/standard-16c32g500/create-instance-schema.json b/addons/victoriametrics/1/plans/standard-16c32g500/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-16c32g500/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/victoriametrics/1/plans/standard-16c32g500/meta.yaml b/addons/victoriametrics/1/plans/standard-16c32g500/meta.yaml new file mode 100644 index 00000000..9278d834 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-16c32g500/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-16c32g500" +id: 99b0550c-4fd6-11f0-98ea-f3c453bc45ed +description: "VictoriaMetrics Standard Plan with 16 CPU, 32GB Memory" +displayName: "standard-16c32g500" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/victoriametrics/1/plans/standard-16c32g500/values.yaml b/addons/victoriametrics/1/plans/standard-16c32g500/values.yaml new file mode 100644 index 00000000..7ebeff88 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-16c32g500/values.yaml @@ -0,0 +1,44 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "hb-vmcluster-standard-16c32g500" +vmauth: + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 1600m + memory: 32Gi + replicaCount: 2 + +vmselect: + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 1600m + memory: 32Gi + replicaCount: 2 + +vminsert: + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 1600m + memory: 32Gi + replicaCount: 2 + +vmstorage: + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 1600m + memory: 32Gi + replicaCount: 3 + persistence: + size: 500Gi diff --git a/addons/victoriametrics/1/plans/standard-1c1g10/bind.yaml b/addons/victoriametrics/1/plans/standard-1c1g10/bind.yaml new file mode 100644 index 00000000..2889e803 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-1c1g10/bind.yaml @@ -0,0 +1,24 @@ +credential: + - name: {{ printf "DOMAIN" }} + value: {{ printf "%s" (include "common.names.fullname" .) }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} +{{- if (eq .Values.vmauth.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.vmauth.user.username }} + - name: PASSWORD + value: {{ .Values.vmauth.user.password }} diff --git a/addons/victoriametrics/1/plans/standard-1c1g10/create-instance-schema.json b/addons/victoriametrics/1/plans/standard-1c1g10/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-1c1g10/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/victoriametrics/1/plans/standard-1c1g10/meta.yaml b/addons/victoriametrics/1/plans/standard-1c1g10/meta.yaml new file mode 100644 index 00000000..fe439e08 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-1c1g10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1c1g10" +id: a69619c6-4ff6-11f0-b5d5-3b23b0dd4860 +description: "VictoriaMetrics Standard Plan with 1 CPU, 2GB Memory" +displayName: "standard-1c1g10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/victoriametrics/1/plans/standard-1c1g10/values.yaml b/addons/victoriametrics/1/plans/standard-1c1g10/values.yaml new file mode 100644 index 00000000..5815cabe --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-1c1g10/values.yaml @@ -0,0 +1,44 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "hb-vmcluster-standard-1c1g10" +vmauth: + resources: + requests: + cpu: 100m + memory: 16Mi + limits: + cpu: 500m + memory: 512Mi + replicaCount: 2 + +vmselect: + resources: + requests: + cpu: 100m + memory: 32Mi + limits: + cpu: 500m + memory: 512Mi + replicaCount: 2 + +vminsert: + resources: + requests: + cpu: 100m + memory: 32Mi + limits: + cpu: 500m + memory: 512Mi + replicaCount: 2 + +vmstorage: + resources: + requests: + cpu: 100m + memory: 32Mi + limits: + cpu: 500m + memory: 512Mi + replicaCount: 3 + persistence: + size: 10Gi diff --git a/addons/victoriametrics/1/plans/standard-2c4g50/bind.yaml b/addons/victoriametrics/1/plans/standard-2c4g50/bind.yaml new file mode 100644 index 00000000..2889e803 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-2c4g50/bind.yaml @@ -0,0 +1,24 @@ +credential: + - name: {{ printf "DOMAIN" }} + value: {{ printf "%s" (include "common.names.fullname" .) }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} +{{- if (eq .Values.vmauth.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.vmauth.user.username }} + - name: PASSWORD + value: {{ .Values.vmauth.user.password }} diff --git a/addons/victoriametrics/1/plans/standard-2c4g50/create-instance-schema.json b/addons/victoriametrics/1/plans/standard-2c4g50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-2c4g50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/victoriametrics/1/plans/standard-2c4g50/meta.yaml b/addons/victoriametrics/1/plans/standard-2c4g50/meta.yaml new file mode 100644 index 00000000..c964810e --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-2c4g50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g50" +id: ba1c92c3-03a1-4825-ad74-02490a0e0447 +description: "VictoriaMetrics Standard Plan with 2 CPU, 4GB Memory" +displayName: "standard-2c4g50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/victoriametrics/1/plans/standard-2c4g50/values.yaml b/addons/victoriametrics/1/plans/standard-2c4g50/values.yaml new file mode 100644 index 00000000..646122f8 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-2c4g50/values.yaml @@ -0,0 +1,44 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "hb-vmcluster-standard-2c4g50" +vmauth: + resources: + requests: + cpu: 100m + memory: 16Mi + limits: + cpu: 2000m + memory: 4096Mi + replicaCount: 2 + +vmselect: + resources: + requests: + cpu: 100m + memory: 32Mi + limits: + cpu: 2000m + memory: 4096Mi + replicaCount: 2 + +vminsert: + resources: + requests: + cpu: 100m + memory: 32Mi + limits: + cpu: 2000m + memory: 4096Mi + replicaCount: 2 + +vmstorage: + resources: + requests: + cpu: 100m + memory: 32Mi + limits: + cpu: 2000m + memory: 4096Mi + replicaCount: 3 + persistence: + size: 50Gi diff --git a/addons/victoriametrics/1/plans/standard-4c8g100/bind.yaml b/addons/victoriametrics/1/plans/standard-4c8g100/bind.yaml new file mode 100644 index 00000000..2889e803 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-4c8g100/bind.yaml @@ -0,0 +1,24 @@ +credential: + - name: {{ printf "DOMAIN" }} + value: {{ printf "%s" (include "common.names.fullname" .) }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} +{{- if (eq .Values.vmauth.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.vmauth.user.username }} + - name: PASSWORD + value: {{ .Values.vmauth.user.password }} diff --git a/addons/victoriametrics/1/plans/standard-4c8g100/create-instance-schema.json b/addons/victoriametrics/1/plans/standard-4c8g100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-4c8g100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/victoriametrics/1/plans/standard-4c8g100/meta.yaml b/addons/victoriametrics/1/plans/standard-4c8g100/meta.yaml new file mode 100644 index 00000000..f8d06865 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-4c8g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c8g100" +id: 4ed63e32-4fd3-11f0-934c-ff0f8d3bcb1d +description: "VictoriaMetrics Standard Plan with 4 CPU, 8GB Memory" +displayName: "standard-4c8g100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/victoriametrics/1/plans/standard-4c8g100/values.yaml b/addons/victoriametrics/1/plans/standard-4c8g100/values.yaml new file mode 100644 index 00000000..48f33c01 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-4c8g100/values.yaml @@ -0,0 +1,44 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "hb-vmcluster-standard-4c8g100" +vmauth: + resources: + requests: + cpu: 1000m + memory: 512Mi + limits: + cpu: 4000m + memory: 8Gi + replicaCount: 2 + +vmselect: + resources: + requests: + cpu: 1000m + memory: 512Mi + limits: + cpu: 4000m + memory: 8Gi + replicaCount: 2 + +vminsert: + resources: + requests: + cpu: 1000m + memory: 512Mi + limits: + cpu: 4000m + memory: 8Gi + replicaCount: 2 + +vmstorage: + resources: + requests: + cpu: 1000m + memory: 512Mi + memory: + cpu: 4000m + memory: 8Gi + replicaCount: 3 + persistence: + size: 100Gi diff --git a/addons/victoriametrics/1/plans/standard-8c16g200/bind.yaml b/addons/victoriametrics/1/plans/standard-8c16g200/bind.yaml new file mode 100644 index 00000000..2889e803 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-8c16g200/bind.yaml @@ -0,0 +1,24 @@ +credential: + - name: {{ printf "DOMAIN" }} + value: {{ printf "%s" (include "common.names.fullname" .) }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} +{{- if (eq .Values.vmauth.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "victoriametrics.vmauth.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.vmauth.user.username }} + - name: PASSWORD + value: {{ .Values.vmauth.user.password }} diff --git a/addons/victoriametrics/1/plans/standard-8c16g200/create-instance-schema.json b/addons/victoriametrics/1/plans/standard-8c16g200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-8c16g200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/victoriametrics/1/plans/standard-8c16g200/meta.yaml b/addons/victoriametrics/1/plans/standard-8c16g200/meta.yaml new file mode 100644 index 00000000..b4f8b520 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-8c16g200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c16g200" +id: 8e34beb6-4fd6-11f0-91bf-fb3650f4e494 +description: "VictoriaMetrics Standard Plan with 8 CPU, 16GB Memory" +displayName: "standard-8c16g200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/victoriametrics/1/plans/standard-8c16g200/values.yaml b/addons/victoriametrics/1/plans/standard-8c16g200/values.yaml new file mode 100644 index 00000000..97fb68a1 --- /dev/null +++ b/addons/victoriametrics/1/plans/standard-8c16g200/values.yaml @@ -0,0 +1,44 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "hb-vmcluster-standard-8c16g200" +vmauth: + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 8000m + memory: 16Gi + replicaCount: 2 + +vmselect: + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 8000m + memory: 16Gi + replicaCount: 2 + +vminsert: + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 8000m + memory: 16Gi + replicaCount: 2 + +vmstorage: + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 8000m + memory: 16Gi + replicaCount: 3 + persistence: + size: 200Gi From 21d25b64e03464e62c87d92a1fdb9a88a566cbdc Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Jun 2025 11:42:48 +0800 Subject: [PATCH 161/176] fix(victoriametrics) chart --- addons/victoriametrics/1/chart/victoriametrics/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/addons/victoriametrics/1/chart/victoriametrics/Chart.yaml b/addons/victoriametrics/1/chart/victoriametrics/Chart.yaml index e56e7ff1..9ef8fa6b 100644 --- a/addons/victoriametrics/1/chart/victoriametrics/Chart.yaml +++ b/addons/victoriametrics/1/chart/victoriametrics/Chart.yaml @@ -8,10 +8,10 @@ apiVersion: v2 appVersion: 1.118.0 dependencies: - name: common - repository: oci://registry-1.docker.io/drycccharts + repository: oci://registry.drycc.cc/charts tags: - drycc-common - version: 2.x.x + version: ~1.1.3 description: VictoriaMetrics is a fast, cost-effective, and scalable monitoring solution and time series database, compatible with Prometheus and Graphite home: https://drycc.com From fa8c23558eb5e62eb427c19d72f0d01269233772 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 26 Jun 2025 11:05:43 +0800 Subject: [PATCH 162/176] chore(victoriametrics): change image --- .../1/chart/victoriametrics/values.yaml | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/addons/victoriametrics/1/chart/victoriametrics/values.yaml b/addons/victoriametrics/1/chart/victoriametrics/values.yaml index 225c4b3c..59167255 100644 --- a/addons/victoriametrics/1/chart/victoriametrics/values.yaml +++ b/addons/victoriametrics/1/chart/victoriametrics/values.yaml @@ -90,8 +90,8 @@ vmselect: ## image: registry: registry.drycc.cc - repository: drycc/victoriametrics - tag: 0.0.1 + repository: drycc-addons/victoriametrics + tag: 1 digest: "" ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -713,8 +713,8 @@ vminsert: ## image: registry: registry.drycc.cc - repository: drycc/victoriametrics - tag: 0.0.1 + repository: drycc-addons/victoriametrics + tag: 1 digest: "" ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -1321,8 +1321,8 @@ vmstorage: ## image: registry: registry.drycc.cc - repository: drycc/victoriametrics - tag: 0.0.1 + repository: drycc-addons/victoriametrics + tag: 1 digest: "" ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -1887,12 +1887,12 @@ vmauth: ## @param vmauth.image.pullSecrets VictoriaMetrics Auth image pull secrets ## user: - username: "admin1" + username: "admin" password: "admin" image: registry: registry.drycc.cc - repository: drycc/victoriametrics - tag: 0.0.1 + repository: drycc-addons/victoriametrics + tag: 1 digest: "" ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -2519,8 +2519,8 @@ vmagent: ## image: registry: registry.drycc.cc - repository: drycc/victoriametrics - tag: 0.0.1 + repository: drycc-addons/victoriametrics + tag: 1 digest: "" ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -3094,8 +3094,8 @@ vmalert: ## image: registry: registry.drycc.cc - repository: drycc/victoriametrics - tag: 0.0.1 + repository: drycc-addons/victoriametrics + tag: 1 digest: "" ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -3628,8 +3628,8 @@ defaultInitContainers: ## image: registry: registry.drycc.cc - repository: drycc/victoriametrics - tag: 0.0.1 + repository: drycc-addons/victoriametrics + tag: 1 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From a33044a7c08c30ad085dad078cf8f1cf34b9aad1 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 5 Aug 2025 15:51:09 +0800 Subject: [PATCH 163/176] fix(victoriametrics): fixed plan typo --- .../1/plans/standard-16c32g500/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/addons/victoriametrics/1/plans/standard-16c32g500/values.yaml b/addons/victoriametrics/1/plans/standard-16c32g500/values.yaml index 7ebeff88..ccecde68 100644 --- a/addons/victoriametrics/1/plans/standard-16c32g500/values.yaml +++ b/addons/victoriametrics/1/plans/standard-16c32g500/values.yaml @@ -7,7 +7,7 @@ vmauth: cpu: 1000m memory: 1024Mi requests: - cpu: 1600m + cpu: 16000m memory: 32Gi replicaCount: 2 @@ -17,7 +17,7 @@ vmselect: cpu: 1000m memory: 1024Mi requests: - cpu: 1600m + cpu: 16000m memory: 32Gi replicaCount: 2 @@ -27,7 +27,7 @@ vminsert: cpu: 1000m memory: 1024Mi requests: - cpu: 1600m + cpu: 16000m memory: 32Gi replicaCount: 2 @@ -37,7 +37,7 @@ vmstorage: cpu: 1000m memory: 1024Mi requests: - cpu: 1600m + cpu: 16000m memory: 32Gi replicaCount: 3 persistence: From 6ffc7fe2e2de6105c36482d40f9788f4de7650f3 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 2 Sep 2025 13:37:08 +0800 Subject: [PATCH 164/176] chore(fluentbit): add custom input path --- .gitignore | 1 + .../2/chart/fluentbit/templates/_helpers.tpl | 19 +++++++++++++++++++ .../fluentbit/2/chart/fluentbit/values.yaml | 7 ++++--- addons/fluentbit/2/meta.yaml | 3 +++ .../10/chart/grafana/templates/configmap.yaml | 1 + 5 files changed, 28 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index b097d5f2..1b3100bd 100644 --- a/.gitignore +++ b/.gitignore @@ -52,3 +52,4 @@ Chart.lock *.fix addons/grafana/10/dashborad/ addons/prometheus/prom-value.yaml +toCopy/ diff --git a/addons/fluentbit/2/chart/fluentbit/templates/_helpers.tpl b/addons/fluentbit/2/chart/fluentbit/templates/_helpers.tpl index 01f7bd0e..a56088d0 100644 --- a/addons/fluentbit/2/chart/fluentbit/templates/_helpers.tpl +++ b/addons/fluentbit/2/chart/fluentbit/templates/_helpers.tpl @@ -60,3 +60,22 @@ Return the Fluentbit Reloader image name {{- include "fluentbit.image" . -}} {{- end -}} {{- end -}} + +{{/* +Return the Fluentbit input path +*/}} +{{- define "input.paths" -}} + {{- $namespace := .Release.Namespace -}} + {{- $wildcards := .Values.daemonset.config.podWildcards -}} + {{- $pathTemplate := "/var/log/containers/%s_%s_*.log" -}} + + {{/* */}} + {{- $paths := list -}} + {{- range $wildcard := $wildcards -}} + {{- $path := printf $pathTemplate $wildcard $namespace -}} + {{- $paths = append $paths $path -}} + {{- end -}} + {{- join "," $paths -}} +{{- end -}} + + diff --git a/addons/fluentbit/2/chart/fluentbit/values.yaml b/addons/fluentbit/2/chart/fluentbit/values.yaml index 52f9d738..b34a989e 100644 --- a/addons/fluentbit/2/chart/fluentbit/values.yaml +++ b/addons/fluentbit/2/chart/fluentbit/values.yaml @@ -164,8 +164,9 @@ daemonset: type: OnDelete flush: 1 ## https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/configuration-file - config: - + config: + podWildcards: + - "*" service: | [SERVICE] Flush {{ .Values.daemonset.flush }} @@ -181,7 +182,7 @@ daemonset: inputs: | [INPUT] Name tail - Path /var/log/containers/*_{{ .Release.Namespace }}_*.log + Path {{ include "input.paths" . }} DB /data/containers.pos.db DB.locking true Offset_Key offset diff --git a/addons/fluentbit/2/meta.yaml b/addons/fluentbit/2/meta.yaml index f4684883..e6d64b97 100644 --- a/addons/fluentbit/2/meta.yaml +++ b/addons/fluentbit/2/meta.yaml @@ -18,6 +18,9 @@ allow_parameters: - name: "daemonset.extraEnvVars" required: false description: "extra environment variables to add to fluentbit" +- name: "daemonset.config.podWildcards" + equired: false + description: "fluentbit inout paths pod wildcards" - name: "daemonset.config.outputs" required: true description: "destinations for your data: databases, cloud services and more" diff --git a/addons/grafana/10/chart/grafana/templates/configmap.yaml b/addons/grafana/10/chart/grafana/templates/configmap.yaml index 1d5393ce..a6abcea2 100644 --- a/addons/grafana/10/chart/grafana/templates/configmap.yaml +++ b/addons/grafana/10/chart/grafana/templates/configmap.yaml @@ -32,3 +32,4 @@ data: GF_PATHS_CONFIG: "/opt/drycc/grafana/conf/grafana.ini" GF_PATHS_DATA: "/opt/drycc/grafana/data" GF_PATHS_LOGS: "/opt/drycc/grafana/logs" + From 7fc1c95ed74fd9dc4d28cba300fa0acbb787f116 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 4 Sep 2025 10:37:34 +0800 Subject: [PATCH 165/176] chore(addons): reset requests --- .../24/plans/standard-16c64g1000/values.yaml | 4 ++-- addons/clickhouse/24/plans/standard-2c4g20/values.yaml | 4 ++-- .../24/plans/standard-32c64g12000/values.yaml | 4 ++-- .../clickhouse/24/plans/standard-4c16g100/values.yaml | 4 ++-- .../clickhouse/24/plans/standard-8c32g500/values.yaml | 4 ++-- .../mongodb/7.0/plans/standard-16c64g400/values.yaml | 4 ++-- addons/mongodb/7.0/plans/standard-1c2g10/values.yaml | 4 ++-- addons/mongodb/7.0/plans/standard-2c4g20/values.yaml | 4 ++-- addons/mongodb/7.0/plans/standard-2c8g50/values.yaml | 4 ++-- .../mongodb/7.0/plans/standard-32c128g800/values.yaml | 4 ++-- addons/mongodb/7.0/plans/standard-4c16g100/values.yaml | 4 ++-- addons/mongodb/7.0/plans/standard-8c32g200/values.yaml | 4 ++-- .../8.0/plans/standard-16c64g400/values.yaml | 10 +++++----- .../8.0/plans/standard-2c4g20/values.yaml | 6 +++--- .../8.0/plans/standard-2c8g50/values.yaml | 6 +++--- .../8.0/plans/standard-32c128g800/values.yaml | 10 +++++----- .../8.0/plans/standard-4c16g100/values.yaml | 4 ++-- .../8.0/plans/standard-8c32g200/values.yaml | 10 +++++----- .../15/plans/standard-16c64g400/values.yaml | 4 ++-- .../15/plans/standard-2c4g20/values.yaml | 4 ++-- .../15/plans/standard-2c8g50/values.yaml | 4 ++-- .../15/plans/standard-32c128g800/values.yaml | 4 ++-- .../15/plans/standard-32c64g4000/values.yaml | 4 ++-- .../15/plans/standard-4c16g100/values.yaml | 4 ++-- .../15/plans/standard-8c32g200/values.yaml | 4 ++-- .../16/plans/standard-16c64g400/values.yaml | 4 ++-- .../16/plans/standard-2c4g20/values.yaml | 4 ++-- .../16/plans/standard-2c8g50/values.yaml | 4 ++-- .../16/plans/standard-32c128g800/values.yaml | 4 ++-- .../16/plans/standard-32c64g4000/values.yaml | 4 ++-- .../16/plans/standard-4c16g100/values.yaml | 4 ++-- .../16/plans/standard-8c32g200/values.yaml | 4 ++-- 32 files changed, 75 insertions(+), 75 deletions(-) diff --git a/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml b/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml index 96c4ccbd..3e25e3df 100644 --- a/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml +++ b/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 16000m memory: 64Gi requests: - cpu: 4000m - memory: 16Gi + cpu: 100m + memory: 1Gi persistence: size: 1000Gi diff --git a/addons/clickhouse/24/plans/standard-2c4g20/values.yaml b/addons/clickhouse/24/plans/standard-2c4g20/values.yaml index 0c5d38c4..16da5abd 100644 --- a/addons/clickhouse/24/plans/standard-2c4g20/values.yaml +++ b/addons/clickhouse/24/plans/standard-2c4g20/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 2000m memory: 4Gi requests: - cpu: 2000m - memory: 4Gi + cpu: 100m + memory: 1Gi persistence: size: 20Gi diff --git a/addons/clickhouse/24/plans/standard-32c64g12000/values.yaml b/addons/clickhouse/24/plans/standard-32c64g12000/values.yaml index a933b9da..c14f97a5 100644 --- a/addons/clickhouse/24/plans/standard-32c64g12000/values.yaml +++ b/addons/clickhouse/24/plans/standard-32c64g12000/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 32000m memory: 64Gi requests: - cpu: 8000m - memory: 16Gi + cpu: 100m + memory: 1Gi persistence: size: 12000Gi diff --git a/addons/clickhouse/24/plans/standard-4c16g100/values.yaml b/addons/clickhouse/24/plans/standard-4c16g100/values.yaml index 39aa6b39..d8ef0c53 100644 --- a/addons/clickhouse/24/plans/standard-4c16g100/values.yaml +++ b/addons/clickhouse/24/plans/standard-4c16g100/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 4000m memory: 16Gi requests: - cpu: 2000m - memory: 4Gi + cpu: 100m + memory: 1Gi persistence: size: 100Gi diff --git a/addons/clickhouse/24/plans/standard-8c32g500/values.yaml b/addons/clickhouse/24/plans/standard-8c32g500/values.yaml index 117e2e58..b34de919 100644 --- a/addons/clickhouse/24/plans/standard-8c32g500/values.yaml +++ b/addons/clickhouse/24/plans/standard-8c32g500/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 8000m memory: 32Gi requests: - cpu: 2000m - memory: 8Gi + cpu: 100m + memory: 1Gi persistence: size: 500Gi diff --git a/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml b/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml index 9ef94dff..ea13a1a8 100644 --- a/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml +++ b/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 16000m memory: 64Gi requests: - cpu: 8000m - memory: 32Gi + cpu: 1m + memory: 1Gi persistence: size: 400Gi diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml index 2f543d11..2e026ef2 100644 --- a/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml +++ b/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 1000m memory: 2Gi requests: - cpu: 1000m - memory: 2Gi + cpu: 100m + memory: 1Gi persistence: size: 10Gi diff --git a/addons/mongodb/7.0/plans/standard-2c4g20/values.yaml b/addons/mongodb/7.0/plans/standard-2c4g20/values.yaml index 9b7336ab..1e893737 100644 --- a/addons/mongodb/7.0/plans/standard-2c4g20/values.yaml +++ b/addons/mongodb/7.0/plans/standard-2c4g20/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 2000m memory: 4Gi requests: - cpu: 2000m - memory: 4Gi + cpu: 1m + memory: 1Gi persistence: size: 20Gi diff --git a/addons/mongodb/7.0/plans/standard-2c8g50/values.yaml b/addons/mongodb/7.0/plans/standard-2c8g50/values.yaml index e86171e5..4f829c07 100644 --- a/addons/mongodb/7.0/plans/standard-2c8g50/values.yaml +++ b/addons/mongodb/7.0/plans/standard-2c8g50/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 2000m memory: 8Gi requests: - cpu: 2000m - memory: 8Gi + cpu: 1m + memory: 1Gi persistence: size: 50Gi diff --git a/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml b/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml index 4c339766..dcb3e04a 100644 --- a/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml +++ b/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 32000m memory: 128Gi requests: - cpu: 16000m - memory: 64Gi + cpu: 1m + memory: 1Gi persistence: size: 800Gi diff --git a/addons/mongodb/7.0/plans/standard-4c16g100/values.yaml b/addons/mongodb/7.0/plans/standard-4c16g100/values.yaml index 51c69c34..9739f558 100644 --- a/addons/mongodb/7.0/plans/standard-4c16g100/values.yaml +++ b/addons/mongodb/7.0/plans/standard-4c16g100/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 4000m memory: 16Gi requests: - cpu: 4000m - memory: 16Gi + cpu: 1m + memory: 1Gi persistence: size: 100Gi diff --git a/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml b/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml index 442f087d..78c19651 100644 --- a/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml +++ b/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 8000m memory: 32Gi requests: - cpu: 4000m - memory: 16Gi + cpu: 1m + memory: 1Gi persistence: size: 200Gi diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml index b7bfb0ea..2360e5f9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml @@ -31,8 +31,8 @@ primary: cpu: 16000m memory: 64Gi requests: - cpu: 8000m - memory: 32Gi + cpu: 100m + memory: 1Gi ## @section Persistence parameters @@ -83,6 +83,6 @@ router: limits: cpu: 1600m memory: 2Gi - requests: - cpu: 1600m - memory: 2Gi \ No newline at end of file + requests: + cpu: 100m + memory: 1Gi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml b/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml index 20775ba1..7a075ef2 100644 --- a/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml @@ -32,8 +32,8 @@ primary: cpu: 2000m memory: 4Gi requests: - cpu: 2000m - memory: 4Gi + cpu: 100m + memory: 1Gi ## @section Persistence parameters @@ -86,5 +86,5 @@ router: cpu: 500m memory: 512Mi requests: - cpu: 500m + cpu: 100m memory: 512Mi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml b/addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml index 98bc94c8..5be1ec90 100644 --- a/addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml @@ -31,8 +31,8 @@ primary: cpu: 2000m memory: 8Gi requests: - cpu: 2000m - memory: 8Gi + cpu: 100m + memory: 1Gi ## @section Persistence parameters @@ -83,5 +83,5 @@ router: cpu: 500m memory: 512Mi requests: - cpu: 500m + cpu: 100m memory: 512Mi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml index d854cec1..d76c4f3a 100644 --- a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml @@ -31,8 +31,8 @@ primary: cpu: 32000m memory: 128Gi requests: - cpu: 16000m - memory: 64Gi + cpu: 100m + memory: 1Gi ## @section Persistence parameters @@ -82,6 +82,6 @@ router: limits: cpu: 3200m memory: 4Gi - requests: - cpu: 3200m - memory: 4Gi \ No newline at end of file + requests: + cpu: 100m + memory: 1Gi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml index 6312e572..944047a0 100644 --- a/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml @@ -32,8 +32,8 @@ primary: cpu: 4000m memory: 16Gi requests: - cpu: 4000m - memory: 12Gi + cpu: 100m + memory: 1Gi ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml index 7c7f49a0..fb9a0c0c 100644 --- a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml @@ -31,8 +31,8 @@ primary: cpu: 8000m memory: 32Gi requests: - cpu: 4000m - memory: 16Gi + cpu: 100m + memory: 1Gi ## @section Persistence parameters @@ -83,6 +83,6 @@ router: limits: cpu: 800m memory: 1024Mi - requests: - cpu: 800m - memory: 1024Mi \ No newline at end of file + requests: + cpu: 100m + memory: 1Gi \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml index 8fe5e689..f4cd8ae8 100644 --- a/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml @@ -70,8 +70,8 @@ resources: memory: 64Gi hugepages-2Mi: 40Mi requests: - cpu: 8000m - memory: 32Gi + cpu: 100m + memory: 1Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml b/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml index 27ea5c42..bedec78d 100644 --- a/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml @@ -70,8 +70,8 @@ resources: memory: 4Gi hugepages-2Mi: 20Mi requests: - cpu: 2000m - memory: 4Gi + cpu: 100m + memory: 1Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml b/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml index 1062740f..564731a7 100644 --- a/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml @@ -72,8 +72,8 @@ resources: memory: 8Gi hugepages-2Mi: 20Mi requests: - cpu: 2000m - memory: 8Gi + cpu: 100m + memory: 1Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml index a2f1bb41..3af68467 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml @@ -71,8 +71,8 @@ resources: memory: 128Gi hugepages-2Mi: 80Mi requests: - cpu: 16000m - memory: 64Gi + cpu: 100m + memory: 1Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml index cdc3c494..da70e1c9 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml @@ -71,8 +71,8 @@ resources: memory: 64Gi hugepages-2Mi: 80Mi requests: - cpu: 16000m - memory: 32Gi + cpu: 100m + memory: 1Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml b/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml index 3b5d6b45..6c91f192 100644 --- a/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml @@ -72,8 +72,8 @@ resources: memory: 16Gi hugepages-2Mi: 50Mi requests: - cpu: 4000m - memory: 16Gi + cpu: 100m + memory: 1Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml index e2484df5..dee10714 100644 --- a/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml @@ -71,8 +71,8 @@ resources: memory: 32Gi hugepages-2Mi: 60Mi requests: - cpu: 4000m - memory: 16Gi + cpu: 100m + memory: 1Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/16/plans/standard-16c64g400/values.yaml b/addons/postgresql-cluster/16/plans/standard-16c64g400/values.yaml index 8fe5e689..f4cd8ae8 100644 --- a/addons/postgresql-cluster/16/plans/standard-16c64g400/values.yaml +++ b/addons/postgresql-cluster/16/plans/standard-16c64g400/values.yaml @@ -70,8 +70,8 @@ resources: memory: 64Gi hugepages-2Mi: 40Mi requests: - cpu: 8000m - memory: 32Gi + cpu: 100m + memory: 1Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/16/plans/standard-2c4g20/values.yaml b/addons/postgresql-cluster/16/plans/standard-2c4g20/values.yaml index 27ea5c42..bedec78d 100644 --- a/addons/postgresql-cluster/16/plans/standard-2c4g20/values.yaml +++ b/addons/postgresql-cluster/16/plans/standard-2c4g20/values.yaml @@ -70,8 +70,8 @@ resources: memory: 4Gi hugepages-2Mi: 20Mi requests: - cpu: 2000m - memory: 4Gi + cpu: 100m + memory: 1Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/16/plans/standard-2c8g50/values.yaml b/addons/postgresql-cluster/16/plans/standard-2c8g50/values.yaml index 1062740f..564731a7 100644 --- a/addons/postgresql-cluster/16/plans/standard-2c8g50/values.yaml +++ b/addons/postgresql-cluster/16/plans/standard-2c8g50/values.yaml @@ -72,8 +72,8 @@ resources: memory: 8Gi hugepages-2Mi: 20Mi requests: - cpu: 2000m - memory: 8Gi + cpu: 100m + memory: 1Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/16/plans/standard-32c128g800/values.yaml b/addons/postgresql-cluster/16/plans/standard-32c128g800/values.yaml index a2f1bb41..3af68467 100644 --- a/addons/postgresql-cluster/16/plans/standard-32c128g800/values.yaml +++ b/addons/postgresql-cluster/16/plans/standard-32c128g800/values.yaml @@ -71,8 +71,8 @@ resources: memory: 128Gi hugepages-2Mi: 80Mi requests: - cpu: 16000m - memory: 64Gi + cpu: 100m + memory: 1Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/16/plans/standard-32c64g4000/values.yaml b/addons/postgresql-cluster/16/plans/standard-32c64g4000/values.yaml index cdc3c494..da70e1c9 100644 --- a/addons/postgresql-cluster/16/plans/standard-32c64g4000/values.yaml +++ b/addons/postgresql-cluster/16/plans/standard-32c64g4000/values.yaml @@ -71,8 +71,8 @@ resources: memory: 64Gi hugepages-2Mi: 80Mi requests: - cpu: 16000m - memory: 32Gi + cpu: 100m + memory: 1Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/16/plans/standard-4c16g100/values.yaml b/addons/postgresql-cluster/16/plans/standard-4c16g100/values.yaml index 3b5d6b45..6c91f192 100644 --- a/addons/postgresql-cluster/16/plans/standard-4c16g100/values.yaml +++ b/addons/postgresql-cluster/16/plans/standard-4c16g100/values.yaml @@ -72,8 +72,8 @@ resources: memory: 16Gi hugepages-2Mi: 50Mi requests: - cpu: 4000m - memory: 16Gi + cpu: 100m + memory: 1Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/16/plans/standard-8c32g200/values.yaml b/addons/postgresql-cluster/16/plans/standard-8c32g200/values.yaml index e2484df5..dee10714 100644 --- a/addons/postgresql-cluster/16/plans/standard-8c32g200/values.yaml +++ b/addons/postgresql-cluster/16/plans/standard-8c32g200/values.yaml @@ -71,8 +71,8 @@ resources: memory: 32Gi hugepages-2Mi: 60Mi requests: - cpu: 4000m - memory: 16Gi + cpu: 100m + memory: 1Gi persistentVolume: enabled: true From 8bf21611fc439254d6aa709e6bacaf8c5e99c9ef Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 4 Sep 2025 10:44:13 +0800 Subject: [PATCH 166/176] chore(addons): reset requests --- addons/mongodb/7.0/plans/standard-16c64g400/values.yaml | 2 +- addons/mongodb/7.0/plans/standard-2c4g20/values.yaml | 2 +- addons/mongodb/7.0/plans/standard-2c8g50/values.yaml | 2 +- addons/mongodb/7.0/plans/standard-32c128g800/values.yaml | 2 +- addons/mongodb/7.0/plans/standard-4c16g100/values.yaml | 2 +- addons/mongodb/7.0/plans/standard-8c32g200/values.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml b/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml index ea13a1a8..400e61dc 100644 --- a/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml +++ b/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml @@ -16,7 +16,7 @@ resources: cpu: 16000m memory: 64Gi requests: - cpu: 1m + cpu: 100m memory: 1Gi persistence: diff --git a/addons/mongodb/7.0/plans/standard-2c4g20/values.yaml b/addons/mongodb/7.0/plans/standard-2c4g20/values.yaml index 1e893737..20dd90d0 100644 --- a/addons/mongodb/7.0/plans/standard-2c4g20/values.yaml +++ b/addons/mongodb/7.0/plans/standard-2c4g20/values.yaml @@ -16,7 +16,7 @@ resources: cpu: 2000m memory: 4Gi requests: - cpu: 1m + cpu: 100m memory: 1Gi persistence: diff --git a/addons/mongodb/7.0/plans/standard-2c8g50/values.yaml b/addons/mongodb/7.0/plans/standard-2c8g50/values.yaml index 4f829c07..0eaf31f4 100644 --- a/addons/mongodb/7.0/plans/standard-2c8g50/values.yaml +++ b/addons/mongodb/7.0/plans/standard-2c8g50/values.yaml @@ -16,7 +16,7 @@ resources: cpu: 2000m memory: 8Gi requests: - cpu: 1m + cpu: 100m memory: 1Gi persistence: diff --git a/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml b/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml index dcb3e04a..7c95075e 100644 --- a/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml +++ b/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml @@ -16,7 +16,7 @@ resources: cpu: 32000m memory: 128Gi requests: - cpu: 1m + cpu: 100m memory: 1Gi persistence: diff --git a/addons/mongodb/7.0/plans/standard-4c16g100/values.yaml b/addons/mongodb/7.0/plans/standard-4c16g100/values.yaml index 9739f558..bd4a6497 100644 --- a/addons/mongodb/7.0/plans/standard-4c16g100/values.yaml +++ b/addons/mongodb/7.0/plans/standard-4c16g100/values.yaml @@ -16,7 +16,7 @@ resources: cpu: 4000m memory: 16Gi requests: - cpu: 1m + cpu: 100m memory: 1Gi persistence: diff --git a/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml b/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml index 78c19651..c29f09d4 100644 --- a/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml +++ b/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml @@ -16,7 +16,7 @@ resources: cpu: 8000m memory: 32Gi requests: - cpu: 1m + cpu: 100m memory: 1Gi persistence: From 8fe2a1dfab0fa132d00083535606890368bb3411 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 4 Sep 2025 14:14:30 +0800 Subject: [PATCH 167/176] chore(mysql-cluster): fix typo --- addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml b/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml index 7a075ef2..55dfca65 100644 --- a/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml @@ -32,8 +32,8 @@ primary: cpu: 2000m memory: 4Gi requests: - cpu: 100m - memory: 1Gi + cpu: 100m + memory: 1Gi ## @section Persistence parameters From b736f563c2573097d70a00091153f49e5e19fe13 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 25 Sep 2025 13:55:16 +0800 Subject: [PATCH 168/176] chore(addons) add postgresql-cluster-17 --- addons/index.yaml | 14 +- .../17/chart/postgresql-cluster-17/Chart.yaml | 28 ++ .../17/chart/postgresql-cluster-17/README.md | 166 +++++++ .../postgresql-cluster-17/templates/NOTES.txt | 25 + .../templates/_helpers.tpl | 219 +++++++++ .../templates/cm-backup.yaml | 16 + .../templates/cm-logicalbackup .yaml | 19 + .../templates/cm-patroni.yaml | 20 + .../templates/cm-postgresql.yaml | 18 + .../templates/cronjob.yaml | 43 ++ .../templates/logicalbackup-cronjob.yaml | 69 +++ .../templates/networkpolicy.yaml | 54 +++ .../postgresql-cluster-17/templates/role.yaml | 49 ++ .../templates/rolebinding.yaml | 19 + .../postgresql-cluster-17/templates/sec.yaml | 18 + .../templates/serviceaccount.yaml | 12 + .../templates/statefulset.yaml | 273 +++++++++++ .../templates/svc-config.yaml | 11 + .../templates/svc-master.yaml | 24 + .../templates/svc-metrics.yaml | 32 ++ .../templates/svc-relp.yaml | 26 ++ .../postgresql-cluster-17/templates/svc.yaml | 18 + .../chart/postgresql-cluster-17/values.yaml | 440 ++++++++++++++++++ addons/postgresql-cluster/17/meta.yaml | 30 ++ .../17/plans/standard-16c64g400/bind.yaml | 41 ++ .../standard-16c64g400/instance-schema.json | 12 + .../17/plans/standard-16c64g400/meta.yaml | 6 + .../17/plans/standard-16c64g400/values.yaml | 81 ++++ .../17/plans/standard-2c4g20/bind.yaml | 41 ++ .../standard-2c4g20/instance-schema.json | 12 + .../17/plans/standard-2c4g20/meta.yaml | 6 + .../17/plans/standard-2c4g20/values.yaml | 81 ++++ .../17/plans/standard-2c8g50/bind.yaml | 41 ++ .../standard-2c8g50/instance-schema.json | 12 + .../17/plans/standard-2c8g50/meta.yaml | 6 + .../17/plans/standard-2c8g50/values.yaml | 83 ++++ .../17/plans/standard-32c128g800/bind.yaml | 41 ++ .../standard-32c128g800/instance-schema.json | 12 + .../17/plans/standard-32c128g800/meta.yaml | 6 + .../17/plans/standard-32c128g800/values.yaml | 82 ++++ .../17/plans/standard-32c64g4000/bind.yaml | 41 ++ .../standard-32c64g4000/instance-schema.json | 12 + .../17/plans/standard-32c64g4000/meta.yaml | 6 + .../17/plans/standard-32c64g4000/values.yaml | 82 ++++ .../17/plans/standard-4c16g100/bind.yaml | 41 ++ .../standard-4c16g100/instance-schema.json | 12 + .../17/plans/standard-4c16g100/meta.yaml | 6 + .../17/plans/standard-4c16g100/values.yaml | 83 ++++ .../17/plans/standard-8c32g200/bind.yaml | 41 ++ .../standard-8c32g200/instance-schema.json | 12 + .../17/plans/standard-8c32g200/meta.yaml | 6 + .../17/plans/standard-8c32g200/values.yaml | 82 ++++ 52 files changed, 2624 insertions(+), 6 deletions(-) create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/Chart.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/README.md create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/NOTES.txt create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/_helpers.tpl create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-backup.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-logicalbackup .yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-patroni.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-postgresql.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cronjob.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/logicalbackup-cronjob.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/networkpolicy.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/role.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/rolebinding.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/sec.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/serviceaccount.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/statefulset.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-config.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-master.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-metrics.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-relp.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc.yaml create mode 100644 addons/postgresql-cluster/17/chart/postgresql-cluster-17/values.yaml create mode 100644 addons/postgresql-cluster/17/meta.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-16c64g400/bind.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-16c64g400/instance-schema.json create mode 100644 addons/postgresql-cluster/17/plans/standard-16c64g400/meta.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-16c64g400/values.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-2c4g20/bind.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-2c4g20/instance-schema.json create mode 100644 addons/postgresql-cluster/17/plans/standard-2c4g20/meta.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-2c4g20/values.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-2c8g50/bind.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-2c8g50/instance-schema.json create mode 100644 addons/postgresql-cluster/17/plans/standard-2c8g50/meta.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-2c8g50/values.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-32c128g800/bind.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-32c128g800/instance-schema.json create mode 100644 addons/postgresql-cluster/17/plans/standard-32c128g800/meta.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-32c128g800/values.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-32c64g4000/bind.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-32c64g4000/instance-schema.json create mode 100644 addons/postgresql-cluster/17/plans/standard-32c64g4000/meta.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-32c64g4000/values.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-4c16g100/bind.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-4c16g100/instance-schema.json create mode 100644 addons/postgresql-cluster/17/plans/standard-4c16g100/meta.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-4c16g100/values.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-8c32g200/bind.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-8c32g200/instance-schema.json create mode 100644 addons/postgresql-cluster/17/plans/standard-8c32g200/meta.yaml create mode 100644 addons/postgresql-cluster/17/plans/standard-8c32g200/values.yaml diff --git a/addons/index.yaml b/addons/index.yaml index ef1f050f..2e8e5ea4 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -47,6 +47,8 @@ entries: description: "PostgreSQL is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance." - version: 16 description: "PostgreSQL is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance." + - version: 17 + description: "PostgreSQL is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance." seaweedfs: - version: 3 description: "SeaweedFS is a fast distributed storage system for blobs, objects, files, and data lake, for billions of files." @@ -62,24 +64,24 @@ entries: pmm: - version: 2.41 description: "Percona Monitoring and Management: an open source database monitoring, observability and management tool ." - mongodb: + mongodb: - version: 7.0 description: "MongoDB is a document database designed for ease of application development and scaling." - clickhouse: + clickhouse: - version: 24 description: "ClickHouse is the fastest and most resource efficient open-source database for real-time apps and analytics." - kvrocks: + kvrocks: - version: 2.8 description: "Apache Kvrocks is a distributed key value NoSQL database that uses RocksDB as storage engine and is compatible with Redis protocol." - version: "2.10" description: "Apache Kvrocks is a distributed key value NoSQL database that uses RocksDB as storage engine and is compatible with Redis protocol." - yugabytedb: + yugabytedb: - version: 2024 description: "YugabyteDB is a high-performance distributed SQL database for powering global, internet-scale applications. " - nessie: + nessie: - version: "0.103" description: "Transactional Catalog for Data Lakes with Git-like semantics . " - lakefs: + lakefs: - version: "1.52" description: "LakeFS provides version control over the data lake, and uses Git-like semantics to create and access those versions. If you know git, you’ll be right at home with lakeFS. " victoriametrics: diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/Chart.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/Chart.yaml new file mode 100644 index 00000000..c775a086 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/Chart.yaml @@ -0,0 +1,28 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: "17" +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + version: ~1.1.1 +description: PostgreSQL (Postgres) is an open source object-relational database known for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, views, triggers and stored procedures. +engine: gotpl +home: https://github.com/drycc/charts/tree/master/drycc/postgresql +icon: https://drycc.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png +keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster + - patroni +maintainers: + - email: zhang.eamon@hotmail.com + name: zhangeamon +name: postgresql +sources: + - https://github.com/drycc-addons/ + - https://www.postgresql.org/ +version: "17.6" diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/README.md b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/README.md new file mode 100644 index 00000000..c407603f --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/README.md @@ -0,0 +1,166 @@ + +# Postgresql cluster addons +## Plans + +View and choose the service resource specifications you need. +``` + # drycc resources:plans postgresql-cluster +``` +### Resource specification list +| Resource Specification | Cores | MEMORY | Storage SIZE | +| :---: | :---: | :---: | :---: | +| standard-10 | 1C | 2G | 10G | +| standard-20 | 2C | 4G | 20G | +| standard-50 | 2C | 8G | 50G | +| standard-100 | 4C | 16G | 100G | +| standard-200 | 8C | 32G | 200G | +| standard-400 | 16C | 64G | 400G | +| standard-800 | 32C | 128G | 800G | + +In order to obtain a better experience, it is recommended not to exceed 80% usage of resource utilization for a long period of time. If there is a need for larger resource scale, please apply for private customization. + +## Create Postgresql Cluster Service instance + +- Create Postgresql service +``` +# drycc resources:create postgresql-cluster:standard-10 `my_pg_001` +``` +- View service status +``` +# drycc resources:describe `my_pg_001` +``` +- Bind service +``` +# drycc resources:bind `my_pg_001` +``` +- View resource status +``` +# drycc resources:describe `my_pg_001` +``` + +## Create Service with values file + +`vim values.yaml` +``` +# create or update pg instance template yaml +networkPolicy.allowNamespaces: + - mx-test1 +service.type: ClusterIP +metrics.enabled: true +backup: + # whether BackUP should be enabled + enabled: true + # Cron schedule for doing base backups + scheduleCronJob: "20 0 * * 0" + Amount of base backups to retain + retainBackups: 2 + s3: + awsAccessKeyID: "" + awsSecretAccessKey: "" + walGS3Prefix: "s3://xx" + awsEndpoint: "http://xxxx:9000" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 +``` +``` + drycc resources:create postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml +``` + +## Update Service +### Create app user and database + +- Login database web with admin user & password + +- Change administrator initial password +``` +ALTER USER administrator WITH ENCRYPTED PASSWORD 'newpassword'; +``` +- View total connections number in postgresql cluster; +``` +show max_connections ; +``` +- CREATE APP USER +``` +CREATE USER `myuser` WITH CONNECTION LIMIT `conn limit` LOGIN ENCRYPTED PASSWORD 'password'; +GRANT `myuser` to administrator ; +``` +- CREATE APP DATABASE +``` +CREATE DATABASE `mydb` OWNER `myuser`; + +``` +- CREATE EXTENSIONS +``` +CREATE EXTENSION pg_buffercache; +``` + +### Network Access + +Default access allow policy: only namespace scope. + +- allow `mx-test1` namespace access + +`vim values.yaml ` +``` +networkPolicy.allowNamespaces: + - mx-test1 +``` +``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml +``` + + - Assign external network IP address + +`vim values.yaml` +``` + service.type: LoadBlancer +``` +``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml +``` +- View resource status +``` +# drycc resources:describe `my_pg_001` +``` + + ### Manger backup your data `Very important` + +`Strongly recommend enabling this feature.` +`Strongly recommend enabling this feature.` +`Strongly recommend enabling this feature.` + +PG data backup use S3 as backenp store. Choose an independent storage space `outside of the current environment` as your backup space. + +`vim values.yaml` +``` +backup: + # whether BackUP should be enabled + enabled: true + # Cron schedule for doing base backups + scheduleCronJob: "20 0 * * 0" + Amount of base backups to retain + retainBackups: 2 + s3: + awsAccessKeyID: DO9l771LqiwZkhhz + awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn + walGS3Prefix: mx-test +``` +``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml +``` + +You can modify multiple content at once, there is no need to modify part of it each time. + + +## Destroy Service + +- Unbind service first +``` +# drycc resources:unbind `my_pg_001` +``` +- Destroy service +``` +# drycc resources:destroy `my_pg_001` +``` +# 修改pg在容器中分配的动态共享内存不足的问题 +https://www.cnblogs.com/daniel-hutao/p/17903993.html \ No newline at end of file diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/NOTES.txt b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/NOTES.txt new file mode 100644 index 00000000..22a4f2d2 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/NOTES.txt @@ -0,0 +1,25 @@ +Patroni can be accessed via port 5432 on the following DNS name from within your cluster: +{{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To get your password for superuser run: + + # superuser password + PGPASSWORD_SUPERUSER=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "patroni.fullname" . }} -o jsonpath="{.data.password-superuser}" | base64 --decode) + + # admin password + PGPASSWORD_ADMIN=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "patroni.fullname" . }} -o jsonpath="{.data.password-admin}" | base64 --decode) + +To connect to your database: + +1. Run a postgres pod and connect using the psql cli: + # login as superuser + kubectl run -i --tty --rm psql --image=postgres \ + --env "PGPASSWORD=$PGPASSWORD_SUPERUSER" \ + --command -- psql -U postgres \ + -h {{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local postgres + + # login as admin + kubectl run -i -tty --rm psql --image=postgres \ + --env "PGPASSWORD=$PGPASSWORD_ADMIN" \ + --command -- psql -U admin \ + -h {{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local postgres diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/_helpers.tpl b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/_helpers.tpl new file mode 100644 index 00000000..d5876632 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/_helpers.tpl @@ -0,0 +1,219 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "patroni.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "patroni.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "patroni.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use. +*/}} +{{- define "patroni.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "patroni.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature +*/}} +{{- define "patroni.createCronJob" -}} +{{- if and .Values.backup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature +*/}} +{{- define "patroni.createLogicalBackupCronJob" -}} +{{- if and .Values.logicalbackup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for Postgresql HA patroni +*/}} +{{- define "patroni.createConfigmap" -}} +{{- if and .Values.preInitScript }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Create patroni envs. +*/}} +{{- define "patroni.envs" }} +{{- if .Values.kubernetes.configmaps.enable }} +- name: KUBERNETES_USE_CONFIGMAPS + value: "true" +{{- end }} +{{- if .Values.kubernetes.endpoints.enable }} +- name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' +{{- end }} +- name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP +- name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +- name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' +- name: PATRONI_KUBERNETES_LABELS + value: '{application: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' +- name: PATRONI_SUPERUSER_USERNAME + value: postgres +- name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser +- name: PATRONI_REPLICATION_USERNAME + value: standby +- name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication +- name: PATRONI_REWIND_USERNAME + value: rewinder +- name: PATRONI_REWIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-rewind +- name: ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: admin-user +- name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: admin-password +- name: PATRONI_SCOPE + value: {{ template "patroni.fullname" . }} +- name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name +- name: PATRONI_POSTGRESQL_DATA_DIR + value: "{{ .Values.persistentVolume.mountPath }}/data" +- name: PGDATA + value: "{{ .Values.persistentVolume.mountPath }}/data" +- name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass +- name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' +- name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' +{{- end -}} + +{{/* +Return true if a configmap object should be created for PG backup. +*/}} +{{- define "backup.createConfigmap" -}} +{{- if and .Values.backup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Generate random password +*/}} + +{{/* +Get the super user password ; +*/}} +{{- define "credentials.superuserValue" }} +{{- if .Values.credentials.superuser }} + {{- .Values.credentials.superuser -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-superuser") -}} +{{- end -}} +{{- end }} + +{{/* +Get the rewind password ; +*/}} +{{- define "credentials.rewindValue" }} +{{- if .Values.credentials.rewind }} + {{- .Values.credentials.rewind -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-rewind") -}} +{{- end -}} +{{- end }} + +{{/* +Get the replication password ; +*/}} +{{- define "credentials.replicationValue" }} +{{- if .Values.credentials.replication }} + {{- .Values.credentials.replication -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} +{{- end -}} +{{- end }} + +{{/* +Get the administrator password ; +*/}} +{{- define "adminRole.passwordValue" }} +{{- if .Values.adminRole.password }} + {{- .Values.adminRole.password -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "admin-password") -}} +{{- end -}} +{{- end }} + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} +{{- $len := (default 16 .Length) | int -}} +{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $obj }} +{{- index $obj .Key | b64dec -}} +{{- else -}} +{{- randAlphaNum $len -}} +{{- end -}} +{{- end }} + diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-backup.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-backup.yaml new file mode 100644 index 00000000..fdc62197 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-backup.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + backup.env: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-logicalbackup .yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-logicalbackup .yaml new file mode 100644 index 00000000..8de61100 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-logicalbackup .yaml @@ -0,0 +1,19 @@ +{{- if (include "patroni.createLogicalBackupCronJob" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-logicalbackup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + logicalbackup.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.logicalbackupScript "context" $ ) | nindent 4 }} + +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-patroni.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-patroni.yaml new file mode 100644 index 00000000..ad4b5849 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-patroni.yaml @@ -0,0 +1,20 @@ +{{- if (include "patroni.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-patroni + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + pre_init.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.preInitScript "context" $ ) | nindent 4 }} + post_init.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.postInitScript "context" $ ) | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-postgresql.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-postgresql.yaml new file mode 100644 index 00000000..8aba698a --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cm-postgresql.yaml @@ -0,0 +1,18 @@ +{{- if (include "patroni.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-postgresql + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom_conf.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.postgresql.config "context" $ ) | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cronjob.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cronjob.yaml new file mode 100644 index 00000000..495dfa7b --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/cronjob.yaml @@ -0,0 +1,43 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- if (include "patroni.createCronJob" .) }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "patroni.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + schedule: "{{ .Values.backup.scheduleCronJob }}" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ .Chart.Name }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: + - /usr/bin/env + - bash + - -c + - | + curl "http://${REPLHOST}:9000/pg_backup" + env: + - name: REPLHOST + value: {{ include "patroni.fullname" . }}-repl +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/logicalbackup-cronjob.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/logicalbackup-cronjob.yaml new file mode 100644 index 00000000..071b9bd9 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/logicalbackup-cronjob.yaml @@ -0,0 +1,69 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- if (include "patroni.createLogicalBackupCronJob" .) }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "patroni.fullname" . }}-logicalbackup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + schedule: "{{ .Values.logicalbackup.scheduleCronJob }}" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ .Chart.Name }}-logicalbackup + image: "{{ .Values.logicalbackupImages.repository }}:{{ .Values.logicalbackupImages.tag }}" + imagePullPolicy: {{ .Values.logicalbackupImages.pullPolicy | quote }} + command: + - /usr/bin/env + - bash + - -c + - | + sh /opt/drycc/logicalbackup/logicalbackup.sh + env: + - name: PGHOST + value: {{ include "patroni.fullname" . }}-repl + - name: PGPORT + value: "5432" + - name: PGUSER + value: postgres + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: MINIO_BUCKET + value: {{ .Values.logicalbackup.minio.bucket }} + - name: MINIO_HOST + value: {{ .Values.logicalbackup.minio.endpoint }} + - name: MINIO_ACCESS_KEY + value: {{ .Values.logicalbackup.minio.access_key }} + - name: MINIO_SECRET_KEY + value: {{ .Values.logicalbackup.minio.secret_key }} + + volumeMounts: + - mountPath: "/opt/drycc/logicalbackup/" + name: logicalbackup-config + + volumes: + - name: logicalbackup-config + configMap: + name: {{ template "common.names.fullname" . }}-logicalbackup +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/networkpolicy.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/networkpolicy.yaml new file mode 100644 index 00000000..19ff2288 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/networkpolicy.yaml @@ -0,0 +1,54 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: patroni + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.service.type "ClusterIP" }} + ingress: + # Allow inbound connections + - ports: + - port: 5432 + - port: 9000 + - port: 80 + - port: 8008 + {{- if and .Values.metrics.enabled }} + - port: {{ .Values.metrics.containerPort }} + {{ end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: backup + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + ingress: + - {} + {{- end }} +{{- end }} diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/role.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/role.yaml new file mode 100644 index 00000000..8dec5309 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/role.yaml @@ -0,0 +1,49 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete +- apiGroups: [""] + resources: ["services"] + verbs: + - create +- apiGroups: [""] + resources: ["endpoints"] + verbs: + - create + - get + - patch + - update + # the following three privileges are necessary only when using endpoints + - list + - watch + # delete is required only for for 'patronictl remove' + - delete + - deletecollection +- apiGroups: [""] + resources: ["pods"] + verbs: + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/rolebinding.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/rolebinding.yaml new file mode 100644 index 00000000..5e15948f --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ template "patroni.serviceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "patroni.fullname" . }} +{{- end }} diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/sec.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/sec.yaml new file mode 100644 index 00000000..c2e13055 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/sec.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +type: Opaque +data: + password-superuser: {{ include "credentials.superuserValue" . | b64enc | quote }} + password-rewind: {{ include "credentials.rewindValue" . | b64enc | quote }} + password-replication: {{ include "credentials.replicationValue" . | b64enc | quote }} + admin-user: {{ .Values.adminRole.username | b64enc | quote }} + admin-password: {{ include "adminRole.passwordValue" . | b64enc | quote }} \ No newline at end of file diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/serviceaccount.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/serviceaccount.yaml new file mode 100644 index 00000000..e1b2ebf6 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "patroni.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/statefulset.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/statefulset.yaml new file mode 100644 index 00000000..d826952c --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/statefulset.yaml @@ -0,0 +1,273 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + serviceName: {{ template "patroni.fullname" . }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + template: + metadata: + name: {{ template "patroni.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + spec: + {{- if .Values.patroni.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.patroni.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.patroni.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.patroni.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.patroni.nodeAffinityPreset.type "key" .Values.patroni.nodeAffinityPreset.key "values" .Values.patroni.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.patroni.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.patroni.nodeSelector "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "patroni.serviceAccountName" . }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + env: + {{- include "patroni.envs" . | indent 8 }} + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote | upper }} + value: {{ $val | quote }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + scheme: HTTP + path: /readiness + port: 8008 + initialDelaySeconds: 3 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /liveness + port: 8008 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + lifecycle: + preStop: + exec: + command: + - /usr/bin/env + - bash + - -c + - | + # switch leader pod if the current pod is the leader + if curl --fail http://localhost:8008/read-write; then + init-stack patronictl switchover --force + fi + ports: + - containerPort: 8008 + protocol: TCP + - containerPort: 5432 + protocol: TCP + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + - mountPath: "/opt/drycc/postgresql/scripts/" + name: patroni-config + - mountPath: "/opt/drycc/postgresql/config/" + name: postgresql-config + # readOnly: true + - mountPath: "/opt/drycc/postgresql/backup/" + name: backup-config + - name: dshm + mountPath: /dev/shm + # readOnly: true + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: "{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}" + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.customMetrics }} + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + env: + - name: DATA_SOURCE_NAME + value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/postgres?sslmode=disable" }} + ports: + - name: http-metrics + containerPort: {{ .Values.metrics.containerPort }} + startupProbe: + initialDelaySeconds: 10 + tcpSocket: + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + livenessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + - name: {{ .Chart.Name }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + command: + - /usr/bin/env + - bash + - -c + - | + python3 /opt/drycc/postgresql/pgbackup.py 0.0.0.0 9000 + env: + - name: PGHOST + value: localhost + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: PGUSER + value: postgres + - name: PGDATABASE + value: postgres + - name: PGPORT + value: "5432" + - name: PGDATA + value: "{{ .Values.persistentVolume.mountPath }}/data" + ports: + - containerPort: 9000 + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + - mountPath: "/opt/drycc/postgresql/backup/" + name: backup-config + + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ .Values.affinity | toYaml | indent 8 }} + {{- else if .Values.affinityTemplate }} + affinity: +{{ tpl .Values.affinityTemplate . | indent 8 }} + {{- end }} + volumes: + - name: patroni-config + configMap: + name: {{ template "common.names.fullname" . }}-patroni + - name: postgresql-config + configMap: + name: {{ template "common.names.fullname" . }}-postgresql + - name: backup-config + configMap: + name: {{ template "common.names.fullname" . }}-backup + {{- if not .Values.persistentVolume.enabled }} + - name: storage-volume + emptyDir: {} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + {{- if .Values.shmVolume.sizeLimit }} + sizeLimit: {{ .Values.shmVolume.sizeLimit }} + {{- end }} + {{- end }} + + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + {{- if .Values.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: storage-volume + annotations: + {{- if .Values.persistentVolume.annotations }} +{{ toYaml .Values.persistentVolume.annotations | indent 8 }} + {{- end }} + labels: + application: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + accessModes: +{{ toYaml .Values.persistentVolume.accessModes | indent 8 }} + resources: + requests: + storage: "{{ .Values.persistentVolume.size }}" + {{- if .Values.persistentVolume.storageClass }} + {{- if (eq "-" .Values.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistentVolume.storageClass }}" + {{- end }} + {{- end }} + {{- end }} diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-config.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-config.yaml new file mode 100644 index 00000000..5f7b0f60 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-config.yaml @@ -0,0 +1,11 @@ +# headless service to avoid deletion of patronidemo-config endpoint +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-config + labels: + application: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + clusterIP: None diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-master.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-master.yaml new file mode 100644 index 00000000..609ed5ba --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-master.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-master + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + role: primary +spec: + type: {{ .Values.service.type }} + selector: + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: primary + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-metrics.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-metrics.yaml new file mode 100644 index 00000000..862c6a0c --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-metrics.yaml @@ -0,0 +1,32 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "patroni.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} + {{- if .Values.metrics.service.clusterIP }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.service.ports.metrics }} + targetPort: http-metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: patroni +{{- end }} diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-relp.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-relp.yaml new file mode 100644 index 00000000..252882b3 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc-relp.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-repl + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + role: replica +spec: + type: {{ .Values.service.type }} + selector: + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: replica + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + - name: pgbackup + port: 9000 + targetPort: 9000 \ No newline at end of file diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc.yaml new file mode 100644 index 00000000..ac0c2c44 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/svc.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + type: ClusterIP + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/values.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/values.yaml new file mode 100644 index 00000000..0e1de2f5 --- /dev/null +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/values.yaml @@ -0,0 +1,440 @@ +replicaCount: 3 +diagnosticMode: + enable: false + +service: + type: ClusterIP + +image: + # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 + # https://github.com/zalando/spilo/tree/master/postgres-appliance + repository: registry.drycc.cc/drycc-addons/postgresql-patroni + tag: 17 + # IfNotPresent , Always + pullPolicy: "IfNotPresent" + +logicalbackupImages: + repository: registry.drycc.cc/drycc-addons/postgresql-logicalbackup + tag: 17 + # IfNotPresent , Always + pullPolicy: "IfNotPresent" + +# Credentials used by Patroni , passwd +# https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql +# https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst +credentials: + superuser: "" + rewind: "" + replication: "" + +adminRole: + username: administrator + password: "" + +# Distribution Configuration stores +# Please note that only one of the following stores should be enabled. +kubernetes: + endpoints: + enable: true + configmaps: + enable: false + +# Extra custom environment variables. +env: {} + +# +#custom patroni.yaml used by patroni boot +# configuration: {} +preInitScript: | + mkdir -p /home/postgres/pgdata/log + ln -sf /dev/stdout "/home/postgres/pgdata/log/postgresql.csv" + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ + log: + level: INFO + restapi: + listen: 0.0.0.0:8008 + connect_address: 0.0.0.0:8008 + bootstrap: + dcs: + ttl: 30 + loop_wait: 10 + retry_timeout: 10 + maximum_lag_on_failover: 1048576 + failsafe_mode: true + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - local all all peer + - host all tea_mon 127.0.0.1/32 trust + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + - host replication postgres 0.0.0.0/0 scram-sha-256 + custom_conf: '/opt/drycc/postgresql/config/custom_conf.conf' + parameters: + max_connections: {{ .Values.patroni.pgParameters.max_connections }} + max_worker_processes: {{ .Values.patroni.pgParameters.max_worker_processes }} + max_parallel_workers: {{ .Values.patroni.pgParameters.max_parallel_workers }} + wal_level: logical + hot_standby: "on" + max_wal_senders: 10 + max_replication_slots: 10 + hot_standby_feedback: on + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + wal_keep_size: "1 GB" + max_slot_wal_keep_size: {{ .Values.patroni.pgParameters.max_slot_wal_keep_size | quote }} + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 300s + archive_command: sh /opt/drycc/postgresql/walbackup.sh %p + # timescaledb.license: 'timescale' + shared_preload_libraries: 'auto_explain,pg_stat_statements,timescaledb' + log_destination: 'csvlog' + log_filename: postgresql.log + logging_collector: on + log_directory: /home/postgres/pgdata/log + log_min_messages: 'info' + log_min_duration_statement: 1000 + log_lock_waits: on + log_statement: 'ddl' + {{ if .Values.postgresql.timezone -}} timezone: {{ .Values.postgresql.timezone }} {{- end }} + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + username: postgres + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + username: standby + password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_PASSWORD}' + watchdog: + mode: off + __EOF__ + +postInitScript: | + #!/bin/bash + set -Eeu + # Create monitor user + psql -w -c "CREATE USER tea_mon ;GRANT pg_monitor TO tea_mon ;create extension pg_stat_statements;create extension pg_buffercache ;" + # Create admin user + if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then + + echo "Creating user ${ADMIN_USER}" + psql -w -c "CREATE USER ${ADMIN_USER} WITH SUPERUSER CREATEDB CREATEROLE CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" + + else + echo "Skipping create admin user" + fi + psql -w -c "CHECKPOINT;CHECKPOINT;" + +backupEnv: | + #!/bin/bash + export USE_WALG={{ .Values.backup.enabled | quote }} + export BACKUP_NUM_TO_RETAIN={{ .Values.backup.retainBackups | quote}} + export WALG_BACKUP_THRESHOLD_MEGABYTES={{ .Values.backup.backupThresholdMegabytes | quote }} + export WALE_BACKUP_THRESHOLD_PERCENTAGE={{ .Values.backup.backupThresholdPercentage | quote }} + export AWS_ACCESS_KEY_ID={{ .Values.backup.s3.awsAccessKeyID | quote }} + export AWS_SECRET_ACCESS_KEY={{ .Values.backup.s3.awsSecretAccessKey | quote }} + export WALG_S3_PREFIX={{ .Values.backup.s3.walGS3Prefix | quote }} + export AWS_ENDPOINT={{ .Values.backup.s3.awsEndpoint | quote }} + export AWS_S3_FORCE_PATH_STYLE={{ .Values.backup.s3.awsS3ForcePathStyle | quote }} + export AWS_REGION={{ .Values.backup.s3.awsRegion | quote }} + +logicalbackupScript: | + #!/bin/bash + + # PostgreSQL 设置 + # POSTGRES_USER="postgres" + # POSTGRES_HOST="127.0.0.1" + + # MinIO 设置 + # MINIO_BUCKET="pgbackup" + # MINIO_HOST="http://localhost:9000" + # MINIO_ACCESS_KEY="admin123" + # MINIO_SECRET_KEY="admin123" + + # 设置 MinIO 客户端别名 + mc alias set myminio $MINIO_HOST $MINIO_ACCESS_KEY $MINIO_SECRET_KEY + + # 创建以当前日期和时间命名的备份目录 + BACKUP_DIR="$(date +%Y%m%d%H%M)" + MINIO_PATH="myminio/$MINIO_BUCKET/$BACKUP_DIR" + + # 备份全局对象 + echo "Backing up global objects to $MINIO_PATH/roles_globals.sql.gz" + pg_dumpall -g -U "$POSTGRES_USER" -h "$POSTGRES_HOST" | pigz | mc pipe "$MINIO_PATH/roles_globals.sql.gz" + + # 获取所有非模板数据库的列表 + DATABASES=$(psql -U "$POSTGRES_USER" -h "$POSTGRES_HOST" -t -c "SELECT datname FROM pg_database WHERE datistemplate = false;") + + # 为每个数据库执行备份 + for DB in $DATABASES; do + echo "Backing up $DB to $MINIO_PATH/$DB.sql.gz" + pg_dump -U "$POSTGRES_USER" -h "$POSTGRES_HOST" "$DB" | pigz | mc pipe "$MINIO_PATH/$DB.sql.gz" + done + + echo "Backup process completed!" + +postgresql: + timezone: + config: |- + log_min_duration_statement = 1000 + max_wal_size = 4GB + min_wal_size = 4GB + max_wal_senders = 10 + max_replication_slots = 10 + max_prepared_transactions = 0 + max_locks_per_transaction = 64 + +patroni: + pgParameters: + max_worker_processes: 64 + max_parallel_workers: 32 + max_connections: 2000 + max_slot_wal_keep_size: "2 GB" + + ## @param patroni.podAnnotations Additional pod annotations for Postgresql patroni pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param patroni.podAffinityPreset Postgresql patroni pod affinity preset. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param patroni.podAntiAffinityPreset Postgresql patroni pod anti-affinity preset. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Postgresql Primary node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param patroni.nodeAffinityPreset.type Postgresql patroni node affinity preset type. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param patroni.nodeAffinityPreset.key Postgresql patroni node label key to match Ignored if `patroni.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param patroni.nodeAffinityPreset.values Postgresql patroni node label values to match. Ignored if `patroni.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param patroni.affinity Affinity for Postgresql patroni pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param patroni.nodeSelector Node labels for Postgresql patroni pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + +## Postgresql Prometheus exporter parameters +## +metrics: + enabled: true + image: + repository: registry.drycc.cc/drycc-addons/postgres-exporter + tag: "0" + # IfNotPresent , Always + pullPolicy: "IfNotPresent" + ## @param metrics.customMetrics Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + ## customMetrics: + ## pg_database:.... + ## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + ## metrics: + ## - name: + ## usage: "LABEL" + ## description: "Name of the database" + ## - size_bytes: + ## usage: "GAUGE" + ## description: "Size of the database in bytes" + ## + service: + ports: + metrics: 9187 + clusterIP: "" + ## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + + customMetrics: {} + containerPort: 9187 + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: true + customLivenessProbe: {} + customReadinessProbe: + enabled: true + resources: + limits: + cpu: 100m + memory: 512Mi + hugepages-2Mi: 20Mi + requests: + cpu: 100m + memory: 512Mi + +logicalbackup: + enabled: false + scheduleCronJob: "22 0 * * 0" + minio: + used: true + buckect: "s3://xx" + access_key: "" + secret_key: "" + endpoint: "http://xxxx:9000" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 + +backup: + # Specifies whether Wal-G should be enabled + enabled: false + # Cron schedule for doing base backups + scheduleCronJob: "22 0 * * 0" + # Amount of base backups to retain + retainBackups: 2 + # Name of the secret that holds the credentials to the bucket + kubernetesSecret: + # Maximum size of the WAL segments accumulated after the base backup to + # consider WAL-G restore instead of pg_basebackup + backupThresholdMegabytes: 1024 + # Maximum ratio (in percents) of the accumulated WAL files to the base backup + # to consider WAL-G restore instead of pg_basebackup + backupThresholdPercentage: 30 + s3: + used: true + awsAccessKeyID: "" + awsSecretAccessKey: "" + walGS3Prefix: "s3://xx" + awsEndpoint: "http://xxxx:9000" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 + +logicalBackup: + enabled: false + +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Retain + whenDeleted: Delete +persistentVolume: + enabled: true + size: 10G + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + subPath: "" + mountPath: "/home/postgres/pgdata" + annotations: {} + accessModes: + - ReadWriteOnce + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 512Mi + # hugepages-2Mi: 4Mi + requests: + cpu: 100m + memory: 512Mi + +shmVolume: + ## @param shmVolume.enabled Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) + ## + enabled: true + ## @param shmVolume.sizeLimit Set this to enable a size limit on the shm tmpfs + ## Note: the size of the tmpfs counts against container's memory limit + ## e.g: + ## sizeLimit: 1Gi + ## + sizeLimit: "1Gi" + +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +nodeSelector: {} + +# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinityTemplate: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + application: {{ template "patroni.name" . }} + release: {{ .Release.Name | quote }} +affinity: {} +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: +## Postgresql Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port Postgresql is listening + ## on. When true, Postgresql will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: +clusterDomain: cluster.local diff --git a/addons/postgresql-cluster/17/meta.yaml b/addons/postgresql-cluster/17/meta.yaml new file mode 100644 index 00000000..d6e0090d --- /dev/null +++ b/addons/postgresql-cluster/17/meta.yaml @@ -0,0 +1,30 @@ +name: postgresql-cluster-17 +version: 17 +id: 1eefe6a4-9430-11f0-832f-fbf5fdedcb62 +description: "postgresql-cluster-17" +displayName: "postgresql-cluster-17" +metadata: + displayName: "postgresql-cluster-17" + provider: + name: drycc + supportURL: https://www.postgresql.org/ + documentationURL: https://github.com/drycc-addons/drycc-docker-postgresql-cluster +tags: postgresql-cluster +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "networkPolicy.allowNamespaces" + required: false + description: "networkPolicy allowNamespaces config for values.yaml" +- name: "service.type" + required: false + description: "service type config for values.yaml" +- name: "backup" + required: false + description: "Whether to use S3 for backup your data. default false . ps: Make sure there is a available S3 " +- name: "logicalbackup" + required: false + description: "Whether to use S3 for logical backup your data. default false . ps: Make sure there is a available S3 " +archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-16c64g400/bind.yaml b/addons/postgresql-cluster/17/plans/standard-16c64g400/bind.yaml new file mode 100644 index 00000000..5fc257f9 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-16c64g400/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-16c64g400/instance-schema.json b/addons/postgresql-cluster/17/plans/standard-16c64g400/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-16c64g400/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-16c64g400/meta.yaml b/addons/postgresql-cluster/17/plans/standard-16c64g400/meta.yaml new file mode 100644 index 00000000..3070475f --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-16c64g400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-16c64g400" +id: 9c9d326e-9430-11f0-93d1-573b41ecaad5 +description: "PostgreSQL Cluster standard-16c64g400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-16c64g400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/17/plans/standard-16c64g400/values.yaml b/addons/postgresql-cluster/17/plans/standard-16c64g400/values.yaml new file mode 100644 index 00000000..f4cd8ae8 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-16c64g400/values.yaml @@ -0,0 +1,81 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-400 +patroni: + pgParameters: + max_worker_processes: 32 + max_parallel_workers: 16 + max_connections: 2000 + max_slot_wal_keep_size: '10 GB' + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '16384 MB' + work_mem = '32 MB' + maintenance_work_mem = '520 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '45 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '30 min' + checkpoint_completion_target = 0.9 + max_wal_size = '16 GB' + min_wal_size = '2 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 8 + max_parallel_maintenance_workers = 8 + max_parallel_workers = 16 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = 40GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 16000m + memory: 64Gi + hugepages-2Mi: 40Mi + requests: + cpu: 100m + memory: 1Gi + +persistentVolume: + enabled: true + size: 400Gi + +shmVolume: + sizeLimit: "32Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-2c4g20/bind.yaml b/addons/postgresql-cluster/17/plans/standard-2c4g20/bind.yaml new file mode 100644 index 00000000..5fc257f9 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-2c4g20/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-2c4g20/instance-schema.json b/addons/postgresql-cluster/17/plans/standard-2c4g20/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-2c4g20/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-2c4g20/meta.yaml b/addons/postgresql-cluster/17/plans/standard-2c4g20/meta.yaml new file mode 100644 index 00000000..04ae244b --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-2c4g20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g20" +id: 68589728-9430-11f0-82a4-6b51ec33c9e0 +description: "PostgreSQL Cluster standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-2c4g20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/17/plans/standard-2c4g20/values.yaml b/addons/postgresql-cluster/17/plans/standard-2c4g20/values.yaml new file mode 100644 index 00000000..bedec78d --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-2c4g20/values.yaml @@ -0,0 +1,81 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-20 + +patroni: + pgParameters: + max_worker_processes: 4 + max_parallel_workers: 2 + max_connections: 1000 + max_slot_wal_keep_size: '2 GB' + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '1024 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '3 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '2 GB' + min_wal_size = '1 GB' + + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 2000m + memory: 4Gi + hugepages-2Mi: 20Mi + requests: + cpu: 100m + memory: 1Gi + +persistentVolume: + enabled: true + size: 20Gi + +shmVolume: + sizeLimit: "2Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-2c8g50/bind.yaml b/addons/postgresql-cluster/17/plans/standard-2c8g50/bind.yaml new file mode 100644 index 00000000..5fc257f9 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-2c8g50/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-2c8g50/instance-schema.json b/addons/postgresql-cluster/17/plans/standard-2c8g50/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-2c8g50/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-2c8g50/meta.yaml b/addons/postgresql-cluster/17/plans/standard-2c8g50/meta.yaml new file mode 100644 index 00000000..7eacdb2b --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-2c8g50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c8g50" +id: 7a51990c-9430-11f0-9079-7f8ed47bf9e6 +description: "PostgreSQL Cluster standard-2c8g50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-2c8g50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/17/plans/standard-2c8g50/values.yaml b/addons/postgresql-cluster/17/plans/standard-2c8g50/values.yaml new file mode 100644 index 00000000..564731a7 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-2c8g50/values.yaml @@ -0,0 +1,83 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-50 + +patroni: + pgParameters: + max_worker_processes: 4 + max_parallel_workers: 2 + max_connections: 2000 + max_slot_wal_keep_size: '5 GB' + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '2048 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '6 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '4 GB' + min_wal_size = '1 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = 5GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 2000m + memory: 8Gi + hugepages-2Mi: 20Mi + requests: + cpu: 100m + memory: 1Gi + +persistentVolume: + enabled: true + size: 50Gi + +shmVolume: + sizeLimit: "4Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-32c128g800/bind.yaml b/addons/postgresql-cluster/17/plans/standard-32c128g800/bind.yaml new file mode 100644 index 00000000..5fc257f9 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-32c128g800/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-32c128g800/instance-schema.json b/addons/postgresql-cluster/17/plans/standard-32c128g800/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-32c128g800/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-32c128g800/meta.yaml b/addons/postgresql-cluster/17/plans/standard-32c128g800/meta.yaml new file mode 100644 index 00000000..9b5010a7 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-32c128g800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c128g800" +id: ba142f96-9430-11f0-9e33-cf8191859471 +description: "PostgreSQL Cluster standard-32c128g800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" +displayName: "standard-32c128g800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/17/plans/standard-32c128g800/values.yaml b/addons/postgresql-cluster/17/plans/standard-32c128g800/values.yaml new file mode 100644 index 00000000..3af68467 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-32c128g800/values.yaml @@ -0,0 +1,82 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-800 + +patroni: + pgParameters: + max_worker_processes: 64 + max_parallel_workers: 32 + max_connections: 2000 + max_slot_wal_keep_size: '100 GB' + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '32768 MB' + work_mem = '64 MB' + maintenance_work_mem = '720 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '90 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '30 min' + checkpoint_completion_target = 0.9 + max_wal_size = '64 GB' + min_wal_size = '4 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 16 + max_parallel_maintenance_workers = 16 + max_parallel_workers = 32 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = 80GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 32000m + memory: 128Gi + hugepages-2Mi: 80Mi + requests: + cpu: 100m + memory: 1Gi + +persistentVolume: + enabled: true + size: 800Gi + +shmVolume: + sizeLimit: "64Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-32c64g4000/bind.yaml b/addons/postgresql-cluster/17/plans/standard-32c64g4000/bind.yaml new file mode 100644 index 00000000..5fc257f9 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-32c64g4000/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-32c64g4000/instance-schema.json b/addons/postgresql-cluster/17/plans/standard-32c64g4000/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-32c64g4000/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-32c64g4000/meta.yaml b/addons/postgresql-cluster/17/plans/standard-32c64g4000/meta.yaml new file mode 100644 index 00000000..660e39aa --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-32c64g4000/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c64g4000" +id: ab26077a-9430-11f0-85c8-9328c7044661 +description: "PostgreSQL Cluster standard-32c64g4000 plan: Disk 4Ti ,vCPUs 32 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-32c64g4000" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/17/plans/standard-32c64g4000/values.yaml b/addons/postgresql-cluster/17/plans/standard-32c64g4000/values.yaml new file mode 100644 index 00000000..da70e1c9 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-32c64g4000/values.yaml @@ -0,0 +1,82 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-800 + +patroni: + pgParameters: + max_worker_processes: 64 + max_parallel_workers: 32 + max_connections: 2000 + max_slot_wal_keep_size: '200 GB' + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '16384 MB' + work_mem = '256 MB' + maintenance_work_mem = '2048 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '45 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '30 min' + checkpoint_completion_target = 0.9 + max_wal_size = '32 GB' + min_wal_size = '4 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 16 + max_parallel_maintenance_workers = 16 + max_parallel_workers = 32 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = 100GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 32000m + memory: 64Gi + hugepages-2Mi: 80Mi + requests: + cpu: 100m + memory: 1Gi + +persistentVolume: + enabled: true + size: 4Ti + +shmVolume: + sizeLimit: "32Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-4c16g100/bind.yaml b/addons/postgresql-cluster/17/plans/standard-4c16g100/bind.yaml new file mode 100644 index 00000000..5fc257f9 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-4c16g100/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-4c16g100/instance-schema.json b/addons/postgresql-cluster/17/plans/standard-4c16g100/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-4c16g100/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-4c16g100/meta.yaml b/addons/postgresql-cluster/17/plans/standard-4c16g100/meta.yaml new file mode 100644 index 00000000..72bf59c8 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-4c16g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c16g100" +id: 87033bba-9430-11f0-8666-f7ef09538278 +description: "PostgreSQL Cluster standard-4c16g100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" +displayName: "standard-4c16g100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/17/plans/standard-4c16g100/values.yaml b/addons/postgresql-cluster/17/plans/standard-4c16g100/values.yaml new file mode 100644 index 00000000..6c91f192 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-4c16g100/values.yaml @@ -0,0 +1,83 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-100 + +patroni: + pgParameters: + max_worker_processes: 8 + max_parallel_workers: 4 + max_connections: 2000 + max_slot_wal_keep_size: '10 GB' + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '4096 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '11 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '25 min' + checkpoint_completion_target = 0.9 + max_wal_size = '8 GB' + min_wal_size = '2 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 2 + max_parallel_maintenance_workers = 2 + max_parallel_workers = 4 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = 10GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 4000m + memory: 16Gi + hugepages-2Mi: 50Mi + requests: + cpu: 100m + memory: 1Gi + +persistentVolume: + enabled: true + size: 100Gi + +shmVolume: + sizeLimit: "8Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-8c32g200/bind.yaml b/addons/postgresql-cluster/17/plans/standard-8c32g200/bind.yaml new file mode 100644 index 00000000..5fc257f9 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-8c32g200/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-8c32g200/instance-schema.json b/addons/postgresql-cluster/17/plans/standard-8c32g200/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-8c32g200/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-8c32g200/meta.yaml b/addons/postgresql-cluster/17/plans/standard-8c32g200/meta.yaml new file mode 100644 index 00000000..d9b55c16 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-8c32g200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c32g200" +id: 93b7b520-9430-11f0-b8c9-8f3b00d5dae8 +description: "PostgreSQL Cluster standard-8c32g200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" +displayName: "standard-8c32g200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/17/plans/standard-8c32g200/values.yaml b/addons/postgresql-cluster/17/plans/standard-8c32g200/values.yaml new file mode 100644 index 00000000..dee10714 --- /dev/null +++ b/addons/postgresql-cluster/17/plans/standard-8c32g200/values.yaml @@ -0,0 +1,82 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-200 + +patroni: + pgParameters: + max_worker_processes: 16 + max_parallel_workers: 8 + max_connections: 2000 + max_slot_wal_keep_size: '10 GB' + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '8192 MB' + work_mem = '32 MB' + maintenance_work_mem = '420 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '22 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '25 min' + checkpoint_completion_target = 0.9 + max_wal_size = '16 GB' + min_wal_size = '3 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 4 + max_parallel_maintenance_workers = 4 + max_parallel_workers = 8 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = 20GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 8000m + memory: 32Gi + hugepages-2Mi: 60Mi + requests: + cpu: 100m + memory: 1Gi + +persistentVolume: + enabled: true + size: 200Gi + +shmVolume: + sizeLimit: "16Gi" \ No newline at end of file From 743fbef66c94248ce31dcb1a05709ac4f6026315 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Sun, 28 Sep 2025 10:18:45 +0800 Subject: [PATCH 169/176] chore(mysql-cluster): optimise mySQL router configuration --- .../templates/router/statefulset.yaml | 2 +- .../8.0/chart/mysql-cluster/values.yaml | 61 +++++++++---------- 2 files changed, 30 insertions(+), 33 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml index 9ef9e93e..bb90e249 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml @@ -127,7 +127,7 @@ spec: - | export MYSQL_MASTER_HOST=${MYSQL_HOST}-0.${MYSQL_HOST} - echo ${MYSQL_ROOT_PASSWORD} | mysqlrouter --bootstrap root@${MYSQL_MASTER_HOST}:$(MYSQL_PORT_NUMBER) -d /opt/drycc/mysql/conf/router --name mxrouter --force + echo ${MYSQL_ROOT_PASSWORD} | mysqlrouter --bootstrap root@${MYSQL_MASTER_HOST}:$(MYSQL_PORT_NUMBER) -d /opt/drycc/mysql/conf/router --name mxrouter --conf-set-option=metadata_cache:bootstrap.ttl=5 --conf-set-option=metadata_cache:bootstrap.auth_cache_refresh_interval=300 --force env: - name: MYSQL_HOST value: {{ include "mysql.primary.fullname" . }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 16bd4e37..0271f35a 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -149,9 +149,9 @@ auth: ## initdbScripts: ## my_init_script.sh: | ## #!/bin/bash -## echo "Do something." +## echo "Do something." ## -initdbScripts: +initdbScripts: int-mysql.sh: | #!/bin/bash set -ex @@ -211,14 +211,14 @@ primary: ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file ## maxConnectionLimit: 2000 - ## against plans + ## against plans extraConfig: | [mysqld] innodb_io_capacity=2000 innodb_io_capacity_max=3000 max_connect_errors=1000000 thread_cache_size=200 - + configuration: |- [mysqld] # server @@ -250,7 +250,7 @@ primary: default-time-zone='+8:00' local_infile=ON # Replication - + log_bin=mysql-bin gtid_mode=ON enforce_gtid_consistency=ON @@ -266,18 +266,18 @@ primary: replica_parallel_workers=8 # Group Replication Settings - + [client] port=3306 socket=/opt/drycc/mysql/tmp/mysql.sock default-character-set=UTF8MB4 plugin_dir=/opt/drycc/mysql/lib/plugin - + [manager] port=3306 socket=/opt/drycc/mysql/tmp/mysql.sock pid-file=/opt/drycc/mysql/tmp/mysqld.pid - + !includedir /drycc/mysql/ ## @param primary.existingConfigmap Name of existing ConfigMap with MySQL Primary configuration. @@ -593,20 +593,19 @@ primary: podLabels: {} cluster: - ## @param router.name Name of the cluster + ## @param router.name Name of the cluster ## name: cluster image: registry: registry.drycc.cc - repository: drycc-addons/mysql-shell + repository: drycc-addons/mysql-shell tag: "8.0" digest: "" - pullPolicy: IfNotPresent - + pullPolicy: IfNotPresent router: - ## @param router.name Name of the router + ## @param router.name Name of the router ## name: router ## @param router.replicaCount Number of MySQL secondary replicas @@ -725,7 +724,7 @@ router: ## cpu: 250m ## memory: 256Mi ## - limits: + limits: cpu: 250m memory: 256Mi ## Examples: @@ -733,7 +732,7 @@ router: ## cpu: 250m ## memory: 256Mi ## - requests: + requests: cpu: 250m memory: 256Mi ## Configure extra options for liveness probe @@ -749,8 +748,8 @@ router: enabled: true initialDelaySeconds: 5 periodSeconds: 10 - timeoutSeconds: 10 - failureThreshold: 3 + timeoutSeconds: 30 + failureThreshold: 10 successThreshold: 1 ## Configure extra options for readiness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes @@ -987,7 +986,7 @@ rbac: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening @@ -996,7 +995,6 @@ networkPolicy: ## allowCurrentNamespace: true allowNamespaces: [] - ## @section Volume Permissions parameters @@ -1019,7 +1017,7 @@ volumePermissions: repository: drycc/base tag: bookworm digest: "" - pullPolicy: IfNotPresent + pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -1039,7 +1037,7 @@ volumePermissions: metrics: ## @param metrics.enabled Start a side-car prometheus exporter ## - enabled: true + enabled: true ## @param metrics.image.registry Exporter image registry ## @param metrics.image.repository Exporter image repository ## @param metrics.image.tag Exporter image tag (immutable tags are recommended) @@ -1114,10 +1112,9 @@ metrics: ## - --collect.heartbeat.table ## - extraArgs: - primary: - - --collect.info_schema.processlist + primary: + - --collect.info_schema.processlist - --collect.perf_schema.replication_group_members - --collect.perf_schema.replication_group_member_stats - --collect.perf_schema.replication_applier_status_by_worker @@ -1137,14 +1134,14 @@ metrics: ## limits: ## cpu: 100m ## memory: 256Mi - limits: + limits: cpu: 100m memory: 256Mi ## Examples: ## requests: ## cpu: 100m ## memory: 256Mi - requests: + requests: cpu: 100m memory: 256Mi containerSecurityContext: @@ -1261,13 +1258,13 @@ metrics: ## summary: MariaDB instance is down ## rules: [] - + backup: - enabled: false + enabled: false schedule: "" - s3: + s3: endpoint: "" bucketName: "" - accessKey: "" - secretKey: "" - region: us-west-1 \ No newline at end of file + accessKey: "" + secretKey: "" + region: us-west-1 From 689c1fb4c64a26d1a5840580645954de4ad7a4f4 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 20 Nov 2025 16:31:50 +0800 Subject: [PATCH 170/176] chore(postgresql-cluster): adjust params --- .../templates/statefulset.yaml | 2 +- .../15/chart/postgresql-cluster/values.yaml | 41 +++++++++---------- .../15/plans/standard-16c64g400/values.yaml | 8 ++-- .../15/plans/standard-2c4g20/values.yaml | 8 ++-- .../15/plans/standard-2c8g50/values.yaml | 8 ++-- .../15/plans/standard-32c128g800/values.yaml | 8 ++-- .../15/plans/standard-32c64g4000/values.yaml | 8 ++-- .../15/plans/standard-4c16g100/values.yaml | 10 ++--- .../15/plans/standard-8c32g200/values.yaml | 8 ++-- .../templates/statefulset.yaml | 2 +- .../chart/postgresql-cluster-16/values.yaml | 41 +++++++++---------- .../16/plans/standard-16c64g400/values.yaml | 8 ++-- .../16/plans/standard-2c4g20/values.yaml | 8 ++-- .../16/plans/standard-2c8g50/values.yaml | 8 ++-- .../16/plans/standard-32c128g800/values.yaml | 8 ++-- .../16/plans/standard-32c64g4000/values.yaml | 8 ++-- .../16/plans/standard-4c16g100/values.yaml | 8 ++-- .../16/plans/standard-8c32g200/values.yaml | 8 ++-- .../templates/statefulset.yaml | 2 +- .../chart/postgresql-cluster-17/values.yaml | 4 +- .../17/plans/standard-16c64g400/values.yaml | 10 ++--- .../17/plans/standard-2c4g20/values.yaml | 10 ++--- .../17/plans/standard-2c8g50/values.yaml | 10 ++--- .../17/plans/standard-32c128g800/values.yaml | 8 ++-- .../17/plans/standard-32c64g4000/values.yaml | 8 ++-- .../17/plans/standard-4c16g100/values.yaml | 10 ++--- .../17/plans/standard-8c32g200/values.yaml | 10 ++--- 27 files changed, 133 insertions(+), 139 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index d826952c..3f1efb1b 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -251,7 +251,7 @@ spec: name: storage-volume annotations: {{- if .Values.persistentVolume.annotations }} -{{ toYaml .Values.persistentVolume.annotations | indent 8 }} +{{ toYaml .Values.persistentVolume.annotations | indent 10 }} {{- end }} labels: application: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 7d103fd1..8ed9f165 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -1,9 +1,9 @@ replicaCount: 3 -diagnosticMode: +diagnosticMode: enable: false service: - type: ClusterIP + type: ClusterIP image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 @@ -11,13 +11,13 @@ image: repository: registry.drycc.cc/drycc-addons/postgresql-patroni tag: 15 # IfNotPresent , Always - pullPolicy: 'IfNotPresent' + pullPolicy: "IfNotPresent" -logicalbackupImages: +logicalbackupImages: repository: registry.drycc.cc/drycc-addons/postgresql-logicalbackup tag: 15 # IfNotPresent , Always - pullPolicy: 'IfNotPresent' + pullPolicy: "IfNotPresent" # Credentials used by Patroni , passwd # https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql @@ -188,8 +188,7 @@ logicalbackupScript: | echo "Backup process completed!" - -postgresql: +postgresql: config: |- log_min_duration_statement = 1000 max_wal_size = 4GB @@ -204,8 +203,7 @@ patroni: max_worker_processes: 64 max_parallel_workers: 32 max_connections: 2000 - max_slot_wal_keep_size: '2 GB' - + max_slot_wal_keep_size: "2 GB" ## @param patroni.podAnnotations Additional pod annotations for Postgresql patroni pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ @@ -251,12 +249,12 @@ patroni: ## Postgresql Prometheus exporter parameters ## metrics: - enabled: true + enabled: true image: repository: registry.drycc.cc/drycc-addons/postgres-exporter tag: "0" # IfNotPresent , Always - pullPolicy: 'IfNotPresent' + pullPolicy: "IfNotPresent" ## @param metrics.customMetrics Define additional custom metrics ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file ## customMetrics: @@ -278,14 +276,14 @@ metrics: ## Values: ClientIP or None ## ref: https://kubernetes.io/docs/user-guide/services/ ## - sessionAffinity: None + sessionAffinity: None ## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint ## annotations: prometheus.io/scrape: "true" prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" - customMetrics: {} + customMetrics: {} containerPort: 9187 containerSecurityContext: enabled: false @@ -293,8 +291,8 @@ metrics: runAsNonRoot: true customLivenessProbe: {} customReadinessProbe: - enabled: true - resources: + enabled: true + resources: limits: cpu: 100m memory: 512Mi @@ -303,7 +301,7 @@ metrics: cpu: 100m memory: 512Mi -logicalbackup: +logicalbackup: enabled: false scheduleCronJob: "22 0 * * 0" minio: @@ -368,13 +366,13 @@ persistentVolume: accessModes: - ReadWriteOnce -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 100m memory: 512Mi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 4Mi requests: cpu: 100m memory: 512Mi @@ -408,7 +406,6 @@ affinityTemplate: | application: {{ template "patroni.name" . }} release: {{ .Release.Name | quote }} affinity: {} - ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## @@ -429,7 +426,7 @@ serviceAccount: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port Postgresql is listening @@ -437,5 +434,5 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: -clusterDomain: cluster.local \ No newline at end of file + allowNamespaces: +clusterDomain: cluster.local diff --git a/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml index f4cd8ae8..047deadd 100644 --- a/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml @@ -6,7 +6,7 @@ patroni: max_worker_processes: 32 max_parallel_workers: 16 max_connections: 2000 - max_slot_wal_keep_size: '10 GB' + max_slot_wal_keep_size: "10 GB" postgresql: config: |- @@ -57,12 +57,12 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 40GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -78,4 +78,4 @@ persistentVolume: size: 400Gi shmVolume: - sizeLimit: "32Gi" \ No newline at end of file + sizeLimit: "32Gi" diff --git a/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml b/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml index bedec78d..8795c9b4 100644 --- a/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 4 max_parallel_workers: 2 max_connections: 1000 - max_slot_wal_keep_size: '2 GB' + max_slot_wal_keep_size: "2 GB" postgresql: config: |- @@ -58,11 +58,11 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -78,4 +78,4 @@ persistentVolume: size: 20Gi shmVolume: - sizeLimit: "2Gi" \ No newline at end of file + sizeLimit: "2Gi" diff --git a/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml b/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml index 564731a7..4263ffa2 100644 --- a/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 4 max_parallel_workers: 2 max_connections: 2000 - max_slot_wal_keep_size: '5 GB' + max_slot_wal_keep_size: "5 GB" postgresql: config: |- @@ -59,12 +59,12 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 5GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -80,4 +80,4 @@ persistentVolume: size: 50Gi shmVolume: - sizeLimit: "4Gi" \ No newline at end of file + sizeLimit: "4Gi" diff --git a/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml index 3af68467..c2ca0477 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 64 max_parallel_workers: 32 max_connections: 2000 - max_slot_wal_keep_size: '100 GB' + max_slot_wal_keep_size: "100 GB" postgresql: config: |- @@ -58,12 +58,12 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 80GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -79,4 +79,4 @@ persistentVolume: size: 800Gi shmVolume: - sizeLimit: "64Gi" \ No newline at end of file + sizeLimit: "64Gi" diff --git a/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml index da70e1c9..56fc31f5 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 64 max_parallel_workers: 32 max_connections: 2000 - max_slot_wal_keep_size: '200 GB' + max_slot_wal_keep_size: "200 GB" postgresql: config: |- @@ -58,12 +58,12 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 100GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -79,4 +79,4 @@ persistentVolume: size: 4Ti shmVolume: - sizeLimit: "32Gi" \ No newline at end of file + sizeLimit: "32Gi" diff --git a/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml b/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml index 6c91f192..effda2a8 100644 --- a/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 8 max_parallel_workers: 4 max_connections: 2000 - max_slot_wal_keep_size: '10 GB' + max_slot_wal_keep_size: "10 GB" postgresql: config: |- @@ -59,12 +59,12 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on - max_slot_wal_keep_size = 10GB + jit = off + max_slot_wal_keep_size = 10GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -80,4 +80,4 @@ persistentVolume: size: 100Gi shmVolume: - sizeLimit: "8Gi" \ No newline at end of file + sizeLimit: "8Gi" diff --git a/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml index dee10714..03671b6c 100644 --- a/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 16 max_parallel_workers: 8 max_connections: 2000 - max_slot_wal_keep_size: '10 GB' + max_slot_wal_keep_size: "10 GB" postgresql: config: |- @@ -58,12 +58,12 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 20GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -79,4 +79,4 @@ persistentVolume: size: 200Gi shmVolume: - sizeLimit: "16Gi" \ No newline at end of file + sizeLimit: "16Gi" diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/statefulset.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/statefulset.yaml index d826952c..3f1efb1b 100644 --- a/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/statefulset.yaml +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/templates/statefulset.yaml @@ -251,7 +251,7 @@ spec: name: storage-volume annotations: {{- if .Values.persistentVolume.annotations }} -{{ toYaml .Values.persistentVolume.annotations | indent 8 }} +{{ toYaml .Values.persistentVolume.annotations | indent 10 }} {{- end }} labels: application: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/16/chart/postgresql-cluster-16/values.yaml b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/values.yaml index fcf73961..00947615 100644 --- a/addons/postgresql-cluster/16/chart/postgresql-cluster-16/values.yaml +++ b/addons/postgresql-cluster/16/chart/postgresql-cluster-16/values.yaml @@ -1,9 +1,9 @@ replicaCount: 3 -diagnosticMode: +diagnosticMode: enable: false service: - type: ClusterIP + type: ClusterIP image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 @@ -11,13 +11,13 @@ image: repository: registry.drycc.cc/drycc-addons/postgresql-patroni tag: 16 # IfNotPresent , Always - pullPolicy: 'IfNotPresent' + pullPolicy: "IfNotPresent" -logicalbackupImages: +logicalbackupImages: repository: registry.drycc.cc/drycc-addons/postgresql-logicalbackup tag: 16 # IfNotPresent , Always - pullPolicy: 'IfNotPresent' + pullPolicy: "IfNotPresent" # Credentials used by Patroni , passwd # https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql @@ -188,8 +188,7 @@ logicalbackupScript: | echo "Backup process completed!" - -postgresql: +postgresql: config: |- log_min_duration_statement = 1000 max_wal_size = 4GB @@ -204,8 +203,7 @@ patroni: max_worker_processes: 64 max_parallel_workers: 32 max_connections: 2000 - max_slot_wal_keep_size: '2 GB' - + max_slot_wal_keep_size: "2 GB" ## @param patroni.podAnnotations Additional pod annotations for Postgresql patroni pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ @@ -251,12 +249,12 @@ patroni: ## Postgresql Prometheus exporter parameters ## metrics: - enabled: true + enabled: true image: repository: registry.drycc.cc/drycc-addons/postgres-exporter tag: "0" # IfNotPresent , Always - pullPolicy: 'IfNotPresent' + pullPolicy: "IfNotPresent" ## @param metrics.customMetrics Define additional custom metrics ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file ## customMetrics: @@ -278,14 +276,14 @@ metrics: ## Values: ClientIP or None ## ref: https://kubernetes.io/docs/user-guide/services/ ## - sessionAffinity: None + sessionAffinity: None ## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint ## annotations: prometheus.io/scrape: "true" prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" - customMetrics: {} + customMetrics: {} containerPort: 9187 containerSecurityContext: enabled: false @@ -293,8 +291,8 @@ metrics: runAsNonRoot: true customLivenessProbe: {} customReadinessProbe: - enabled: true - resources: + enabled: true + resources: limits: cpu: 100m memory: 512Mi @@ -303,7 +301,7 @@ metrics: cpu: 100m memory: 512Mi -logicalbackup: +logicalbackup: enabled: false scheduleCronJob: "22 0 * * 0" minio: @@ -368,13 +366,13 @@ persistentVolume: accessModes: - ReadWriteOnce -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 100m memory: 512Mi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 4Mi requests: cpu: 100m memory: 512Mi @@ -408,7 +406,6 @@ affinityTemplate: | application: {{ template "patroni.name" . }} release: {{ .Release.Name | quote }} affinity: {} - ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## @@ -429,7 +426,7 @@ serviceAccount: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port Postgresql is listening @@ -437,5 +434,5 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: -clusterDomain: cluster.local \ No newline at end of file + allowNamespaces: +clusterDomain: cluster.local diff --git a/addons/postgresql-cluster/16/plans/standard-16c64g400/values.yaml b/addons/postgresql-cluster/16/plans/standard-16c64g400/values.yaml index f4cd8ae8..047deadd 100644 --- a/addons/postgresql-cluster/16/plans/standard-16c64g400/values.yaml +++ b/addons/postgresql-cluster/16/plans/standard-16c64g400/values.yaml @@ -6,7 +6,7 @@ patroni: max_worker_processes: 32 max_parallel_workers: 16 max_connections: 2000 - max_slot_wal_keep_size: '10 GB' + max_slot_wal_keep_size: "10 GB" postgresql: config: |- @@ -57,12 +57,12 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 40GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -78,4 +78,4 @@ persistentVolume: size: 400Gi shmVolume: - sizeLimit: "32Gi" \ No newline at end of file + sizeLimit: "32Gi" diff --git a/addons/postgresql-cluster/16/plans/standard-2c4g20/values.yaml b/addons/postgresql-cluster/16/plans/standard-2c4g20/values.yaml index bedec78d..8795c9b4 100644 --- a/addons/postgresql-cluster/16/plans/standard-2c4g20/values.yaml +++ b/addons/postgresql-cluster/16/plans/standard-2c4g20/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 4 max_parallel_workers: 2 max_connections: 1000 - max_slot_wal_keep_size: '2 GB' + max_slot_wal_keep_size: "2 GB" postgresql: config: |- @@ -58,11 +58,11 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -78,4 +78,4 @@ persistentVolume: size: 20Gi shmVolume: - sizeLimit: "2Gi" \ No newline at end of file + sizeLimit: "2Gi" diff --git a/addons/postgresql-cluster/16/plans/standard-2c8g50/values.yaml b/addons/postgresql-cluster/16/plans/standard-2c8g50/values.yaml index 564731a7..4263ffa2 100644 --- a/addons/postgresql-cluster/16/plans/standard-2c8g50/values.yaml +++ b/addons/postgresql-cluster/16/plans/standard-2c8g50/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 4 max_parallel_workers: 2 max_connections: 2000 - max_slot_wal_keep_size: '5 GB' + max_slot_wal_keep_size: "5 GB" postgresql: config: |- @@ -59,12 +59,12 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 5GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -80,4 +80,4 @@ persistentVolume: size: 50Gi shmVolume: - sizeLimit: "4Gi" \ No newline at end of file + sizeLimit: "4Gi" diff --git a/addons/postgresql-cluster/16/plans/standard-32c128g800/values.yaml b/addons/postgresql-cluster/16/plans/standard-32c128g800/values.yaml index 3af68467..c2ca0477 100644 --- a/addons/postgresql-cluster/16/plans/standard-32c128g800/values.yaml +++ b/addons/postgresql-cluster/16/plans/standard-32c128g800/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 64 max_parallel_workers: 32 max_connections: 2000 - max_slot_wal_keep_size: '100 GB' + max_slot_wal_keep_size: "100 GB" postgresql: config: |- @@ -58,12 +58,12 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 80GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -79,4 +79,4 @@ persistentVolume: size: 800Gi shmVolume: - sizeLimit: "64Gi" \ No newline at end of file + sizeLimit: "64Gi" diff --git a/addons/postgresql-cluster/16/plans/standard-32c64g4000/values.yaml b/addons/postgresql-cluster/16/plans/standard-32c64g4000/values.yaml index da70e1c9..56fc31f5 100644 --- a/addons/postgresql-cluster/16/plans/standard-32c64g4000/values.yaml +++ b/addons/postgresql-cluster/16/plans/standard-32c64g4000/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 64 max_parallel_workers: 32 max_connections: 2000 - max_slot_wal_keep_size: '200 GB' + max_slot_wal_keep_size: "200 GB" postgresql: config: |- @@ -58,12 +58,12 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 100GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -79,4 +79,4 @@ persistentVolume: size: 4Ti shmVolume: - sizeLimit: "32Gi" \ No newline at end of file + sizeLimit: "32Gi" diff --git a/addons/postgresql-cluster/16/plans/standard-4c16g100/values.yaml b/addons/postgresql-cluster/16/plans/standard-4c16g100/values.yaml index 6c91f192..ea889707 100644 --- a/addons/postgresql-cluster/16/plans/standard-4c16g100/values.yaml +++ b/addons/postgresql-cluster/16/plans/standard-4c16g100/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 8 max_parallel_workers: 4 max_connections: 2000 - max_slot_wal_keep_size: '10 GB' + max_slot_wal_keep_size: "10 GB" postgresql: config: |- @@ -59,12 +59,12 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 10GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -80,4 +80,4 @@ persistentVolume: size: 100Gi shmVolume: - sizeLimit: "8Gi" \ No newline at end of file + sizeLimit: "8Gi" diff --git a/addons/postgresql-cluster/16/plans/standard-8c32g200/values.yaml b/addons/postgresql-cluster/16/plans/standard-8c32g200/values.yaml index dee10714..03671b6c 100644 --- a/addons/postgresql-cluster/16/plans/standard-8c32g200/values.yaml +++ b/addons/postgresql-cluster/16/plans/standard-8c32g200/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 16 max_parallel_workers: 8 max_connections: 2000 - max_slot_wal_keep_size: '10 GB' + max_slot_wal_keep_size: "10 GB" postgresql: config: |- @@ -58,12 +58,12 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 20GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -79,4 +79,4 @@ persistentVolume: size: 200Gi shmVolume: - sizeLimit: "16Gi" \ No newline at end of file + sizeLimit: "16Gi" diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/statefulset.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/statefulset.yaml index d826952c..3f1efb1b 100644 --- a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/statefulset.yaml +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/templates/statefulset.yaml @@ -251,7 +251,7 @@ spec: name: storage-volume annotations: {{- if .Values.persistentVolume.annotations }} -{{ toYaml .Values.persistentVolume.annotations | indent 8 }} +{{ toYaml .Values.persistentVolume.annotations | indent 10 }} {{- end }} labels: application: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/values.yaml b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/values.yaml index 0e1de2f5..fcb3407e 100644 --- a/addons/postgresql-cluster/17/chart/postgresql-cluster-17/values.yaml +++ b/addons/postgresql-cluster/17/chart/postgresql-cluster-17/values.yaml @@ -297,8 +297,8 @@ metrics: resources: limits: cpu: 100m - memory: 512Mi hugepages-2Mi: 20Mi + memory: 512Mi requests: cpu: 100m memory: 512Mi @@ -373,8 +373,8 @@ resources: # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 100m + hugepages-2Mi: 4Mi memory: 512Mi - # hugepages-2Mi: 4Mi requests: cpu: 100m memory: 512Mi diff --git a/addons/postgresql-cluster/17/plans/standard-16c64g400/values.yaml b/addons/postgresql-cluster/17/plans/standard-16c64g400/values.yaml index f4cd8ae8..72b92be7 100644 --- a/addons/postgresql-cluster/17/plans/standard-16c64g400/values.yaml +++ b/addons/postgresql-cluster/17/plans/standard-16c64g400/values.yaml @@ -6,7 +6,7 @@ patroni: max_worker_processes: 32 max_parallel_workers: 16 max_connections: 2000 - max_slot_wal_keep_size: '10 GB' + max_slot_wal_keep_size: "10 GB" postgresql: config: |- @@ -57,18 +57,18 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 40GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 16000m - memory: 64Gi hugepages-2Mi: 40Mi + memory: 64Gi requests: cpu: 100m memory: 1Gi @@ -78,4 +78,4 @@ persistentVolume: size: 400Gi shmVolume: - sizeLimit: "32Gi" \ No newline at end of file + sizeLimit: "32Gi" diff --git a/addons/postgresql-cluster/17/plans/standard-2c4g20/values.yaml b/addons/postgresql-cluster/17/plans/standard-2c4g20/values.yaml index bedec78d..098a0a08 100644 --- a/addons/postgresql-cluster/17/plans/standard-2c4g20/values.yaml +++ b/addons/postgresql-cluster/17/plans/standard-2c4g20/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 4 max_parallel_workers: 2 max_connections: 1000 - max_slot_wal_keep_size: '2 GB' + max_slot_wal_keep_size: "2 GB" postgresql: config: |- @@ -58,17 +58,17 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 2000m - memory: 4Gi hugepages-2Mi: 20Mi + memory: 4Gi requests: cpu: 100m memory: 1Gi @@ -78,4 +78,4 @@ persistentVolume: size: 20Gi shmVolume: - sizeLimit: "2Gi" \ No newline at end of file + sizeLimit: "2Gi" diff --git a/addons/postgresql-cluster/17/plans/standard-2c8g50/values.yaml b/addons/postgresql-cluster/17/plans/standard-2c8g50/values.yaml index 564731a7..affca346 100644 --- a/addons/postgresql-cluster/17/plans/standard-2c8g50/values.yaml +++ b/addons/postgresql-cluster/17/plans/standard-2c8g50/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 4 max_parallel_workers: 2 max_connections: 2000 - max_slot_wal_keep_size: '5 GB' + max_slot_wal_keep_size: "5 GB" postgresql: config: |- @@ -59,18 +59,18 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 5GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 2000m - memory: 8Gi hugepages-2Mi: 20Mi + memory: 8Gi requests: cpu: 100m memory: 1Gi @@ -80,4 +80,4 @@ persistentVolume: size: 50Gi shmVolume: - sizeLimit: "4Gi" \ No newline at end of file + sizeLimit: "4Gi" diff --git a/addons/postgresql-cluster/17/plans/standard-32c128g800/values.yaml b/addons/postgresql-cluster/17/plans/standard-32c128g800/values.yaml index 3af68467..c2ca0477 100644 --- a/addons/postgresql-cluster/17/plans/standard-32c128g800/values.yaml +++ b/addons/postgresql-cluster/17/plans/standard-32c128g800/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 64 max_parallel_workers: 32 max_connections: 2000 - max_slot_wal_keep_size: '100 GB' + max_slot_wal_keep_size: "100 GB" postgresql: config: |- @@ -58,12 +58,12 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 80GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -79,4 +79,4 @@ persistentVolume: size: 800Gi shmVolume: - sizeLimit: "64Gi" \ No newline at end of file + sizeLimit: "64Gi" diff --git a/addons/postgresql-cluster/17/plans/standard-32c64g4000/values.yaml b/addons/postgresql-cluster/17/plans/standard-32c64g4000/values.yaml index da70e1c9..56fc31f5 100644 --- a/addons/postgresql-cluster/17/plans/standard-32c64g4000/values.yaml +++ b/addons/postgresql-cluster/17/plans/standard-32c64g4000/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 64 max_parallel_workers: 32 max_connections: 2000 - max_slot_wal_keep_size: '200 GB' + max_slot_wal_keep_size: "200 GB" postgresql: config: |- @@ -58,12 +58,12 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 100GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: @@ -79,4 +79,4 @@ persistentVolume: size: 4Ti shmVolume: - sizeLimit: "32Gi" \ No newline at end of file + sizeLimit: "32Gi" diff --git a/addons/postgresql-cluster/17/plans/standard-4c16g100/values.yaml b/addons/postgresql-cluster/17/plans/standard-4c16g100/values.yaml index 6c91f192..83ac2774 100644 --- a/addons/postgresql-cluster/17/plans/standard-4c16g100/values.yaml +++ b/addons/postgresql-cluster/17/plans/standard-4c16g100/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 8 max_parallel_workers: 4 max_connections: 2000 - max_slot_wal_keep_size: '10 GB' + max_slot_wal_keep_size: "10 GB" postgresql: config: |- @@ -59,18 +59,18 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 10GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 4000m - memory: 16Gi hugepages-2Mi: 50Mi + memory: 16Gi requests: cpu: 100m memory: 1Gi @@ -80,4 +80,4 @@ persistentVolume: size: 100Gi shmVolume: - sizeLimit: "8Gi" \ No newline at end of file + sizeLimit: "8Gi" diff --git a/addons/postgresql-cluster/17/plans/standard-8c32g200/values.yaml b/addons/postgresql-cluster/17/plans/standard-8c32g200/values.yaml index dee10714..297ca6ae 100644 --- a/addons/postgresql-cluster/17/plans/standard-8c32g200/values.yaml +++ b/addons/postgresql-cluster/17/plans/standard-8c32g200/values.yaml @@ -7,7 +7,7 @@ patroni: max_worker_processes: 16 max_parallel_workers: 8 max_connections: 2000 - max_slot_wal_keep_size: '10 GB' + max_slot_wal_keep_size: "10 GB" postgresql: config: |- @@ -58,18 +58,18 @@ postgresql: # Advanced features enable_partitionwise_join = on enable_partitionwise_aggregate = on - jit = on + jit = off max_slot_wal_keep_size = 20GB track_wal_io_timing = on maintenance_io_concurrency = 100 -resources: +resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 8000m - memory: 32Gi hugepages-2Mi: 60Mi + memory: 32Gi requests: cpu: 100m memory: 1Gi @@ -79,4 +79,4 @@ persistentVolume: size: 200Gi shmVolume: - sizeLimit: "16Gi" \ No newline at end of file + sizeLimit: "16Gi" From f93cf36e01d423aab6f9d40af5356d0cf8c69ad3 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 2 Feb 2026 14:39:23 +0800 Subject: [PATCH 171/176] fix(postgresql-cluster): fix typo --- addons/postgresql-cluster/15/plans/standard-16c64g400/bind.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-2c4g20/bind.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-2c8g50/bind.yaml | 2 +- .../postgresql-cluster/15/plans/standard-32c128g800/bind.yaml | 2 +- .../postgresql-cluster/15/plans/standard-32c64g4000/bind.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-4c16g100/bind.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-8c32g200/bind.yaml | 2 +- addons/postgresql-cluster/16/plans/standard-16c64g400/bind.yaml | 2 +- addons/postgresql-cluster/16/plans/standard-2c4g20/bind.yaml | 2 +- addons/postgresql-cluster/16/plans/standard-2c8g50/bind.yaml | 2 +- .../postgresql-cluster/16/plans/standard-32c128g800/bind.yaml | 2 +- .../postgresql-cluster/16/plans/standard-32c64g4000/bind.yaml | 2 +- addons/postgresql-cluster/16/plans/standard-4c16g100/bind.yaml | 2 +- addons/postgresql-cluster/16/plans/standard-8c32g200/bind.yaml | 2 +- addons/postgresql-cluster/17/plans/standard-16c64g400/bind.yaml | 2 +- addons/postgresql-cluster/17/plans/standard-2c4g20/bind.yaml | 2 +- addons/postgresql-cluster/17/plans/standard-2c8g50/bind.yaml | 2 +- .../postgresql-cluster/17/plans/standard-32c128g800/bind.yaml | 2 +- .../postgresql-cluster/17/plans/standard-32c64g4000/bind.yaml | 2 +- addons/postgresql-cluster/17/plans/standard-4c16g100/bind.yaml | 2 +- addons/postgresql-cluster/17/plans/standard-8c32g200/bind.yaml | 2 +- 21 files changed, 21 insertions(+), 21 deletions(-) diff --git a/addons/postgresql-cluster/15/plans/standard-16c64g400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/15/plans/standard-16c64g400/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-16c64g400/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-2c4g20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-2c4g20/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/15/plans/standard-2c4g20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-2c4g20/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-2c8g50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-2c8g50/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/15/plans/standard-2c8g50/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-2c8g50/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-32c128g800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c128g800/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c128g800/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-32c64g4000/bind.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c64g4000/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c64g4000/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-4c16g100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-4c16g100/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/15/plans/standard-4c16g100/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-4c16g100/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-8c32g200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/15/plans/standard-8c32g200/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-8c32g200/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-16c64g400/bind.yaml b/addons/postgresql-cluster/16/plans/standard-16c64g400/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/16/plans/standard-16c64g400/bind.yaml +++ b/addons/postgresql-cluster/16/plans/standard-16c64g400/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-2c4g20/bind.yaml b/addons/postgresql-cluster/16/plans/standard-2c4g20/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/16/plans/standard-2c4g20/bind.yaml +++ b/addons/postgresql-cluster/16/plans/standard-2c4g20/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-2c8g50/bind.yaml b/addons/postgresql-cluster/16/plans/standard-2c8g50/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/16/plans/standard-2c8g50/bind.yaml +++ b/addons/postgresql-cluster/16/plans/standard-2c8g50/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-32c128g800/bind.yaml b/addons/postgresql-cluster/16/plans/standard-32c128g800/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/16/plans/standard-32c128g800/bind.yaml +++ b/addons/postgresql-cluster/16/plans/standard-32c128g800/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-32c64g4000/bind.yaml b/addons/postgresql-cluster/16/plans/standard-32c64g4000/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/16/plans/standard-32c64g4000/bind.yaml +++ b/addons/postgresql-cluster/16/plans/standard-32c64g4000/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-4c16g100/bind.yaml b/addons/postgresql-cluster/16/plans/standard-4c16g100/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/16/plans/standard-4c16g100/bind.yaml +++ b/addons/postgresql-cluster/16/plans/standard-4c16g100/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/16/plans/standard-8c32g200/bind.yaml b/addons/postgresql-cluster/16/plans/standard-8c32g200/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/16/plans/standard-8c32g200/bind.yaml +++ b/addons/postgresql-cluster/16/plans/standard-8c32g200/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-16c64g400/bind.yaml b/addons/postgresql-cluster/17/plans/standard-16c64g400/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/17/plans/standard-16c64g400/bind.yaml +++ b/addons/postgresql-cluster/17/plans/standard-16c64g400/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-2c4g20/bind.yaml b/addons/postgresql-cluster/17/plans/standard-2c4g20/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/17/plans/standard-2c4g20/bind.yaml +++ b/addons/postgresql-cluster/17/plans/standard-2c4g20/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-2c8g50/bind.yaml b/addons/postgresql-cluster/17/plans/standard-2c8g50/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/17/plans/standard-2c8g50/bind.yaml +++ b/addons/postgresql-cluster/17/plans/standard-2c8g50/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-32c128g800/bind.yaml b/addons/postgresql-cluster/17/plans/standard-32c128g800/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/17/plans/standard-32c128g800/bind.yaml +++ b/addons/postgresql-cluster/17/plans/standard-32c128g800/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-32c64g4000/bind.yaml b/addons/postgresql-cluster/17/plans/standard-32c64g4000/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/17/plans/standard-32c64g4000/bind.yaml +++ b/addons/postgresql-cluster/17/plans/standard-32c64g4000/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-4c16g100/bind.yaml b/addons/postgresql-cluster/17/plans/standard-4c16g100/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/17/plans/standard-4c16g100/bind.yaml +++ b/addons/postgresql-cluster/17/plans/standard-4c16g100/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/17/plans/standard-8c32g200/bind.yaml b/addons/postgresql-cluster/17/plans/standard-8c32g200/bind.yaml index 5fc257f9..55955ed6 100644 --- a/addons/postgresql-cluster/17/plans/standard-8c32g200/bind.yaml +++ b/addons/postgresql-cluster/17/plans/standard-8c32g200/bind.yaml @@ -37,5 +37,5 @@ credential: jsonpath: '{ .data.admin-user }' - name: PORT value: 5432 - - name: DADABASE + - name: DATABASE value: postgres \ No newline at end of file From 8f2bcfde05725741f7eee193294cd2a0731ce208 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 2 Feb 2026 15:02:56 +0800 Subject: [PATCH 172/176] chore(mongodb): change pull policy to IfNotPresent --- addons/mongodb/7.0/chart/mongodb/values.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index ac06f422..0f9e27e6 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -111,7 +111,7 @@ image: ## Specify a imagePullPolicy ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## - pullPolicy: Always + pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -494,7 +494,7 @@ podSecurityContext: ## @param containerSecurityContext.enabled Enable MongoDB(®) container(s)' Security Context ## @param containerSecurityContext.runAsUser User ID for the MongoDB(®) container ## @param containerSecurityContext.runAsNonRoot Set MongoDB(®) container's Security Context runAsNonRoot -## +## containerSecurityContext: enabled: true runAsUser: 1001 @@ -1516,7 +1516,7 @@ hidden: ## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period ## terminationGracePeriodSeconds: "" - ## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet + ## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: ## type: RollingUpdate @@ -1873,10 +1873,10 @@ metrics: ## @param metrics.resources.requests The requested resources for Prometheus exporter containers ## resources: - limits: + limits: cpu: 500m memory: 512Mi - requests: + requests: cpu: 100m memory: 128Mi ## @param metrics.containerPort Port of the Prometheus metrics container @@ -2036,7 +2036,7 @@ metrics: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port Mongodb is listening From 0fd112eb64015f2383e5f543ff6804d1973ea8ac Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 3 Feb 2026 09:04:41 +0800 Subject: [PATCH 173/176] chore(mongodb): add mongodb 8.0 --- addons/index.yaml | 3 + .../mongodb/8.0/chart/mongodb-8.0/.helmignore | 21 + .../mongodb/8.0/chart/mongodb-8.0/Chart.yaml | 29 + .../mongodb/8.0/chart/mongodb-8.0/README.md | 787 +++++++ .../8.0/chart/mongodb-8.0/templates/NOTES.txt | 202 ++ .../chart/mongodb-8.0/templates/_helpers.tpl | 432 ++++ .../templates/arbiter/configmap.yaml | 18 + .../templates/arbiter/headless-svc.yaml | 33 + .../mongodb-8.0/templates/arbiter/pdb.yaml | 25 + .../templates/arbiter/statefulset.yaml | 279 +++ .../templates/common-scripts-cm.yaml | 104 + .../mongodb-8.0/templates/configmap.yaml | 18 + .../mongodb-8.0/templates/extra-list.yaml | 4 + .../templates/hidden/configmap.yaml | 15 + .../templates/hidden/external-access-svc.yaml | 67 + .../templates/hidden/headless-svc.yaml | 34 + .../mongodb-8.0/templates/hidden/pdb.yaml | 22 + .../templates/hidden/statefulset.yaml | 533 +++++ .../templates/initialization-configmap.yaml | 17 + .../mongodb-8.0/templates/metrics-svc.yaml | 33 + .../mongodb-8.0/templates/networkpolicy.yaml | 45 + .../mongodb-8.0/templates/prometheusrule.yaml | 18 + .../8.0/chart/mongodb-8.0/templates/psp.yaml | 50 + .../templates/replicaset/access-svc.yaml | 32 + .../replicaset/external-access-svc.yaml | 67 + .../templates/replicaset/headless-svc.yaml | 34 + .../mongodb-8.0/templates/replicaset/pdb.yaml | 25 + .../replicaset/scripts-configmap.yaml | 301 +++ .../templates/replicaset/statefulset.yaml | 543 +++++ .../mongodb-8.0/templates/replicaset/svc.yaml | 43 + .../8.0/chart/mongodb-8.0/templates/role.yaml | 30 + .../mongodb-8.0/templates/rolebinding.yaml | 19 + .../mongodb-8.0/templates/secrets-ca.yaml | 37 + .../chart/mongodb-8.0/templates/secrets.yaml | 41 + .../mongodb-8.0/templates/serviceaccount.yaml | 23 + .../mongodb-8.0/templates/servicemonitor.yaml | 48 + .../templates/standalone/dep-sts.yaml | 474 ++++ .../mongodb-8.0/templates/standalone/pvc.yaml | 33 + .../mongodb-8.0/templates/standalone/svc.yaml | 58 + .../8.0/chart/mongodb-8.0/values.schema.json | 173 ++ .../mongodb/8.0/chart/mongodb-8.0/values.yaml | 2048 +++++++++++++++++ addons/mongodb/8.0/meta.yaml | 24 + .../8.0/plans/standard-16c64g400/bind.yaml | 36 + .../standard-16c64g400/instance-schema.json | 12 + .../8.0/plans/standard-16c64g400/meta.yaml | 6 + .../8.0/plans/standard-16c64g400/values.yaml | 23 + .../8.0/plans/standard-1c2g10/bind.yaml | 36 + .../standard-1c2g10/instance-schema.json | 12 + .../8.0/plans/standard-1c2g10/meta.yaml | 6 + .../8.0/plans/standard-1c2g10/values.yaml | 23 + .../8.0/plans/standard-2c4g20/bind.yaml | 36 + .../standard-2c4g20/instance-schema.json | 12 + .../8.0/plans/standard-2c4g20/meta.yaml | 6 + .../8.0/plans/standard-2c4g20/values.yaml | 23 + .../8.0/plans/standard-2c8g50/bind.yaml | 36 + .../standard-2c8g50/instance-schema.json | 12 + .../8.0/plans/standard-2c8g50/meta.yaml | 6 + .../8.0/plans/standard-2c8g50/values.yaml | 23 + .../8.0/plans/standard-32c128g800/bind.yaml | 36 + .../standard-32c128g800/instance-schema.json | 12 + .../8.0/plans/standard-32c128g800/meta.yaml | 6 + .../8.0/plans/standard-32c128g800/values.yaml | 23 + .../8.0/plans/standard-4c16g100/bind.yaml | 36 + .../standard-4c16g100/instance-schema.json | 12 + .../8.0/plans/standard-4c16g100/meta.yaml | 6 + .../8.0/plans/standard-4c16g100/values.yaml | 23 + .../8.0/plans/standard-8c32g200/bind.yaml | 36 + .../standard-8c32g200/instance-schema.json | 12 + .../8.0/plans/standard-8c32g200/meta.yaml | 6 + .../8.0/plans/standard-8c32g200/values.yaml | 23 + 70 files changed, 7381 insertions(+) create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/.helmignore create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/Chart.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/README.md create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/NOTES.txt create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/_helpers.tpl create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/configmap.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/headless-svc.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/pdb.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/statefulset.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/common-scripts-cm.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/configmap.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/extra-list.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/configmap.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/external-access-svc.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/headless-svc.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/pdb.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/statefulset.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/initialization-configmap.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/metrics-svc.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/networkpolicy.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/prometheusrule.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/psp.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/access-svc.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/external-access-svc.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/headless-svc.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/pdb.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/scripts-configmap.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/statefulset.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/svc.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/role.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/rolebinding.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/secrets-ca.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/secrets.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/serviceaccount.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/servicemonitor.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/standalone/dep-sts.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/standalone/pvc.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/templates/standalone/svc.yaml create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/values.schema.json create mode 100644 addons/mongodb/8.0/chart/mongodb-8.0/values.yaml create mode 100644 addons/mongodb/8.0/meta.yaml create mode 100644 addons/mongodb/8.0/plans/standard-16c64g400/bind.yaml create mode 100644 addons/mongodb/8.0/plans/standard-16c64g400/instance-schema.json create mode 100644 addons/mongodb/8.0/plans/standard-16c64g400/meta.yaml create mode 100644 addons/mongodb/8.0/plans/standard-16c64g400/values.yaml create mode 100644 addons/mongodb/8.0/plans/standard-1c2g10/bind.yaml create mode 100644 addons/mongodb/8.0/plans/standard-1c2g10/instance-schema.json create mode 100644 addons/mongodb/8.0/plans/standard-1c2g10/meta.yaml create mode 100644 addons/mongodb/8.0/plans/standard-1c2g10/values.yaml create mode 100644 addons/mongodb/8.0/plans/standard-2c4g20/bind.yaml create mode 100644 addons/mongodb/8.0/plans/standard-2c4g20/instance-schema.json create mode 100644 addons/mongodb/8.0/plans/standard-2c4g20/meta.yaml create mode 100644 addons/mongodb/8.0/plans/standard-2c4g20/values.yaml create mode 100644 addons/mongodb/8.0/plans/standard-2c8g50/bind.yaml create mode 100644 addons/mongodb/8.0/plans/standard-2c8g50/instance-schema.json create mode 100644 addons/mongodb/8.0/plans/standard-2c8g50/meta.yaml create mode 100644 addons/mongodb/8.0/plans/standard-2c8g50/values.yaml create mode 100644 addons/mongodb/8.0/plans/standard-32c128g800/bind.yaml create mode 100644 addons/mongodb/8.0/plans/standard-32c128g800/instance-schema.json create mode 100644 addons/mongodb/8.0/plans/standard-32c128g800/meta.yaml create mode 100644 addons/mongodb/8.0/plans/standard-32c128g800/values.yaml create mode 100644 addons/mongodb/8.0/plans/standard-4c16g100/bind.yaml create mode 100644 addons/mongodb/8.0/plans/standard-4c16g100/instance-schema.json create mode 100644 addons/mongodb/8.0/plans/standard-4c16g100/meta.yaml create mode 100644 addons/mongodb/8.0/plans/standard-4c16g100/values.yaml create mode 100644 addons/mongodb/8.0/plans/standard-8c32g200/bind.yaml create mode 100644 addons/mongodb/8.0/plans/standard-8c32g200/instance-schema.json create mode 100644 addons/mongodb/8.0/plans/standard-8c32g200/meta.yaml create mode 100644 addons/mongodb/8.0/plans/standard-8c32g200/values.yaml diff --git a/addons/index.yaml b/addons/index.yaml index 8a4ed8df..cdbe36d5 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -67,6 +67,9 @@ entries: mongodb: - version: 7.0 description: "MongoDB is a document database designed for ease of application development and scaling." + mongodb: + - version: 8.0 + description: "MongoDB is a document database designed for ease of application development and scaling." clickhouse: - version: 24 description: "ClickHouse is the fastest and most resource efficient open-source database for real-time apps and analytics." diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/.helmignore b/addons/mongodb/8.0/chart/mongodb-8.0/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/Chart.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/Chart.yaml new file mode 100644 index 00000000..772e2a69 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/Chart.yaml @@ -0,0 +1,29 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 8.0.17 +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + tags: + - drycc-common + version: ~1.1.2 +description: MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. +engine: gotpl +home: https://github.com/drycc/charts/tree/master/drycc/mongodb +icon: https://drycc.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png +keywords: + - mongodb + - database + - nosql + - cluster + - replicaset + - replication +maintainers: + - name: Drycc + url: https://github.com/drycc/charts +name: mongodb +sources: + - https://github.com/drycc/containers/tree/main/drycc/mongodb + - https://mongodb.org +version: 13.1.7 diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/README.md b/addons/mongodb/8.0/chart/mongodb-8.0/README.md new file mode 100644 index 00000000..5a83118a --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/README.md @@ -0,0 +1,787 @@ + + +# MongoDB(R) packaged by Drycc + +MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. + +[Overview of MongoDB®](http://www.mongodb.org) + +Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from Drycc. + +## TL;DR + +```bash +$ helm repo add my-repo https://charts.drycc.com/drycc +$ helm install my-release my-repo/mongodb +``` + +## Introduction + +This chart bootstraps a [MongoDB(®)](https://github.com/drycc/containers/tree/main/drycc/mongodb) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Drycc charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install my-release my-repo/mongodb +``` + +The command deploys MongoDB(®) on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Architecture + +This chart allows installing MongoDB(®) using two different architecture setups: `standalone` or `replicaset`. Use the `architecture` parameter to choose the one to use: + +```console +architecture="standalone" +architecture="replicaset" +``` + +Refer to the [chart documentation for more information on each of these architectures](https://docs.drycc.com/kubernetes/infrastructure/mongodb/get-started/understand-architecture/). + +## Parameters + +### Global parameters + +| Name | Description | Value | +| -------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.namespaceOverride` | Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------------------------- | --------------- | +| `nameOverride` | String to partially override mongodb.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override mongodb.fullname template | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `commonLabels` | Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template | `{}` | +| `commonAnnotations` | Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template | `{}` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + + +### MongoDB(®) parameters + +| Name | Description | Value | +| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------- | +| `image.registry` | MongoDB(®) image registry | `docker.io` | +| `image.repository` | MongoDB(®) image registry | `drycc/mongodb` | +| `image.tag` | MongoDB(®) image tag (immutable tags are recommended) | `6.0.2-debian-11-r1` | +| `image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | MongoDB(®) image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Set to true if you would like to see extra information on logs | `false` | +| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `architecture` | MongoDB(®) architecture (`standalone` or `replicaset`) | `standalone` | +| `useStatefulSet` | Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) | `false` | +| `auth.enabled` | Enable authentication | `true` | +| `auth.rootUser` | MongoDB(®) root user | `root` | +| `auth.rootPassword` | MongoDB(®) root password | `""` | +| `auth.usernames` | List of custom users to be created during the initialization | `[]` | +| `auth.passwords` | List of passwords for the custom users set at `auth.usernames` | `[]` | +| `auth.databases` | List of custom databases to be created during the initialization | `[]` | +| `auth.username` | DEPRECATED: use `auth.usernames` instead | `""` | +| `auth.password` | DEPRECATED: use `auth.passwords` instead | `""` | +| `auth.database` | DEPRECATED: use `auth.databases` instead | `""` | +| `auth.replicaSetKey` | Key used for authentication in the replicaset (only when `architecture=replicaset`) | `""` | +| `auth.existingSecret` | Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) | `""` | +| `tls.enabled` | Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes | `false` | +| `tls.autoGenerated` | Generate a custom CA and self-signed certificates | `true` | +| `tls.existingSecret` | Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) | `""` | +| `tls.caCert` | Custom CA certificated (base64 encoded) | `""` | +| `tls.caKey` | CA certificate private key (base64 encoded) | `""` | +| `tls.image.registry` | Init container TLS certs setup image registry | `docker.io` | +| `tls.image.repository` | Init container TLS certs setup image repository | `drycc/nginx` | +| `tls.image.tag` | Init container TLS certs setup image tag (immutable tags are recommended) | `1.23.1-debian-11-r26` | +| `tls.image.digest` | Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `tls.image.pullPolicy` | Init container TLS certs setup image pull policy | `IfNotPresent` | +| `tls.image.pullSecrets` | Init container TLS certs specify docker-registry secret names as an array | `[]` | +| `tls.extraDnsNames` | Add extra dns names to the CA, can solve x509 auth issue for pod clients | `[]` | +| `tls.mode` | Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) | `requireTLS` | +| `tls.resources.limits` | Init container generate-tls-certs resource limits | `{}` | +| `tls.resources.requests` | Init container generate-tls-certs resource requests | `{}` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `replicaSetName` | Name of the replica set (only when `architecture=replicaset`) | `rs0` | +| `replicaSetHostnames` | Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) | `true` | +| `enableIPv6` | Switch to enable/disable IPv6 on MongoDB(®) | `false` | +| `directoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB(®) | `false` | +| `systemLogVerbosity` | MongoDB(®) system log verbosity level | `0` | +| `disableSystemLog` | Switch to enable/disable MongoDB(®) system log | `false` | +| `disableJavascript` | Switch to enable/disable MongoDB(®) server-side JavaScript execution | `false` | +| `enableJournal` | Switch to enable/disable MongoDB(®) Journaling | `true` | +| `configuration` | MongoDB(®) configuration file to be used for Primary and Secondary nodes | `""` | + + +### replicaSetConfigurationSettings settings applied during runtime (not via configuration file) + +| Name | Description | Value | +| ----------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------- | +| `replicaSetConfigurationSettings.enabled` | Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings | `false` | +| `replicaSetConfigurationSettings.configuration` | run-time rs.conf settings | `{}` | +| `existingConfigmap` | Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes | `""` | +| `initdbScripts` | Dictionary of initdb scripts | `{}` | +| `initdbScriptsConfigMap` | Existing ConfigMap with custom initdb scripts | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `extraFlags` | MongoDB(®) additional command line flags | `[]` | +| `extraEnvVars` | Extra environment variables to add to MongoDB(®) pods | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | + + +### MongoDB(®) statefulset parameters + +| Name | Description | Value | +| --------------------------------------- | --------------------------------------------------------------------------------------------------------------- | --------------- | +| `annotations` | Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | +| `labels` | Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | +| `replicaCount` | Number of MongoDB(®) nodes (only when `architecture=replicaset`) | `2` | +| `updateStrategy.type` | Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, | `RollingUpdate` | +| `podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | +| `podAffinityPreset` | MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | MongoDB(®) Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | MongoDB(®) Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | MongoDB(®) Affinity for pod assignment | `{}` | +| `nodeSelector` | MongoDB(®) Node labels for pod assignment | `{}` | +| `tolerations` | MongoDB(®) Tolerations for pod assignment | `[]` | +| `topologySpreadConstraints` | MongoDB(®) Spread Constraints for Pods | `[]` | +| `lifecycleHooks` | LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup | `{}` | +| `terminationGracePeriodSeconds` | MongoDB(®) Termination Grace Period | `""` | +| `podLabels` | MongoDB(®) pod labels | `{}` | +| `podAnnotations` | MongoDB(®) Pod annotations | `{}` | +| `priorityClassName` | Name of the existing priority class to be used by MongoDB(®) pod(s) | `""` | +| `runtimeClassName` | Name of the runtime class to be used by MongoDB(®) pod(s) | `""` | +| `podSecurityContext.enabled` | Enable MongoDB(®) pod(s)' Security Context | `true` | +| `podSecurityContext.fsGroup` | Group ID for the volumes of the MongoDB(®) pod(s) | `1001` | +| `podSecurityContext.sysctls` | sysctl settings of the MongoDB(®) pod(s)' | `[]` | +| `containerSecurityContext.enabled` | Enable MongoDB(®) container(s)' Security Context | `true` | +| `containerSecurityContext.runAsUser` | User ID for the MongoDB(®) container | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set MongoDB(®) container's Security Context runAsNonRoot | `true` | +| `resources.limits` | The resources limits for MongoDB(®) containers | `{}` | +| `resources.requests` | The requested resources for MongoDB(®) containers | `{}` | +| `containerPorts.mongodb` | MongoDB(®) container port | `27017` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `20` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `10` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | +| `customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | +| `customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `initContainers` | Add additional init containers for the hidden node pod(s) | `[]` | +| `sidecars` | Add additional sidecar containers for the MongoDB(®) pod(s) | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) | `[]` | +| `extraVolumes` | Optionally specify extra list of additional volumes to the MongoDB(®) statefulset | `[]` | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) | `false` | +| `pdb.minAvailable` | Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction | `1` | +| `pdb.maxUnavailable` | Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction | `""` | + + +### Traffic exposure parameters + +| Name | Description | Value | +| -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `service.nameOverride` | MongoDB(®) service name | `""` | +| `service.type` | Kubernetes Service type (only for standalone architecture) | `ClusterIP` | +| `service.portName` | MongoDB(®) service port name (only for standalone architecture) | `mongodb` | +| `service.ports.mongodb` | MongoDB(®) service port. | `27017` | +| `service.nodePorts.mongodb` | Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) | `""` | +| `service.clusterIP` | MongoDB(®) service cluster IP (only for standalone architecture) | `""` | +| `service.externalIPs` | Specify the externalIP value ClusterIP service type (only for standalone architecture) | `[]` | +| `service.loadBalancerIP` | loadBalancerIP for MongoDB(®) Service (only for standalone architecture) | `""` | +| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) | `[]` | +| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `service.annotations` | Provide any additional annotations that may be required | `{}` | +| `service.externalTrafficPolicy` | service external traffic policy (only for standalone architecture) | `Local` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `externalAccess.enabled` | Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) | `false` | +| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs by querying the K8s API | `false` | +| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | +| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `drycc/kubectl` | +| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.2-debian-11-r2` | +| `externalAccess.autoDiscovery.image.digest` | Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | +| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | +| `externalAccess.autoDiscovery.resources.limits` | Init container auto-discovery resource limits | `{}` | +| `externalAccess.autoDiscovery.resources.requests` | Init container auto-discovery resource requests | `{}` | +| `externalAccess.service.type` | Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | +| `externalAccess.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | +| `externalAccess.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | +| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | +| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | +| `externalAccess.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort | `[]` | +| `externalAccess.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | +| `externalAccess.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `externalAccess.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `externalAccess.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `externalAccess.hidden.enabled` | Enable Kubernetes external cluster access to MongoDB(®) hidden nodes | `false` | +| `externalAccess.hidden.service.type` | Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer | `LoadBalancer` | +| `externalAccess.hidden.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | +| `externalAccess.hidden.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | +| `externalAccess.hidden.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | +| `externalAccess.hidden.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.hidden.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | +| `externalAccess.hidden.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount | `[]` | +| `externalAccess.hidden.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | +| `externalAccess.hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `externalAccess.hidden.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.hidden.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `externalAccess.hidden.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | + + +### Persistence parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `persistence.enabled` | Enable MongoDB(®) data persistence using PVC | `true` | +| `persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` | +| `persistence.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` | +| `persistence.storageClass` | PVC Storage Class for MongoDB(®) data volume | `""` | +| `persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | +| `persistence.size` | PVC Storage Request for MongoDB(®) data volume | `8Gi` | +| `persistence.annotations` | PVC annotations | `{}` | +| `persistence.mountPath` | Path to mount the volume at | `/drycc/mongodb` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | +| `persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | +| `persistence.volumeClaimTemplates.dataSource` | Add dataSource to the VolumeClaimTemplate | `{}` | + + +### RBAC parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable creation of ServiceAccount for MongoDB(®) pods | `true` | +| `serviceAccount.name` | Name of the created serviceAccount | `""` | +| `serviceAccount.annotations` | Additional Service Account annotations | `{}` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | +| `rbac.create` | Whether to create & use RBAC resources or not | `false` | +| `rbac.rules` | Custom rules to create following the role specification | `[]` | +| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | +| `podSecurityPolicy.allowPrivilegeEscalation` | Enable privilege escalation | `false` | +| `podSecurityPolicy.privileged` | Allow privileged | `false` | +| `podSecurityPolicy.spec` | Specify the full spec to use for Pod Security Policy | `{}` | + + +### Volume Permissions parameters + +| Name | Description | Value | +| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `drycc/drycc-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r37` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | +| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | +| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions container | `0` | + + +### Arbiter parameters + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------------------- | --------------- | +| `arbiter.enabled` | Enable deploying the arbiter | `true` | +| `arbiter.hostAliases` | Add deployment host aliases | `[]` | +| `arbiter.configuration` | Arbiter configuration file to be used | `""` | +| `arbiter.existingConfigmap` | Name of existing ConfigMap with Arbiter configuration | `""` | +| `arbiter.command` | Override default container command (useful when using custom images) | `[]` | +| `arbiter.args` | Override default container args (useful when using custom images) | `[]` | +| `arbiter.extraFlags` | Arbiter additional command line flags | `[]` | +| `arbiter.extraEnvVars` | Extra environment variables to add to Arbiter pods | `[]` | +| `arbiter.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `arbiter.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | +| `arbiter.annotations` | Additional labels to be added to the Arbiter statefulset | `{}` | +| `arbiter.labels` | Annotations to be added to the Arbiter statefulset | `{}` | +| `arbiter.topologySpreadConstraints` | MongoDB(®) Spread Constraints for arbiter Pods | `[]` | +| `arbiter.lifecycleHooks` | LifecycleHook for the Arbiter container to automate configuration before or after startup | `{}` | +| `arbiter.terminationGracePeriodSeconds` | Arbiter Termination Grace Period | `""` | +| `arbiter.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | +| `arbiter.podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | +| `arbiter.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `arbiter.podAffinityPreset` | Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `arbiter.podAntiAffinityPreset` | Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `arbiter.nodeAffinityPreset.type` | Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `arbiter.nodeAffinityPreset.key` | Arbiter Node label key to match Ignored if `affinity` is set. | `""` | +| `arbiter.nodeAffinityPreset.values` | Arbiter Node label values to match. Ignored if `affinity` is set. | `[]` | +| `arbiter.affinity` | Arbiter Affinity for pod assignment | `{}` | +| `arbiter.nodeSelector` | Arbiter Node labels for pod assignment | `{}` | +| `arbiter.tolerations` | Arbiter Tolerations for pod assignment | `[]` | +| `arbiter.podLabels` | Arbiter pod labels | `{}` | +| `arbiter.podAnnotations` | Arbiter Pod annotations | `{}` | +| `arbiter.priorityClassName` | Name of the existing priority class to be used by Arbiter pod(s) | `""` | +| `arbiter.runtimeClassName` | Name of the runtime class to be used by Arbiter pod(s) | `""` | +| `arbiter.podSecurityContext.enabled` | Enable Arbiter pod(s)' Security Context | `true` | +| `arbiter.podSecurityContext.fsGroup` | Group ID for the volumes of the Arbiter pod(s) | `1001` | +| `arbiter.podSecurityContext.sysctls` | sysctl settings of the Arbiter pod(s)' | `[]` | +| `arbiter.containerSecurityContext.enabled` | Enable Arbiter container(s)' Security Context | `true` | +| `arbiter.containerSecurityContext.runAsUser` | User ID for the Arbiter container | `1001` | +| `arbiter.containerSecurityContext.runAsNonRoot` | Set Arbiter containers' Security Context runAsNonRoot | `true` | +| `arbiter.resources.limits` | The resources limits for Arbiter containers | `{}` | +| `arbiter.resources.requests` | The requested resources for Arbiter containers | `{}` | +| `arbiter.containerPorts.mongodb` | MongoDB(®) arbiter container port | `27017` | +| `arbiter.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `arbiter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `arbiter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `arbiter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `arbiter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `arbiter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `arbiter.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `arbiter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `arbiter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | +| `arbiter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | +| `arbiter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `arbiter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `arbiter.startupProbe.enabled` | Enable startupProbe | `false` | +| `arbiter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `arbiter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `arbiter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `arbiter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `arbiter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `arbiter.customLivenessProbe` | Override default liveness probe for Arbiter containers | `{}` | +| `arbiter.customReadinessProbe` | Override default readiness probe for Arbiter containers | `{}` | +| `arbiter.customStartupProbe` | Override default startup probe for Arbiter containers | `{}` | +| `arbiter.initContainers` | Add additional init containers for the Arbiter pod(s) | `[]` | +| `arbiter.sidecars` | Add additional sidecar containers for the Arbiter pod(s) | `[]` | +| `arbiter.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Arbiter container(s) | `[]` | +| `arbiter.extraVolumes` | Optionally specify extra list of additional volumes to the Arbiter statefulset | `[]` | +| `arbiter.pdb.create` | Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) | `false` | +| `arbiter.pdb.minAvailable` | Minimum number/percentage of Arbiter pods that should remain scheduled | `1` | +| `arbiter.pdb.maxUnavailable` | Maximum number/percentage of Arbiter pods that may be made unavailable | `""` | +| `arbiter.service.nameOverride` | The arbiter service name | `""` | +| `arbiter.service.ports.mongodb` | MongoDB(®) service port | `27017` | +| `arbiter.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `arbiter.service.annotations` | Provide any additional annotations that may be required | `{}` | + + +### Hidden Node parameters + +| Name | Description | Value | +| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------- | +| `hidden.enabled` | Enable deploying the hidden nodes | `false` | +| `hidden.hostAliases` | Add deployment host aliases | `[]` | +| `hidden.configuration` | Hidden node configuration file to be used | `""` | +| `hidden.existingConfigmap` | Name of existing ConfigMap with Hidden node configuration | `""` | +| `hidden.command` | Override default container command (useful when using custom images) | `[]` | +| `hidden.args` | Override default container args (useful when using custom images) | `[]` | +| `hidden.extraFlags` | Hidden node additional command line flags | `[]` | +| `hidden.extraEnvVars` | Extra environment variables to add to Hidden node pods | `[]` | +| `hidden.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `hidden.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | +| `hidden.annotations` | Additional labels to be added to thehidden node statefulset | `{}` | +| `hidden.labels` | Annotations to be added to the hidden node statefulset | `{}` | +| `hidden.topologySpreadConstraints` | MongoDB(®) Spread Constraints for hidden Pods | `[]` | +| `hidden.lifecycleHooks` | LifecycleHook for the Hidden container to automate configuration before or after startup | `{}` | +| `hidden.replicaCount` | Number of hidden nodes (only when `architecture=replicaset`) | `1` | +| `hidden.terminationGracePeriodSeconds` | Hidden Termination Grace Period | `""` | +| `hidden.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | +| `hidden.podManagementPolicy` | Pod management policy for hidden node | `OrderedReady` | +| `hidden.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `hidden.podAffinityPreset` | Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `hidden.podAntiAffinityPreset` | Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `hidden.nodeAffinityPreset.type` | Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `hidden.nodeAffinityPreset.key` | Hidden Node label key to match Ignored if `affinity` is set. | `""` | +| `hidden.nodeAffinityPreset.values` | Hidden Node label values to match. Ignored if `affinity` is set. | `[]` | +| `hidden.affinity` | Hidden node Affinity for pod assignment | `{}` | +| `hidden.nodeSelector` | Hidden node Node labels for pod assignment | `{}` | +| `hidden.tolerations` | Hidden node Tolerations for pod assignment | `[]` | +| `hidden.podLabels` | Hidden node pod labels | `{}` | +| `hidden.podAnnotations` | Hidden node Pod annotations | `{}` | +| `hidden.priorityClassName` | Name of the existing priority class to be used by hidden node pod(s) | `""` | +| `hidden.runtimeClassName` | Name of the runtime class to be used by hidden node pod(s) | `""` | +| `hidden.podSecurityContext.enabled` | Enable Hidden pod(s)' Security Context | `true` | +| `hidden.podSecurityContext.fsGroup` | Group ID for the volumes of the Hidden pod(s) | `1001` | +| `hidden.podSecurityContext.sysctls` | sysctl settings of the Hidden pod(s)' | `[]` | +| `hidden.containerSecurityContext.enabled` | Enable Hidden container(s)' Security Context | `true` | +| `hidden.containerSecurityContext.runAsUser` | User ID for the Hidden container | `1001` | +| `hidden.containerSecurityContext.runAsNonRoot` | Set Hidden containers' Security Context runAsNonRoot | `true` | +| `hidden.resources.limits` | The resources limits for hidden node containers | `{}` | +| `hidden.resources.requests` | The requested resources for hidden node containers | `{}` | +| `hidden.containerPorts.mongodb` | MongoDB(®) hidden container port | `27017` | +| `hidden.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `hidden.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `hidden.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `hidden.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `hidden.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `hidden.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `hidden.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `hidden.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `hidden.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | +| `hidden.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | +| `hidden.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `hidden.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `hidden.startupProbe.enabled` | Enable startupProbe | `false` | +| `hidden.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `hidden.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `hidden.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `hidden.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `hidden.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `hidden.customLivenessProbe` | Override default liveness probe for hidden node containers | `{}` | +| `hidden.customReadinessProbe` | Override default readiness probe for hidden node containers | `{}` | +| `hidden.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `hidden.initContainers` | Add init containers to the MongoDB(®) Hidden pods. | `[]` | +| `hidden.sidecars` | Add additional sidecar containers for the hidden node pod(s) | `[]` | +| `hidden.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the hidden node container(s) | `[]` | +| `hidden.extraVolumes` | Optionally specify extra list of additional volumes to the hidden node statefulset | `[]` | +| `hidden.pdb.create` | Enable/disable a Pod Disruption Budget creation for hidden node pod(s) | `false` | +| `hidden.pdb.minAvailable` | Minimum number/percentage of hidden node pods that should remain scheduled | `1` | +| `hidden.pdb.maxUnavailable` | Maximum number/percentage of hidden node pods that may be made unavailable | `""` | +| `hidden.persistence.enabled` | Enable hidden node data persistence using PVC | `true` | +| `hidden.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `hidden.persistence.storageClass` | PVC Storage Class for hidden node data volume | `""` | +| `hidden.persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | +| `hidden.persistence.size` | PVC Storage Request for hidden node data volume | `8Gi` | +| `hidden.persistence.annotations` | PVC annotations | `{}` | +| `hidden.persistence.mountPath` | The path the volume will be mounted at, useful when using different MongoDB(®) images. | `/drycc/mongodb` | +| `hidden.persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments | `""` | +| `hidden.persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | +| `hidden.persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | +| `hidden.persistence.volumeClaimTemplates.dataSource` | Set volumeClaimTemplate dataSource | `{}` | +| `hidden.service.portName` | MongoDB(®) service port name | `mongodb` | +| `hidden.service.ports.mongodb` | MongoDB(®) service port | `27017` | +| `hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `hidden.service.annotations` | Provide any additional annotations that may be required | `{}` | + + +### Metrics parameters + +| Name | Description | Value | +| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `metrics.enabled` | Enable using a sidecar Prometheus exporter | `false` | +| `metrics.image.registry` | MongoDB(®) Prometheus exporter image registry | `docker.io` | +| `metrics.image.repository` | MongoDB(®) Prometheus exporter image repository | `drycc/mongodb-exporter` | +| `metrics.image.tag` | MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) | `0.34.0-debian-11-r19` | +| `metrics.image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | MongoDB(®) Prometheus exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.username` | String with username for the metrics exporter | `""` | +| `metrics.password` | String with password for the metrics exporter | `""` | +| `metrics.extraFlags` | String with extra flags to the metrics exporter | `""` | +| `metrics.command` | Override default container command (useful when using custom images) | `[]` | +| `metrics.args` | Override default container args (useful when using custom images) | `[]` | +| `metrics.resources.limits` | The resources limits for Prometheus exporter containers | `{}` | +| `metrics.resources.requests` | The requested resources for Prometheus exporter containers | `{}` | +| `metrics.containerPort` | Port of the Prometheus metrics container | `9216` | +| `metrics.service.annotations` | Annotations for Prometheus Exporter pods. Evaluated as a template. | `{}` | +| `metrics.service.type` | Type of the Prometheus metrics service | `ClusterIP` | +| `metrics.service.ports.metrics` | Port of the Prometheus metrics service | `9216` | +| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.startupProbe.enabled` | Enable startupProbe | `false` | +| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `metrics.customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | +| `metrics.customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | +| `metrics.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricsRelabelConfigs to apply to samples before ingestion. | `[]` | +| `metrics.serviceMonitor.labels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | Namespace where prometheusRules resource should be created | `""` | +| `metrics.prometheusRule.rules` | Rules to be created, check values for an example | `[]` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set auth.rootPassword=secretpassword,auth.username=my-user,auth.password=my-password,auth.database=my-database \ + my-repo/mongodb +``` + +The above command sets the MongoDB(®) `root` account password to `secretpassword`. Additionally, it creates a standard database user named `my-user`, with the password `my-password`, who has access to a database named `my-database`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install my-release -f values.yaml my-repo/mongodb +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling vs Immutable tags](https://docs.drycc.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Drycc will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Customize a new MongoDB instance + +The [Drycc MongoDB(®) image](https://github.com/drycc/containers/tree/main/drycc/mongodb) supports the use of custom scripts to initialize a fresh instance. In order to execute the scripts, two options are available: + +* Specify them using the `initdbScripts` parameter as dict. +* Define an external Kubernetes ConfigMap with all the initialization scripts by setting the `initdbScriptsConfigMap` parameter. Note that this will override the previous option. + +The allowed script extensions are `.sh` and `.js`. + +### Replicaset: Access MongoDB(®) nodes from outside the cluster + +In order to access MongoDB(®) nodes from outside the cluster when using a replicaset architecture, a specific service per MongoDB(®) pod will be created. There are two ways of configuring external access: + +- Using LoadBalancer services +- Using NodePort services. + +Refer to the [chart documentation for more details and configuration examples](https://docs.drycc.com/kubernetes/infrastructure/mongodb/configuration/configure-external-access-replicaset/). + +### Add extra environment variables + +To add extra environment variables (useful for advanced operations like custom init scripts), use the `extraEnvVars` property. + +```yaml +extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` properties. + +### Use Sidecars and Init Containers + +If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. + +Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.drycc.com/kubernetes/infrastructure/mongodb/configuration/configure-sidecar-init-containers/). + +## Persistence + +The [Drycc MongoDB(®)](https://github.com/drycc/containers/tree/main/drycc/mongodb) image stores the MongoDB(®) data and configurations at the `/drycc/mongodb` path of the container. + +The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. + +If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.drycc.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). + +## Use custom Prometheus rules + +Custom Prometheus rules can be defined for the Prometheus Operator by using the `prometheusRule` parameter. + +Refer to the [chart documentation for an example of a custom rule](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/use-prometheus-rules/). + +## Enable SSL/TLS + +This chart supports enabling SSL/TLS between nodes in the cluster, as well as between MongoDB(®) clients and nodes, by setting the `MONGODB_EXTRA_FLAGS` and `MONGODB_CLIENT_EXTRA_FLAGS` container environment variables, together with the correct `MONGODB_ADVERTISED_HOSTNAME`. To enable full TLS encryption, set the `tls.enabled` parameter to `true`. + +Refer to the [chart documentation for more information on enabling TLS](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/enable-tls/). + +### Set Pod affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [drycc/common](https://github.com/drycc/charts/tree/master/drycc/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Drycc's Helm charts in [this troubleshooting guide](https://docs.drycc.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +If authentication is enabled, it's necessary to set the `auth.rootPassword` (also `auth.replicaSetKey` when using a replicaset architecture) when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Credentials' section. Please note down the password, and run the command below to upgrade your chart: + +```bash +$ helm upgrade my-release my-repo/mongodb --set auth.rootPassword=[PASSWORD] (--set auth.replicaSetKey=[REPLICASETKEY]) +``` + +> Note: you need to substitute the placeholders [PASSWORD] and [REPLICASETKEY] with the values obtained in the installation notes. + +### To 12.0.0 + +This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Drycc charts repository. + +Affected values: + +- `strategyType` is replaced by `updateStrategy` +- `service.port` is renamed to `service.ports.mongodb` +- `service.nodePort` is renamed to `service.nodePorts.mongodb` +- `externalAccess.service.port` is renamed to `externalAccess.hidden.service.ports.mongodb` +- `rbac.role.rules` is renamed to `rbac.rules` +- `externalAccess.hidden.service.port` is renamed ot `externalAccess.hidden.service.ports.mongodb` +- `hidden.strategyType` is replaced by `hidden.updateStrategy` +- `metrics.serviceMonitor.relabellings` is renamed to `metrics.serviceMonitor.relabelings`(typo fixed) +- `metrics.serviceMonitor.additionalLabels` is renamed to `metrics.serviceMonitor.labels` + +Additionally also updates the MongoDB image dependency to it newest major, 5.0 + +### To 11.0.0 + +In this version, the mongodb-exporter bundled as part of this Helm chart was updated to a new version which, even it is not a major change, can contain breaking changes (from `0.11.X` to `0.30.X`). +Please visit the release notes from the upstream project at https://github.com/percona/mongodb_exporter/releases + +### To 10.0.0 + +[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +[Learn more about this change and related upgrade considerations](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/upgrade-helm3/). + +### To 9.0.0 + +MongoDB(®) container images were updated to `4.4.x` and it can affect compatibility with older versions of MongoDB(®). Refer to the following guides to upgrade your applications: + +- [Standalone](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-standalone/) +- [Replica Set](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-replica-set/) + +### To 8.0.0 + +- Architecture used to configure MongoDB(®) as a replicaset was completely refactored. Now, both primary and secondary nodes are part of the same statefulset. +- Chart labels were adapted to follow the Helm charts best practices. +- This version introduces `drycc/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/drycc/charts/tree/master/drycc/common#drycc-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. +- Several parameters were renamed or disappeared in favor of new ones on this major version. These are the most important ones: + - `replicas` is renamed to `replicaCount`. + - Authentication parameters are reorganized under the `auth.*` parameter: + - `usePassword` is renamed to `auth.enabled`. + - `mongodbRootPassword`, `mongodbUsername`, `mongodbPassword`, `mongodbDatabase`, and `replicaSet.key` are now `auth.rootPassword`, `auth.username`, `auth.password`, `auth.database`, and `auth.replicaSetKey` respectively. + - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. + - Parameters prefixed with `mongodb` are renamed removing the prefix. E.g. `mongodbEnableIPv6` is renamed to `enableIPv6`. + - Parameters affecting Arbiter nodes are reorganized under the `arbiter.*` parameter. + +Consequences: + +- Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MongoDB(®) chart, and migrate your data by creating a backup of the database, and restoring it on the new release. + +### To 7.0.0 + +From this version, the way of setting the ingress rules has changed. Instead of using `ingress.paths` and `ingress.hosts` as separate objects, you should now define the rules as objects inside the `ingress.hosts` value, for example: + +```yaml +ingress: + hosts: + - name: mongodb.local + path: / +``` + +### To 6.0.0 + +From this version, `mongodbEnableIPv6` is set to `false` by default in order to work properly in most k8s clusters, if you want to use IPv6 support, you need to set this variable to `true` by adding `--set mongodbEnableIPv6=true` to your `helm` command. +You can find more information in the [`drycc/mongodb` image README](https://github.com/drycc/containers/tree/main/drycc/mongodb#readme). + +### To 5.0.0 + +When enabling replicaset configuration, backwards compatibility is not guaranteed unless you modify the labels used on the chart's statefulsets. +Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is `my-release`: + +```console +$ kubectl delete statefulset my-release-mongodb-arbiter my-release-mongodb-primary my-release-mongodb-secondary --cascade=false +``` + +### Add extra deployment options + +To add extra deployments (useful for advanced features like sidecars), use the `extraDeploy` property. + +In the example below, you can find how to use a example here for a [MongoDB replica set pod labeler sidecar](https://github.com/combor/k8s-mongo-labeler-sidecar) to identify the primary pod and dynamically label it as the primary node: + +```yaml +extraDeploy: + - apiVersion: v1 + kind: Service + metadata: + name: mongodb-primary + namespace: default + labels: + app.kubernetes.io/component: mongodb + app.kubernetes.io/instance: mongodb + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: mongodb + spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - name: mongodb-primary + port: 30001 + nodePort: 30001 + protocol: TCP + targetPort: mongodb + selector: + app.kubernetes.io/component: mongodb + app.kubernetes.io/instance: mongodb + app.kubernetes.io/name: mongodb + primary: "true" +``` + +## License + +Copyright © 2022 Drycc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/NOTES.txt b/addons/mongodb/8.0/chart/mongodb-8.0/templates/NOTES.txt new file mode 100644 index 00000000..2bb79222 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/NOTES.txt @@ -0,0 +1,202 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + +{{- else }} + +{{- $replicaCount := int .Values.replicaCount }} +{{- $portNumber := int .Values.service.ports.mongodb }} +{{- $fullname := include "mongodb.fullname" . }} +{{- $releaseNamespace := include "mongodb.namespace" . }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- $mongoList := list }} +{{- range $e, $i := until $replicaCount }} +{{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} +{{- end }} + +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer") }} + +#################################################################################### +### ERROR: You enabled external access to MongoDB® nodes without specifying ### +### the array of load balancer IPs for MongoDB® nodes. ### +#################################################################################### + +This deployment will be incomplete until you configure the array of load balancer +IPs for MongoDB® nodes. To complete your deployment follow the steps below: + +1. Wait for the load balancer IPs (it may take a few minutes for them to be available): + + kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb" -w + +2. Obtain the load balancer IPs and upgrade your chart: + + {{- range $e, $i := until $replicaCount }} + LOAD_BALANCER_IP_{{ add $i 1 }}="$(kubectl get svc --namespace {{ $releaseNamespace }} {{ $fullname }}-{{ $i }}-external -o jsonpath='{.status.loadBalancer.ingress[0].ip}')" + {{- end }} + +3. Upgrade you chart: + + helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} my-repo/{{ .Chart.Name }} \ + --set mongodb.replicaCount={{ $replicaCount }} \ + --set mongodb.externalAccess.enabled=true \ + {{- range $i, $e := until $replicaCount }} + --set mongodb.externalAccess.service.loadBalancerIPs[{{ $i }}]=$LOAD_BALANCER_IP_{{ add $i 1 }} \ + {{- end }} + --set mongodb.externalAccess.service.type=LoadBalancer + +{{- else }} + +{{- if and (or (and (eq .Values.architecture "standalone") (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort"))) (and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled)) (not .Values.auth.enabled) }} +------------------------------------------------------------------------------- + WARNING + + By not enabling "mongodb.auth.enabled" you have most likely exposed the + MongoDB® service externally without any authentication mechanism. + + For security reasons, we strongly suggest that you enable authentiation + setting the "mongodb.auth.enabled" parameter to "true". + +------------------------------------------------------------------------------- +{{- end }} + +** Please be patient while the chart is being deployed ** + +MongoDB® can be accessed on the following DNS name(s) and ports from within your cluster: + +{{- if eq .Values.architecture "replicaset" }} +{{ join "\n" $mongoList | nindent 4 }} +{{- else }} + + {{ $fullname }}.{{ $releaseNamespace }}.svc.{{ .Values.clusterDomain }} + +{{- end }} + +{{- if .Values.auth.enabled }} + +To get the root password run: + + export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.secretName" . }} -o jsonpath="{.data.mongodb-root-password}" | base64 -d) + +{{- end }} +{{- $customUsers := include "mongodb.customUsers" . -}} +{{- $customDatabases := include "mongodb.customDatabases" . -}} +{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} +{{- $customUsersList := splitList "," $customUsers }} +{{- range $index, $user := $customUsersList }} + +To get the password for "{{ $user }}" run: + + export MONGODB_PASSWORD=$(kubectl get secret --namespace {{ include "mongodb.namespace" $ }} {{ include "mongodb.secretName" $ }} -o jsonpath="{.data.mongodb-passwords}" | base64 -d | awk -F',' '{print ${{ add 1 $index }}}') + +{{- end }} +{{- end }} + +To connect to your database, create a MongoDB® client container: + + kubectl run --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }}-client --rm --tty -i --restart='Never' --env="MONGODB_ROOT_PASSWORD=$MONGODB_ROOT_PASSWORD" --image {{ template "mongodb.image" . }} --command -- bash + +Then, run the following command: + + {{- if eq .Values.architecture "replicaset" }} + mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} + {{- else }} + mongosh admin --host "{{ template "mongodb.fullname" . }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} + {{- end }} + +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }} + +To connect to your database nodes from outside, you need to add both primary and secondary nodes hostnames/IPs to your Mongo client. To obtain them, follow the instructions below: + +{{- if eq "NodePort" .Values.externalAccess.service.type }} +{{- if .Values.externalAccess.service.domain }} + + MongoDB® nodes domain: Use your provided hostname to reach MongoDB® nodes, {{ .Values.externalAccess.service.domain }} + +{{- else }} + + MongoDB® nodes domain: you can reach MongoDB® nodes on any of the K8s nodes external IPs. + + kubectl get nodes -o wide + +{{- end }} + + MongoDB® nodes port: You will have a different node port for each MongoDB® node. You can get the list of configured node ports using the command below: + + echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].spec.ports[0].nodePort}' | tr ' ' '\n')" + +{{- else if contains "LoadBalancer" .Values.externalAccess.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IPs to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -w' + + MongoDB® nodes domain: You will have a different external IP for each MongoDB® node. You can get the list of external IPs using the command below: + + echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}' | tr ' ' '\n')" + + MongoDB® nodes port: {{ .Values.externalAccess.service.ports.mongodb }} + +{{- end }} + +{{- else if eq .Values.architecture "standalone" }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "mongodb.fullname" . }}) + mongo --host $NODE_IP --port $NODE_PORT {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ template "mongodb.namespace" . }} -w {{ template "mongodb.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + mongosh --host $SERVICE_IP --port {{ $portNumber }} {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ template "mongodb.namespace" . }} svc/{{ template "mongodb.fullname" . }} {{ $portNumber }}:{{ $portNumber }} & + mongosh --host 127.0.0.1 {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- end }} +{{- end }} +{{- end }} + +{{- if .Values.metrics.enabled }} + +To access the MongoDB® Prometheus metrics, get the MongoDB® Prometheus URL by running: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "mongodb.fullname" . }}-metrics {{ .Values.metrics.service.ports.metrics }}:{{ .Values.metrics.service.ports.metrics }} & + echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.metrics.service.ports.metrics }}/metrics" + +Then, open the obtained URL in a browser. + +{{- end }} +{{- end }} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "common.warnings.rollingTag" .Values.externalAccess.autoDiscovery.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "common.warnings.rollingTag" .Values.tls.image }} + diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/_helpers.tpl b/addons/mongodb/8.0/chart/mongodb-8.0/templates/_helpers.tpl new file mode 100644 index 00000000..81f6889c --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/_helpers.tpl @@ -0,0 +1,432 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mongodb.name" -}} +{{- include "common.names.name" . -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mongodb.fullname" -}} +{{- include "common.names.fullname" . -}} +{{- end -}} + +{{/* +Create a default mongo service name which can be overridden. +*/}} +{{- define "mongodb.service.nameOverride" -}} + {{- if and .Values.service .Values.service.nameOverride -}} + {{- print .Values.service.nameOverride -}} + {{- else -}} + {{- printf "%s-headless" (include "mongodb.fullname" .) -}} + {{- end }} +{{- end }} + +{{/* +Create a default mongo arbiter service name which can be overridden. +*/}} +{{- define "mongodb.arbiter.service.nameOverride" -}} + {{- if and .Values.arbiter.service .Values.arbiter.service.nameOverride -}} + {{- print .Values.arbiter.service.nameOverride -}} + {{- else -}} + {{- printf "%s-arbiter-headless" (include "mongodb.fullname" .) -}} + {{- end }} +{{- end }} + +{{/* +Return the proper MongoDB® image name +*/}} +{{- define "mongodb.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the metrics image) +*/}} +{{- define "mongodb.metrics.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "mongodb.volumePermissions.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container auto-discovery image) +*/}} +{{- define "mongodb.externalAccess.autoDiscovery.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the TLS Certs image) +*/}} +{{- define "mongodb.tls.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.tls.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "mongodb.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "mongodb.namespace" -}} + {{- if and .Values.global .Values.global.namespaceOverride -}} + {{- print .Values.global.namespaceOverride -}} + {{- else -}} + {{- print .Release.Namespace -}} + {{- end }} +{{- end -}} +{{- define "mongodb.serviceMonitor.namespace" -}} + {{- if .Values.metrics.serviceMonitor.namespace -}} + {{- print .Values.metrics.serviceMonitor.namespace -}} + {{- else -}} + {{- include "mongodb.namespace" . -}} + {{- end }} +{{- end -}} +{{- define "mongodb.prometheusRule.namespace" -}} + {{- if .Values.metrics.prometheusRule.namespace -}} + {{- print .Values.metrics.prometheusRule.namespace -}} + {{- else -}} + {{- include "mongodb.namespace" . -}} + {{- end }} +{{- end -}} + +{{/* +Returns the proper service account name depending if an explicit service account name is set +in the values file. If the name is not set it will default to either mongodb.fullname if serviceAccount.create +is true or default otherwise. +*/}} +{{- define "mongodb.serviceAccountName" -}} + {{- if .Values.serviceAccount.create -}} + {{- default (include "mongodb.fullname" .) (print .Values.serviceAccount.name) -}} + {{- else -}} + {{- default "default" (print .Values.serviceAccount.name) -}} + {{- end -}} +{{- end -}} + +{{/* +Return the list of custom users to create during the initialization (string format) +*/}} +{{- define "mongodb.customUsers" -}} + {{- $customUsers := list -}} + {{- if .Values.auth.username -}} + {{- $customUsers = append $customUsers .Values.auth.username }} + {{- end }} + {{- range .Values.auth.usernames }} + {{- $customUsers = append $customUsers . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customUsers)) -}} +{{- end -}} + +{{/* +Return the list of passwords for the custom users (string format) +*/}} +{{- define "mongodb.customPasswords" -}} + {{- $customPasswords := list -}} + {{- if .Values.auth.password -}} + {{- $customPasswords = append $customPasswords .Values.auth.password }} + {{- end }} + {{- range .Values.auth.passwords }} + {{- $customPasswords = append $customPasswords . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customPasswords)) -}} +{{- end -}} + +{{/* +Return the list of custom databases to create during the initialization (string format) +*/}} +{{- define "mongodb.customDatabases" -}} + {{- $customDatabases := list -}} + {{- if .Values.auth.database -}} + {{- $customDatabases = append $customDatabases .Values.auth.database }} + {{- end }} + {{- range .Values.auth.databases }} + {{- $customDatabases = append $customDatabases . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customDatabases)) -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration +*/}} +{{- define "mongodb.configmapName" -}} +{{- if .Values.existingConfigmap -}} + {{- printf "%s" (tpl .Values.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® +*/}} +{{- define "mongodb.createConfigmap" -}} +{{- if and .Values.configuration (not .Values.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret with MongoDB® credentials +*/}} +{{- define "mongodb.secretName" -}} + {{- if .Values.auth.existingSecret -}} + {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} + {{- else -}} + {{- printf "%s" (include "mongodb.fullname" .) -}} + {{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for MongoDB® +*/}} +{{- define "mongodb.createSecret" -}} +{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "mongodb.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if the Arbiter should be deployed +*/}} +{{- define "mongodb.arbiter.enabled" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration for the Arbiter +*/}} +{{- define "mongodb.arbiter.configmapName" -}} +{{- if .Values.arbiter.existingConfigmap -}} + {{- printf "%s" (tpl .Values.arbiter.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-arbiter" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® Arbiter +*/}} +{{- define "mongodb.arbiter.createConfigmap" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled .Values.arbiter.configuration (not .Values.arbiter.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if the Hidden should be deployed +*/}} +{{- define "mongodb.hidden.enabled" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.hidden.enabled }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration for the Hidden +*/}} +{{- define "mongodb.hidden.configmapName" -}} +{{- if .Values.hidden.existingConfigmap -}} + {{- printf "%s" (tpl .Values.hidden.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-hidden" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® Hidden +*/}} +{{- define "mongodb.hidden.createConfigmap" -}} +{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.enabled .Values.hidden.configuration (not .Values.hidden.existingConfigmap) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "mongodb.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "mongodb.validateValues.pspAndRBAC" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.architecture" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBs" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBsLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.externalAccessServiceType" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.loadBalancerIPsListLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.nodePortListLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate RBAC is created when using PSP */}} +{{- define "mongodb.validateValues.pspAndRBAC" -}} +{{- if and (.Values.podSecurityPolicy.create) (not .Values.rbac.create) -}} +mongodb: podSecurityPolicy.create, rbac.create + Both podSecurityPolicy.create and rbac.create must be true, if you want + to create podSecurityPolicy +{{- end -}} +{{- end -}} + +{{/* Validate values of MongoDB® - must provide a valid architecture */}} +{{- define "mongodb.validateValues.architecture" -}} +{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replicaset") -}} +mongodb: architecture + Invalid architecture selected. Valid values are "standalone" and + "replicaset". Please set a valid architecture (--set mongodb.architecture="xxxx") +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - both auth.usernames and auth.databases are necessary +to create a custom user and database during 1st initialization +*/}} +{{- define "mongodb.validateValues.customUsersDBs" -}} +{{- $customUsers := include "mongodb.customUsers" . -}} +{{- $customDatabases := include "mongodb.customDatabases" . -}} +{{- if or (and (empty $customUsers) (not (empty $customDatabases))) (and (not (empty $customUsers)) (empty $customDatabases)) }} +mongodb: auth.usernames, auth.databases + Both auth.usernames and auth.databases must be provided to create + custom users and databases during 1st initialization. + Please set both of them (--set auth.usernames[0]="xxxx",auth.databases[0]="yyyy") +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - both auth.usernames and auth.databases arrays should have the same length +to create a custom user and database during 1st initialization +*/}} +{{- define "mongodb.validateValues.customUsersDBsLength" -}} +{{- if ne (len .Values.auth.usernames) (len .Values.auth.databases) }} +mongodb: auth.usernames, auth.databases + Both auth.usernames and auth.databases arrays should have the same length +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - service type for external access +*/}} +{{- define "mongodb.validateValues.externalAccessServiceType" -}} +{{- if and (eq .Values.architecture "replicaset") (not (eq .Values.externalAccess.service.type "NodePort")) (not (eq .Values.externalAccess.service.type "LoadBalancer")) (not (eq .Values.externalAccess.service.type "ClusterIP")) -}} +mongodb: externalAccess.service.type + Available service type for external access are NodePort, LoadBalancer or ClusterIP. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - number of replicas must be the same than LoadBalancer IPs list +*/}} +{{- define "mongodb.validateValues.loadBalancerIPsListLength" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- $loadBalancerListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled ) (eq .Values.externalAccess.service.type "LoadBalancer") (not (eq $replicaCount $loadBalancerListLength )) -}} +mongodb: .Values.externalAccess.service.loadBalancerIPs + Number of replicas and loadBalancerIPs array length must be the same. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - number of replicas must be the same than NodePort list +*/}} +{{- define "mongodb.validateValues.nodePortListLength" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- $nodePortListLength := len .Values.externalAccess.service.nodePorts }} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "NodePort") (not (eq $replicaCount $nodePortListLength )) -}} +mongodb: .Values.externalAccess.service.nodePorts + Number of replicas and nodePorts array length must be the same. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - RBAC should be enabled when autoDiscovery is enabled +*/}} +{{- define "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (not .Values.rbac.create ) }} +mongodb: rbac.create + By specifying "externalAccess.enabled=true" and "externalAccess.autoDiscovery.enabled=true" + an initContainer will be used to autodetect the external IPs/ports by querying the + K8s API. Please note this initContainer requires specific RBAC resources. You can create them + by specifying "--set rbac.create=true". +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® exporter URI string - auth.enabled and/or tls.enabled must be enabled or it defaults +*/}} +{{- define "mongodb.mongodb_exporter.uri" -}} + {{- $uriTlsArgs := ternary "tls=true&tlsCertificateKeyFile=/certs/mongodb.pem&tlsCAFile=/certs/mongodb-ca-cert" "" .Values.tls.enabled -}} + {{- if .Values.metrics.username }} + {{- $uriAuth := ternary "$(echo $MONGODB_METRICS_USERNAME | sed -r \"s/@/%40/g;s/:/%3A/g\"):$(echo $MONGODB_METRICS_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} + {{- printf "mongodb://%slocalhost:27017/admin?%s" $uriAuth $uriTlsArgs -}} + {{- else -}} + {{- $uriAuth := ternary "$MONGODB_ROOT_USER:$(echo $MONGODB_ROOT_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} + {{- printf "mongodb://%slocalhost:27017/admin?%s" $uriAuth $uriTlsArgs -}} + {{- end -}} +{{- end -}} + + +{{/* +Return the appropriate apiGroup for PodSecurityPolicy. +*/}} +{{- define "podSecurityPolicy.apiGroup" -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "policy" -}} +{{- else -}} +{{- print "extensions" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS secret object should be created +*/}} +{{- define "mongodb.createTlsSecret" -}} +{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret containing MongoDB® TLS certificates +*/}} +{{- define "mongodb.tlsSecretName" -}} +{{- $secretName := .Values.tls.existingSecret -}} +{{- if $secretName -}} + {{- printf "%s" (tpl $secretName $) -}} +{{- else -}} + {{- printf "%s-ca" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/configmap.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/configmap.yaml new file mode 100644 index 00000000..1aacbd79 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "mongodb.arbiter.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ print "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/headless-svc.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/headless-svc.yaml new file mode 100644 index 00000000..2bc3658c --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/headless-svc.yaml @@ -0,0 +1,33 @@ +{{- if (include "mongodb.arbiter.enabled" .) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.arbiter.service.nameOverride" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.arbiter.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.arbiter.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-mongodb + port: {{ .Values.arbiter.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.arbiter.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: arbiter +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/pdb.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/pdb.yaml new file mode 100644 index 00000000..6402f682 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/pdb.yaml @@ -0,0 +1,25 @@ +{{- if and (include "mongodb.arbiter.enabled" .) .Values.arbiter.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.arbiter.pdb.minAvailable }} + minAvailable: {{ .Values.arbiter.pdb.minAvailable }} + {{- end }} + {{- if .Values.arbiter.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.arbiter.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: arbiter +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/statefulset.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/statefulset.yaml new file mode 100644 index 00000000..a54b3575 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/arbiter/statefulset.yaml @@ -0,0 +1,279 @@ +{{- if (include "mongodb.arbiter.enabled" .) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.arbiter.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.arbiter.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.arbiter.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + serviceName: {{ include "mongodb.arbiter.service.nameOverride" . }} + podManagementPolicy: {{ .Values.arbiter.podManagementPolicy }} + {{- if .Values.arbiter.updateStrategy }} + updateStrategy: {{- toYaml .Values.arbiter.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: arbiter + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: arbiter + {{- if .Values.arbiter.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.arbiter.createConfigmap" .) .Values.arbiter.podAnnotations }} + annotations: + {{- if (include "mongodb.arbiter.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/arbiter/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.arbiter.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.arbiter.schedulerName }} + schedulerName: {{ .Values.arbiter.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.arbiter.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAffinityPreset "component" "arbiter" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAntiAffinityPreset "component" "arbiter" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.arbiter.nodeAffinityPreset.type "key" .Values.arbiter.nodeAffinityPreset.key "values" .Values.arbiter.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.arbiter.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.priorityClassName }} + priorityClassName: {{ .Values.arbiter.priorityClassName }} + {{- end }} + {{- if .Values.arbiter.runtimeClassName }} + runtimeClassName: {{ .Values.arbiter.runtimeClassName }} + {{- end }} + {{- if .Values.arbiter.podSecurityContext.enabled }} + securityContext: {{- omit .Values.arbiter.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.arbiter.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.arbiter.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if .Values.arbiter.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: generate-client + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.arbiter.service.nameOverride" . }} + {{- end }} + containers: + - name: mongodb-arbiter + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.arbiter.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.arbiter.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.arbiter.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.arbiter.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.arbiter.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.arbiter.service.nameOverride" . }}" + - name: MONGODB_REPLICA_SET_MODE + value: "arbiter" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.%s.$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) (include "mongodb.service.nameOverride" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + - name: MONGODB_PORT_NUMBER + value: {{ .Values.arbiter.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_INITIAL_PRIMARY_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + {{- $extraFlags := .Values.arbiter.extraFlags | join " " -}} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.arbiter.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.arbiter.extraEnvVarsCM .Values.arbiter.extraEnvVarsSecret }} + envFrom: + {{- if .Values.arbiter.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.arbiter.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.arbiter.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.arbiter.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.arbiter.containerPorts.mongodb }} + name: mongodb + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.arbiter.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- if .Values.arbiter.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.readinessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- if .Values.arbiter.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- end }} + {{- if .Values.arbiter.resources }} + resources: {{- toYaml .Values.arbiter.resources | nindent 12 }} + {{- end }} + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumeMounts .Values.tls.enabled }} + volumeMounts: + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.arbiter.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.arbiter.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0555 + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.arbiter.configmapName" . }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if .Values.arbiter.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/common-scripts-cm.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/common-scripts-cm.yaml new file mode 100644 index 00000000..4493f7db --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/common-scripts-cm.yaml @@ -0,0 +1,104 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + startup-probe.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true$' + readiness-probe.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + # Run the proper check depending on the version + [[ $(mongod -version | grep "db version") =~ ([0-9]+\.[0-9]+\.[0-9]+) ]] && VERSION=${BASH_REMATCH[1]} + . /opt/drycc/scripts/libversion.sh + VERSION_MAJOR="$(get_sematic_version "$VERSION" 1)" + VERSION_MINOR="$(get_sematic_version "$VERSION" 2)" + VERSION_PATCH="$(get_sematic_version "$VERSION" 3)" + if [[ ( "$VERSION_MAJOR" -ge 5 ) || ( "$VERSION_MAJOR" -ge 4 && "$VERSION_MINOR" -ge 4 && "$VERSION_PATCH" -ge 2 ) ]]; then + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true$' + else + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.isMaster().ismaster || db.isMaster().secondary' | grep -q 'true$' + fi + ping-mongodb.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval "db.adminCommand('ping')" + {{- if .Values.tls.enabled }} + generate-certs.sh: | + #!/bin/bash + additional_ips=() + additional_names=() + while getopts "i:n:s:" flag + do + case "${flag}" in + i) read -a additional_ips <<< ${OPTARG//,/ } ;; + n) read -a additional_names <<< ${OPTARG//,/ } ;; + s) svc=${OPTARG// /} ;; + \?) exit 1 ;; + esac + done + + my_hostname=$(hostname) + cp /certs/CAs/* /certs/ + cat >/certs/openssl.cnf <>/certs/openssl.cnf <>/certs/openssl.cnf < /certs/mongodb.pem + cd /certs/ + shopt -s extglob + rm -rf !(mongodb-ca-cert|mongodb.pem|CAs|openssl.cnf) + chmod 0600 mongodb-ca-cert mongodb.pem + {{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/configmap.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/configmap.yaml new file mode 100644 index 00000000..76608c4e --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "mongodb.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/extra-list.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/extra-list.yaml new file mode 100644 index 00000000..9ac65f9e --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/configmap.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/configmap.yaml new file mode 100644 index 00000000..d7271f05 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/configmap.yaml @@ -0,0 +1,15 @@ +{{- if (include "mongodb.hidden.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/external-access-svc.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/external-access-svc.yaml new file mode 100644 index 00000000..d9bbdc8e --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/external-access-svc.yaml @@ -0,0 +1,67 @@ +{{- if and (include "mongodb.hidden.enabled" .) .Values.externalAccess.hidden.enabled }} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.hidden.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-hidden-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-hidden-%d-external" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} + {{- if or $root.Values.externalAccess.hidden.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.externalAccess.hidden.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.hidden.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.hidden.service.type }} + {{- if eq $root.Values.externalAccess.hidden.service.type "LoadBalancer" }} + {{- if not (empty $root.Values.externalAccess.hidden.service.loadBalancerIPs) }} + loadBalancerIP: {{ index $root.Values.externalAccess.hidden.service.loadBalancerIPs $i }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + {{- if (or (eq $root.Values.externalAccess.hidden.service.type "LoadBalancer") (eq $root.Values.externalAccess.hidden.service.type "NodePort")) }} + externalTrafficPolicy: {{ $root.Values.externalAccess.hidden.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.sessionAffinity }} + sessionAffinity: {{ $root.Values.externalAccess.hidden.service.sessionAffinity }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.externalAccess.hidden.service.portName | quote }} + port: {{ $root.Values.externalAccess.hidden.service.ports.mongodb }} + {{- if not (empty $root.Values.externalAccess.hidden.service.nodePorts) }} + {{- $nodePort := index $root.Values.externalAccess.hidden.service.nodePorts $i }} + nodePort: {{ $nodePort }} + {{- else }} + nodePort: null + {{- end }} + targetPort: mongodb + {{- if $root.Values.externalAccess.hidden.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: hidden + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/headless-svc.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/headless-svc.yaml new file mode 100644 index 00000000..725e0256 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/headless-svc.yaml @@ -0,0 +1,34 @@ +{{- if (include "mongodb.hidden.enabled" .) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.hidden.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.hidden.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: {{ .Values.hidden.service.portName | quote }} + port: {{ .Values.hidden.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.hidden.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: hidden +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/pdb.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/pdb.yaml new file mode 100644 index 00000000..ce233db3 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/pdb.yaml @@ -0,0 +1,22 @@ +{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" . )}} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.hidden.pdb.minAvailable }} + minAvailable: {{ .Values.hidden.pdb.minAvailable }} + {{- end }} + {{- if .Values.hidden.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.hidden.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: hidden +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/statefulset.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/statefulset.yaml new file mode 100644 index 00000000..9373d937 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/hidden/statefulset.yaml @@ -0,0 +1,533 @@ +{{- if (include "mongodb.hidden.enabled" .) }} +{{- $replicaCount := int .Values.hidden.replicaCount }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.hidden.service.loadBalancerIPs }} +{{- if not (and .Values.externalAccess.hidden.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.hidden.service.type "LoadBalancer")) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.hidden.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.hidden.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + serviceName: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + podManagementPolicy: {{ .Values.hidden.podManagementPolicy }} + replicas: {{ .Values.hidden.replicaCount }} + {{- if .Values.hidden.updateStrategy }} + updateStrategy: {{- toYaml .Values.hidden.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: hidden + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: hidden + {{- if .Values.hidden.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.hidden.createConfigmap" .) .Values.hidden.podAnnotations }} + annotations: + {{- if (include "mongodb.hidden.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/hidden/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.hidden.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hidden.schedulerName }} + schedulerName: {{ .Values.hidden.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.hidden.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAffinityPreset "component" "" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAntiAffinityPreset "component" "" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.hidden.nodeAffinityPreset.type "key" .Values.hidden.nodeAffinityPreset.key "values" .Values.hidden.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.hidden.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.priorityClassName }} + priorityClassName: {{ .Values.hidden.priorityClassName }} + {{- end }} + {{- if .Values.hidden.runtimeClassName }} + runtimeClassName: {{ .Values.hidden.runtimeClassName }} + {{- end }} + {{- if .Values.hidden.podSecurityContext.enabled }} + securityContext: {{- omit .Values.hidden.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.hidden.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.hidden.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.hidden.initContainers (and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled) (and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.hidden.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} + find {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.hidden.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + {{- if .Values.externalAccess.hidden.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.hidden.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: auto-discovery + image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} + imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} + command: + - /scripts/auto-discovery.sh + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SHARED_FILE + value: "/shared/info.txt" + {{- if .Values.externalAccess.autoDiscovery.resources }} + resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: shared + mountPath: /shared + - name: scripts + mountPath: /scripts/auto-discovery.sh + subPath: auto-discovery.sh + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.hidden.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.hidden.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.hidden.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.command "context" $) | nindent 12 }} + {{- else }} + command: + - /scripts/setup-hidden.sh + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.hidden.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.hidden.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: SHARED_FILE + value: "/shared/info.txt" + {{- end }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.service.nameOverride" . }}" + - name: K8S_HIDDEN_NODE_SERVICE_NAME + value: "{{ include "mongodb.fullname" . }}-hidden-headless" + - name: MONGODB_REPLICA_SET_MODE + value: "hidden" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.hidden.enabled) }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_HIDDEN_NODE_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + {{- end }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.hidden.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.hidden.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.hidden.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.hidden.extraEnvVarsCM .Values.hidden.extraEnvVarsSecret }} + envFrom: + {{- if .Values.hidden.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.hidden.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.hidden.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.hidden.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.hidden.containerPorts.mongodb }} + name: mongodb + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.hidden.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.hidden.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.hidden.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.hidden.resources }} + resources: {{- toYaml .Values.hidden.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.hidden.persistence.mountPath }} + subPath: {{ .Values.hidden.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + - name: scripts + mountPath: /scripts/setup-hidden.sh + subPath: setup-hidden.sh + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: shared + mountPath: /shared + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.hidden.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + mongodb_exporter --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: 9216 + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.hidden.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0555 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.hidden.configmapName" . }} + {{- end }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: shared + emptyDir: {} + {{- end }} + - name: scripts + configMap: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0755 + {{- if .Values.hidden.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.hidden.persistence.enabled }} + - name: datadir + {{- if .Values.hidden.persistence.medium }} + emptyDir: + medium: {{ .Values.hidden.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.hidden.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.hidden.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.hidden.persistence.size | quote }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.requests }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.hidden.persistence "global" .Values.global) }} + {{- end }} +{{- end }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/initialization-configmap.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/initialization-configmap.yaml new file mode 100644 index 00000000..f3d023ab --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/initialization-configmap.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-init-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/metrics-svc.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/metrics-svc.yaml new file mode 100644 index 00000000..2a36dfc8 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/metrics-svc.yaml @@ -0,0 +1,33 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.metrics.service.type }} + ports: + - port: {{ .Values.metrics.service.ports.metrics }} + targetPort: metrics + protocol: TCP + name: http-metrics + {{- if .Values.metrics.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/networkpolicy.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/networkpolicy.yaml new file mode 100644 index 00000000..28b22388 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/networkpolicy.yaml @@ -0,0 +1,45 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.service.type "ClusterIP" }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.service.ports.mongodb }} + - port: {{ .Values.metrics.service.ports.metrics }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + ingress: + - {} + {{- end }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/prometheusrule.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/prometheusrule.yaml new file mode 100644 index 00000000..29d2ea46 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/prometheusrule.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.prometheusRule.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "mongodb.fullname" . }} + rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/psp.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/psp.yaml new file mode 100644 index 00000000..e9ef023b --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/psp.yaml @@ -0,0 +1,50 @@ +{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- if and $pspAvailable .Values.podSecurityPolicy.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: +{{- if .Values.podSecurityPolicy.spec }} +{{ include "common.tplvalues.render" ( dict "value" .Values.podSecurityPolicy.spec "context" $ ) | nindent 2 }} +{{- else }} + allowPrivilegeEscalation: {{ .Values.podSecurityPolicy.allowPrivilegeEscalation }} + fsGroup: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.podSecurityContext.fsGroup }} + max: {{ .Values.podSecurityContext.fsGroup }} + hostIPC: false + hostNetwork: false + hostPID: false + privileged: {{ .Values.podSecurityPolicy.privileged }} + readOnlyRootFilesystem: false + requiredDropCapabilities: + - ALL + runAsUser: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.containerSecurityContext.runAsUser }} + max: {{ .Values.containerSecurityContext.runAsUser }} + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.containerSecurityContext.runAsUser }} + max: {{ .Values.containerSecurityContext.runAsUser }} + volumes: + - 'configMap' + - 'secret' + - 'emptyDir' + - 'persistentVolumeClaim' +{{- end }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/access-svc.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/access-svc.yaml new file mode 100644 index 00000000..caa15f36 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/access-svc.yaml @@ -0,0 +1,32 @@ +{{- if (eq .Values.architecture "replicaset") }} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} +spec: + type: {{ $root.Values.service.type }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.service.portName | quote }} + port: {{ $root.Values.service.ports.mongodb }} + targetPort: mongodb + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/external-access-svc.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/external-access-svc.yaml new file mode 100644 index 00000000..f1acd6bf --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/external-access-svc.yaml @@ -0,0 +1,67 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not (eq .Values.externalAccess.service.type "ClusterIP")) false}} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d-external" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} + {{- if or $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.externalAccess.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.service.type }} + {{- if eq $root.Values.externalAccess.service.type "LoadBalancer" }} + {{- if not (empty $root.Values.externalAccess.service.loadBalancerIPs) }} + loadBalancerIP: {{ index $root.Values.externalAccess.service.loadBalancerIPs $i }} + {{- end }} + {{- if $root.Values.externalAccess.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + {{- if (or (eq $root.Values.externalAccess.service.type "LoadBalancer") (eq $root.Values.externalAccess.service.type "NodePort")) }} + externalTrafficPolicy: {{ $root.Values.externalAccess.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if $root.Values.externalAccess.service.sessionAffinity }} + sessionAffinity: {{ $root.Values.externalAccess.service.sessionAffinity }} + {{- end }} + {{- if $root.Values.externalAccess.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.externalAccess.service.portName | quote }} + port: {{ $root.Values.externalAccess.service.ports.mongodb }} + {{- if not (empty $root.Values.externalAccess.service.nodePorts) }} + {{- $nodePort := index $root.Values.externalAccess.service.nodePorts $i }} + nodePort: {{ $nodePort }} + {{- else }} + nodePort: null + {{- end }} + targetPort: mongodb + {{- if $root.Values.externalAccess.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/headless-svc.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/headless-svc.yaml new file mode 100644 index 00000000..78f26ab9 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/headless-svc.yaml @@ -0,0 +1,34 @@ +{{- if eq .Values.architecture "replicaset" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.service.nameOverride" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: {{ .Values.service.portName | quote }} + port: {{ .Values.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/pdb.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/pdb.yaml new file mode 100644 index 00000000..a2b6492f --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/pdb.yaml @@ -0,0 +1,25 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/scripts-configmap.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/scripts-configmap.yaml new file mode 100644 index 00000000..ed5a8627 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/scripts-configmap.yaml @@ -0,0 +1,301 @@ +{{- if eq .Values.architecture "replicaset" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- $fullname := include "mongodb.fullname" . }} + {{- $releaseNamespace := include "mongodb.namespace" . }} + {{- if and .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + auto-discovery.sh: |- + #!/bin/bash + + SVC_NAME="${MY_POD_NAME}-external" + + # Auxiliary functions + retry_while() { + local -r cmd="${1:?cmd is missing}" + local -r retries="${2:-12}" + local -r sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<< "$cmd" + for ((i = 1 ; i <= retries ; i+=1 )); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value + } + k8s_svc_lb_ip() { + local namespace=${1:?namespace is missing} + local service=${2:?service is missing} + local service_ip=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].ip}") + local service_hostname=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].hostname}") + + if [[ -n ${service_ip} ]]; then + echo "${service_ip}" + else + echo "${service_hostname}" + fi + } + k8s_svc_lb_ip_ready() { + local namespace=${1:?namespace is missing} + local service=${2:?service is missing} + [[ -n "$(k8s_svc_lb_ip "$namespace" "$service")" ]] + } + # Wait until LoadBalancer IP is ready + retry_while "k8s_svc_lb_ip_ready {{ $releaseNamespace }} $SVC_NAME" || exit 1 + # Obtain LoadBalancer external IP + k8s_svc_lb_ip "{{ $releaseNamespace }}" "$SVC_NAME" | tee "$SHARED_FILE" + {{- end }} + setup.sh: |- + #!/bin/bash + + . /opt/drycc/scripts/mongodb-env.sh + . /opt/drycc/scripts/libfs.sh + . /opt/drycc/scripts/liblog.sh + . /opt/drycc/scripts/libvalidations.sh + + {{- if .Values.externalAccess.enabled }} + {{- if eq .Values.externalAccess.service.type "LoadBalancer" }} + {{- if .Values.externalAccess.autoDiscovery.enabled }} + export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" + {{- else }} + ID="${MY_POD_NAME#"{{ $fullname }}-"}" + export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- end }} + {{- else if eq .Values.externalAccess.service.type "NodePort" }} + ID="${MY_POD_NAME#"{{ $fullname }}-"}" + export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- if .Values.externalAccess.service.domain }} + export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.service.domain }} + {{- else }} + export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP + {{- end }} + {{- end }} + {{- end }} + + {{- if .Values.replicaSetConfigurationSettings.enabled }} + # placed here before root password env is overwritten + # makes no assumption about starting state + # ensures that any stepDown or non-default starting state is handled + /scripts/replicaSetConfigurationSettings.sh & + {{- end }} + + if is_empty_value "$MONGODB_ADVERTISED_PORT_NUMBER"; then + export MONGODB_ADVERTISED_PORT_NUMBER="$MONGODB_PORT_NUMBER" + fi + + info "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME" + info "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER" + + # Check for existing replica set in case there is no data in the PVC + # This is for cases where the PVC is lost or for MongoDB caches without + # persistence + current_primary="" + if is_dir_empty "${MONGODB_DATA_DIR}/db"; then + info "Data dir empty, checking if the replica set already exists" + {{- $replicaCount := int .Values.replicaCount }} + {{- $portNumber := int .Values.service.ports.mongodb }} + {{- $fullname := include "mongodb.fullname" . }} + {{- $releaseNamespace := include "mongodb.namespace" . }} + {{- $clusterDomain := .Values.clusterDomain }} + {{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} + {{- $mongoList := list }} + {{- range $e, $i := until $replicaCount }} + {{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} + {{- end }} + current_primary=$(mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }}{{- if .Values.tls.enabled}} --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert{{- end }} --eval 'db.runCommand("ismaster")' | awk -F\' '/primary/ {print $2}') + + if ! is_empty_value "$current_primary"; then + info "Detected existing primary: ${current_primary}" + fi + fi + + if ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" == "$current_primary" ]]; then + info "Advertised name matches current primary, configuring node as a primary" + export MONGODB_REPLICA_SET_MODE="primary" + elif ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" != "$current_primary" ]]; then + info "Current primary is different from this node. Configuring the node as replica of ${current_primary}" + export MONGODB_REPLICA_SET_MODE="secondary" + export MONGODB_INITIAL_PRIMARY_HOST="${current_primary%:*}" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="${current_primary#*:}" + export MONGODB_SET_SECONDARY_OK="yes" + elif [[ "$MY_POD_NAME" = "{{ $fullname }}-0" ]]; then + info "Pod name matches initial primary pod name, configuring node as a primary" + export MONGODB_REPLICA_SET_MODE="primary" + else + info "Pod name doesn't match initial primary pod name, configuring node as a secondary" + export MONGODB_REPLICA_SET_MODE="secondary" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER" + fi + + if [[ "$MONGODB_REPLICA_SET_MODE" == "secondary" ]]; then + export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER" + export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" + export MONGODB_ROOT_PASSWORD="" + export MONGODB_EXTRA_USERNAMES="" + export MONGODB_EXTRA_DATABASES="" + export MONGODB_EXTRA_PASSWORDS="" + export MONGODB_ROOT_PASSWORD_FILE="" + export MONGODB_EXTRA_USERNAMES_FILE="" + export MONGODB_EXTRA_DATABASES_FILE="" + export MONGODB_EXTRA_PASSWORDS_FILE="" + fi + + exec /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + setup-hidden.sh: |- + #!/bin/bash + + . /opt/drycc/scripts/mongodb-env.sh + + {{- if .Values.externalAccess.hidden.enabled }} + {{- if eq .Values.externalAccess.hidden.service.type "LoadBalancer" }} + {{- if .Values.externalAccess.autoDiscovery.enabled }} + export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" + {{- else }} + ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}" + export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.hidden.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- end }} + {{- else if eq .Values.externalAccess.hidden.service.type "NodePort" }} + ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}" + export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.hidden.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- if .Values.externalAccess.hidden.service.domain }} + export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.hidden.service.domain }} + {{- else }} + export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP + {{- end }} + {{- end }} + {{- end }} + + {{- if .Values.replicaSetConfigurationSettings.enabled }} + # placed here before root password env is overwritten + # makes no assumption about starting state + # ensures that any stepDown or non-default starting state is handled + /scripts/replicaSetConfigurationSettings.sh & + {{- end }} + + echo "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME" + echo "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER" + echo "Configuring node as a hidden node" + export MONGODB_REPLICA_SET_MODE="hidden" + export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER" + export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER" + export MONGODB_ROOT_PASSWORD="" + export MONGODB_EXTRA_USERNAMES="" + export MONGODB_EXTRA_DATABASES="" + export MONGODB_EXTRA_PASSWORDS="" + export MONGODB_ROOT_PASSWORD_FILE="" + export MONGODB_EXTRA_USERNAMES_FILE="" + export MONGODB_EXTRA_DATABASES_FILE="" + export MONGODB_EXTRA_PASSWORDS_FILE="" + exec /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + {{- if .Values.replicaSetConfigurationSettings.enabled }} + replicaSetConfigurationSettings.sh: |- + #!/bin/bash + # This script to be called when pod starts. + # This script sets rs settings which can not be applied via conf file + + function logger () + #$1 is the line to be logged + { + echo "replicaSetConfigurationSettings.sh -- ${1}" >&1 + } + + SLEEP_PERIOD=10 + + {{- if and .Values.auth.enabled .Values.auth.rootPassword }} + usernameAndPassword="-u root -p ${MONGODB_ROOT_PASSWORD}" + {{- else }} + usernameAndPassword="" + {{- end }} + + # load Values.replicaSetConfigurationSettings.configuration into associtive array which makes iterating and string manipulation easy + declare -A desiredRsConf + {{ range $setting, $value := .Values.replicaSetConfigurationSettings.configuration -}} + {{ printf "desiredRsConf[%s]='%v'" $setting $value }} + {{ end }} + + rsConfWriteAttempts=0 + rs_conf_configured_ok=unknown + + while [[ "${rs_conf_configured_ok}" != "true" ]]; do + + # give the rs setup a chance to succeed before attempting to read or configure + sleep ${SLEEP_PERIOD} + + counter=0 + while ! mongosh ${usernameAndPassword} --eval 'rs.conf()'; do + counter=$((${counter} +1)) + logger "not yet able to read rs.conf settings from the currently running rs (after ${counter} attempts)" + sleep ${SLEEP_PERIOD} + done + counter=$((${counter} +1)) + logger "rs.conf settings have been read from the currently running rs (after ${counter} attempts)" + + # read rs.conf again and store it. settings format is '"" : ,' + currentRsConf=$(mongosh ${usernameAndPassword} --eval 'rs.conf()') + + desiredEqualsactual=unknown + settingsToConfigure="" + for key in ${!desiredRsConf[@]}; do + value=${desiredRsConf[$key]} + if ! $(echo "\"${currentRsConf}"\" | grep -q -e "${key}: ${value},"); then + logger "rs conf setting: ${key} value will be set to: ${value}" + settingsToConfigure="${settingsToConfigure}cfg.settings.${key} = ${value}; " + desiredEqualsactual=false + else + logger "rs conf: ${key} is already at desired value: ${value}" + fi + done + + if [[ "${desiredEqualsactual}" != "false" ]]; then + logger "replicaSetConfigurationSettings match the settings of the currently running rs" + desiredEqualsactual=true + rs_conf_configured_ok=true + logger "Current settings match desired settings (There have been ${rsConfWriteAttempts} attempts to write to mongoDB rs configuration)" + exit + fi + + # apply the settings only if this member is currently the mongo replicaset PRIMARY + # it might take a little time before any pod is PRIMARY + isMaster=unknown + if ! mongosh ${usernameAndPassword} --eval 'rs.isMaster()' | grep -q "ismaster: true"; then + isMaster=false + logger "This node is not yet PRIMARY - replicaSetConfigurationSettings will only be set on the member that is currently PRIMARY" + else + isMaster=true + logger "This node is PRIMARY" + fi + + if [[ "${isMaster}" == "true" ]]; then + logger "This node is currently PRIMARY - will apply rs.conf settings" + + # avoiding tricky string substitution with single quotes by making the eval string a set of vars + rsconf="cfg = rs.conf();" + rsreconf="rs.reconfig(cfg);" + rsCommand="${rsconf} ${settingsToConfigure} ${rsreconf}" + + mongosh ${usernameAndPassword} --eval "${rsCommand}" + if [ $? -ne 0 ]; then + logger "Failed to apply mongodb cfg.settings configuration" + else + logger "mongodb replicaset cfg.settings configuration applied" + logger "Will check rs conf" + # don't exit just yet - the settings will be checked in the next loop + fi + rsConfWriteAttempts=$((${rsConfWriteAttempts} + 1 )) + fi + done + {{- end }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/statefulset.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/statefulset.yaml new file mode 100644 index 00000000..eddaae09 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/statefulset.yaml @@ -0,0 +1,543 @@ +{{- if eq .Values.architecture "replicaset" }} +{{- $replicaCount := int .Values.replicaCount }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- if not (and .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer")) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.labels "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + serviceName: {{ include "mongodb.service.nameOverride" . }} + podManagementPolicy: {{ .Values.podManagementPolicy }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: Delete + whenScaled: Retain + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mongodb + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} + annotations: + {{- if (include "mongodb.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: {{ .Values.runtimeClassName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.service.nameOverride" . }} + {{- if .Values.externalAccess.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: auto-discovery + image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} + imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} + command: + - /scripts/auto-discovery.sh + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SHARED_FILE + value: "/shared/info.txt" + {{- if .Values.externalAccess.autoDiscovery.resources }} + resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: shared + mountPath: /shared + - name: scripts + mountPath: /scripts/auto-discovery.sh + subPath: auto-discovery.sh + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- else }} + command: + - /scripts/setup.sh + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: DRYCC_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: SHARED_FILE + value: "/shared/info.txt" + {{- end }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.service.nameOverride" . }}" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.enabled) }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + {{- end }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - name: mongodb + containerPort: {{ .Values.containerPorts.mongodb }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/readiness-probe.sh + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + - name: scripts + mountPath: /scripts/setup.sh + subPath: setup.sh + {{ if .Values.replicaSetConfigurationSettings.enabled }} + - name: scripts + mountPath: /scripts/replicaSetConfigurationSettings.sh + subPath: replicaSetConfigurationSettings.sh + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: shared + mountPath: /shared + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + mongodb_exporter --collector.replicasetstatus --collector.dbstats --collector.indexstats --collector.collstats --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPort }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0550 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.configmapName" . }} + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: shared + emptyDir: {} + {{- end }} + - name: scripts + configMap: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0755 + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: datadir + {{- if .Values.persistence.medium }} + emptyDir: + medium: {{ .Values.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.volumeClaimTemplates.requests }} + {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.persistence.volumeClaimTemplates.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- end }} +{{- end }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/svc.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/svc.yaml new file mode 100644 index 00000000..55c56b87 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/replicaset/svc.yaml @@ -0,0 +1,43 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }} + +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or $root.Values.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.service.type }} + ports: + - name: {{ $root.Values.service.portName | quote }} + port: {{ $root.Values.service.ports.mongodb }} + targetPort: mongodb + {{- if $root.Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/role.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/role.yaml new file mode 100644 index 00000000..56300431 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +{{- if .Values.rbac.rules }} +{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} +{{- end -}} +{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- if and $pspAvailable .Values.podSecurityPolicy.create }} + - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ include "mongodb.fullname" . }}] +{{- end -}} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/rolebinding.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/rolebinding.yaml new file mode 100644 index 00000000..8950f8bb --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: Role + name: {{ include "mongodb.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "mongodb.serviceAccountName" . }} + namespace: {{ include "mongodb.namespace" . | quote }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/secrets-ca.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/secrets-ca.yaml new file mode 100644 index 00000000..f054e159 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/secrets-ca.yaml @@ -0,0 +1,37 @@ +{{- if (include "mongodb.createTlsSecret" .) }} +{{- $fullname := include "mongodb.fullname" . }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $cn := printf "%s.%s.svc.%s" $fullname .Release.Namespace $clusterDomain }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "mongodb.tlsSecretName" . }} + namespace: {{ template "mongodb.namespace" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if or .Values.tls.caCert .Values.tls.caKey (not .Values.tls.autoGenerated) }} + {{- $ca := buildCustomCert (required "A valid .Values.tls.caCert is required!" .Values.tls.caCert) (required "A valid .Values.tls.caKey is required!" .Values.tls.caKey) }} + {{- $cert := genSignedCert $cn nil nil 36500 $ca }} + {{- $pem := printf "%s%s" $cert.Cert $cert.Key }} + mongodb-ca-cert: {{ b64enc $ca.Cert }} + mongodb-ca-key: {{ b64enc $ca.Key }} + client-pem: {{ b64enc $pem }} + {{- else }} + {{- $ca:= genCA "myMongo-ca" 36500 }} + {{- $cert := genSignedCert $cn nil nil 36500 $ca }} + {{- $pem := printf "%s%s" $cert.Cert $cert.Key }} + mongodb-ca-cert: {{ b64enc $ca.Cert }} + mongodb-ca-key: {{ b64enc $ca.Key }} + client-pem: {{ b64enc $pem }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/secrets.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/secrets.yaml new file mode 100644 index 00000000..acf8c483 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/secrets.yaml @@ -0,0 +1,41 @@ +{{- if (include "mongodb.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ template "mongodb.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + mongodb-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-root-password" "providedValues" (list "auth.rootPassword" ) "context" $) }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- $customPasswords := include "mongodb.customPasswords" . -}} + {{- $passwordList := list -}} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) -}} + {{- if not (empty $customPasswords) -}} + {{- $passwordList = $customPasswords -}} + {{- else -}} + {{- $customUsersList := splitList "," $customUsers -}} + {{- $customPasswordsList := list -}} + {{- range $customUsersList -}} + {{- $customPasswordsList = append $customPasswordsList (randAlphaNum 10) -}} + {{- end -}} + {{- $passwordList = (join "," $customPasswordsList) -}} + {{- end }} + mongodb-passwords: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-passwords" "providedValues" (list "mongodbPasswords") "context" (set (deepCopy $) "Values" (dict "mongodbPasswords" $passwordList))) }} + {{- end }} + {{- if .Values.metrics.username }} + mongodb-metrics-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-metrics-password" "providedValues" (list "metrics.password" ) "context" $) }} + {{- end }} + {{- if eq .Values.architecture "replicaset" }} + mongodb-replica-set-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-replica-set-key" "providedValues" (list "auth.replicaSetKey" ) "context" $) }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/serviceaccount.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/serviceaccount.yaml new file mode 100644 index 00000000..f4aa81a5 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/serviceaccount.yaml @@ -0,0 +1,23 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mongodb.serviceAccountName" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.serviceAccount.annotations }} + {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +secrets: + - name: {{ template "mongodb.fullname" . }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/servicemonitor.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/servicemonitor.yaml new file mode 100644 index 00000000..0a00f719 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.serviceMonitor.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: metrics + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: metrics + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - "{{ include "mongodb.namespace" . }}" +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/standalone/dep-sts.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/standalone/dep-sts.yaml new file mode 100644 index 00000000..6ef4530c --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/standalone/dep-sts.yaml @@ -0,0 +1,474 @@ +{{- if not (eq .Values.architecture "replicaset") }} +apiVersion: {{ if .Values.useStatefulSet }}{{ include "common.capabilities.statefulset.apiVersion" . }}{{- else }}{{ include "common.capabilities.deployment.apiVersion" . }}{{- end }} +kind: {{ if .Values.useStatefulSet }}StatefulSet{{- else }}Deployment{{- end }} +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.useStatefulSet }} + serviceName: {{ include "mongodb.fullname" . }} + {{- end }} + {{- if .Values.updateStrategy}} + {{- if .Values.useStatefulSet }} + updateStrategy: + {{- else }} + strategy: + {{- end }} + {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end}} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mongodb + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} + annotations: + {{- if (include "mongodb.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: {{ .Values.runtimeClassName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.service.nameOverride" . }} + {{- if .Values.externalAccess.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - name: mongodb + containerPort: {{ .Values.containerPorts.mongodb }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/readiness-probe.sh + {{- end }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPort }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0550 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.configmapName" . }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: datadir + {{- if .Values.persistence.medium }} + emptyDir: + medium: {{ .Values.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else if .Values.persistence.existingClaim }} + - name: datadir + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.persistence.existingClaim .) }} + {{- else if not .Values.useStatefulSet }} + - name: datadir + persistentVolumeClaim: + claimName: {{ template "mongodb.fullname" . }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/standalone/pvc.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/standalone/pvc.yaml new file mode 100644 index 00000000..7786de63 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/standalone/pvc.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (not (eq .Values.architecture "replicaset")) (not .Values.useStatefulSet) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations .Values.persistence.resourcePolicy }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.resourcePolicy }} + helm.sh/resource-policy: {{ .Values.persistence.resourcePolicy | quote }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/templates/standalone/svc.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/templates/standalone/svc.yaml new file mode 100644 index 00000000..44255798 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/templates/standalone/svc.yaml @@ -0,0 +1,58 @@ +{{- if not (eq .Values.architecture "replicaset") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.externalIPs }} + externalIPs: {{ toYaml .Values.service.externalIPs | nindent 4 }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + ports: + - name: {{ .Values.service.portName | quote }} + port: {{ .Values.service.ports.mongodb }} + targetPort: mongodb + {{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) .Values.service.nodePorts.mongodb }} + nodePort: {{ .Values.service.nodePorts.mongodb }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/values.schema.json b/addons/mongodb/8.0/chart/mongodb-8.0/values.schema.json new file mode 100644 index 00000000..be8e54b4 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/values.schema.json @@ -0,0 +1,173 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "architecture": { + "type": "string", + "title": "MongoDB® architecture", + "form": true, + "description": "Allowed values: `standalone` or `replicaset`" + }, + "auth": { + "type": "object", + "title": "Authentication configuration", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Authentication", + "form": true + }, + "rootUser": { + "type": "string", + "title": "MongoDB® admin user", + "form": true, + "description": "Name of the admin user. Default is root" + }, + "rootPassword": { + "type": "string", + "title": "MongoDB® admin password", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": false, + "path": "auth/enabled" + } + }, + "database": { + "type": "string", + "title": "MongoDB® custom database", + "description": "Name of the custom database to be created during the 1st initialization of MongoDB®", + "form": true + }, + "username": { + "type": "string", + "title": "MongoDB® custom user", + "description": "Name of the custom user to be created during the 1st initialization of MongoDB®. This user only has permissions on the MongoDB® custom database", + "form": true + }, + "password": { + "type": "string", + "title": "Password for MongoDB® custom user", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": false, + "path": "auth/enabled" + } + }, + "replicaSetKey": { + "type": "string", + "title": "Key used for replica set authentication", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "replicaCount": { + "type": "integer", + "form": true, + "title": "Number of MongoDB® replicas", + "hidden": { + "value": "standalone", + "path": "architecture" + } + }, + "configuration": { + "type": "string", + "title": "MongoDB® Custom Configuration", + "form": true, + "render": "textArea" + }, + "arbiter": { + "type": "object", + "title": "Arbiter configuration", + "form": true, + "properties": { + "configuration": { + "type": "string", + "title": "Arbiter Custom Configuration", + "form": true, + "render": "textArea", + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "persistence": { + "type": "object", + "title": "Persistence configuration", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable persistence", + "description": "Enable persistence using Persistent Volume Claims" + }, + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi", + "hidden": { + "value": false, + "path": "persistence/enabled" + } + } + } + }, + "volumePermissions": { + "type": "object", + "hidden": { + "value": false, + "path": "persistence/enabled" + }, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" + } + } + }, + "metrics": { + "type": "object", + "form": true, + "title": "Prometheus metrics details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus metrics exporter", + "description": "Create a side-car container to expose Prometheus metrics", + "form": true + }, + "serviceMonitor": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus Operator ServiceMonitor", + "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", + "form": true, + "hidden": { + "value": false, + "path": "metrics/enabled" + } + } + } + } + } + } + } +} diff --git a/addons/mongodb/8.0/chart/mongodb-8.0/values.yaml b/addons/mongodb/8.0/chart/mongodb-8.0/values.yaml new file mode 100644 index 00000000..fca8e5c7 --- /dev/null +++ b/addons/mongodb/8.0/chart/mongodb-8.0/values.yaml @@ -0,0 +1,2048 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## @param global.namespaceOverride Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + namespaceOverride: "" + +## @section Common parameters +## + +## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override mongodb.fullname template +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## extraDeploy: +## This needs to be uncommented and added to 'extraDeploy' in order to use the replicaset 'mongo-labeler' sidecar +## for dynamically discovering the mongodb primary pod +## suggestion is to use a hard-coded and predictable TCP port for the primary mongodb pod (here is 30001, choose your own) +## - apiVersion: v1 +## kind: Service +## metadata: +## name: mongodb-primary +## namespace: the-mongodb-namespace +## labels: +## app.kubernetes.io/component: mongodb +## app.kubernetes.io/instance: mongodb +## app.kubernetes.io/managed-by: Helm +## app.kubernetes.io/name: mongodb +## spec: +## type: NodePort +## externalTrafficPolicy: Cluster +## ports: +## - name: mongodb +## port: 30001 +## nodePort: 30001 +## protocol: TCP +## targetPort: mongodb +## selector: +## app.kubernetes.io/component: mongodb +## app.kubernetes.io/instance: mongodb +## app.kubernetes.io/name: mongodb +## primary: "true" +## +extraDeploy: [] +## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template +## +commonLabels: {} +## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template +## +commonAnnotations: {} + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section MongoDB(®) parameters +## + +## Drycc MongoDB(®) image +## ref: https://hub.docker.com/r/drycc/mongodb/tags/ +## @param image.registry MongoDB(®) image registry +## @param image.repository MongoDB(®) image registry +## @param image.tag MongoDB(®) image tag (immutable tags are recommended) +## @param image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy MongoDB(®) image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Set to true if you would like to see extra information on logs +## +image: + registry: registry.drycc.cc + repository: drycc-addons/mongodb + tag: "8.0" + digest: "" + ## Specify a imagePullPolicy + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false + +## @param schedulerName Name of the scheduler (other than default) to dispatch pods +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`) +## +architecture: replicaset +## @param useStatefulSet Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) +## +useStatefulSet: false +## MongoDB(®) Authentication parameters +## +auth: + ## @param auth.enabled Enable authentication + ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ + ## + enabled: true + ## @param auth.rootUser MongoDB(®) root user + ## + rootUser: root + ## @param auth.rootPassword MongoDB(®) root password + ## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#setting-the-root-user-and-password-on-first-run + ## + rootPassword: "" + ## MongoDB(®) custom users and databases + ## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#creating-a-user-and-database-on-first-run + ## @param auth.usernames List of custom users to be created during the initialization + ## @param auth.passwords List of passwords for the custom users set at `auth.usernames` + ## @param auth.databases List of custom databases to be created during the initialization + ## + usernames: [] + passwords: [] + databases: [] + ## @param auth.username DEPRECATED: use `auth.usernames` instead + ## @param auth.password DEPRECATED: use `auth.passwords` instead + ## @param auth.database DEPRECATED: use `auth.databases` instead + username: "" + password: "" + database: "" + ## @param auth.replicaSetKey Key used for authentication in the replicaset (only when `architecture=replicaset`) + ## + replicaSetKey: "" + ## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) + ## NOTE: When it's set the previous parameters are ignored. + ## + existingSecret: "" +tls: + ## @param tls.enabled Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes + ## + enabled: false + ## @param tls.autoGenerated Generate a custom CA and self-signed certificates + ## + autoGenerated: true + ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) + ## NOTE: When it's set it will disable certificate creation + ## + existingSecret: "" + ## Add Custom CA certificate + ## @param tls.caCert Custom CA certificated (base64 encoded) + ## @param tls.caKey CA certificate private key (base64 encoded) + ## + caCert: "" + caKey: "" + ## Drycc Nginx image + ## @param tls.image.registry Init container TLS certs setup image registry + ## @param tls.image.repository Init container TLS certs setup image repository + ## @param tls.image.tag Init container TLS certs setup image tag (immutable tags are recommended) + ## @param tls.image.digest Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param tls.image.pullPolicy Init container TLS certs setup image pull policy + ## @param tls.image.pullSecrets Init container TLS certs specify docker-registry secret names as an array + ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients + ## + image: + registry: docker.io + repository: drycc/nginx + tag: 1.23.1-debian-11-r26 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + ## e.g: + ## extraDnsNames + ## "DNS.6": "$my_host" + ## "DNS.7": "$test" + ## + extraDnsNames: [] + ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) + ## + mode: requireTLS + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param tls.resources.limits Init container generate-tls-certs resource limits + ## @param tls.resources.requests Init container generate-tls-certs resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} +## @param hostAliases Add deployment host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param replicaSetName Name of the replica set (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## +replicaSetName: rs0 +## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## Ignored when externalAccess.enabled=true +## +replicaSetHostnames: true +## @param enableIPv6 Switch to enable/disable IPv6 on MongoDB(®) +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#enablingdisabling-ipv6 +## +enableIPv6: false +## @param directoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB(®) +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#enablingdisabling-directoryperdb +## +directoryPerDB: false +## MongoDB(®) System Log configuration +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#configuring-system-log-verbosity-level +## @param systemLogVerbosity MongoDB(®) system log verbosity level +## @param disableSystemLog Switch to enable/disable MongoDB(®) system log +## +systemLogVerbosity: 0 +disableSystemLog: false +## @param disableJavascript Switch to enable/disable MongoDB(®) server-side JavaScript execution +## ref: https://docs.mongodb.com/manual/core/server-side-javascript/ +## +disableJavascript: false +## @param enableJournal Switch to enable/disable MongoDB(®) Journaling +## ref: https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-storage.journal.enabled +## +enableJournal: true +## @param configuration MongoDB(®) configuration file to be used for Primary and Secondary nodes +## For documentation of all options, see: http://docs.mongodb.org/manual/reference/configuration-options/ +## Example: +## configuration: |- +## # where and how to store data. +## storage: +## dbPath: /drycc/mongodb/data/db +## journal: +## enabled: true +## directoryPerDB: false +## # where to write logging data +## systemLog: +## destination: file +## quiet: false +## logAppend: true +## logRotate: reopen +## path: /opt/drycc/mongodb/logs/mongodb.log +## verbosity: 0 +## # network interfaces +## net: +## port: 27017 +## unixDomainSocket: +## enabled: true +## pathPrefix: /opt/drycc/mongodb/tmp +## ipv6: false +## bindIpAll: true +## # replica set options +## #replication: +## #replSetName: replicaset +## #enableMajorityReadConcern: true +## # process management optionsT +## processManagement: +## fork: false +## pidFilePath: /opt/drycc/mongodb/tmp/mongodb.pid +## # set parameter options +## setParameter: +## enableLocalhostAuthBypass: true +## # security options +## security: +## authorization: disabled +## #keyFile: /opt/drycc/mongodb/conf/keyfile +## +configuration: "" +## @section replicaSetConfigurationSettings settings applied during runtime (not via configuration file) +## If enabled, these are applied by a script which is called within setup.sh +## for documentation see https://docs.mongodb.com/manual/reference/replica-configuration/#replica-set-configuration-fields +## @param replicaSetConfigurationSettings.enabled Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings +## @param replicaSetConfigurationSettings.configuration run-time rs.conf settings +## +replicaSetConfigurationSettings: + enabled: false + configuration: {} +## chainingAllowed : false +## heartbeatTimeoutSecs : 10 +## heartbeatIntervalMillis : 2000 +## electionTimeoutMillis : 10000 +## catchUpTimeoutMillis : 30000 +## @param existingConfigmap Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes +## NOTE: When it's set the arbiter.configuration parameter is ignored +## +existingConfigmap: "" +## @param initdbScripts Dictionary of initdb scripts +## Specify dictionary of scripts to be run at first boot +## Example: +## initdbScripts: +## my_init_script.sh: | +## #!/bin/bash +## echo "Do something." +## +initdbScripts: {} +## @param initdbScriptsConfigMap Existing ConfigMap with custom initdb scripts +## +initdbScriptsConfigMap: "" +## Command and args for running the container (set to default if not set). Use array form +## @param command Override default container command (useful when using custom images) +## @param args Override default container args (useful when using custom images) +## +command: [] +args: [] +## @param extraFlags MongoDB(®) additional command line flags +## Example: +## extraFlags: +## - "--wiredTigerCacheSizeGB=2" +## +extraFlags: [] +## @param extraEnvVars Extra environment variables to add to MongoDB(®) pods +## E.g: +## extraEnvVars: +## - name: FOO +## value: BAR +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) +## +extraEnvVarsSecret: "" + +## @section MongoDB(®) statefulset parameters +## + +## @param annotations Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template +## +annotations: {} +## @param labels Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template +## +labels: {} +## @param replicaCount Number of MongoDB(®) nodes (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## +replicaCount: 3 +## @param updateStrategy.type Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, +## this parameter will be applied on a deployment object. In other case it will be applied on a statefulset object +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## Example: +## updateStrategy: +## type: RollingUpdate +## rollingUpdate: +## maxSurge: 25% +## maxUnavailable: 25% +## +updateStrategy: + type: RollingUpdate +## @param podManagementPolicy Pod management policy for MongoDB(®) +## Should be initialized one by one when building the replicaset for the first time +## +podManagementPolicy: OrderedReady +## @param podAffinityPreset MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key MongoDB(®) Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values MongoDB(®) Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity MongoDB(®) Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector MongoDB(®) Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations MongoDB(®) Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param topologySpreadConstraints MongoDB(®) Spread Constraints for Pods +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## +topologySpreadConstraints: [] +## @param lifecycleHooks LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @param terminationGracePeriodSeconds MongoDB(®) Termination Grace Period +## +terminationGracePeriodSeconds: "" +## @param podLabels MongoDB(®) pod labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations MongoDB(®) Pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param priorityClassName Name of the existing priority class to be used by MongoDB(®) pod(s) +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param runtimeClassName Name of the runtime class to be used by MongoDB(®) pod(s) +## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ +## +runtimeClassName: "" +## MongoDB(®) pods' Security Context. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable MongoDB(®) pod(s)' Security Context +## @param podSecurityContext.fsGroup Group ID for the volumes of the MongoDB(®) pod(s) +## @param podSecurityContext.sysctls sysctl settings of the MongoDB(®) pod(s)' +## +podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] +## MongoDB(®) containers' Security Context (main and metrics container). +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enable MongoDB(®) container(s)' Security Context +## @param containerSecurityContext.runAsUser User ID for the MongoDB(®) container +## @param containerSecurityContext.runAsNonRoot Set MongoDB(®) container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true +## MongoDB(®) containers' resource requests and limits. +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for MongoDB(®) containers +## @param resources.requests The requested resources for MongoDB(®) containers +## +resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} +## @param containerPorts.mongodb MongoDB(®) container port +containerPorts: + mongodb: 27017 +## MongoDB(®) pods' liveness probe. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 +## MongoDB(®) pods' readiness probe. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## Slow starting containers can be protected through startup probes +## Startup probes are available in Kubernetes version 1.16 and above +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 30 +## @param customLivenessProbe Override default liveness probe for MongoDB(®) containers +## Ignored when livenessProbe.enabled=true +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe for MongoDB(®) containers +## Ignored when readinessProbe.enabled=true +## +customReadinessProbe: {} +## @param customStartupProbe Override default startup probe for MongoDB(®) containers +## Ignored when startupProbe.enabled=true +## +customStartupProbe: {} +## @param initContainers Add additional init containers for the hidden node pod(s) +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] +## @param sidecars Add additional sidecar containers for the MongoDB(®) pod(s) +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## This is an optional 'mongo-labeler' sidecar container that tracks replica-set for the primary mongodb pod +## and labels it dynamically with ' primary: "true" ' in order for an extra-deployed service to always expose +## and attach to the primary pod, this needs to be uncommented along with the suggested 'extraDeploy' example +## and the suggested rbac example for the pod to be allowed adding labels to mongo replica pods +## search 'mongo-labeler' through this file to find the sections that needs to be uncommented to make it work +## +## - name: mongo-labeler +## image: korenlev/k8s-mongo-labeler-sidecar +## imagePullPolicy: Always +## env: +## - name: LABEL_SELECTOR +## value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb" +## - name: NAMESPACE +## value: "the-mongodb-namespace" +## - name: DEBUG +## value: "true" +## +sidecars: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) +## Examples: +## extraVolumeMounts: +## - name: extras +## mountPath: /usr/share/extras +## readOnly: true +## +extraVolumeMounts: [] +## @param extraVolumes Optionally specify extra list of additional volumes to the MongoDB(®) statefulset +## extraVolumes: +## - name: extras +## emptyDir: {} +## +extraVolumes: [] +## MongoDB(®) Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) + ## + create: false + ## @param pdb.minAvailable Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction + ## + maxUnavailable: "" + +## @section Traffic exposure parameters +## + +## Service parameters +## +service: + ## @param service.nameOverride MongoDB(®) service name + ## + nameOverride: "" + ## @param service.type Kubernetes Service type (only for standalone architecture) + ## + type: ClusterIP + ## @param service.portName MongoDB(®) service port name (only for standalone architecture) + ## + portName: mongodb + ## @param service.ports.mongodb MongoDB(®) service port. + ## + ports: + mongodb: 27017 + ## @param service.nodePorts.mongodb Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + mongodb: "" + ## @param service.clusterIP MongoDB(®) service cluster IP (only for standalone architecture) + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## + externalIPs: [] + ## @param service.loadBalancerIP loadBalancerIP for MongoDB(®) Service (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + loadBalancerSourceRanges: [] + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations Provide any additional annotations that may be required + ## + annotations: {} + ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture) + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## External Access to MongoDB(®) nodes configuration +## +externalAccess: + ## @param externalAccess.enabled Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) + ## + enabled: false + ## External IPs auto-discovery configuration + ## An init container is used to auto-detect LB IPs or node ports by querying the K8s API + ## Note: RBAC might be required + ## + autoDiscovery: + ## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs by querying the K8s API + ## + enabled: false + ## Drycc Kubectl image + ## ref: https://hub.docker.com/r/drycc/kubectl/tags/ + ## @param externalAccess.autoDiscovery.image.registry Init container auto-discovery image registry + ## @param externalAccess.autoDiscovery.image.repository Init container auto-discovery image repository + ## @param externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended) + ## @param externalAccess.autoDiscovery.image.digest Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy + ## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets + ## + image: + registry: docker.io + repository: drycc/kubectl + tag: 1.25.2-debian-11-r2 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param externalAccess.autoDiscovery.resources.limits Init container auto-discovery resource limits + ## @param externalAccess.autoDiscovery.resources.requests Init container auto-discovery resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## Parameters to configure K8s service(s) used to externally access MongoDB(®) + ## A new service per broker will be created + ## + service: + ## @param externalAccess.service.type Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP + ## + type: LoadBalancer + ## @param externalAccess.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer + ## + portName: "mongodb" + ## @param externalAccess.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer + ## + ports: + mongodb: 27017 + ## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes + ## Example: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + loadBalancerIPs: [] + ## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param externalAccess.service.externalTrafficPolicy MongoDB(®) service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param externalAccess.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort + ## Example: + ## nodePorts: + ## - 30001 + ## - 30002 + ## + nodePorts: [] + ## @param externalAccess.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort + ## If not specified, the container will try to get the kubernetes node external IP + ## e.g: + ## domain: mydomain.com + ## + domain: "" + ## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param externalAccess.service.annotations Service annotations for external access + ## + annotations: + {} + ## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param externalAccess.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## External Access to MongoDB(®) Hidden nodes configuration + ## + hidden: + ## @param externalAccess.hidden.enabled Enable Kubernetes external cluster access to MongoDB(®) hidden nodes + ## + enabled: false + ## Parameters to configure K8s service(s) used to externally access MongoDB(®) + ## A new service per broker will be created + ## + service: + ## @param externalAccess.hidden.service.type Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer + ## + type: LoadBalancer + ## @param externalAccess.hidden.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer + ## + portName: "mongodb" + ## @param externalAccess.hidden.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer + ## + ports: + mongodb: 27017 + ## @param externalAccess.hidden.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes + ## Example: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + loadBalancerIPs: [] + ## @param externalAccess.hidden.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param externalAccess.hidden.service.externalTrafficPolicy MongoDB(®) service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param externalAccess.hidden.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount + ## Example: + ## nodePorts: + ## - 30001 + ## - 30002 + ## + nodePorts: [] + ## @param externalAccess.hidden.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort + ## If not specified, the container will try to get the kubernetes node external IP + ## e.g: + ## domain: mydomain.com + ## + domain: "" + ## @param externalAccess.hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param externalAccess.hidden.service.annotations Service annotations for external access + ## + annotations: {} + ## @param externalAccess.hidden.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param externalAccess.hidden.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## @section Persistence parameters +## + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable MongoDB(®) data persistence using PVC + ## + enabled: true + ## @param persistence.medium Provide a medium for `emptyDir` volumes. + ## Requires persistence.enabled: false + ## + medium: "" + ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + ## Ignored when mongodb.architecture=replicaset + ## + existingClaim: "" + ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted + resourcePolicy: "" + ## @param persistence.storageClass PVC Storage Class for MongoDB(®) data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param persistence.accessModes PV Access Mode + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for MongoDB(®) data volume + ## + size: 8Gi + ## @param persistence.annotations PVC annotations + ## + annotations: {} + ## @param persistence.mountPath Path to mount the volume at + ## MongoDB(®) images. + ## + mountPath: /drycc/mongodb + ## @param persistence.subPath Subdirectory of the volume to mount at + ## and one PV for multiple services. + ## + subPath: "" + ## Fine tuning for volumeClaimTemplates + ## + volumeClaimTemplates: + ## @param persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) + ## A label query over volumes to consider for binding (e.g. when using local volumes) + ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details + ## + selector: {} + ## @param persistence.volumeClaimTemplates.requests Custom PVC requests attributes + ## Sometime cloud providers use additional requests attributes to provision custom storage instance + ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset + ## + requests: {} + ## @param persistence.volumeClaimTemplates.dataSource Add dataSource to the VolumeClaimTemplate + ## + dataSource: {} + +## @section RBAC parameters +## + +## ServiceAccount +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for MongoDB(®) pods + ## + create: true + ## @param serviceAccount.name Name of the created serviceAccount + ## If not set and create is true, a name is generated using the mongodb.fullname template + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: true +## Role Based Access +## ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## +rbac: + ## @param rbac.create Whether to create & use RBAC resources or not + ## binding MongoDB(®) ServiceAccount to a role + ## that allows MongoDB(®) pods querying the K8s API + ## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery + ## + create: false + ## @param rbac.rules Custom rules to create following the role specification + ## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## - watch + ## - update + ## + rules: [] +## PodSecurityPolicy configuration +## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created. +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later + ## + create: false + ## @param podSecurityPolicy.allowPrivilegeEscalation Enable privilege escalation + ## Either use predefined policy with some adjustments or use `podSecurityPolicy.spec` + ## + allowPrivilegeEscalation: false + ## @param podSecurityPolicy.privileged Allow privileged + ## + privileged: false + ## @param podSecurityPolicy.spec Specify the full spec to use for Pod Security Policy + ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + ## Defining a spec ignores the above values. + ## + spec: {} + ## Example: + ## allowPrivilegeEscalation: false + ## fsGroup: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## hostIPC: false + ## hostNetwork: false + ## hostPID: false + ## privileged: false + ## readOnlyRootFilesystem: false + ## requiredDropCapabilities: + ## - ALL + ## runAsUser: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## seLinux: + ## rule: 'RunAsAny' + ## supplementalGroups: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## volumes: + ## - 'configMap' + ## - 'secret' + ## - 'emptyDir' + ## - 'persistentVolumeClaim' + ## + +## @section Volume Permissions parameters +## +## Init Container parameters +## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component +## values from the securityContext section of the component +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` + ## + enabled: false + ## @param volumePermissions.image.registry Init container volume-permissions image registry + ## @param volumePermissions.image.repository Init container volume-permissions image repository + ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: drycc/drycc-shell + tag: 11-debian-11-r37 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param volumePermissions.resources.limits Init container volume-permissions resource limits + ## @param volumePermissions.resources.requests Init container volume-permissions resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## Init container Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false and shmVolume.chmod.enabled=false + ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container + ## + securityContext: + runAsUser: 0 + +## @section Arbiter parameters +## + +arbiter: + ## @param arbiter.enabled Enable deploying the arbiter + ## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/ + ## + enabled: false + ## @param arbiter.hostAliases Add deployment host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param arbiter.configuration Arbiter configuration file to be used + ## http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configuration: "" + ## @param arbiter.existingConfigmap Name of existing ConfigMap with Arbiter configuration + ## NOTE: When it's set the arbiter.configuration parameter is ignored + ## + existingConfigmap: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param arbiter.command Override default container command (useful when using custom images) + ## @param arbiter.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## @param arbiter.extraFlags Arbiter additional command line flags + ## Example: + ## extraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + extraFlags: [] + ## @param arbiter.extraEnvVars Extra environment variables to add to Arbiter pods + ## E.g: + ## extraEnvVars: + ## - name: FOO + ## value: BAR + ## + extraEnvVars: [] + ## @param arbiter.extraEnvVarsCM Name of existing ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param arbiter.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) + ## + extraEnvVarsSecret: "" + ## @param arbiter.annotations Additional labels to be added to the Arbiter statefulset + ## + annotations: {} + ## @param arbiter.labels Annotations to be added to the Arbiter statefulset + ## + labels: {} + ## @param arbiter.topologySpreadConstraints MongoDB(®) Spread Constraints for arbiter Pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + ## @param arbiter.lifecycleHooks LifecycleHook for the Arbiter container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param arbiter.terminationGracePeriodSeconds Arbiter Termination Grace Period + ## + terminationGracePeriodSeconds: "" + ## @param arbiter.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: RollingUpdate + ## @param arbiter.podManagementPolicy Pod management policy for MongoDB(®) + ## Should be initialized one by one when building the replicaset for the first time + ## + podManagementPolicy: OrderedReady + ## @param arbiter.schedulerName Name of the scheduler (other than default) to dispatch pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param arbiter.podAffinityPreset Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param arbiter.podAntiAffinityPreset Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param arbiter.nodeAffinityPreset.type Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param arbiter.nodeAffinityPreset.key Arbiter Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param arbiter.nodeAffinityPreset.values Arbiter Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param arbiter.affinity Arbiter Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: arbiter.podAffinityPreset, arbiter.podAntiAffinityPreset, and arbiter.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param arbiter.nodeSelector Arbiter Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param arbiter.tolerations Arbiter Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param arbiter.podLabels Arbiter pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param arbiter.podAnnotations Arbiter Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param arbiter.priorityClassName Name of the existing priority class to be used by Arbiter pod(s) + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param arbiter.runtimeClassName Name of the runtime class to be used by Arbiter pod(s) + ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ + ## + runtimeClassName: "" + ## MongoDB(®) Arbiter pods' Security Context. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param arbiter.podSecurityContext.enabled Enable Arbiter pod(s)' Security Context + ## @param arbiter.podSecurityContext.fsGroup Group ID for the volumes of the Arbiter pod(s) + ## @param arbiter.podSecurityContext.sysctls sysctl settings of the Arbiter pod(s)' + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] + ## MongoDB(®) Arbiter containers' Security Context (only main container). + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param arbiter.containerSecurityContext.enabled Enable Arbiter container(s)' Security Context + ## @param arbiter.containerSecurityContext.runAsUser User ID for the Arbiter container + ## @param arbiter.containerSecurityContext.runAsNonRoot Set Arbiter containers' Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## MongoDB(®) Arbiter containers' resource requests and limits. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param arbiter.resources.limits The resources limits for Arbiter containers + ## @param arbiter.resources.requests The requested resources for Arbiter containers + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port + ## + containerPorts: + mongodb: 27017 + ## MongoDB(®) Arbiter pods' liveness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.livenessProbe.enabled Enable livenessProbe + ## @param arbiter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param arbiter.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param arbiter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param arbiter.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param arbiter.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Arbiter pods' readiness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.readinessProbe.enabled Enable readinessProbe + ## @param arbiter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param arbiter.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param arbiter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param arbiter.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param arbiter.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Arbiter pods' startup probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.startupProbe.enabled Enable startupProbe + ## @param arbiter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param arbiter.startupProbe.periodSeconds Period seconds for startupProbe + ## @param arbiter.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param arbiter.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param arbiter.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param arbiter.customLivenessProbe Override default liveness probe for Arbiter containers + ## Ignored when arbiter.livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param arbiter.customReadinessProbe Override default readiness probe for Arbiter containers + ## Ignored when arbiter.readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param arbiter.customStartupProbe Override default startup probe for Arbiter containers + ## Ignored when arbiter.startupProbe.enabled=true + ## + customStartupProbe: {} + ## @param arbiter.initContainers Add additional init containers for the Arbiter pod(s) + ## Example: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + initContainers: [] + ## @param arbiter.sidecars Add additional sidecar containers for the Arbiter pod(s) + ## Example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param arbiter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Arbiter container(s) + ## Examples: + ## extraVolumeMounts: + ## - name: extras + ## mountPath: /usr/share/extras + ## readOnly: true + ## + extraVolumeMounts: [] + ## @param arbiter.extraVolumes Optionally specify extra list of additional volumes to the Arbiter statefulset + ## extraVolumes: + ## - name: extras + ## emptyDir: {} + ## + extraVolumes: [] + ## MongoDB(®) Arbiter Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + ## @param arbiter.pdb.create Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) + ## + create: false + ## @param arbiter.pdb.minAvailable Minimum number/percentage of Arbiter pods that should remain scheduled + ## + minAvailable: 1 + ## @param arbiter.pdb.maxUnavailable Maximum number/percentage of Arbiter pods that may be made unavailable + ## + maxUnavailable: "" + ## MongoDB(®) Arbiter service parameters + ## + service: + ## @param arbiter.service.nameOverride The arbiter service name + ## + nameOverride: "" + ## @param arbiter.service.ports.mongodb MongoDB(®) service port + ## + ports: + mongodb: 27017 + ## @param arbiter.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param arbiter.service.annotations Provide any additional annotations that may be required + ## + annotations: {} + +## @section Hidden Node parameters +## + +hidden: + ## @param hidden.enabled Enable deploying the hidden nodes + ## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/ + ## + enabled: false + ## @param hidden.hostAliases Add deployment host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param hidden.configuration Hidden node configuration file to be used + ## http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configuration: "" + ## @param hidden.existingConfigmap Name of existing ConfigMap with Hidden node configuration + ## NOTE: When it's set the hidden.configuration parameter is ignored + ## + existingConfigmap: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param hidden.command Override default container command (useful when using custom images) + ## @param hidden.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## @param hidden.extraFlags Hidden node additional command line flags + ## Example: + ## extraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + extraFlags: [] + ## @param hidden.extraEnvVars Extra environment variables to add to Hidden node pods + ## E.g: + ## extraEnvVars: + ## - name: FOO + ## value: BAR + ## + extraEnvVars: [] + ## @param hidden.extraEnvVarsCM Name of existing ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param hidden.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) + ## + extraEnvVarsSecret: "" + ## @param hidden.annotations Additional labels to be added to thehidden node statefulset + ## + annotations: {} + ## @param hidden.labels Annotations to be added to the hidden node statefulset + ## + labels: {} + ## @param hidden.topologySpreadConstraints MongoDB(®) Spread Constraints for hidden Pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + ## @param hidden.lifecycleHooks LifecycleHook for the Hidden container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param hidden.replicaCount Number of hidden nodes (only when `architecture=replicaset`) + ## Ignored when mongodb.architecture=standalone + ## + replicaCount: 1 + ## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period + ## + terminationGracePeriodSeconds: "" + ## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: RollingUpdate + ## @param hidden.podManagementPolicy Pod management policy for hidden node + ## + podManagementPolicy: OrderedReady + ## @param hidden.schedulerName Name of the scheduler (other than default) to dispatch pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param hidden.podAffinityPreset Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param hidden.podAntiAffinityPreset Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## Allowed values: soft, hard + ## + nodeAffinityPreset: + ## @param hidden.nodeAffinityPreset.type Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param hidden.nodeAffinityPreset.key Hidden Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param hidden.nodeAffinityPreset.values Hidden Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param hidden.affinity Hidden node Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param hidden.nodeSelector Hidden node Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param hidden.tolerations Hidden node Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param hidden.podLabels Hidden node pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param hidden.podAnnotations Hidden node Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param hidden.priorityClassName Name of the existing priority class to be used by hidden node pod(s) + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param hidden.runtimeClassName Name of the runtime class to be used by hidden node pod(s) + ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ + ## + runtimeClassName: "" + ## MongoDB(®) Hidden pods' Security Context. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param hidden.podSecurityContext.enabled Enable Hidden pod(s)' Security Context + ## @param hidden.podSecurityContext.fsGroup Group ID for the volumes of the Hidden pod(s) + ## @param hidden.podSecurityContext.sysctls sysctl settings of the Hidden pod(s)' + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] + ## MongoDB(®) Hidden containers' Security Context (only main container). + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param hidden.containerSecurityContext.enabled Enable Hidden container(s)' Security Context + ## @param hidden.containerSecurityContext.runAsUser User ID for the Hidden container + ## @param hidden.containerSecurityContext.runAsNonRoot Set Hidden containers' Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## MongoDB(®) Hidden containers' resource requests and limits. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param hidden.resources.limits The resources limits for hidden node containers + ## @param hidden.resources.requests The req0ested resources for hidden node containers + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param hidden.containerPorts.mongodb MongoDB(®) hidden container port + containerPorts: + mongodb: 27017 + ## MongoDB(®) Hidden pods' liveness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param hidden.livenessProbe.enabled Enable livenessProbe + ## @param hidden.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param hidden.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param hidden.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param hidden.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param hidden.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Hidden pods' readiness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param hidden.readinessProbe.enabled Enable readinessProbe + ## @param hidden.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param hidden.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param hidden.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param hidden.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param hidden.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## Slow starting containers can be protected through startup probes + ## Startup probes are available in Kubernetes version 1.16 and above + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes + ## @param hidden.startupProbe.enabled Enable startupProbe + ## @param hidden.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param hidden.startupProbe.periodSeconds Period seconds for startupProbe + ## @param hidden.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param hidden.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param hidden.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param hidden.customLivenessProbe Override default liveness probe for hidden node containers + ## Ignored when hidden.livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param hidden.customReadinessProbe Override default readiness probe for hidden node containers + ## Ignored when hidden.readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param hidden.customStartupProbe Override default startup probe for MongoDB(®) containers + ## Ignored when hidden.startupProbe.enabled=true + ## + customStartupProbe: {} + ## @param hidden.initContainers Add init containers to the MongoDB(®) Hidden pods. + ## Example: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + initContainers: [] + ## @param hidden.sidecars Add additional sidecar containers for the hidden node pod(s) + ## Example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param hidden.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the hidden node container(s) + ## Examples: + ## extraVolumeMounts: + ## - name: extras + ## mountPath: /usr/share/extras + ## readOnly: true + ## + extraVolumeMounts: [] + ## @param hidden.extraVolumes Optionally specify extra list of additional volumes to the hidden node statefulset + ## extraVolumes: + ## - name: extras + ## emptyDir: {} + ## + extraVolumes: [] + ## MongoDB(®) Hidden Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + ## @param hidden.pdb.create Enable/disable a Pod Disruption Budget creation for hidden node pod(s) + ## + create: false + ## @param hidden.pdb.minAvailable Minimum number/percentage of hidden node pods that should remain scheduled + ## + minAvailable: 1 + ## @param hidden.pdb.maxUnavailable Maximum number/percentage of hidden node pods that may be made unavailable + ## + maxUnavailable: "" + ## Enable persistence using Persistent Volume Claims + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param hidden.persistence.enabled Enable hidden node data persistence using PVC + ## + enabled: true + ## @param hidden.persistence.medium Provide a medium for `emptyDir` volumes. + ## Requires hidden.persistence.enabled: false + ## + medium: "" + ## @param hidden.persistence.storageClass PVC Storage Class for hidden node data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param hidden.persistence.accessModes PV Access Mode + ## + accessModes: + - ReadWriteOnce + ## @param hidden.persistence.size PVC Storage Request for hidden node data volume + ## + size: 8Gi + ## @param hidden.persistence.annotations PVC annotations + ## + annotations: {} + ## @param hidden.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB(®) images. + ## + mountPath: /drycc/mongodb + ## @param hidden.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: "" + ## Fine tuning for volumeClaimTemplates + ## + volumeClaimTemplates: + ## @param hidden.persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) + ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details + ## + selector: {} + ## @param hidden.persistence.volumeClaimTemplates.requests Custom PVC requests attributes + ## Sometime cloud providers use additional requests attributes to provision custom storage instance + ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset + ## + requests: {} + ## @param hidden.persistence.volumeClaimTemplates.dataSource Set volumeClaimTemplate dataSource + ## + dataSource: {} + service: + ## @param hidden.service.portName MongoDB(®) service port name + ## + portName: "mongodb" + ## @param hidden.service.ports.mongodb MongoDB(®) service port + ## + ports: + mongodb: 27017 + ## @param hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param hidden.service.annotations Provide any additional annotations that may be required + ## + annotations: {} + +## @section Metrics parameters +## + +metrics: + ## @param metrics.enabled Enable using a sidecar Prometheus exporter + ## + enabled: true + ## Drycc MongoDB(®) Promtheus Exporter image + ## ref: https://hub.docker.com/r/drycc/mongodb-exporter/tags/ + ## @param metrics.image.registry MongoDB(®) Prometheus exporter image registry + ## @param metrics.image.repository MongoDB(®) Prometheus exporter image repository + ## @param metrics.image.tag MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) + ## @param metrics.image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param metrics.image.pullPolicy MongoDB(®) Prometheus exporter image pull policy + ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: registry.drycc.cc + repository: drycc-addons/mongodb-exporter + tag: 0 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + ## @param metrics.username String with username for the metrics exporter + ## If undefined the root user will be used for the metrics exporter + username: "user_exporter" + ## @param metrics.password String with password for the metrics exporter + ## If undefined but metrics.username is defined, a random password will be generated + password: "" + ## @param metrics.extraFlags String with extra flags to the metrics exporter + ## ref: https://github.com/percona/mongodb_exporter/blob/master/mongodb_exporter.go + ## + extraFlags: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param metrics.command Override default container command (useful when using custom images) + ## @param metrics.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## Metrics exporter container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param metrics.resources.limits The resources limits for Prometheus exporter containers + ## @param metrics.resources.requests The requested resources for Prometheus exporter containers + ## + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + ## @param metrics.containerPort Port of the Prometheus metrics container + ## + containerPort: 9216 + ## Prometheus Exporter service configuration + ## + service: + ## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + prometheus.io/path: "/metrics" + ## @param metrics.service.type Type of the Prometheus metrics service + ## + type: ClusterIP + ## @param metrics.service.ports.metrics Port of the Prometheus metrics service + ## + ports: + metrics: 9216 + ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## Metrics exporter liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param metrics.livenessProbe.enabled Enable livenessProbe + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: false + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## Metrics exporter readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param metrics.readinessProbe.enabled Enable readinessProbe + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: false + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + ## Slow starting containers can be protected through startup probes + ## Startup probes are available in Kubernetes version 1.16 and above + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes + ## @param metrics.startupProbe.enabled Enable startupProbe + ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe + ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param metrics.customLivenessProbe Override default liveness probe for MongoDB(®) containers + ## Ignored when livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param metrics.customReadinessProbe Override default readiness probe for MongoDB(®) containers + ## Ignored when readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param metrics.customStartupProbe Override default startup probe for MongoDB(®) containers + ## Ignored when startupProbe.enabled=true + ## + customStartupProbe: {} + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion. + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + labels: {} + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/drycc/charts/tree/master/drycc/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## Custom PrometheusRule to be defined + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator + ## + enabled: false + ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.prometheusRule.namespace Namespace where prometheusRules resource should be created + ## + namespace: "" + ## @param metrics.prometheusRule.rules Rules to be created, check values for an example + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup + ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ + ## + ## This is an example of a rule, you should add the below code block under the "rules" param, removing the brackets + ## rules: + ## - alert: HighRequestLatency + ## expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5 + ## for: 10m + ## labels: + ## severity: page + ## annotations: + ## summary: High request latency + ## + rules: [] + +## Mongodb Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port Mongodb is listening + ## on. When true, Mongodb will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] diff --git a/addons/mongodb/8.0/meta.yaml b/addons/mongodb/8.0/meta.yaml new file mode 100644 index 00000000..c61c1b3e --- /dev/null +++ b/addons/mongodb/8.0/meta.yaml @@ -0,0 +1,24 @@ +name: mongodb-8.0 +version: 8.0 +id: 7a599bfe-42fe-45f0-a7e5-d706cceeb75a +description: "mongodb-8.0" +displayName: "mongodb-8.0" +metadata: + displayName: "mongodb-8.0" + provider: + name: drycc + supportURL: https://www.mongodb.com/docs/manual/ + documentationURL: https://www.mongodb.com/docs/manual/ +tags: mongodb +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: + - name: "service.type" + required: false + description: "service type config for values.yaml" + - name: "networkPolicy.allowNamespaces" + required: false + description: "networkPolicy allowNamespaces config for values.yaml" +archive: false diff --git a/addons/mongodb/8.0/plans/standard-16c64g400/bind.yaml b/addons/mongodb/8.0/plans/standard-16c64g400/bind.yaml new file mode 100644 index 00000000..a8ce0395 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-16c64g400/bind.yaml @@ -0,0 +1,36 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "DOMAIN_%d" $i }} + value: {{ printf "%s-%d" $fullName $i }}.{{$fullName}}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} +{{- end }} + - name: REPLICA_SET_NAME + value: 'rs0' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/8.0/plans/standard-16c64g400/instance-schema.json b/addons/mongodb/8.0/plans/standard-16c64g400/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-16c64g400/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/8.0/plans/standard-16c64g400/meta.yaml b/addons/mongodb/8.0/plans/standard-16c64g400/meta.yaml new file mode 100644 index 00000000..0be71694 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-16c64g400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-16c64g400" +id: 6f7a8b9c-0d1e-2f3a-4b5c-6d7e8f9a0b1c +description: "mongodb standard-16c64g400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G " +displayName: "standard-16c64g400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mongodb/8.0/plans/standard-16c64g400/values.yaml b/addons/mongodb/8.0/plans/standard-16c64g400/values.yaml new file mode 100644 index 00000000..400e61dc --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-16c64g400/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-16c64g400 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 16000m + memory: 64Gi + requests: + cpu: 100m + memory: 1Gi + +persistence: + size: 400Gi diff --git a/addons/mongodb/8.0/plans/standard-1c2g10/bind.yaml b/addons/mongodb/8.0/plans/standard-1c2g10/bind.yaml new file mode 100644 index 00000000..a8ce0395 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-1c2g10/bind.yaml @@ -0,0 +1,36 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "DOMAIN_%d" $i }} + value: {{ printf "%s-%d" $fullName $i }}.{{$fullName}}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} +{{- end }} + - name: REPLICA_SET_NAME + value: 'rs0' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/8.0/plans/standard-1c2g10/instance-schema.json b/addons/mongodb/8.0/plans/standard-1c2g10/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-1c2g10/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/8.0/plans/standard-1c2g10/meta.yaml b/addons/mongodb/8.0/plans/standard-1c2g10/meta.yaml new file mode 100644 index 00000000..7f2ea8f7 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-1c2g10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1c2g10" +id: 1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d +description: "mongodb standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G " +displayName: "standard-1c2g10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mongodb/8.0/plans/standard-1c2g10/values.yaml b/addons/mongodb/8.0/plans/standard-1c2g10/values.yaml new file mode 100644 index 00000000..2e026ef2 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-1c2g10/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-1c2g10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 1000m + memory: 2Gi + requests: + cpu: 100m + memory: 1Gi + +persistence: + size: 10Gi diff --git a/addons/mongodb/8.0/plans/standard-2c4g20/bind.yaml b/addons/mongodb/8.0/plans/standard-2c4g20/bind.yaml new file mode 100644 index 00000000..a8ce0395 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-2c4g20/bind.yaml @@ -0,0 +1,36 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "DOMAIN_%d" $i }} + value: {{ printf "%s-%d" $fullName $i }}.{{$fullName}}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} +{{- end }} + - name: REPLICA_SET_NAME + value: 'rs0' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/8.0/plans/standard-2c4g20/instance-schema.json b/addons/mongodb/8.0/plans/standard-2c4g20/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-2c4g20/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/8.0/plans/standard-2c4g20/meta.yaml b/addons/mongodb/8.0/plans/standard-2c4g20/meta.yaml new file mode 100644 index 00000000..75802a82 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-2c4g20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g20" +id: 2b3c4d5e-6f7a-8b9c-0d1e-2f3a4b5c6d7e +description: "mongodb standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G " +displayName: "standard-2c4g20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mongodb/8.0/plans/standard-2c4g20/values.yaml b/addons/mongodb/8.0/plans/standard-2c4g20/values.yaml new file mode 100644 index 00000000..20dd90d0 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-2c4g20/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-2c4g20 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + +persistence: + size: 20Gi diff --git a/addons/mongodb/8.0/plans/standard-2c8g50/bind.yaml b/addons/mongodb/8.0/plans/standard-2c8g50/bind.yaml new file mode 100644 index 00000000..a8ce0395 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-2c8g50/bind.yaml @@ -0,0 +1,36 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "DOMAIN_%d" $i }} + value: {{ printf "%s-%d" $fullName $i }}.{{$fullName}}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} +{{- end }} + - name: REPLICA_SET_NAME + value: 'rs0' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/8.0/plans/standard-2c8g50/instance-schema.json b/addons/mongodb/8.0/plans/standard-2c8g50/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-2c8g50/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/8.0/plans/standard-2c8g50/meta.yaml b/addons/mongodb/8.0/plans/standard-2c8g50/meta.yaml new file mode 100644 index 00000000..46a91f28 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-2c8g50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c8g50" +id: 3c4d5e6f-7a8b-9c0d-1e2f-3a4b5c6d7e8f +description: "mongodb standard-2c8g50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G " +displayName: "standard-2c8g50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mongodb/8.0/plans/standard-2c8g50/values.yaml b/addons/mongodb/8.0/plans/standard-2c8g50/values.yaml new file mode 100644 index 00000000..0eaf31f4 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-2c8g50/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-2c8g50 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 2000m + memory: 8Gi + requests: + cpu: 100m + memory: 1Gi + +persistence: + size: 50Gi diff --git a/addons/mongodb/8.0/plans/standard-32c128g800/bind.yaml b/addons/mongodb/8.0/plans/standard-32c128g800/bind.yaml new file mode 100644 index 00000000..a8ce0395 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-32c128g800/bind.yaml @@ -0,0 +1,36 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "DOMAIN_%d" $i }} + value: {{ printf "%s-%d" $fullName $i }}.{{$fullName}}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} +{{- end }} + - name: REPLICA_SET_NAME + value: 'rs0' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/8.0/plans/standard-32c128g800/instance-schema.json b/addons/mongodb/8.0/plans/standard-32c128g800/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-32c128g800/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/8.0/plans/standard-32c128g800/meta.yaml b/addons/mongodb/8.0/plans/standard-32c128g800/meta.yaml new file mode 100644 index 00000000..01c59996 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-32c128g800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c128g800" +id: 7a8b9c0d-1e2f-3a4b-5c6d-7e8f9a0b1c2d +description: "mongodb standard-32c128g800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G " +displayName: "standard-32c128g800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mongodb/8.0/plans/standard-32c128g800/values.yaml b/addons/mongodb/8.0/plans/standard-32c128g800/values.yaml new file mode 100644 index 00000000..7c95075e --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-32c128g800/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-32c128g800 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 32000m + memory: 128Gi + requests: + cpu: 100m + memory: 1Gi + +persistence: + size: 800Gi diff --git a/addons/mongodb/8.0/plans/standard-4c16g100/bind.yaml b/addons/mongodb/8.0/plans/standard-4c16g100/bind.yaml new file mode 100644 index 00000000..a8ce0395 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-4c16g100/bind.yaml @@ -0,0 +1,36 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "DOMAIN_%d" $i }} + value: {{ printf "%s-%d" $fullName $i }}.{{$fullName}}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} +{{- end }} + - name: REPLICA_SET_NAME + value: 'rs0' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/8.0/plans/standard-4c16g100/instance-schema.json b/addons/mongodb/8.0/plans/standard-4c16g100/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-4c16g100/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/8.0/plans/standard-4c16g100/meta.yaml b/addons/mongodb/8.0/plans/standard-4c16g100/meta.yaml new file mode 100644 index 00000000..2de93908 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-4c16g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c16g100" +id: 4d5e6f7a-8b9c-0d1e-2f3a-4b5c6d7e8f9a +description: "mongodb standard-4c16g100 plan: Disk 100Gi ,vCPUs c , RAM 16G " +displayName: "standard-4c16g100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mongodb/8.0/plans/standard-4c16g100/values.yaml b/addons/mongodb/8.0/plans/standard-4c16g100/values.yaml new file mode 100644 index 00000000..bd4a6497 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-4c16g100/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-4c16g100 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 4000m + memory: 16Gi + requests: + cpu: 100m + memory: 1Gi + +persistence: + size: 100Gi diff --git a/addons/mongodb/8.0/plans/standard-8c32g200/bind.yaml b/addons/mongodb/8.0/plans/standard-8c32g200/bind.yaml new file mode 100644 index 00000000..a8ce0395 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-8c32g200/bind.yaml @@ -0,0 +1,36 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "DOMAIN_%d" $i }} + value: {{ printf "%s-%d" $fullName $i }}.{{$fullName}}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} +{{- end }} + - name: REPLICA_SET_NAME + value: 'rs0' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/8.0/plans/standard-8c32g200/instance-schema.json b/addons/mongodb/8.0/plans/standard-8c32g200/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-8c32g200/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/8.0/plans/standard-8c32g200/meta.yaml b/addons/mongodb/8.0/plans/standard-8c32g200/meta.yaml new file mode 100644 index 00000000..b5626dfb --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-8c32g200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c32g200" +id: 5e6f7a8b-9c0d-1e2f-3a4b-5c6d7e8f9a0b +description: "mongodb standard-8c32g200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G " +displayName: "standard-8c32g200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mongodb/8.0/plans/standard-8c32g200/values.yaml b/addons/mongodb/8.0/plans/standard-8c32g200/values.yaml new file mode 100644 index 00000000..c29f09d4 --- /dev/null +++ b/addons/mongodb/8.0/plans/standard-8c32g200/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-8c32g200 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 8000m + memory: 32Gi + requests: + cpu: 100m + memory: 1Gi + +persistence: + size: 200Gi From 85b02cbd59ee6b87cafd620b74358bf30233b685 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 4 Feb 2026 13:35:28 +0800 Subject: [PATCH 174/176] fix(mongodb): fix index --- addons/index.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/addons/index.yaml b/addons/index.yaml index cdbe36d5..2bfb50af 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -67,7 +67,6 @@ entries: mongodb: - version: 7.0 description: "MongoDB is a document database designed for ease of application development and scaling." - mongodb: - version: 8.0 description: "MongoDB is a document database designed for ease of application development and scaling." clickhouse: From 93e8fd0963c3ca7e4b9252bbd2ec8b65f5ed09af Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 4 Feb 2026 13:39:45 +0800 Subject: [PATCH 175/176] fix(mongodb): fix index --- addons/index.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/addons/index.yaml b/addons/index.yaml index ce835846..2bfb50af 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -67,10 +67,6 @@ entries: mongodb: - version: 7.0 description: "MongoDB is a document database designed for ease of application development and scaling." -<<<<<<< HEAD -======= - mongodb: ->>>>>>> e56cc8b135733cfccd5c92f18876c5fd92d8e45f - version: 8.0 description: "MongoDB is a document database designed for ease of application development and scaling." clickhouse: From 704b6868de7a681f1633882317133bd43be5a493 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 4 Mar 2026 15:22:38 +0800 Subject: [PATCH 176/176] chore(postgresql-cluster): add version 18 --- addons/index.yaml | 2 + .../18/chart/postgresql-cluster-18/Chart.yaml | 28 ++ .../postgresql-cluster-18/templates/NOTES.txt | 25 + .../templates/_helpers.tpl | 219 +++++++++ .../templates/cm-backup.yaml | 16 + .../templates/cm-logicalbackup .yaml | 19 + .../templates/cm-patroni.yaml | 20 + .../templates/cm-postgresql.yaml | 18 + .../templates/cronjob.yaml | 43 ++ .../templates/logicalbackup-cronjob.yaml | 69 +++ .../templates/networkpolicy.yaml | 54 +++ .../postgresql-cluster-18/templates/role.yaml | 49 ++ .../templates/rolebinding.yaml | 19 + .../postgresql-cluster-18/templates/sec.yaml | 18 + .../templates/serviceaccount.yaml | 12 + .../templates/statefulset.yaml | 273 +++++++++++ .../templates/svc-config.yaml | 11 + .../templates/svc-master.yaml | 24 + .../templates/svc-metrics.yaml | 32 ++ .../templates/svc-relp.yaml | 26 ++ .../postgresql-cluster-18/templates/svc.yaml | 18 + .../chart/postgresql-cluster-18/values.yaml | 440 ++++++++++++++++++ addons/postgresql-cluster/18/meta.yaml | 30 ++ .../18/plans/standard-16c64g400/bind.yaml | 41 ++ .../standard-16c64g400/instance-schema.json | 12 + .../18/plans/standard-16c64g400/meta.yaml | 6 + .../18/plans/standard-16c64g400/values.yaml | 81 ++++ .../18/plans/standard-2c4g20/bind.yaml | 41 ++ .../standard-2c4g20/instance-schema.json | 12 + .../18/plans/standard-2c4g20/meta.yaml | 6 + .../18/plans/standard-2c4g20/values.yaml | 81 ++++ .../18/plans/standard-2c8g50/bind.yaml | 41 ++ .../standard-2c8g50/instance-schema.json | 12 + .../18/plans/standard-2c8g50/meta.yaml | 6 + .../18/plans/standard-2c8g50/values.yaml | 83 ++++ .../18/plans/standard-32c128g800/bind.yaml | 41 ++ .../standard-32c128g800/instance-schema.json | 12 + .../18/plans/standard-32c128g800/meta.yaml | 6 + .../18/plans/standard-32c128g800/values.yaml | 82 ++++ .../18/plans/standard-32c64g4000/bind.yaml | 41 ++ .../standard-32c64g4000/instance-schema.json | 12 + .../18/plans/standard-32c64g4000/meta.yaml | 6 + .../18/plans/standard-32c64g4000/values.yaml | 82 ++++ .../18/plans/standard-4c16g100/bind.yaml | 41 ++ .../standard-4c16g100/instance-schema.json | 12 + .../18/plans/standard-4c16g100/meta.yaml | 6 + .../18/plans/standard-4c16g100/values.yaml | 83 ++++ .../18/plans/standard-8c32g200/bind.yaml | 41 ++ .../standard-8c32g200/instance-schema.json | 12 + .../18/plans/standard-8c32g200/meta.yaml | 6 + .../18/plans/standard-8c32g200/values.yaml | 82 ++++ 51 files changed, 2452 insertions(+) create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/Chart.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/NOTES.txt create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/_helpers.tpl create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-backup.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-logicalbackup .yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-patroni.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-postgresql.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cronjob.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/logicalbackup-cronjob.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/networkpolicy.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/role.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/rolebinding.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/sec.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/serviceaccount.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/statefulset.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-config.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-master.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-metrics.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-relp.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc.yaml create mode 100644 addons/postgresql-cluster/18/chart/postgresql-cluster-18/values.yaml create mode 100644 addons/postgresql-cluster/18/meta.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-16c64g400/bind.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-16c64g400/instance-schema.json create mode 100644 addons/postgresql-cluster/18/plans/standard-16c64g400/meta.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-16c64g400/values.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-2c4g20/bind.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-2c4g20/instance-schema.json create mode 100644 addons/postgresql-cluster/18/plans/standard-2c4g20/meta.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-2c4g20/values.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-2c8g50/bind.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-2c8g50/instance-schema.json create mode 100644 addons/postgresql-cluster/18/plans/standard-2c8g50/meta.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-2c8g50/values.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-32c128g800/bind.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-32c128g800/instance-schema.json create mode 100644 addons/postgresql-cluster/18/plans/standard-32c128g800/meta.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-32c128g800/values.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-32c64g4000/bind.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-32c64g4000/instance-schema.json create mode 100644 addons/postgresql-cluster/18/plans/standard-32c64g4000/meta.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-32c64g4000/values.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-4c16g100/bind.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-4c16g100/instance-schema.json create mode 100644 addons/postgresql-cluster/18/plans/standard-4c16g100/meta.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-4c16g100/values.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-8c32g200/bind.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-8c32g200/instance-schema.json create mode 100644 addons/postgresql-cluster/18/plans/standard-8c32g200/meta.yaml create mode 100644 addons/postgresql-cluster/18/plans/standard-8c32g200/values.yaml diff --git a/addons/index.yaml b/addons/index.yaml index 2bfb50af..c5e13ead 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -49,6 +49,8 @@ entries: description: "PostgreSQL is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance." - version: 17 description: "PostgreSQL is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance." + - version: 18 + description: "PostgreSQL is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance." seaweedfs: - version: 3 description: "SeaweedFS is a fast distributed storage system for blobs, objects, files, and data lake, for billions of files." diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/Chart.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/Chart.yaml new file mode 100644 index 00000000..d3b5cd09 --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/Chart.yaml @@ -0,0 +1,28 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: "18" +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + version: ~1.1.1 +description: PostgreSQL (Postgres) is an open source object-relational database known for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, views, triggers and stored procedures. +engine: gotpl +home: https://github.com/drycc/charts/tree/master/drycc/postgresql +icon: https://drycc.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png +keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster + - patroni +maintainers: + - email: zhang.eamon@hotmail.com + name: zhangeamon +name: postgresql +sources: + - https://github.com/drycc-addons/ + - https://www.postgresql.org/ +version: "18.6" diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/NOTES.txt b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/NOTES.txt new file mode 100644 index 00000000..22a4f2d2 --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/NOTES.txt @@ -0,0 +1,25 @@ +Patroni can be accessed via port 5432 on the following DNS name from within your cluster: +{{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To get your password for superuser run: + + # superuser password + PGPASSWORD_SUPERUSER=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "patroni.fullname" . }} -o jsonpath="{.data.password-superuser}" | base64 --decode) + + # admin password + PGPASSWORD_ADMIN=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "patroni.fullname" . }} -o jsonpath="{.data.password-admin}" | base64 --decode) + +To connect to your database: + +1. Run a postgres pod and connect using the psql cli: + # login as superuser + kubectl run -i --tty --rm psql --image=postgres \ + --env "PGPASSWORD=$PGPASSWORD_SUPERUSER" \ + --command -- psql -U postgres \ + -h {{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local postgres + + # login as admin + kubectl run -i -tty --rm psql --image=postgres \ + --env "PGPASSWORD=$PGPASSWORD_ADMIN" \ + --command -- psql -U admin \ + -h {{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local postgres diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/_helpers.tpl b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/_helpers.tpl new file mode 100644 index 00000000..d5876632 --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/_helpers.tpl @@ -0,0 +1,219 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "patroni.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "patroni.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "patroni.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use. +*/}} +{{- define "patroni.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "patroni.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature +*/}} +{{- define "patroni.createCronJob" -}} +{{- if and .Values.backup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature +*/}} +{{- define "patroni.createLogicalBackupCronJob" -}} +{{- if and .Values.logicalbackup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for Postgresql HA patroni +*/}} +{{- define "patroni.createConfigmap" -}} +{{- if and .Values.preInitScript }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Create patroni envs. +*/}} +{{- define "patroni.envs" }} +{{- if .Values.kubernetes.configmaps.enable }} +- name: KUBERNETES_USE_CONFIGMAPS + value: "true" +{{- end }} +{{- if .Values.kubernetes.endpoints.enable }} +- name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' +{{- end }} +- name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP +- name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +- name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' +- name: PATRONI_KUBERNETES_LABELS + value: '{application: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' +- name: PATRONI_SUPERUSER_USERNAME + value: postgres +- name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser +- name: PATRONI_REPLICATION_USERNAME + value: standby +- name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication +- name: PATRONI_REWIND_USERNAME + value: rewinder +- name: PATRONI_REWIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-rewind +- name: ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: admin-user +- name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: admin-password +- name: PATRONI_SCOPE + value: {{ template "patroni.fullname" . }} +- name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name +- name: PATRONI_POSTGRESQL_DATA_DIR + value: "{{ .Values.persistentVolume.mountPath }}/data" +- name: PGDATA + value: "{{ .Values.persistentVolume.mountPath }}/data" +- name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass +- name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' +- name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' +{{- end -}} + +{{/* +Return true if a configmap object should be created for PG backup. +*/}} +{{- define "backup.createConfigmap" -}} +{{- if and .Values.backup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Generate random password +*/}} + +{{/* +Get the super user password ; +*/}} +{{- define "credentials.superuserValue" }} +{{- if .Values.credentials.superuser }} + {{- .Values.credentials.superuser -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-superuser") -}} +{{- end -}} +{{- end }} + +{{/* +Get the rewind password ; +*/}} +{{- define "credentials.rewindValue" }} +{{- if .Values.credentials.rewind }} + {{- .Values.credentials.rewind -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-rewind") -}} +{{- end -}} +{{- end }} + +{{/* +Get the replication password ; +*/}} +{{- define "credentials.replicationValue" }} +{{- if .Values.credentials.replication }} + {{- .Values.credentials.replication -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} +{{- end -}} +{{- end }} + +{{/* +Get the administrator password ; +*/}} +{{- define "adminRole.passwordValue" }} +{{- if .Values.adminRole.password }} + {{- .Values.adminRole.password -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "admin-password") -}} +{{- end -}} +{{- end }} + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} +{{- $len := (default 16 .Length) | int -}} +{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $obj }} +{{- index $obj .Key | b64dec -}} +{{- else -}} +{{- randAlphaNum $len -}} +{{- end -}} +{{- end }} + diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-backup.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-backup.yaml new file mode 100644 index 00000000..fdc62197 --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-backup.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + backup.env: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-logicalbackup .yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-logicalbackup .yaml new file mode 100644 index 00000000..8de61100 --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-logicalbackup .yaml @@ -0,0 +1,19 @@ +{{- if (include "patroni.createLogicalBackupCronJob" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-logicalbackup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + logicalbackup.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.logicalbackupScript "context" $ ) | nindent 4 }} + +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-patroni.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-patroni.yaml new file mode 100644 index 00000000..ad4b5849 --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-patroni.yaml @@ -0,0 +1,20 @@ +{{- if (include "patroni.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-patroni + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + pre_init.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.preInitScript "context" $ ) | nindent 4 }} + post_init.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.postInitScript "context" $ ) | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-postgresql.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-postgresql.yaml new file mode 100644 index 00000000..8aba698a --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cm-postgresql.yaml @@ -0,0 +1,18 @@ +{{- if (include "patroni.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-postgresql + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom_conf.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.postgresql.config "context" $ ) | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cronjob.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cronjob.yaml new file mode 100644 index 00000000..495dfa7b --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/cronjob.yaml @@ -0,0 +1,43 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- if (include "patroni.createCronJob" .) }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "patroni.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + schedule: "{{ .Values.backup.scheduleCronJob }}" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ .Chart.Name }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: + - /usr/bin/env + - bash + - -c + - | + curl "http://${REPLHOST}:9000/pg_backup" + env: + - name: REPLHOST + value: {{ include "patroni.fullname" . }}-repl +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/logicalbackup-cronjob.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/logicalbackup-cronjob.yaml new file mode 100644 index 00000000..071b9bd9 --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/logicalbackup-cronjob.yaml @@ -0,0 +1,69 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- if (include "patroni.createLogicalBackupCronJob" .) }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "patroni.fullname" . }}-logicalbackup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + schedule: "{{ .Values.logicalbackup.scheduleCronJob }}" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ .Chart.Name }}-logicalbackup + image: "{{ .Values.logicalbackupImages.repository }}:{{ .Values.logicalbackupImages.tag }}" + imagePullPolicy: {{ .Values.logicalbackupImages.pullPolicy | quote }} + command: + - /usr/bin/env + - bash + - -c + - | + sh /opt/drycc/logicalbackup/logicalbackup.sh + env: + - name: PGHOST + value: {{ include "patroni.fullname" . }}-repl + - name: PGPORT + value: "5432" + - name: PGUSER + value: postgres + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: MINIO_BUCKET + value: {{ .Values.logicalbackup.minio.bucket }} + - name: MINIO_HOST + value: {{ .Values.logicalbackup.minio.endpoint }} + - name: MINIO_ACCESS_KEY + value: {{ .Values.logicalbackup.minio.access_key }} + - name: MINIO_SECRET_KEY + value: {{ .Values.logicalbackup.minio.secret_key }} + + volumeMounts: + - mountPath: "/opt/drycc/logicalbackup/" + name: logicalbackup-config + + volumes: + - name: logicalbackup-config + configMap: + name: {{ template "common.names.fullname" . }}-logicalbackup +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/networkpolicy.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/networkpolicy.yaml new file mode 100644 index 00000000..19ff2288 --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/networkpolicy.yaml @@ -0,0 +1,54 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: patroni + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.service.type "ClusterIP" }} + ingress: + # Allow inbound connections + - ports: + - port: 5432 + - port: 9000 + - port: 80 + - port: 8008 + {{- if and .Values.metrics.enabled }} + - port: {{ .Values.metrics.containerPort }} + {{ end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: backup + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + ingress: + - {} + {{- end }} +{{- end }} diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/role.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/role.yaml new file mode 100644 index 00000000..8dec5309 --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/role.yaml @@ -0,0 +1,49 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete +- apiGroups: [""] + resources: ["services"] + verbs: + - create +- apiGroups: [""] + resources: ["endpoints"] + verbs: + - create + - get + - patch + - update + # the following three privileges are necessary only when using endpoints + - list + - watch + # delete is required only for for 'patronictl remove' + - delete + - deletecollection +- apiGroups: [""] + resources: ["pods"] + verbs: + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/rolebinding.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/rolebinding.yaml new file mode 100644 index 00000000..5e15948f --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ template "patroni.serviceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "patroni.fullname" . }} +{{- end }} diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/sec.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/sec.yaml new file mode 100644 index 00000000..c2e13055 --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/sec.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +type: Opaque +data: + password-superuser: {{ include "credentials.superuserValue" . | b64enc | quote }} + password-rewind: {{ include "credentials.rewindValue" . | b64enc | quote }} + password-replication: {{ include "credentials.replicationValue" . | b64enc | quote }} + admin-user: {{ .Values.adminRole.username | b64enc | quote }} + admin-password: {{ include "adminRole.passwordValue" . | b64enc | quote }} \ No newline at end of file diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/serviceaccount.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/serviceaccount.yaml new file mode 100644 index 00000000..e1b2ebf6 --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "patroni.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/statefulset.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/statefulset.yaml new file mode 100644 index 00000000..3f1efb1b --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/statefulset.yaml @@ -0,0 +1,273 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + serviceName: {{ template "patroni.fullname" . }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + template: + metadata: + name: {{ template "patroni.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + spec: + {{- if .Values.patroni.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.patroni.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.patroni.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.patroni.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.patroni.nodeAffinityPreset.type "key" .Values.patroni.nodeAffinityPreset.key "values" .Values.patroni.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.patroni.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.patroni.nodeSelector "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "patroni.serviceAccountName" . }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + env: + {{- include "patroni.envs" . | indent 8 }} + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote | upper }} + value: {{ $val | quote }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + scheme: HTTP + path: /readiness + port: 8008 + initialDelaySeconds: 3 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /liveness + port: 8008 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + lifecycle: + preStop: + exec: + command: + - /usr/bin/env + - bash + - -c + - | + # switch leader pod if the current pod is the leader + if curl --fail http://localhost:8008/read-write; then + init-stack patronictl switchover --force + fi + ports: + - containerPort: 8008 + protocol: TCP + - containerPort: 5432 + protocol: TCP + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + - mountPath: "/opt/drycc/postgresql/scripts/" + name: patroni-config + - mountPath: "/opt/drycc/postgresql/config/" + name: postgresql-config + # readOnly: true + - mountPath: "/opt/drycc/postgresql/backup/" + name: backup-config + - name: dshm + mountPath: /dev/shm + # readOnly: true + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: "{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}" + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.customMetrics }} + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + env: + - name: DATA_SOURCE_NAME + value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/postgres?sslmode=disable" }} + ports: + - name: http-metrics + containerPort: {{ .Values.metrics.containerPort }} + startupProbe: + initialDelaySeconds: 10 + tcpSocket: + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + livenessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + - name: {{ .Chart.Name }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + command: + - /usr/bin/env + - bash + - -c + - | + python3 /opt/drycc/postgresql/pgbackup.py 0.0.0.0 9000 + env: + - name: PGHOST + value: localhost + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: PGUSER + value: postgres + - name: PGDATABASE + value: postgres + - name: PGPORT + value: "5432" + - name: PGDATA + value: "{{ .Values.persistentVolume.mountPath }}/data" + ports: + - containerPort: 9000 + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + - mountPath: "/opt/drycc/postgresql/backup/" + name: backup-config + + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ .Values.affinity | toYaml | indent 8 }} + {{- else if .Values.affinityTemplate }} + affinity: +{{ tpl .Values.affinityTemplate . | indent 8 }} + {{- end }} + volumes: + - name: patroni-config + configMap: + name: {{ template "common.names.fullname" . }}-patroni + - name: postgresql-config + configMap: + name: {{ template "common.names.fullname" . }}-postgresql + - name: backup-config + configMap: + name: {{ template "common.names.fullname" . }}-backup + {{- if not .Values.persistentVolume.enabled }} + - name: storage-volume + emptyDir: {} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + {{- if .Values.shmVolume.sizeLimit }} + sizeLimit: {{ .Values.shmVolume.sizeLimit }} + {{- end }} + {{- end }} + + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + {{- if .Values.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: storage-volume + annotations: + {{- if .Values.persistentVolume.annotations }} +{{ toYaml .Values.persistentVolume.annotations | indent 10 }} + {{- end }} + labels: + application: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + accessModes: +{{ toYaml .Values.persistentVolume.accessModes | indent 8 }} + resources: + requests: + storage: "{{ .Values.persistentVolume.size }}" + {{- if .Values.persistentVolume.storageClass }} + {{- if (eq "-" .Values.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistentVolume.storageClass }}" + {{- end }} + {{- end }} + {{- end }} diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-config.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-config.yaml new file mode 100644 index 00000000..5f7b0f60 --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-config.yaml @@ -0,0 +1,11 @@ +# headless service to avoid deletion of patronidemo-config endpoint +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-config + labels: + application: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + clusterIP: None diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-master.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-master.yaml new file mode 100644 index 00000000..609ed5ba --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-master.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-master + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + role: primary +spec: + type: {{ .Values.service.type }} + selector: + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: primary + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-metrics.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-metrics.yaml new file mode 100644 index 00000000..862c6a0c --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-metrics.yaml @@ -0,0 +1,32 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "patroni.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} + {{- if .Values.metrics.service.clusterIP }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.service.ports.metrics }} + targetPort: http-metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: patroni +{{- end }} diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-relp.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-relp.yaml new file mode 100644 index 00000000..252882b3 --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc-relp.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-repl + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + role: replica +spec: + type: {{ .Values.service.type }} + selector: + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: replica + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + - name: pgbackup + port: 9000 + targetPort: 9000 \ No newline at end of file diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc.yaml new file mode 100644 index 00000000..ac0c2c44 --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/templates/svc.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + type: ClusterIP + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/18/chart/postgresql-cluster-18/values.yaml b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/values.yaml new file mode 100644 index 00000000..1ecfd7cc --- /dev/null +++ b/addons/postgresql-cluster/18/chart/postgresql-cluster-18/values.yaml @@ -0,0 +1,440 @@ +replicaCount: 3 +diagnosticMode: + enable: false + +service: + type: ClusterIP + +image: + # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 + # https://github.com/zalando/spilo/tree/master/postgres-appliance + repository: registry.drycc.cc/drycc-addons/postgresql-patroni + tag: 18 + # IfNotPresent , Always + pullPolicy: "IfNotPresent" + +logicalbackupImages: + repository: registry.drycc.cc/drycc-addons/postgresql-logicalbackup + tag: 18 + # IfNotPresent , Always + pullPolicy: "IfNotPresent" + +# Credentials used by Patroni , passwd +# https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql +# https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst +credentials: + superuser: "" + rewind: "" + replication: "" + +adminRole: + username: administrator + password: "" + +# Distribution Configuration stores +# Please note that only one of the following stores should be enabled. +kubernetes: + endpoints: + enable: true + configmaps: + enable: false + +# Extra custom environment variables. +env: {} + +# +#custom patroni.yaml used by patroni boot +# configuration: {} +preInitScript: | + mkdir -p /home/postgres/pgdata/log + ln -sf /dev/stdout "/home/postgres/pgdata/log/postgresql.csv" + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ + log: + level: INFO + restapi: + listen: 0.0.0.0:8008 + connect_address: 0.0.0.0:8008 + bootstrap: + dcs: + ttl: 30 + loop_wait: 10 + retry_timeout: 10 + maximum_lag_on_failover: 1048576 + failsafe_mode: true + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - local all all peer + - host all tea_mon 127.0.0.1/32 trust + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + - host replication postgres 0.0.0.0/0 scram-sha-256 + custom_conf: '/opt/drycc/postgresql/config/custom_conf.conf' + parameters: + max_connections: {{ .Values.patroni.pgParameters.max_connections }} + max_worker_processes: {{ .Values.patroni.pgParameters.max_worker_processes }} + max_parallel_workers: {{ .Values.patroni.pgParameters.max_parallel_workers }} + wal_level: logical + hot_standby: "on" + max_wal_senders: 10 + max_replication_slots: 10 + hot_standby_feedback: on + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + wal_keep_size: "1 GB" + max_slot_wal_keep_size: {{ .Values.patroni.pgParameters.max_slot_wal_keep_size | quote }} + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 300s + archive_command: sh /opt/drycc/postgresql/walbackup.sh %p + # timescaledb.license: 'timescale' + shared_preload_libraries: 'auto_explain,pg_stat_statements,timescaledb' + log_destination: 'csvlog' + log_filename: postgresql.log + logging_collector: on + log_directory: /home/postgres/pgdata/log + log_min_messages: 'info' + log_min_duration_statement: 1000 + log_lock_waits: on + log_statement: 'ddl' + {{ if .Values.postgresql.timezone -}} timezone: {{ .Values.postgresql.timezone }} {{- end }} + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + username: postgres + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + username: standby + password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_PASSWORD}' + watchdog: + mode: off + __EOF__ + +postInitScript: | + #!/bin/bash + set -Eeu + # Create monitor user + psql -w -c "CREATE USER tea_mon ;GRANT pg_monitor TO tea_mon ;create extension pg_stat_statements;create extension pg_buffercache ;" + # Create admin user + if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then + + echo "Creating user ${ADMIN_USER}" + psql -w -c "CREATE USER ${ADMIN_USER} WITH SUPERUSER CREATEDB CREATEROLE CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" + + else + echo "Skipping create admin user" + fi + psql -w -c "CHECKPOINT;CHECKPOINT;" + +backupEnv: | + #!/bin/bash + export USE_WALG={{ .Values.backup.enabled | quote }} + export BACKUP_NUM_TO_RETAIN={{ .Values.backup.retainBackups | quote}} + export WALG_BACKUP_THRESHOLD_MEGABYTES={{ .Values.backup.backupThresholdMegabytes | quote }} + export WALE_BACKUP_THRESHOLD_PERCENTAGE={{ .Values.backup.backupThresholdPercentage | quote }} + export AWS_ACCESS_KEY_ID={{ .Values.backup.s3.awsAccessKeyID | quote }} + export AWS_SECRET_ACCESS_KEY={{ .Values.backup.s3.awsSecretAccessKey | quote }} + export WALG_S3_PREFIX={{ .Values.backup.s3.walGS3Prefix | quote }} + export AWS_ENDPOINT={{ .Values.backup.s3.awsEndpoint | quote }} + export AWS_S3_FORCE_PATH_STYLE={{ .Values.backup.s3.awsS3ForcePathStyle | quote }} + export AWS_REGION={{ .Values.backup.s3.awsRegion | quote }} + +logicalbackupScript: | + #!/bin/bash + + # PostgreSQL 设置 + # POSTGRES_USER="postgres" + # POSTGRES_HOST="127.0.0.1" + + # MinIO 设置 + # MINIO_BUCKET="pgbackup" + # MINIO_HOST="http://localhost:9000" + # MINIO_ACCESS_KEY="admin123" + # MINIO_SECRET_KEY="admin123" + + # 设置 MinIO 客户端别名 + mc alias set myminio $MINIO_HOST $MINIO_ACCESS_KEY $MINIO_SECRET_KEY + + # 创建以当前日期和时间命名的备份目录 + BACKUP_DIR="$(date +%Y%m%d%H%M)" + MINIO_PATH="myminio/$MINIO_BUCKET/$BACKUP_DIR" + + # 备份全局对象 + echo "Backing up global objects to $MINIO_PATH/roles_globals.sql.gz" + pg_dumpall -g -U "$POSTGRES_USER" -h "$POSTGRES_HOST" | pigz | mc pipe "$MINIO_PATH/roles_globals.sql.gz" + + # 获取所有非模板数据库的列表 + DATABASES=$(psql -U "$POSTGRES_USER" -h "$POSTGRES_HOST" -t -c "SELECT datname FROM pg_database WHERE datistemplate = false;") + + # 为每个数据库执行备份 + for DB in $DATABASES; do + echo "Backing up $DB to $MINIO_PATH/$DB.sql.gz" + pg_dump -U "$POSTGRES_USER" -h "$POSTGRES_HOST" "$DB" | pigz | mc pipe "$MINIO_PATH/$DB.sql.gz" + done + + echo "Backup process completed!" + +postgresql: + timezone: + config: |- + log_min_duration_statement = 1000 + max_wal_size = 4GB + min_wal_size = 4GB + max_wal_senders = 10 + max_replication_slots = 10 + max_prepared_transactions = 0 + max_locks_per_transaction = 64 + +patroni: + pgParameters: + max_worker_processes: 64 + max_parallel_workers: 32 + max_connections: 2000 + max_slot_wal_keep_size: "2 GB" + + ## @param patroni.podAnnotations Additional pod annotations for Postgresql patroni pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param patroni.podAffinityPreset Postgresql patroni pod affinity preset. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param patroni.podAntiAffinityPreset Postgresql patroni pod anti-affinity preset. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Postgresql Primary node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param patroni.nodeAffinityPreset.type Postgresql patroni node affinity preset type. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param patroni.nodeAffinityPreset.key Postgresql patroni node label key to match Ignored if `patroni.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param patroni.nodeAffinityPreset.values Postgresql patroni node label values to match. Ignored if `patroni.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param patroni.affinity Affinity for Postgresql patroni pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param patroni.nodeSelector Node labels for Postgresql patroni pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + +## Postgresql Prometheus exporter parameters +## +metrics: + enabled: true + image: + repository: registry.drycc.cc/drycc-addons/postgres-exporter + tag: "0" + # IfNotPresent , Always + pullPolicy: "IfNotPresent" + ## @param metrics.customMetrics Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + ## customMetrics: + ## pg_database:.... + ## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + ## metrics: + ## - name: + ## usage: "LABEL" + ## description: "Name of the database" + ## - size_bytes: + ## usage: "GAUGE" + ## description: "Size of the database in bytes" + ## + service: + ports: + metrics: 9187 + clusterIP: "" + ## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + + customMetrics: {} + containerPort: 9187 + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: true + customLivenessProbe: {} + customReadinessProbe: + enabled: true + resources: + limits: + cpu: 100m + hugepages-2Mi: 20Mi + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + +logicalbackup: + enabled: false + scheduleCronJob: "22 0 * * 0" + minio: + used: true + buckect: "s3://xx" + access_key: "" + secret_key: "" + endpoint: "http://xxxx:9000" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 + +backup: + # Specifies whether Wal-G should be enabled + enabled: false + # Cron schedule for doing base backups + scheduleCronJob: "22 0 * * 0" + # Amount of base backups to retain + retainBackups: 2 + # Name of the secret that holds the credentials to the bucket + kubernetesSecret: + # Maximum size of the WAL segments accumulated after the base backup to + # consider WAL-G restore instead of pg_basebackup + backupThresholdMegabytes: 1024 + # Maximum ratio (in percents) of the accumulated WAL files to the base backup + # to consider WAL-G restore instead of pg_basebackup + backupThresholdPercentage: 30 + s3: + used: true + awsAccessKeyID: "" + awsSecretAccessKey: "" + walGS3Prefix: "s3://xx" + awsEndpoint: "http://xxxx:9000" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 + +logicalBackup: + enabled: false + +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Retain + whenDeleted: Delete +persistentVolume: + enabled: true + size: 10G + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + subPath: "" + mountPath: "/home/postgres/pgdata" + annotations: {} + accessModes: + - ReadWriteOnce + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + hugepages-2Mi: 4Mi + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + +shmVolume: + ## @param shmVolume.enabled Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) + ## + enabled: true + ## @param shmVolume.sizeLimit Set this to enable a size limit on the shm tmpfs + ## Note: the size of the tmpfs counts against container's memory limit + ## e.g: + ## sizeLimit: 1Gi + ## + sizeLimit: "1Gi" + +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +nodeSelector: {} + +# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinityTemplate: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + application: {{ template "patroni.name" . }} + release: {{ .Release.Name | quote }} +affinity: {} +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: +## Postgresql Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port Postgresql is listening + ## on. When true, Postgresql will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: +clusterDomain: cluster.local diff --git a/addons/postgresql-cluster/18/meta.yaml b/addons/postgresql-cluster/18/meta.yaml new file mode 100644 index 00000000..df9589f6 --- /dev/null +++ b/addons/postgresql-cluster/18/meta.yaml @@ -0,0 +1,30 @@ +name: postgresql-cluster-18 +version: 18 +id: d0c8ade8-6950-4efa-89b3-f6da5f0a36dc +description: "postgresql-cluster-18" +displayName: "postgresql-cluster-18" +metadata: + displayName: "postgresql-cluster-18" + provider: + name: drycc + supportURL: https://www.postgresql.org/ + documentationURL: https://github.com/drycc-addons/drycc-docker-postgresql-cluster +tags: postgresql-cluster +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: + - name: "networkPolicy.allowNamespaces" + required: false + description: "networkPolicy allowNamespaces config for values.yaml" + - name: "service.type" + required: false + description: "service type config for values.yaml" + - name: "backup" + required: false + description: "Whether to use S3 for backup your data. default false . ps: Make sure there is a available S3 " + - name: "logicalbackup" + required: false + description: "Whether to use S3 for logical backup your data. default false . ps: Make sure there is a available S3 " +archive: false diff --git a/addons/postgresql-cluster/18/plans/standard-16c64g400/bind.yaml b/addons/postgresql-cluster/18/plans/standard-16c64g400/bind.yaml new file mode 100644 index 00000000..55955ed6 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-16c64g400/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DATABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/18/plans/standard-16c64g400/instance-schema.json b/addons/postgresql-cluster/18/plans/standard-16c64g400/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-16c64g400/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/18/plans/standard-16c64g400/meta.yaml b/addons/postgresql-cluster/18/plans/standard-16c64g400/meta.yaml new file mode 100644 index 00000000..2089565d --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-16c64g400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-16c64g400" +id: 6f846a7c-0495-4810-a768-6769b1f6430e +description: "PostgreSQL Cluster standard-16c64g400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-16c64g400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/18/plans/standard-16c64g400/values.yaml b/addons/postgresql-cluster/18/plans/standard-16c64g400/values.yaml new file mode 100644 index 00000000..72b92be7 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-16c64g400/values.yaml @@ -0,0 +1,81 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-400 +patroni: + pgParameters: + max_worker_processes: 32 + max_parallel_workers: 16 + max_connections: 2000 + max_slot_wal_keep_size: "10 GB" + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '16384 MB' + work_mem = '32 MB' + maintenance_work_mem = '520 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '45 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '30 min' + checkpoint_completion_target = 0.9 + max_wal_size = '16 GB' + min_wal_size = '2 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 8 + max_parallel_maintenance_workers = 8 + max_parallel_workers = 16 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = off + max_slot_wal_keep_size = 40GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 16000m + hugepages-2Mi: 40Mi + memory: 64Gi + requests: + cpu: 100m + memory: 1Gi + +persistentVolume: + enabled: true + size: 400Gi + +shmVolume: + sizeLimit: "32Gi" diff --git a/addons/postgresql-cluster/18/plans/standard-2c4g20/bind.yaml b/addons/postgresql-cluster/18/plans/standard-2c4g20/bind.yaml new file mode 100644 index 00000000..55955ed6 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-2c4g20/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DATABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/18/plans/standard-2c4g20/instance-schema.json b/addons/postgresql-cluster/18/plans/standard-2c4g20/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-2c4g20/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/18/plans/standard-2c4g20/meta.yaml b/addons/postgresql-cluster/18/plans/standard-2c4g20/meta.yaml new file mode 100644 index 00000000..14c20506 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-2c4g20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g20" +id: 83de47d0-97c8-4133-a633-d1f9c0c2cc83 +description: "PostgreSQL Cluster standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-2c4g20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/18/plans/standard-2c4g20/values.yaml b/addons/postgresql-cluster/18/plans/standard-2c4g20/values.yaml new file mode 100644 index 00000000..098a0a08 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-2c4g20/values.yaml @@ -0,0 +1,81 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-20 + +patroni: + pgParameters: + max_worker_processes: 4 + max_parallel_workers: 2 + max_connections: 1000 + max_slot_wal_keep_size: "2 GB" + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '1024 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '3 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '2 GB' + min_wal_size = '1 GB' + + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = off + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 2000m + hugepages-2Mi: 20Mi + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + +persistentVolume: + enabled: true + size: 20Gi + +shmVolume: + sizeLimit: "2Gi" diff --git a/addons/postgresql-cluster/18/plans/standard-2c8g50/bind.yaml b/addons/postgresql-cluster/18/plans/standard-2c8g50/bind.yaml new file mode 100644 index 00000000..55955ed6 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-2c8g50/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DATABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/18/plans/standard-2c8g50/instance-schema.json b/addons/postgresql-cluster/18/plans/standard-2c8g50/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-2c8g50/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/18/plans/standard-2c8g50/meta.yaml b/addons/postgresql-cluster/18/plans/standard-2c8g50/meta.yaml new file mode 100644 index 00000000..175d2365 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-2c8g50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c8g50" +id: 108376d3-0f87-4226-8e80-f200022383aa +description: "PostgreSQL Cluster standard-2c8g50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-2c8g50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/18/plans/standard-2c8g50/values.yaml b/addons/postgresql-cluster/18/plans/standard-2c8g50/values.yaml new file mode 100644 index 00000000..affca346 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-2c8g50/values.yaml @@ -0,0 +1,83 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-50 + +patroni: + pgParameters: + max_worker_processes: 4 + max_parallel_workers: 2 + max_connections: 2000 + max_slot_wal_keep_size: "5 GB" + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '2048 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '6 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '4 GB' + min_wal_size = '1 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = off + max_slot_wal_keep_size = 5GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 2000m + hugepages-2Mi: 20Mi + memory: 8Gi + requests: + cpu: 100m + memory: 1Gi + +persistentVolume: + enabled: true + size: 50Gi + +shmVolume: + sizeLimit: "4Gi" diff --git a/addons/postgresql-cluster/18/plans/standard-32c128g800/bind.yaml b/addons/postgresql-cluster/18/plans/standard-32c128g800/bind.yaml new file mode 100644 index 00000000..55955ed6 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-32c128g800/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DATABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/18/plans/standard-32c128g800/instance-schema.json b/addons/postgresql-cluster/18/plans/standard-32c128g800/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-32c128g800/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/18/plans/standard-32c128g800/meta.yaml b/addons/postgresql-cluster/18/plans/standard-32c128g800/meta.yaml new file mode 100644 index 00000000..a2e3bd11 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-32c128g800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c128g800" +id: 9f2af58a-6e67-4df7-8092-17c5ca94c357 +description: "PostgreSQL Cluster standard-32c128g800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" +displayName: "standard-32c128g800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/18/plans/standard-32c128g800/values.yaml b/addons/postgresql-cluster/18/plans/standard-32c128g800/values.yaml new file mode 100644 index 00000000..c2ca0477 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-32c128g800/values.yaml @@ -0,0 +1,82 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-800 + +patroni: + pgParameters: + max_worker_processes: 64 + max_parallel_workers: 32 + max_connections: 2000 + max_slot_wal_keep_size: "100 GB" + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '32768 MB' + work_mem = '64 MB' + maintenance_work_mem = '720 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '90 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '30 min' + checkpoint_completion_target = 0.9 + max_wal_size = '64 GB' + min_wal_size = '4 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 16 + max_parallel_maintenance_workers = 16 + max_parallel_workers = 32 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = off + max_slot_wal_keep_size = 80GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 32000m + memory: 128Gi + hugepages-2Mi: 80Mi + requests: + cpu: 100m + memory: 1Gi + +persistentVolume: + enabled: true + size: 800Gi + +shmVolume: + sizeLimit: "64Gi" diff --git a/addons/postgresql-cluster/18/plans/standard-32c64g4000/bind.yaml b/addons/postgresql-cluster/18/plans/standard-32c64g4000/bind.yaml new file mode 100644 index 00000000..55955ed6 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-32c64g4000/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DATABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/18/plans/standard-32c64g4000/instance-schema.json b/addons/postgresql-cluster/18/plans/standard-32c64g4000/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-32c64g4000/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/18/plans/standard-32c64g4000/meta.yaml b/addons/postgresql-cluster/18/plans/standard-32c64g4000/meta.yaml new file mode 100644 index 00000000..36707578 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-32c64g4000/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c64g4000" +id: 71afa502-7b03-41da-b9f7-61d8d7168dd6 +description: "PostgreSQL Cluster standard-32c64g4000 plan: Disk 4Ti ,vCPUs 32 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-32c64g4000" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/18/plans/standard-32c64g4000/values.yaml b/addons/postgresql-cluster/18/plans/standard-32c64g4000/values.yaml new file mode 100644 index 00000000..56fc31f5 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-32c64g4000/values.yaml @@ -0,0 +1,82 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-800 + +patroni: + pgParameters: + max_worker_processes: 64 + max_parallel_workers: 32 + max_connections: 2000 + max_slot_wal_keep_size: "200 GB" + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '16384 MB' + work_mem = '256 MB' + maintenance_work_mem = '2048 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '45 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '30 min' + checkpoint_completion_target = 0.9 + max_wal_size = '32 GB' + min_wal_size = '4 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 16 + max_parallel_maintenance_workers = 16 + max_parallel_workers = 32 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = off + max_slot_wal_keep_size = 100GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 32000m + memory: 64Gi + hugepages-2Mi: 80Mi + requests: + cpu: 100m + memory: 1Gi + +persistentVolume: + enabled: true + size: 4Ti + +shmVolume: + sizeLimit: "32Gi" diff --git a/addons/postgresql-cluster/18/plans/standard-4c16g100/bind.yaml b/addons/postgresql-cluster/18/plans/standard-4c16g100/bind.yaml new file mode 100644 index 00000000..55955ed6 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-4c16g100/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DATABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/18/plans/standard-4c16g100/instance-schema.json b/addons/postgresql-cluster/18/plans/standard-4c16g100/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-4c16g100/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/18/plans/standard-4c16g100/meta.yaml b/addons/postgresql-cluster/18/plans/standard-4c16g100/meta.yaml new file mode 100644 index 00000000..20262416 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-4c16g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c16g100" +id: 5aea991e-3809-4c67-adf1-7b4ad04ce0f1 +description: "PostgreSQL Cluster standard-4c16g100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" +displayName: "standard-4c16g100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/18/plans/standard-4c16g100/values.yaml b/addons/postgresql-cluster/18/plans/standard-4c16g100/values.yaml new file mode 100644 index 00000000..83ac2774 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-4c16g100/values.yaml @@ -0,0 +1,83 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-100 + +patroni: + pgParameters: + max_worker_processes: 8 + max_parallel_workers: 4 + max_connections: 2000 + max_slot_wal_keep_size: "10 GB" + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '4096 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '11 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '25 min' + checkpoint_completion_target = 0.9 + max_wal_size = '8 GB' + min_wal_size = '2 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 2 + max_parallel_maintenance_workers = 2 + max_parallel_workers = 4 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = off + max_slot_wal_keep_size = 10GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 4000m + hugepages-2Mi: 50Mi + memory: 16Gi + requests: + cpu: 100m + memory: 1Gi + +persistentVolume: + enabled: true + size: 100Gi + +shmVolume: + sizeLimit: "8Gi" diff --git a/addons/postgresql-cluster/18/plans/standard-8c32g200/bind.yaml b/addons/postgresql-cluster/18/plans/standard-8c32g200/bind.yaml new file mode 100644 index 00000000..55955ed6 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-8c32g200/bind.yaml @@ -0,0 +1,41 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: DOMAIN_MASTER + value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: DOMAIN_REPL + value: {{ template "common.names.fullname" . }}-repl.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DATABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/18/plans/standard-8c32g200/instance-schema.json b/addons/postgresql-cluster/18/plans/standard-8c32g200/instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-8c32g200/instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/18/plans/standard-8c32g200/meta.yaml b/addons/postgresql-cluster/18/plans/standard-8c32g200/meta.yaml new file mode 100644 index 00000000..dd992c00 --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-8c32g200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c32g200" +id: 3af96fe4-66d5-41f6-8efa-00209fbe4e31 +description: "PostgreSQL Cluster standard-8c32g200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" +displayName: "standard-8c32g200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/18/plans/standard-8c32g200/values.yaml b/addons/postgresql-cluster/18/plans/standard-8c32g200/values.yaml new file mode 100644 index 00000000..297ca6ae --- /dev/null +++ b/addons/postgresql-cluster/18/plans/standard-8c32g200/values.yaml @@ -0,0 +1,82 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-200 + +patroni: + pgParameters: + max_worker_processes: 16 + max_parallel_workers: 8 + max_connections: 2000 + max_slot_wal_keep_size: "10 GB" + +postgresql: + config: |- + # Connectivity + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '8192 MB' + work_mem = '32 MB' + maintenance_work_mem = '420 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '22 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '25 min' + checkpoint_completion_target = 0.9 + max_wal_size = '16 GB' + min_wal_size = '3 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_parallel_workers_per_gather = 4 + max_parallel_maintenance_workers = 4 + max_parallel_workers = 8 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = off + max_slot_wal_keep_size = 20GB + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 8000m + hugepages-2Mi: 60Mi + memory: 32Gi + requests: + cpu: 100m + memory: 1Gi + +persistentVolume: + enabled: true + size: 200Gi + +shmVolume: + sizeLimit: "16Gi"