Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 3e45d0a3e4fe59195baa584ea287d7f391ebc315 / . / charts / penpot / charts / redis / templates / sentinel / statefulset.yaml
blob: 205d559244943a01465a0268472585d5ff34a2d1 [file] [log] [blame]
Giorgi Lekveishvili3e45d0a2023-06-26 09:53:42 +0400[diff] [blame^]1{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.redis -}}
2{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }}
3apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
4kind: StatefulSet
5metadata:
6 name: {{ printf "%s-node" (include "common.names.fullname" .) }}
7 namespace: {{ .Release.Namespace | quote }}
8 labels: {{- include "common.labels.standard" . | nindent 4 }}
9 app.kubernetes.io/component: node
10 {{- if .Values.commonLabels }}
11 {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
12 {{- end }}
13 {{- if or .Values.commonAnnotations }}
14 annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
15 {{- end }}
16spec:
17 replicas: {{ .Values.replica.replicaCount }}
18 selector:
19 matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
20 app.kubernetes.io/component: node
21 serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }}
22 {{- if .Values.replica.updateStrategy }}
23 updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }}
24 {{- end }}
25 {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.25" (include "common.capabilities.kubeVersion" .)) }}
26 minReadySeconds: {{ .Values.replica.minReadySeconds }}
27 {{- end }}
28 {{- if .Values.replica.podManagementPolicy }}
29 podManagementPolicy: {{ .Values.replica.podManagementPolicy | quote }}
30 {{- end }}
31 template:
32 metadata:
33 labels: {{- include "common.labels.standard" . | nindent 8 }}
34 app.kubernetes.io/component: node
35 {{- if .Values.replica.podLabels }}
36 {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podLabels "context" $ ) | nindent 8 }}
37 {{- end }}
38 {{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
39 {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }}
40 {{- end }}
41 annotations:
42 {{- if (include "redis.createConfigmap" .) }}
43 checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
44 {{- end }}
45 checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
46 checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }}
47 checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
48 {{- if .Values.replica.podAnnotations }}
49 {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }}
50 {{- end }}
51 {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
52 {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }}
53 {{- end }}
54 spec:
55 {{- include "redis.imagePullSecrets" . | nindent 6 }}
56 {{- if .Values.replica.hostAliases }}
57 hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }}
58 {{- end }}
59 {{- if .Values.replica.podSecurityContext.enabled }}
60 securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }}
61 {{- end }}
62 serviceAccountName: {{ template "redis.serviceAccountName" . }}
63 {{- if .Values.replica.priorityClassName }}
64 priorityClassName: {{ .Values.replica.priorityClassName | quote }}
65 {{- end }}
66 {{- if .Values.replica.affinity }}
67 affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }}
68 {{- else }}
69 affinity:
70 podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "node" "context" $) | nindent 10 }}
71 podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "node" "context" $) | nindent 10 }}
72 nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }}
73 {{- end }}
74 {{- if .Values.replica.nodeSelector }}
75 nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }}
76 {{- end }}
77 {{- if .Values.replica.tolerations }}
78 tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }}
79 {{- end }}
80 {{- if .Values.replica.topologySpreadConstraints }}
81 topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.topologySpreadConstraints "context" $) | nindent 8 }}
82 {{- end }}
83 {{- if .Values.replica.shareProcessNamespace }}
84 shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }}
85 {{- end }}
86 {{- if .Values.replica.schedulerName }}
87 schedulerName: {{ .Values.replica.schedulerName | quote }}
88 {{- end }}
89 {{- if .Values.replica.dnsPolicy }}
90 dnsPolicy: {{ .Values.replica.dnsPolicy }}
91 {{- end }}
92 {{- if .Values.replica.dnsConfig }}
93 dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.dnsConfig "context" $) | nindent 8 }}
94 {{- end }}
95 terminationGracePeriodSeconds: {{ .Values.sentinel.terminationGracePeriodSeconds }}
96 containers:
97 - name: redis
98 image: {{ template "redis.image" . }}
99 imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
100 {{- if not .Values.diagnosticMode.enabled }}
101 {{- if .Values.replica.lifecycleHooks }}
102 lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }}
103 {{- else }}
104 lifecycle:
105 preStop:
106 exec:
107 command:
108 - /bin/bash
109 - -c
110 - /opt/bitnami/scripts/start-scripts/prestop-redis.sh
111 {{- end }}
112 {{- end }}
113 {{- if .Values.replica.containerSecurityContext.enabled }}
114 securityContext: {{- omit .Values.replica.containerSecurityContext "enabled" | toYaml | nindent 12 }}
115 {{- end }}
116 {{- if .Values.diagnosticMode.enabled }}
117 command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
118 {{- else if .Values.replica.command }}
119 command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }}
120 {{- else }}
121 command:
122 - /bin/bash
123 {{- end }}
124 {{- if .Values.diagnosticMode.enabled }}
125 args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
126 {{- else if .Values.replica.args }}
127 args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }}
128 {{- else }}
129 args:
130 - -c
131 - /opt/bitnami/scripts/start-scripts/start-node.sh
132 {{- end }}
133 env:
134 - name: BITNAMI_DEBUG
135 value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
136 - name: REDIS_MASTER_PORT_NUMBER
137 value: {{ .Values.replica.containerPorts.redis | quote }}
138 - name: ALLOW_EMPTY_PASSWORD
139 value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
140 {{- if .Values.auth.enabled }}
141 {{- if .Values.auth.usePasswordFiles }}
142 - name: REDIS_PASSWORD_FILE
143 value: "/opt/bitnami/redis/secrets/redis-password"
144 - name: REDIS_MASTER_PASSWORD_FILE
145 value: "/opt/bitnami/redis/secrets/redis-password"
146 {{- else }}
147 - name: REDIS_PASSWORD
148 valueFrom:
149 secretKeyRef:
150 name: {{ template "redis.secretName" . }}
151 key: {{ template "redis.secretPasswordKey" . }}
152 - name: REDIS_MASTER_PASSWORD
153 valueFrom:
154 secretKeyRef:
155 name: {{ template "redis.secretName" . }}
156 key: {{ template "redis.secretPasswordKey" . }}
157 {{- end }}
158 {{- end }}
159 - name: REDIS_TLS_ENABLED
160 value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
161 {{- if .Values.tls.enabled }}
162 - name: REDIS_TLS_PORT
163 value: {{ .Values.replica.containerPorts.redis | quote }}
164 - name: REDIS_TLS_AUTH_CLIENTS
165 value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
166 - name: REDIS_TLS_CERT_FILE
167 value: {{ template "redis.tlsCert" . }}
168 - name: REDIS_TLS_KEY_FILE
169 value: {{ template "redis.tlsCertKey" . }}
170 - name: REDIS_TLS_CA_FILE
171 value: {{ template "redis.tlsCACert" . }}
172 {{- if .Values.tls.dhParamsFilename }}
173 - name: REDIS_TLS_DH_PARAMS_FILE
174 value: {{ template "redis.tlsDHParams" . }}
175 {{- end }}
176 {{- else }}
177 - name: REDIS_PORT
178 value: {{ .Values.replica.containerPorts.redis | quote }}
179 {{- end }}
180 - name: REDIS_SENTINEL_TLS_ENABLED
181 value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
182 {{- if .Values.tls.enabled }}
183 - name: REDIS_SENTINEL_TLS_PORT_NUMBER
184 value: {{ .Values.sentinel.containerPorts.sentinel | quote }}
185 - name: REDIS_SENTINEL_TLS_AUTH_CLIENTS
186 value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
187 - name: REDIS_SENTINEL_TLS_CERT_FILE
188 value: {{ template "redis.tlsCert" . }}
189 - name: REDIS_SENTINEL_TLS_KEY_FILE
190 value: {{ template "redis.tlsCertKey" . }}
191 - name: REDIS_SENTINEL_TLS_CA_FILE
192 value: {{ template "redis.tlsCACert" . }}
193 {{- if .Values.tls.dhParamsFilename }}
194 - name: REDIS_SENTINEL_TLS_DH_PARAMS_FILE
195 value: {{ template "redis.tlsDHParams" . }}
196 {{- end }}
197 {{- else }}
198 - name: REDIS_SENTINEL_PORT
199 value: {{ .Values.sentinel.containerPorts.sentinel | quote }}
200 {{- end }}
201 - name: REDIS_DATA_DIR
202 value: {{ .Values.replica.persistence.path }}
203 {{- if .Values.replica.externalMaster.enabled }}
204 - name: REDIS_EXTERNAL_MASTER_HOST
205 value: {{ .Values.replica.externalMaster.host | quote }}
206 - name: REDIS_EXTERNAL_MASTER_PORT
207 value: {{ .Values.replica.externalMaster.port | quote }}
208 {{- end }}
209 {{- if .Values.replica.extraEnvVars }}
210 {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraEnvVars "context" $ ) | nindent 12 }}
211 {{- end }}
212 {{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }}
213 envFrom:
214 {{- if .Values.replica.extraEnvVarsCM }}
215 - configMapRef:
216 name: {{ .Values.replica.extraEnvVarsCM }}
217 {{- end }}
218 {{- if .Values.replica.extraEnvVarsSecret }}
219 - secretRef:
220 name: {{ .Values.replica.extraEnvVarsSecret }}
221 {{- end }}
222 {{- end }}
223 ports:
224 - name: redis
225 containerPort: {{ .Values.replica.containerPorts.redis }}
226 {{- if not .Values.diagnosticMode.enabled }}
227 {{- if .Values.replica.customStartupProbe }}
228 startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customStartupProbe "context" $) | nindent 12 }}
229 {{- else if .Values.replica.startupProbe.enabled }}
230 startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.replica.startupProbe "enabled") "context" $) | nindent 12 }}
231 exec:
232 command:
233 - sh
234 - -c
235 - /health/ping_liveness_local.sh {{ .Values.replica.livenessProbe.timeoutSeconds }}
236 {{- end }}
237 {{- if .Values.replica.customLivenessProbe }}
238 livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customLivenessProbe "context" $) | nindent 12 }}
239 {{- else if .Values.replica.livenessProbe.enabled }}
240 livenessProbe:
241 initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }}
242 periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }}
243 timeoutSeconds: {{ .Values.replica.livenessProbe.timeoutSeconds }}
244 successThreshold: {{ .Values.replica.livenessProbe.successThreshold }}
245 failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold }}
246 exec:
247 command:
248 - sh
249 - -c
250 - /health/ping_liveness_local.sh {{ .Values.replica.livenessProbe.timeoutSeconds }}
251 {{- end }}
252 {{- if .Values.replica.customReadinessProbe }}
253 readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customReadinessProbe "context" $) | nindent 12 }}
254 {{- else if .Values.replica.readinessProbe.enabled }}
255 readinessProbe:
256 initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }}
257 periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }}
258 timeoutSeconds: {{ .Values.replica.readinessProbe.timeoutSeconds }}
259 successThreshold: {{ .Values.replica.readinessProbe.successThreshold }}
260 failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }}
261 exec:
262 command:
263 - sh
264 - -c
265 - /health/ping_readiness_local.sh {{ .Values.replica.readinessProbe.timeoutSeconds }}
266 {{- end }}
267 {{- end }}
268 {{- if .Values.replica.resources }}
269 resources: {{- toYaml .Values.replica.resources | nindent 12 }}
270 {{- end }}
271 volumeMounts:
272 - name: start-scripts
273 mountPath: /opt/bitnami/scripts/start-scripts
274 - name: health
275 mountPath: /health
276 {{- if .Values.sentinel.persistence.enabled }}
277 - name: sentinel-data
278 mountPath: /opt/bitnami/redis-sentinel/etc
279 {{- end }}
280 {{- if .Values.auth.usePasswordFiles }}
281 - name: redis-password
282 mountPath: /opt/bitnami/redis/secrets/
283 {{- end }}
284 - name: redis-data
285 mountPath: {{ .Values.replica.persistence.path }}
286 {{- if .Values.replica.persistence.subPath }}
287 subPath: {{ .Values.replica.persistence.subPath }}
288 {{- else if .Values.replica.persistence.subPathExpr }}
289 subPathExpr: {{ .Values.replica.persistence.subPathExpr }}
290 {{- end }}
291 - name: config
292 mountPath: /opt/bitnami/redis/mounted-etc
293 - name: redis-tmp-conf
294 mountPath: /opt/bitnami/redis/etc
295 - name: tmp
296 mountPath: /tmp
297 {{- if .Values.tls.enabled }}
298 - name: redis-certificates
299 mountPath: /opt/bitnami/redis/certs
300 readOnly: true
301 {{- end }}
302 {{- if .Values.replica.extraVolumeMounts }}
303 {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }}
304 {{- end }}
305 - name: sentinel
306 image: {{ template "redis.sentinel.image" . }}
307 imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }}
308 {{- if not .Values.diagnosticMode.enabled }}
309 {{- if .Values.sentinel.lifecycleHooks }}
310 lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.lifecycleHooks "context" $) | nindent 12 }}
311 {{- else }}
312 lifecycle:
313 preStop:
314 exec:
315 command:
316 - /bin/bash
317 - -c
318 - /opt/bitnami/scripts/start-scripts/prestop-sentinel.sh
319 {{- end }}
320 {{- end }}
321 {{- if .Values.sentinel.containerSecurityContext.enabled }}
322 securityContext: {{- omit .Values.sentinel.containerSecurityContext "enabled" | toYaml | nindent 12 }}
323 {{- end }}
324 {{- if .Values.diagnosticMode.enabled }}
325 command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
326 {{- else if .Values.sentinel.command }}
327 command: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.command "context" $) | nindent 12 }}
328 {{- else }}
329 command:
330 - /bin/bash
331 {{- end }}
332 {{- if .Values.diagnosticMode.enabled }}
333 args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
334 {{- else if .Values.sentinel.args }}
335 args: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.args "context" $) | nindent 12 }}
336 {{- else }}
337 args:
338 - -c
339 - /opt/bitnami/scripts/start-scripts/start-sentinel.sh
340 {{- end }}
341 env:
342 - name: BITNAMI_DEBUG
343 value: {{ ternary "true" "false" (or .Values.sentinel.image.debug .Values.diagnosticMode.enabled) | quote }}
344 {{- if .Values.auth.enabled }}
345 {{- if .Values.auth.usePasswordFiles }}
346 - name: REDIS_PASSWORD_FILE
347 value: "/opt/bitnami/redis/secrets/redis-password"
348 {{- else }}
349 - name: REDIS_PASSWORD
350 valueFrom:
351 secretKeyRef:
352 name: {{ template "redis.secretName" . }}
353 key: {{ template "redis.secretPasswordKey" . }}
354 {{- end }}
355 {{- else }}
356 - name: ALLOW_EMPTY_PASSWORD
357 value: "yes"
358 {{- end }}
359 - name: REDIS_SENTINEL_TLS_ENABLED
360 value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
361 {{- if .Values.tls.enabled }}
362 - name: REDIS_SENTINEL_TLS_PORT_NUMBER
363 value: {{ .Values.sentinel.containerPorts.sentinel | quote }}
364 - name: REDIS_SENTINEL_TLS_AUTH_CLIENTS
365 value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
366 - name: REDIS_SENTINEL_TLS_CERT_FILE
367 value: {{ template "redis.tlsCert" . }}
368 - name: REDIS_SENTINEL_TLS_KEY_FILE
369 value: {{ template "redis.tlsCertKey" . }}
370 - name: REDIS_SENTINEL_TLS_CA_FILE
371 value: {{ template "redis.tlsCACert" . }}
372 {{- if .Values.tls.dhParamsFilename }}
373 - name: REDIS_SENTINEL_TLS_DH_PARAMS_FILE
374 value: {{ template "redis.tlsDHParams" . }}
375 {{- end }}
376 {{- else }}
377 - name: REDIS_SENTINEL_PORT
378 value: {{ .Values.sentinel.containerPorts.sentinel | quote }}
379 {{- end }}
380 {{- if .Values.sentinel.externalMaster.enabled }}
381 - name: REDIS_EXTERNAL_MASTER_HOST
382 value: {{ .Values.sentinel.externalMaster.host | quote }}
383 - name: REDIS_EXTERNAL_MASTER_PORT
384 value: {{ .Values.sentinel.externalMaster.port | quote }}
385 {{- end }}
386 {{- if .Values.sentinel.extraEnvVars }}
387 {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraEnvVars "context" $ ) | nindent 12 }}
388 {{- end }}
389 {{- if or .Values.sentinel.extraEnvVarsCM .Values.sentinel.extraEnvVarsSecret }}
390 envFrom:
391 {{- if .Values.sentinel.extraEnvVarsCM }}
392 - configMapRef:
393 name: {{ .Values.sentinel.extraEnvVarsCM }}
394 {{- end }}
395 {{- if .Values.sentinel.extraEnvVarsSecret }}
396 - secretRef:
397 name: {{ .Values.sentinel.extraEnvVarsSecret }}
398 {{- end }}
399 {{- end }}
400 ports:
401 - name: redis-sentinel
402 containerPort: {{ .Values.sentinel.containerPorts.sentinel }}
403 {{- if not .Values.diagnosticMode.enabled }}
404 {{- if .Values.sentinel.customStartupProbe }}
405 startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customStartupProbe "context" $) | nindent 12 }}
406 {{- else if .Values.sentinel.startupProbe.enabled }}
407 startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.sentinel.startupProbe "enabled") "context" $) | nindent 12 }}
408 exec:
409 command:
410 - sh
411 - -c
412 - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
413 {{- end }}
414 {{- if .Values.sentinel.customLivenessProbe }}
415 livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customLivenessProbe "context" $) | nindent 12 }}
416 {{- else if .Values.sentinel.livenessProbe.enabled }}
417 livenessProbe:
418 initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }}
419 periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }}
420 timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
421 successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }}
422 failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }}
423 exec:
424 command:
425 - sh
426 - -c
427 - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
428 {{- end }}
429 {{- end }}
430 {{- if not .Values.diagnosticMode.enabled }}
431 {{- if .Values.sentinel.customReadinessProbe }}
432 readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customReadinessProbe "context" $) | nindent 12 }}
433 {{- else if .Values.sentinel.readinessProbe.enabled }}
434 readinessProbe:
435 initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }}
436 periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }}
437 timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
438 successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }}
439 failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }}
440 exec:
441 command:
442 - sh
443 - -c
444 - /health/ping_sentinel.sh {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
445 {{- end }}
446 {{- end }}
447 {{- if .Values.sentinel.resources }}
448 resources: {{- toYaml .Values.sentinel.resources | nindent 12 }}
449 {{- end }}
450 volumeMounts:
451 - name: start-scripts
452 mountPath: /opt/bitnami/scripts/start-scripts
453 - name: health
454 mountPath: /health
455 - name: sentinel-data
456 mountPath: /opt/bitnami/redis-sentinel/etc
457 {{- if .Values.auth.usePasswordFiles }}
458 - name: redis-password
459 mountPath: /opt/bitnami/redis/secrets/
460 {{- end }}
461 - name: redis-data
462 mountPath: {{ .Values.replica.persistence.path }}
463 {{- if .Values.replica.persistence.subPath }}
464 subPath: {{ .Values.replica.persistence.subPath }}
465 {{- else if .Values.replica.persistence.subPathExpr }}
466 subPathExpr: {{ .Values.replica.persistence.subPathExpr }}
467 {{- end }}
468 - name: config
469 mountPath: /opt/bitnami/redis-sentinel/mounted-etc
470 {{- if .Values.tls.enabled }}
471 - name: redis-certificates
472 mountPath: /opt/bitnami/redis/certs
473 readOnly: true
474 {{- end }}
475 {{- if .Values.sentinel.extraVolumeMounts }}
476 {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumeMounts "context" $ ) | nindent 12 }}
477 {{- end }}
478 {{- if .Values.metrics.enabled }}
479 - name: metrics
480 image: {{ template "redis.metrics.image" . }}
481 imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
482 {{- if .Values.metrics.containerSecurityContext.enabled }}
483 securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
484 {{- end }}
485 {{- if .Values.diagnosticMode.enabled }}
486 command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
487 {{- else }}
488 command:
489 - /bin/bash
490 - -c
491 - |
492 if [[ -f '/secrets/redis-password' ]]; then
493 export REDIS_PASSWORD=$(cat /secrets/redis-password)
494 fi
495 redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
496 {{- end }}
497 {{- if .Values.diagnosticMode.enabled }}
498 args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
499 {{- end }}
500 env:
501 - name: REDIS_ALIAS
502 value: {{ template "common.names.fullname" . }}
503 {{- if .Values.auth.enabled }}
504 - name: REDIS_USER
505 value: default
506 {{- if (not .Values.auth.usePasswordFiles) }}
507 - name: REDIS_PASSWORD
508 valueFrom:
509 secretKeyRef:
510 name: {{ template "redis.secretName" . }}
511 key: {{ template "redis.secretPasswordKey" . }}
512 {{- end }}
513 {{- end }}
514 {{- if .Values.tls.enabled }}
515 - name: REDIS_ADDR
516 value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.replica.containerPorts.redis }}
517 {{- if .Values.tls.authClients }}
518 - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
519 value: {{ template "redis.tlsCertKey" . }}
520 - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
521 value: {{ template "redis.tlsCert" . }}
522 {{- end }}
523 - name: REDIS_EXPORTER_TLS_CA_CERT_FILE
524 value: {{ template "redis.tlsCACert" . }}
525 {{- end }}
526 {{- if .Values.metrics.extraEnvVars }}
527 {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }}
528 {{- end }}
529 ports:
530 - name: metrics
531 containerPort: 9121
532 {{- if not .Values.diagnosticMode.enabled }}
533 {{- if .Values.metrics.customStartupProbe }}
534 startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
535 {{- else if .Values.metrics.startupProbe.enabled }}
536 startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }}
537 tcpSocket:
538 port: metrics
539 {{- end }}
540 {{- if .Values.metrics.customLivenessProbe }}
541 livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }}
542 {{- else if .Values.metrics.livenessProbe.enabled }}
543 livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }}
544 tcpSocket:
545 port: metrics
546 {{- end }}
547 {{- if .Values.metrics.customReadinessProbe }}
548 readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }}
549 {{- else if .Values.metrics.readinessProbe.enabled }}
550 readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }}
551 httpGet:
552 path: /
553 port: metrics
554 {{- end }}
555 {{- end }}
556 {{- if .Values.metrics.resources }}
557 resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
558 {{- end }}
559 volumeMounts:
560 {{- if .Values.auth.usePasswordFiles }}
561 - name: redis-password
562 mountPath: /secrets/
563 {{- end }}
564 {{- if .Values.tls.enabled }}
565 - name: redis-certificates
566 mountPath: /opt/bitnami/redis/certs
567 readOnly: true
568 {{- end }}
569 {{- if .Values.metrics.extraVolumeMounts }}
570 {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }}
571 {{- end }}
572 {{- end }}
573 {{- if .Values.replica.sidecars }}
574 {{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }}
575 {{- end }}
576 {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }}
577 {{- if or .Values.replica.initContainers $needsVolumePermissions .Values.sysctl.enabled }}
578 initContainers:
579 {{- if .Values.replica.initContainers }}
580 {{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }}
581 {{- end }}
582 {{- if $needsVolumePermissions }}
583 - name: volume-permissions
584 image: {{ include "redis.volumePermissions.image" . }}
585 imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
586 command:
587 - /bin/bash
588 - -ec
589 - |
590 {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
591 chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }}
592 {{- else }}
593 chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }}
594 {{- end }}
595 {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
596 securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }}
597 {{- else }}
598 securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }}
599 {{- end }}
600 {{- if .Values.volumePermissions.resources }}
601 resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
602 {{- end }}
603 volumeMounts:
604 - name: redis-data
605 mountPath: {{ .Values.replica.persistence.path }}
606 {{- if .Values.replica.persistence.subPath }}
607 subPath: {{ .Values.replica.persistence.subPath }}
608 {{- else if .Values.replica.persistence.subPathExpr }}
609 subPathExpr: {{ .Values.replica.persistence.subPathExpr }}
610 {{- end }}
611 {{- end }}
612 {{- if .Values.sysctl.enabled }}
613 - name: init-sysctl
614 image: {{ include "redis.sysctl.image" . }}
615 imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }}
616 securityContext:
617 privileged: true
618 runAsUser: 0
619 {{- if .Values.sysctl.command }}
620 command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }}
621 {{- end }}
622 {{- if .Values.sysctl.resources }}
623 resources: {{- toYaml .Values.sysctl.resources | nindent 12 }}
624 {{- end }}
625 {{- if .Values.sysctl.mountHostSys }}
626 volumeMounts:
627 - name: host-sys
628 mountPath: /host-sys
629 {{- end }}
630 {{- end }}
631 {{- end }}
632 volumes:
633 - name: start-scripts
634 configMap:
635 name: {{ printf "%s-scripts" (include "common.names.fullname" .) }}
636 defaultMode: 0755
637 - name: health
638 configMap:
639 name: {{ printf "%s-health" (include "common.names.fullname" .) }}
640 defaultMode: 0755
641 {{- if .Values.auth.usePasswordFiles }}
642 - name: redis-password
643 secret:
644 secretName: {{ template "redis.secretName" . }}
645 items:
646 - key: {{ template "redis.secretPasswordKey" . }}
647 path: redis-password
648 {{- end }}
649 - name: config
650 configMap:
651 name: {{ include "redis.configmapName" . }}
652 {{- if .Values.sysctl.mountHostSys }}
653 - name: host-sys
654 hostPath:
655 path: /sys
656 {{- end }}
657 {{- if not .Values.sentinel.persistence.enabled }}
658 - name: sentinel-data
659 {{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }}
660 emptyDir:
661 {{- if .Values.sentinel.persistence.medium }}
662 medium: {{ .Values.sentinel.persistence.medium | quote }}
663 {{- end }}
664 {{- if .Values.sentinel.persistence.sizeLimit }}
665 sizeLimit: {{ .Values.sentinel.persistence.sizeLimit | quote }}
666 {{- end }}
667 {{- else }}
668 emptyDir: {}
669 {{- end }}
670 {{- end }}
671 - name: redis-tmp-conf
672 {{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }}
673 emptyDir:
674 {{- if .Values.sentinel.persistence.medium }}
675 medium: {{ .Values.sentinel.persistence.medium | quote }}
676 {{- end }}
677 {{- if .Values.sentinel.persistence.sizeLimit }}
678 sizeLimit: {{ .Values.sentinel.persistence.sizeLimit | quote }}
679 {{- end }}
680 {{- else }}
681 emptyDir: {}
682 {{- end }}
683 - name: tmp
684 {{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }}
685 emptyDir:
686 {{- if .Values.sentinel.persistence.medium }}
687 medium: {{ .Values.sentinel.persistence.medium | quote }}
688 {{- end }}
689 {{- if .Values.sentinel.persistence.sizeLimit }}
690 sizeLimit: {{ .Values.sentinel.persistence.sizeLimit | quote }}
691 {{- end }}
692 {{- else }}
693 emptyDir: {}
694 {{- end }}
695 {{- if .Values.replica.extraVolumes }}
696 {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }}
697 {{- end }}
698 {{- if .Values.metrics.extraVolumes }}
699 {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }}
700 {{- end }}
701 {{- if .Values.sentinel.extraVolumes }}
702 {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumes "context" $ ) | nindent 8 }}
703 {{- end }}
704 {{- if .Values.tls.enabled }}
705 - name: redis-certificates
706 secret:
707 secretName: {{ include "redis.tlsSecretName" . }}
708 defaultMode: 256
709 {{- end }}
710 {{- if not .Values.replica.persistence.enabled }}
711 - name: redis-data
712 {{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }}
713 emptyDir:
714 {{- if .Values.sentinel.persistence.medium }}
715 medium: {{ .Values.sentinel.persistence.medium | quote }}
716 {{- end }}
717 {{- if .Values.sentinel.persistence.sizeLimit }}
718 sizeLimit: {{ .Values.sentinel.persistence.sizeLimit | quote }}
719 {{- end }}
720 {{- else }}
721 emptyDir: {}
722 {{- end }}
723 {{- else if .Values.replica.persistence.existingClaim }}
724 - name: redis-data
725 persistentVolumeClaim:
726 claimName: {{ printf "%s" (tpl .Values.replica.persistence.existingClaim .) }}
727 {{- else }}
728 volumeClaimTemplates:
729 - metadata:
730 name: redis-data
731 labels: {{- include "common.labels.matchLabels" . | nindent 10 }}
732 app.kubernetes.io/component: node
733 {{- if .Values.replica.persistence.annotations }}
734 annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }}
735 {{- end }}
736 spec:
737 accessModes:
738 {{- range .Values.replica.persistence.accessModes }}
739 - {{ . | quote }}
740 {{- end }}
741 resources:
742 requests:
743 storage: {{ .Values.replica.persistence.size | quote }}
744 {{- if .Values.replica.persistence.selector }}
745 selector: {{- include "common.tplvalues.render" ( dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }}
746 {{- end }}
747 {{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }}
748 {{- if .Values.sentinel.persistence.enabled }}
749 - metadata:
750 name: sentinel-data
751 labels: {{- include "common.labels.matchLabels" . | nindent 10 }}
752 app.kubernetes.io/component: node
753 {{- if .Values.sentinel.persistence.annotations }}
754 annotations: {{- toYaml .Values.sentinel.persistence.annotations | nindent 10 }}
755 {{- end }}
756 spec:
757 accessModes:
758 {{- range .Values.sentinel.persistence.accessModes }}
759 - {{ . | quote }}
760 {{- end }}
761 resources:
762 requests:
763 storage: {{ .Values.sentinel.persistence.size | quote }}
764 {{- if .Values.sentinel.persistence.selector }}
765 selector: {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.persistence.selector "context" $) | nindent 10 }}
766 {{- end }}
767 {{- if .Values.sentinel.persistence.dataSource }}
768 dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.persistence.dataSource "context" $) | nindent 10 }}
769 {{- end }}
770 {{- include "common.storage.class" (dict "persistence" .Values.sentinel.persistence "global" .Values.global) | nindent 8 }}
771 {{- end }}
772 {{- end }}
773{{- end }}
774{{- end }}