[AUTOMATED] Auto-update charts on main-source (#990)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>pull/993/head
github-actions[bot]
GitHub
parent
a9afca1814
commit
a5820e5da9
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -1,7 +1,7 @@
|
|||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- kind: changed
|
||||
description: Updated Redis image tag to 7.2.4
|
||||
description: Bump argo-cd to v2.10.3
|
||||
artifacthub.io/signKey: |
|
||||
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
|
||||
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
|
||||
|
|
@ -11,7 +11,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.23.0-0'
|
||||
catalog.cattle.io/release-name: argo-cd
|
||||
apiVersion: v2
|
||||
appVersion: v2.10.1
|
||||
appVersion: v2.10.3
|
||||
dependencies:
|
||||
- condition: redis-ha.enabled
|
||||
name: redis-ha
|
||||
|
|
@ -33,4 +33,4 @@ name: argo-cd
|
|||
sources:
|
||||
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
|
||||
- https://github.com/argoproj/argo-cd
|
||||
version: 6.2.3
|
||||
version: 6.7.2
|
||||
|
|
|
|||
|
|
@ -278,6 +278,15 @@ For full list of changes please check ArtifactHub [changelog].
|
|||
|
||||
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
|
||||
|
||||
### 6.4.0
|
||||
|
||||
Added support for application controller dynamic cluster distribution.
|
||||
Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information.
|
||||
|
||||
Added env variables to handle the non-standard names generated by the helm chart.
|
||||
Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/)
|
||||
and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252)
|
||||
|
||||
### 6.1.0
|
||||
|
||||
Added support for global domain used by all components.
|
||||
|
|
@ -720,12 +729,15 @@ NAME: my-release
|
|||
| controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource |
|
||||
| controller.containerPorts.metrics | int | `8082` | Metrics container port |
|
||||
| controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
|
||||
| controller.deploymentAnnotations | object | `{}` | Annotations for the application controller Deployment |
|
||||
| controller.dnsConfig | object | `{}` | [DNS configuration] |
|
||||
| controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods |
|
||||
| controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution |
|
||||
| controller.env | list | `[]` | Environment variables to pass to application controller |
|
||||
| controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller |
|
||||
| controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller |
|
||||
| controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod |
|
||||
| controller.heartbeatTime | int | `10` | Application controller heartbeat time Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution |
|
||||
| controller.hostNetwork | bool | `false` | Host Network for application controller pods |
|
||||
| controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller |
|
||||
| controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller |
|
||||
|
|
@ -940,7 +952,7 @@ NAME: my-release
|
|||
| server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server |
|
||||
| server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
|
||||
| server.ingress.annotations | object | `{}` | Additional ingress annotations |
|
||||
| server.ingress.aws.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service |
|
||||
| server.ingress.aws.backendProtocolVersion | string | `"GRPC"` | Backend protocol version for the AWS ALB gRPC service |
|
||||
| server.ingress.aws.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service |
|
||||
| server.ingress.controller | string | `"generic"` | Specific implementation for ingress controller. One of `generic`, `aws` or `gke` |
|
||||
| server.ingress.enabled | bool | `false` | Enable an ingress resource for the Argo CD server |
|
||||
|
|
@ -1077,6 +1089,9 @@ NAME: my-release
|
|||
| dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag |
|
||||
| dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 |
|
||||
| dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
|
||||
| dex.livenessProbe.httpPath | string | `"/healthz/live"` | Http path to use for the liveness probe |
|
||||
| dex.livenessProbe.httpPort | string | `"metrics"` | Http port to use for the liveness probe |
|
||||
| dex.livenessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) |
|
||||
| dex.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
|
||||
| dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
|
||||
| dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
|
||||
|
|
@ -1109,6 +1124,9 @@ NAME: my-release
|
|||
| dex.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the dex pods |
|
||||
| dex.readinessProbe.enabled | bool | `false` | Enable Kubernetes readiness probe for Dex >= 2.28.0 |
|
||||
| dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
|
||||
| dex.readinessProbe.httpPath | string | `"/healthz/ready"` | Http path to use for the readiness probe |
|
||||
| dex.readinessProbe.httpPort | string | `"metrics"` | Http port to use for the readiness probe |
|
||||
| dex.readinessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) |
|
||||
| dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
|
||||
| dex.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
|
||||
| dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
|
||||
|
|
@ -1284,6 +1302,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
|
|||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
|
||||
| applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature |
|
||||
| applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
|
||||
| applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate |
|
||||
| applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) |
|
||||
|
|
@ -1446,6 +1465,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
|
|||
| notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret |
|
||||
| notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret |
|
||||
| notifications.secret.labels | object | `{}` | key:value pairs of labels to be added to the secret |
|
||||
| notifications.secret.name | string | `"argocd-notifications-secret"` | notifications controller Secret name |
|
||||
| notifications.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
|
||||
| notifications.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
|
||||
| notifications.serviceAccount.create | bool | `true` | Create notifications controller service account |
|
||||
|
|
|
|||
|
|
@ -0,0 +1,357 @@
|
|||
{{- if .Values.controller.dynamicClusterDistribution }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }}
|
||||
annotations:
|
||||
{{- range $key, $value := . }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
name: {{ template "argo-cd.controller.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels:
|
||||
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.controller.replicas }}
|
||||
revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
|
||||
{{- if .Values.configs.cm.create }}
|
||||
checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
|
||||
{{- range $key, $value := . }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.global.hostAliases }}
|
||||
hostAliases:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.global.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }}
|
||||
priorityClassName: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }}
|
||||
containers:
|
||||
- args:
|
||||
- /usr/local/bin/argocd-application-controller
|
||||
- --metrics-port={{ .Values.controller.containerPorts.metrics }}
|
||||
{{- if .Values.controller.metrics.applicationLabels.enabled }}
|
||||
{{- range .Values.controller.metrics.applicationLabels.labels }}
|
||||
- --metrics-application-labels
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.extraArgs }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }}
|
||||
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
|
||||
name: {{ .Values.controller.name }}
|
||||
env:
|
||||
{{- with (concat .Values.global.env .Values.controller.env) }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
- name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION
|
||||
value: "true"
|
||||
- name: ARGOCD_CONTROLLER_HEARTBEAT_TIME
|
||||
value: {{ .Values.controller.heartbeatTime | quote }}
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_NAME
|
||||
value: {{ template "argo-cd.controller.fullname" . }}
|
||||
- name: ARGOCD_RECONCILIATION_TIMEOUT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cm
|
||||
key: timeout.reconciliation
|
||||
optional: true
|
||||
- name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cm
|
||||
key: timeout.hard.reconciliation
|
||||
optional: true
|
||||
- name: ARGOCD_RECONCILIATION_JITTER
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: timeout.reconciliation.jitter
|
||||
name: argocd-cm
|
||||
optional: true
|
||||
- name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.repo.error.grace.period.seconds
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: repo.server
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.repo.server.timeout.seconds
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.status.processors
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.operation.processors
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.log.format
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.log.level
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.metrics.cache.expiration
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.self.heal.timeout.seconds
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.repo.server.plaintext
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.repo.server.strict.tls
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.resource.health.persist
|
||||
optional: true
|
||||
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.app.state.cache.expiration
|
||||
optional: true
|
||||
- name: REDIS_SERVER
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: redis.server
|
||||
optional: true
|
||||
- name: REDIS_COMPRESSION
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: redis.compression
|
||||
optional: true
|
||||
- name: REDISDB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: redis.db
|
||||
optional: true
|
||||
- name: REDIS_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
|
||||
key: redis-username
|
||||
optional: true
|
||||
- name: REDIS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
|
||||
key: redis-password
|
||||
optional: true
|
||||
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.default.cache.expiration
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: otlp.address
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: otlp.insecure
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: otlp.headers
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_NAMESPACES
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: application.namespaces
|
||||
optional: true
|
||||
- name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.sharding.algorithm
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.kubectl.parallelism.limit
|
||||
optional: true
|
||||
- name: ARGOCD_K8SCLIENT_RETRY_MAX
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.k8sclient.retry.max
|
||||
optional: true
|
||||
- name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.k8sclient.retry.base.backoff
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: controller.diff.server.side
|
||||
optional: true
|
||||
{{- with .Values.controller.envFrom }}
|
||||
envFrom:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: {{ .Values.controller.containerPorts.metrics }}
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: metrics
|
||||
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
|
||||
resources:
|
||||
{{- toYaml .Values.controller.resources | nindent 10 }}
|
||||
{{- with .Values.controller.containerSecurityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
workingDir: /home/argocd
|
||||
volumeMounts:
|
||||
{{- with .Values.controller.volumeMounts }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
- mountPath: /app/config/controller/tls
|
||||
name: argocd-repo-server-tls
|
||||
- mountPath: /home/argocd
|
||||
name: argocd-home
|
||||
{{- with .Values.controller.extraContainers }}
|
||||
{{- tpl (toYaml .) $ | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.initContainers }}
|
||||
initContainers:
|
||||
{{- tpl (toYaml .) $ | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }}
|
||||
affinity:
|
||||
{{- trim . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.tolerations | default .Values.global.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
|
||||
topologySpreadConstraints:
|
||||
{{- range $constraint := . }}
|
||||
- {{ toYaml $constraint | nindent 8 | trim }}
|
||||
{{- if not $constraint.labelSelector }}
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
{{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- with .Values.controller.volumes }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
- name: argocd-home
|
||||
emptyDir: {}
|
||||
- name: argocd-repo-server-tls
|
||||
secret:
|
||||
secretName: argocd-repo-server-tls
|
||||
optional: true
|
||||
items:
|
||||
- key: tls.crt
|
||||
path: tls.crt
|
||||
- key: tls.key
|
||||
path: tls.key
|
||||
- key: ca.crt
|
||||
path: ca.crt
|
||||
{{- if .Values.controller.hostNetwork }}
|
||||
hostNetwork: {{ .Values.controller.hostNetwork }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
dnsPolicy: {{ .Values.controller.dnsPolicy }}
|
||||
{{- end }}
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
{{- if not .Values.controller.dynamicClusterDistribution | default false }}
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
|
|
@ -77,6 +78,8 @@ spec:
|
|||
{{- end }}
|
||||
- name: ARGOCD_CONTROLLER_REPLICAS
|
||||
value: {{ .Values.controller.replicas | quote }}
|
||||
- name: ARGOCD_APPLICATION_CONTROLLER_NAME
|
||||
value: {{ template "argo-cd.controller.fullname" . }}
|
||||
- name: ARGOCD_RECONCILIATION_TIMEOUT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
|
|
@ -350,3 +353,4 @@ spec:
|
|||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
dnsPolicy: {{ .Values.controller.dnsPolicy }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,89 @@
|
|||
{{- if .Values.applicationSet.allowAnyNamespace }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ include "argo-cd.applicationSet.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels:
|
||||
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- applications
|
||||
- applicationsets
|
||||
- applicationsets/finalizers
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- applicationsets/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- appprojects
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- apps
|
||||
- extensions
|
||||
resources:
|
||||
- deployments
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
{{- if .Values.applicationSet.allowAnyNamespace }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ template "argo-cd.applicationSet.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels:
|
||||
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "argo-cd.applicationSet.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "argo-cd.applicationSet.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
|
|
@ -24,7 +24,7 @@ spec:
|
|||
http:
|
||||
paths:
|
||||
{{- with .Values.applicationSet.ingress.extraPaths }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- tpl (toYaml .) $ | nindent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ .Values.applicationSet.ingress.path }}
|
||||
pathType: {{ .Values.applicationSet.ingress.pathType }}
|
||||
|
|
@ -46,7 +46,7 @@ spec:
|
|||
number: {{ $.Values.applicationSet.service.port }}
|
||||
{{- end }}
|
||||
{{- with .Values.applicationSet.ingress.extraRules }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }}
|
||||
tls:
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: argocd-notifications-secret
|
||||
name: {{ .Values.notifications.secret.name }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels:
|
||||
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
|
||||
|
|
|
|||
|
|
@ -38,14 +38,12 @@ rules:
|
|||
verbs:
|
||||
- get
|
||||
{{- end }}
|
||||
{{- if .Values.notifications.secret.create }}
|
||||
- apiGroups:
|
||||
- ""
|
||||
resourceNames:
|
||||
- argocd-notifications-secret
|
||||
- {{ .Values.notifications.secret.name }}
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -66,6 +66,7 @@ spec:
|
|||
- --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }}
|
||||
- --namespace={{ .Release.Namespace }}
|
||||
- --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
|
||||
- --secret-name={{ .Values.notifications.secret.name }}
|
||||
{{- range .Values.notifications.extraArgs }}
|
||||
- {{ . | squote }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ rules:
|
|||
- apiGroups:
|
||||
- ""
|
||||
resourceNames:
|
||||
- argocd-notifications-secret
|
||||
- {{ .Values.notifications.secret.name }}
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
|
|
|
|||
|
|
@ -85,6 +85,8 @@ spec:
|
|||
- name: USER_NAME
|
||||
value: argocd
|
||||
{{- end }}
|
||||
- name: ARGOCD_REPO_SERVER_NAME
|
||||
value: {{ template "argo-cd.repoServer.fullname" . }}
|
||||
- name: ARGOCD_RECONCILIATION_TIMEOUT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ spec:
|
|||
http:
|
||||
paths:
|
||||
{{- with .Values.server.ingress.extraPaths }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- tpl (toYaml .) $ | nindent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ .Values.server.ingress.path }}
|
||||
pathType: {{ $.Values.server.ingressGrpc.pathType }}
|
||||
|
|
@ -55,7 +55,7 @@ spec:
|
|||
number: {{ $servicePort }}
|
||||
{{- end }}
|
||||
{{- with .Values.server.ingress.extraRules }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
|
||||
tls:
|
||||
|
|
|
|||
|
|
@ -75,6 +75,8 @@ spec:
|
|||
{{- with (concat .Values.global.env .Values.server.env) }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
- name: ARGOCD_SERVER_NAME
|
||||
value: {{ template "argo-cd.server.fullname" . }}
|
||||
- name: ARGOCD_SERVER_INSECURE
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ spec:
|
|||
http:
|
||||
paths:
|
||||
{{- with .Values.server.ingress.extraPaths }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- tpl (toYaml .) $ | nindent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ .Values.server.ingress.path }}
|
||||
pathType: {{ .Values.server.ingress.pathType }}
|
||||
|
|
@ -53,7 +53,7 @@ spec:
|
|||
number: {{ $servicePort }}
|
||||
{{- end }}
|
||||
{{- with .Values.server.ingress.extraRules }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
|
||||
tls:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}}
|
||||
{{- if .Values.server.ingressGrpc.enabled -}}
|
||||
{{- $hostname := printf "grpc.%s" (.Values.server.ingress.hostname | default .Values.global.domain) -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
|
|
@ -25,7 +25,7 @@ spec:
|
|||
http:
|
||||
paths:
|
||||
{{- with .Values.server.ingressGrpc.extraPaths }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- tpl (toYaml .) $ | nindent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ .Values.server.ingressGrpc.path }}
|
||||
pathType: {{ .Values.server.ingressGrpc.pathType }}
|
||||
|
|
@ -47,13 +47,13 @@ spec:
|
|||
number: {{ $.Values.server.service.servicePortHttps }}
|
||||
{{- end }}
|
||||
{{- with .Values.server.ingressGrpc.extraRules }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.server.ingressGrpc.tls .Values.server.ingressGrpc.extraTls }}
|
||||
tls:
|
||||
{{- if .Values.server.ingressGrpc.tls }}
|
||||
- hosts:
|
||||
- {{ $hostname }}
|
||||
- {{ .Values.server.ingressGrpc.hostname | default $hostname }}
|
||||
secretName: argocd-server-grpc-tls
|
||||
{{- end }}
|
||||
{{- with .Values.server.ingressGrpc.extraTls }}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ spec:
|
|||
http:
|
||||
paths:
|
||||
{{- with .Values.server.ingress.extraPaths }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- tpl (toYaml .) $ | nindent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ .Values.server.ingress.path }}
|
||||
pathType: {{ $.Values.server.ingress.pathType }}
|
||||
|
|
@ -48,7 +48,7 @@ spec:
|
|||
number: {{ $servicePort }}
|
||||
{{- end }}
|
||||
{{- with .Values.server.ingress.extraRules }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
|
||||
tls:
|
||||
|
|
|
|||
|
|
@ -99,8 +99,9 @@ spec:
|
|||
{{- if .Values.dex.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz/live
|
||||
port: metrics
|
||||
path: {{ .Values.dex.livenessProbe.httpPath }}
|
||||
port: {{ .Values.dex.livenessProbe.httpPort }}
|
||||
scheme: {{ .Values.dex.livenessProbe.httpScheme }}
|
||||
initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }}
|
||||
|
|
@ -110,8 +111,9 @@ spec:
|
|||
{{- if .Values.dex.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz/ready
|
||||
port: metrics
|
||||
path: {{ .Values.dex.readinessProbe.httpPath }}
|
||||
port: {{ .Values.dex.readinessProbe.httpPort }}
|
||||
scheme: {{ .Values.dex.readinessProbe.httpScheme }}
|
||||
initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }}
|
||||
|
|
|
|||
|
|
@ -193,7 +193,7 @@ spec:
|
|||
- name: health
|
||||
configMap:
|
||||
name: {{ include "argo-cd.redis.fullname" . }}-health-configmap
|
||||
defaultMode: 0755
|
||||
defaultMode: 493
|
||||
{{- with .Values.redis.volumes }}
|
||||
{{- toYaml . | nindent 8}}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -577,8 +577,22 @@ controller:
|
|||
|
||||
# -- The number of application controller pods to run.
|
||||
# Additional replicas will cause sharding of managed clusters across number of replicas.
|
||||
## With dynamic cluster distribution turned on, sharding of the clusters will gracefully
|
||||
## rebalance if the number of replica's changes or one becomes unhealthy. (alpha)
|
||||
replicas: 1
|
||||
|
||||
# -- Enable dynamic cluster distribution (alpha)
|
||||
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution
|
||||
## This is done using a deployment instead of a statefulSet
|
||||
## When replicas are added or removed, the sharding algorithm is re-run to ensure that the
|
||||
## clusters are distributed according to the algorithm. If the algorithm is well-balanced,
|
||||
## like round-robin, then the shards will be well-balanced.
|
||||
dynamicClusterDistribution: false
|
||||
|
||||
# -- Application controller heartbeat time
|
||||
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution
|
||||
heartbeatTime: 10
|
||||
|
||||
# -- Maximum number of controller revisions that will be maintained in StatefulSet history
|
||||
revisionHistoryLimit: 5
|
||||
|
||||
|
|
@ -662,6 +676,9 @@ controller:
|
|||
# -- Annotations for the application controller StatefulSet
|
||||
statefulsetAnnotations: {}
|
||||
|
||||
# -- Annotations for the application controller Deployment
|
||||
deploymentAnnotations: {}
|
||||
|
||||
# -- Annotations to be added to application controller pods
|
||||
podAnnotations: {}
|
||||
|
||||
|
|
@ -1039,6 +1056,12 @@ dex:
|
|||
livenessProbe:
|
||||
# -- Enable Kubernetes liveness probe for Dex >= 2.28.0
|
||||
enabled: false
|
||||
# -- Http path to use for the liveness probe
|
||||
httpPath: /healthz/live
|
||||
# -- Http port to use for the liveness probe
|
||||
httpPort: metrics
|
||||
# -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
|
||||
httpScheme: HTTP
|
||||
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
|
||||
failureThreshold: 3
|
||||
# -- Number of seconds after the container has started before [probe] is initiated
|
||||
|
|
@ -1053,6 +1076,12 @@ dex:
|
|||
readinessProbe:
|
||||
# -- Enable Kubernetes readiness probe for Dex >= 2.28.0
|
||||
enabled: false
|
||||
# -- Http path to use for the readiness probe
|
||||
httpPath: /healthz/ready
|
||||
# -- Http port to use for the readiness probe
|
||||
httpPort: metrics
|
||||
# -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
|
||||
httpScheme: HTTP
|
||||
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
|
||||
failureThreshold: 3
|
||||
# -- Number of seconds after the container has started before [probe] is initiated
|
||||
|
|
@ -2009,6 +2038,7 @@ server:
|
|||
|
||||
# -- Additional ingress paths
|
||||
# @default -- `[]` (See [values.yaml])
|
||||
## Note: Supports use of custom Helm templates
|
||||
extraPaths: []
|
||||
# - path: /*
|
||||
# pathType: Prefix
|
||||
|
|
@ -2020,15 +2050,17 @@ server:
|
|||
|
||||
# -- Additional ingress rules
|
||||
# @default -- `[]` (See [values.yaml])
|
||||
## Note: Supports use of custom Helm templates
|
||||
extraRules: []
|
||||
# - host: example.example.com
|
||||
# http:
|
||||
# path: /
|
||||
# - http:
|
||||
# paths:
|
||||
# - path: /
|
||||
# pathType: Prefix
|
||||
# backend:
|
||||
# service:
|
||||
# name: example-svc
|
||||
# name: '{{ include "argo-cd.server.fullname" . }}'
|
||||
# port:
|
||||
# name: http
|
||||
# name: '{{ .Values.server.service.servicePortHttpsName }}'
|
||||
|
||||
# -- Additional TLS configuration
|
||||
# @default -- `[]` (See [values.yaml])
|
||||
|
|
@ -2042,8 +2074,9 @@ server:
|
|||
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode
|
||||
aws:
|
||||
# -- Backend protocol version for the AWS ALB gRPC service
|
||||
## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features
|
||||
backendProtocolVersion: HTTP2
|
||||
## This tells AWS to send traffic from the ALB using gRPC.
|
||||
## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings
|
||||
backendProtocolVersion: GRPC
|
||||
# -- Service type for the AWS ALB gRPC service
|
||||
## Can be of type NodePort or ClusterIP depending on which mode you are running.
|
||||
## Instance mode needs type NodePort, IP mode needs type ClusterIP
|
||||
|
|
@ -2114,6 +2147,7 @@ server:
|
|||
|
||||
# -- Additional ingress paths for dedicated [gRPC-ingress]
|
||||
# @default -- `[]` (See [values.yaml])
|
||||
## Note: Supports use of custom Helm templates
|
||||
extraPaths: []
|
||||
# - path: /*
|
||||
# pathType: Prefix
|
||||
|
|
@ -2125,15 +2159,17 @@ server:
|
|||
|
||||
# -- Additional ingress rules
|
||||
# @default -- `[]` (See [values.yaml])
|
||||
## Note: Supports use of custom Helm templates
|
||||
extraRules: []
|
||||
# - host: example.example.com
|
||||
# http:
|
||||
# path: /
|
||||
# - http:
|
||||
# paths:
|
||||
# - path: /
|
||||
# pathType: Prefix
|
||||
# backend:
|
||||
# service:
|
||||
# name: example-svc
|
||||
# name: '{{ include "argo-cd.server.fullname" . }}'
|
||||
# port:
|
||||
# name: http
|
||||
# name: '{{ .Values.server.service.servicePortHttpName }}'
|
||||
|
||||
# -- Additional TLS configuration for dedicated [gRPC-ingress]
|
||||
# @default -- `[]` (See [values.yaml])
|
||||
|
|
@ -2874,15 +2910,17 @@ applicationSet:
|
|||
|
||||
# -- Additional ingress rules
|
||||
# @default -- `[]` (See [values.yaml])
|
||||
## Note: Supports use of custom Helm templates
|
||||
extraRules: []
|
||||
# - host: example.example.com
|
||||
# http:
|
||||
# path: /
|
||||
# backend:
|
||||
# service:
|
||||
# name: example-svc
|
||||
# port:
|
||||
# name: http
|
||||
# - http:
|
||||
# paths:
|
||||
# - path: /api/webhook
|
||||
# pathType: Prefix
|
||||
# backend:
|
||||
# service:
|
||||
# name: '{{ include "argo-cd.applicationSet.fullname" . }}'
|
||||
# port:
|
||||
# name: '{{ .Values.applicationSet.service.portName }}'
|
||||
|
||||
# -- Additional ingress TLS configuration
|
||||
# @default -- `[]` (See [values.yaml])
|
||||
|
|
@ -2890,7 +2928,8 @@ applicationSet:
|
|||
# - secretName: argocd-applicationset-tls
|
||||
# hosts:
|
||||
# - argocd-applicationset.example.com
|
||||
|
||||
# -- Enable ApplicationSet in any namespace feature
|
||||
allowAnyNamespace: false
|
||||
## Notifications controller
|
||||
notifications:
|
||||
# -- Enable notifications controller
|
||||
|
|
@ -2978,8 +3017,12 @@ notifications:
|
|||
|
||||
secret:
|
||||
# -- Whether helm chart creates notifications controller secret
|
||||
## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name.
|
||||
create: true
|
||||
|
||||
# -- notifications controller Secret name
|
||||
name: "argocd-notifications-secret"
|
||||
|
||||
# -- key:value pairs of annotations to be added to the secret
|
||||
annotations: {}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
dependencies:
|
||||
- name: redis
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 18.13.0
|
||||
version: 18.19.2
|
||||
- name: postgresql
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 13.4.4
|
||||
version: 14.3.3
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.15.3
|
||||
digest: sha256:dd4296369ab03a8c9f1940b4fc34ba57020a63afa6f761220f4f1249ab9e9e08
|
||||
generated: "2024-02-14T12:34:36.945245545+01:00"
|
||||
version: 2.19.0
|
||||
digest: sha256:ef8c5318de55f20f28fd5f98a2201bf883baab63e2faf37ef4b4d05ec14a0635
|
||||
generated: "2024-03-13T11:46:34.191714+01:00"
|
||||
|
|
|
|||
|
|
@ -5,21 +5,21 @@ annotations:
|
|||
catalog.cattle.io/release-name: airflow
|
||||
category: WorkFlow
|
||||
images: |
|
||||
- name: airflow-exporter
|
||||
image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-11-r448
|
||||
- name: airflow-scheduler
|
||||
image: docker.io/bitnami/airflow-scheduler:2.8.1-debian-11-r4
|
||||
- name: airflow-worker
|
||||
image: docker.io/bitnami/airflow-worker:2.8.1-debian-11-r4
|
||||
- name: airflow
|
||||
image: docker.io/bitnami/airflow:2.8.1-debian-11-r4
|
||||
image: docker.io/bitnami/airflow:2.8.3-debian-12-r0
|
||||
- name: airflow-exporter
|
||||
image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-12-r27
|
||||
- name: airflow-scheduler
|
||||
image: docker.io/bitnami/airflow-scheduler:2.8.3-debian-12-r0
|
||||
- name: airflow-worker
|
||||
image: docker.io/bitnami/airflow-worker:2.8.3-debian-12-r0
|
||||
- name: git
|
||||
image: docker.io/bitnami/git:2.43.0-debian-11-r9
|
||||
image: docker.io/bitnami/git:2.44.0-debian-12-r0
|
||||
- name: os-shell
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r96
|
||||
image: docker.io/bitnami/os-shell:12-debian-12-r16
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 2.8.1
|
||||
appVersion: 2.8.3
|
||||
dependencies:
|
||||
- condition: redis.enabled
|
||||
name: redis
|
||||
|
|
@ -28,7 +28,7 @@ dependencies:
|
|||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: file://./charts/postgresql
|
||||
version: 13.x.x
|
||||
version: 14.x.x
|
||||
- name: common
|
||||
repository: file://./charts/common
|
||||
tags:
|
||||
|
|
@ -50,4 +50,4 @@ maintainers:
|
|||
name: airflow
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/airflow
|
||||
version: 16.7.0
|
||||
version: 17.2.4
|
||||
|
|
|
|||
|
|
@ -55,11 +55,12 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### Global parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------- | ----------------------------------------------- | ----- |
|
||||
| `global.imageRegistry` | Global Docker image registry | `""` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
||||
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
|
||||
| `global.imageRegistry` | Global Docker image registry | `""` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
||||
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
|
||||
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
|
||||
|
||||
### Common parameters
|
||||
|
||||
|
|
@ -155,9 +156,11 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` |
|
||||
| `web.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` |
|
||||
| `web.containerSecurityContext.runAsGroup` | Set Airflow web containers' Security Context runAsGroup | `0` |
|
||||
| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` |
|
||||
| `web.containerSecurityContext.privileged` | Set web container's Security Context privileged | `false` |
|
||||
| `web.containerSecurityContext.allowPrivilegeEscalation` | Set web container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `web.containerSecurityContext.readOnlyRootFilesystem` | Set web container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `web.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `web.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` |
|
||||
|
|
@ -236,9 +239,11 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` |
|
||||
| `scheduler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` |
|
||||
| `scheduler.containerSecurityContext.runAsGroup` | Set Airflow scheduler containers' Security Context runAsGroup | `0` |
|
||||
| `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` |
|
||||
| `scheduler.containerSecurityContext.privileged` | Set scheduler container's Security Context privileged | `false` |
|
||||
| `scheduler.containerSecurityContext.allowPrivilegeEscalation` | Set scheduler container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `scheduler.containerSecurityContext.readOnlyRootFilesystem` | Set scheduler container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `scheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `scheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` |
|
||||
|
|
@ -324,9 +329,11 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` |
|
||||
| `worker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` |
|
||||
| `worker.containerSecurityContext.runAsGroup` | Set Airflow worker containers' Security Context runAsGroup | `0` |
|
||||
| `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` |
|
||||
| `worker.containerSecurityContext.privileged` | Set worker container's Security Context privileged | `false` |
|
||||
| `worker.containerSecurityContext.allowPrivilegeEscalation` | Set worker container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `worker.containerSecurityContext.readOnlyRootFilesystem` | Set worker container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` |
|
||||
|
|
@ -486,9 +493,11 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` |
|
||||
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsGroup` | Set Airflow exporter containers' Security Context runAsGroup | `0` |
|
||||
| `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` |
|
||||
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
|
||||
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set metrics container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` |
|
||||
|
|
@ -765,6 +774,10 @@ Find more information about how to deal with common errors related to Bitnami's
|
|||
|
||||
## Upgrading
|
||||
|
||||
### To 17.0.0
|
||||
|
||||
This major release bumps the PostgreSQL chart version to [14.x.x](https://github.com/bitnami/charts/pull/22750); no major issues are expected during the upgrade.
|
||||
|
||||
### To 16.0.0
|
||||
|
||||
This major updates the PostgreSQL subchart to its newest major, 13.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1300) you can find more information about the changes introduced in that version.
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ annotations:
|
|||
category: Infrastructure
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 2.14.1
|
||||
appVersion: 2.19.0
|
||||
description: A Library Helm Chart for grouping common logic between bitnami charts.
|
||||
This chart is not deployable by itself.
|
||||
home: https://bitnami.com
|
||||
|
|
@ -20,4 +20,4 @@ name: common
|
|||
sources:
|
||||
- https://github.com/bitnami/charts
|
||||
type: library
|
||||
version: 2.15.3
|
||||
version: 2.19.0
|
||||
|
|
|
|||
|
|
@ -0,0 +1,39 @@
|
|||
{{/*
|
||||
Copyright VMware, Inc.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/*
|
||||
Return true if the detected platform is Openshift
|
||||
Usage:
|
||||
{{- include "common.compatibility.isOpenshift" . -}}
|
||||
*/}}
|
||||
{{- define "common.compatibility.isOpenshift" -}}
|
||||
{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC
|
||||
Usage:
|
||||
{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}}
|
||||
*/}}
|
||||
{{- define "common.compatibility.renderSecurityContext" -}}
|
||||
{{- $adaptedContext := .secContext -}}
|
||||
{{- if .context.Values.global.compatibility -}}
|
||||
{{- if .context.Values.global.compatibility.openshift -}}
|
||||
{{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}}
|
||||
{{/* Remove incompatible user/group values that do not work in Openshift out of the box */}}
|
||||
{{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
|
||||
{{- if not .secContext.seLinuxOptions -}}
|
||||
{{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}}
|
||||
{{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- omit $adaptedContext "enabled" | toYaml -}}
|
||||
{{- end -}}
|
||||
|
|
@ -11,35 +11,35 @@ These presets are for basic testing and not meant to be used in production
|
|||
{{ include "common.resources.preset" (dict "type" "nano") -}}
|
||||
*/}}
|
||||
{{- define "common.resources.preset" -}}
|
||||
{{/* The limits are the requests increased by 50% */}}
|
||||
{{/* The limits are the requests increased by 50% (except ephemeral-storage)*/}}
|
||||
{{- $presets := dict
|
||||
"nano" (dict
|
||||
"requests" (dict "cpu" "100m" "memory" "128Mi")
|
||||
"limits" (dict "cpu" "150m" "memory" "192Mi")
|
||||
"requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi")
|
||||
)
|
||||
"micro" (dict
|
||||
"requests" (dict "cpu" "250m" "memory" "256Mi")
|
||||
"limits" (dict "cpu" "375m" "memory" "384Mi")
|
||||
"requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi")
|
||||
)
|
||||
"small" (dict
|
||||
"requests" (dict "cpu" "500m" "memory" "512Mi")
|
||||
"limits" (dict "cpu" "750m" "memory" "768Mi")
|
||||
"requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi")
|
||||
)
|
||||
"medium" (dict
|
||||
"requests" (dict "cpu" "500m" "memory" "1024Mi")
|
||||
"limits" (dict "cpu" "750m" "memory" "1536Mi")
|
||||
"requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi")
|
||||
)
|
||||
"large" (dict
|
||||
"requests" (dict "cpu" "1.0" "memory" "2048Mi")
|
||||
"limits" (dict "cpu" "1.5" "memory" "3072Mi")
|
||||
"requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi")
|
||||
)
|
||||
"xlarge" (dict
|
||||
"requests" (dict "cpu" "2.0" "memory" "4096Mi")
|
||||
"limits" (dict "cpu" "3.0" "memory" "6144Mi")
|
||||
"requests" (dict "cpu" "2.0" "memory" "4096Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi")
|
||||
)
|
||||
"2xlarge" (dict
|
||||
"requests" (dict "cpu" "4.0" "memory" "8192Mi")
|
||||
"limits" (dict "cpu" "6.0" "memory" "12288Mi")
|
||||
"requests" (dict "cpu" "4.0" "memory" "8192Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi")
|
||||
)
|
||||
}}
|
||||
{{- if hasKey $presets .type -}}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.14.1
|
||||
digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3
|
||||
generated: "2023-12-20T20:39:13.141839286Z"
|
||||
version: 2.19.0
|
||||
digest: sha256:ac559eb57710d8904e266424ee364cd686d7e24517871f0c5c67f7c4500c2bcc
|
||||
generated: "2024-03-11T20:27:44.112846437Z"
|
||||
|
|
|
|||
|
|
@ -2,14 +2,14 @@ annotations:
|
|||
category: Database
|
||||
images: |
|
||||
- name: os-shell
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r95
|
||||
image: docker.io/bitnami/os-shell:12-debian-12-r16
|
||||
- name: postgres-exporter
|
||||
image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r7
|
||||
image: docker.io/bitnami/postgres-exporter:0.15.0-debian-12-r14
|
||||
- name: postgresql
|
||||
image: docker.io/bitnami/postgresql:16.1.0-debian-11-r25
|
||||
image: docker.io/bitnami/postgresql:16.2.0-debian-12-r8
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 16.1.0
|
||||
appVersion: 16.2.0
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
|
|
@ -34,4 +34,4 @@ maintainers:
|
|||
name: postgresql
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql
|
||||
version: 13.4.4
|
||||
version: 14.3.3
|
||||
|
|
|
|||
|
|
@ -66,20 +66,21 @@ kubectl delete pvc -l release=my-release
|
|||
|
||||
### Global parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----- |
|
||||
| `global.imageRegistry` | Global Docker image registry | `""` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
||||
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
|
||||
| `global.postgresql.auth.postgresPassword` | Password for the "postgres" admin user (overrides `auth.postgresPassword`) | `""` |
|
||||
| `global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `""` |
|
||||
| `global.postgresql.auth.password` | Password for the custom user to create (overrides `auth.password`) | `""` |
|
||||
| `global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `""` |
|
||||
| `global.postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials (overrides `auth.existingSecret`). | `""` |
|
||||
| `global.postgresql.auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.adminPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. | `""` |
|
||||
| `global.postgresql.auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.userPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. | `""` |
|
||||
| `global.postgresql.auth.secretKeys.replicationPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.replicationPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. | `""` |
|
||||
| `global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `""` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
|
||||
| `global.imageRegistry` | Global Docker image registry | `""` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
||||
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
|
||||
| `global.postgresql.auth.postgresPassword` | Password for the "postgres" admin user (overrides `auth.postgresPassword`) | `""` |
|
||||
| `global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `""` |
|
||||
| `global.postgresql.auth.password` | Password for the custom user to create (overrides `auth.password`) | `""` |
|
||||
| `global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `""` |
|
||||
| `global.postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials (overrides `auth.existingSecret`). | `""` |
|
||||
| `global.postgresql.auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.adminPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. | `""` |
|
||||
| `global.postgresql.auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.userPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. | `""` |
|
||||
| `global.postgresql.auth.secretKeys.replicationPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.replicationPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. | `""` |
|
||||
| `global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `""` |
|
||||
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
|
||||
|
||||
### Common parameters
|
||||
|
||||
|
|
@ -159,304 +160,302 @@ kubectl delete pvc -l release=my-release
|
|||
|
||||
### PostgreSQL Primary parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- |
|
||||
| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` |
|
||||
| `primary.configuration` | PostgreSQL Primary main configuration to be injected as ConfigMap | `""` |
|
||||
| `primary.pgHbaConfiguration` | PostgreSQL Primary client authentication configuration | `""` |
|
||||
| `primary.existingConfigmap` | Name of an existing ConfigMap with PostgreSQL Primary configuration | `""` |
|
||||
| `primary.extendedConfiguration` | Extended PostgreSQL Primary configuration (appended to main or default configuration) | `""` |
|
||||
| `primary.existingExtendedConfigmap` | Name of an existing ConfigMap with PostgreSQL Primary extended configuration | `""` |
|
||||
| `primary.initdb.args` | PostgreSQL initdb extra arguments | `""` |
|
||||
| `primary.initdb.postgresqlWalDir` | Specify a custom location for the PostgreSQL transaction log | `""` |
|
||||
| `primary.initdb.scripts` | Dictionary of initdb scripts | `{}` |
|
||||
| `primary.initdb.scriptsConfigMap` | ConfigMap with scripts to be run at first boot | `""` |
|
||||
| `primary.initdb.scriptsSecret` | Secret with scripts to be run at first boot (in case it contains sensitive information) | `""` |
|
||||
| `primary.initdb.user` | Specify the PostgreSQL username to execute the initdb scripts | `""` |
|
||||
| `primary.initdb.password` | Specify the PostgreSQL password to execute the initdb scripts | `""` |
|
||||
| `primary.standby.enabled` | Whether to enable current cluster's primary as standby server of another cluster or not | `false` |
|
||||
| `primary.standby.primaryHost` | The Host of replication primary in the other cluster | `""` |
|
||||
| `primary.standby.primaryPort` | The Port of replication primary in the other cluster | `""` |
|
||||
| `primary.extraEnvVars` | Array with extra environment variables to add to PostgreSQL Primary nodes | `[]` |
|
||||
| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for PostgreSQL Primary nodes | `""` |
|
||||
| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for PostgreSQL Primary nodes | `""` |
|
||||
| `primary.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `primary.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `primary.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Primary containers | `true` |
|
||||
| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
|
||||
| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `primary.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Primary containers | `true` |
|
||||
| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `primary.startupProbe.enabled` | Enable startupProbe on PostgreSQL Primary containers | `false` |
|
||||
| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
||||
| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `primary.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `primary.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `primary.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `primary.lifecycleHooks` | for the PostgreSQL Primary container to automate configuration before or after startup | `{}` |
|
||||
| `primary.resources.limits` | The resources limits for the PostgreSQL Primary containers | `{}` |
|
||||
| `primary.resources.requests.memory` | The requested memory for the PostgreSQL Primary containers | `256Mi` |
|
||||
| `primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `250m` |
|
||||
| `primary.podSecurityContext.enabled` | Enable security context | `true` |
|
||||
| `primary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `primary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
|
||||
| `primary.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `primary.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `primary.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `primary.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `primary.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `primary.hostAliases` | PostgreSQL primary pods host aliases | `[]` |
|
||||
| `primary.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (postgresql primary) | `false` |
|
||||
| `primary.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` |
|
||||
| `primary.labels` | Map of labels to add to the statefulset (postgresql primary) | `{}` |
|
||||
| `primary.annotations` | Annotations for PostgreSQL primary pods | `{}` |
|
||||
| `primary.podLabels` | Map of labels to add to the pods (postgresql primary) | `{}` |
|
||||
| `primary.podAnnotations` | Map of annotations to add to the pods (postgresql primary) | `{}` |
|
||||
| `primary.podAffinityPreset` | PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `primary.podAntiAffinityPreset` | PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `primary.nodeAffinityPreset.type` | PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `primary.nodeAffinityPreset.key` | PostgreSQL primary node label key to match Ignored if `primary.affinity` is set. | `""` |
|
||||
| `primary.nodeAffinityPreset.values` | PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` |
|
||||
| `primary.affinity` | Affinity for PostgreSQL primary pods assignment | `{}` |
|
||||
| `primary.nodeSelector` | Node labels for PostgreSQL primary pods assignment | `{}` |
|
||||
| `primary.tolerations` | Tolerations for PostgreSQL primary pods assignment | `[]` |
|
||||
| `primary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `primary.priorityClassName` | Priority Class to use for each pod (postgresql primary) | `""` |
|
||||
| `primary.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
|
||||
| `primary.terminationGracePeriodSeconds` | Seconds PostgreSQL primary pod needs to terminate gracefully | `""` |
|
||||
| `primary.updateStrategy.type` | PostgreSQL Primary statefulset strategy type | `RollingUpdate` |
|
||||
| `primary.updateStrategy.rollingUpdate` | PostgreSQL Primary statefulset rolling update configuration parameters | `{}` |
|
||||
| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the PostgreSQL Primary container(s) | `[]` |
|
||||
| `primary.extraVolumes` | Optionally specify extra list of additional volumes for the PostgreSQL Primary pod(s) | `[]` |
|
||||
| `primary.sidecars` | Add additional sidecar containers to the PostgreSQL Primary pod(s) | `[]` |
|
||||
| `primary.initContainers` | Add additional init containers to the PostgreSQL Primary pod(s) | `[]` |
|
||||
| `primary.extraPodSpec` | Optionally specify extra PodSpec for the PostgreSQL Primary pod(s) | `{}` |
|
||||
| `primary.service.type` | Kubernetes Service type | `ClusterIP` |
|
||||
| `primary.service.ports.postgresql` | PostgreSQL service port | `5432` |
|
||||
| `primary.service.nodePorts.postgresql` | Node port for PostgreSQL | `""` |
|
||||
| `primary.service.clusterIP` | Static clusterIP or None for headless services | `""` |
|
||||
| `primary.service.annotations` | Annotations for PostgreSQL primary service | `{}` |
|
||||
| `primary.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` |
|
||||
| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `primary.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` |
|
||||
| `primary.service.extraPorts` | Extra ports to expose in the PostgreSQL primary service | `[]` |
|
||||
| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `primary.service.headless.annotations` | Additional custom annotations for headless PostgreSQL primary service | `{}` |
|
||||
| `primary.persistence.enabled` | Enable PostgreSQL Primary data persistence using PVC | `true` |
|
||||
| `primary.persistence.existingClaim` | Name of an existing PVC to use | `""` |
|
||||
| `primary.persistence.mountPath` | The path the volume will be mounted at | `/bitnami/postgresql` |
|
||||
| `primary.persistence.subPath` | The subdirectory of the volume to mount to | `""` |
|
||||
| `primary.persistence.storageClass` | PVC Storage Class for PostgreSQL Primary data volume | `""` |
|
||||
| `primary.persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `["ReadWriteOnce"]` |
|
||||
| `primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` |
|
||||
| `primary.persistence.annotations` | Annotations for the PVC | `{}` |
|
||||
| `primary.persistence.labels` | Labels for the PVC | `{}` |
|
||||
| `primary.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` |
|
||||
| `primary.persistence.dataSource` | Custom PVC data source | `{}` |
|
||||
| `primary.persistentVolumeClaimRetentionPolicy.enabled` | Enable Persistent volume retention policy for Primary Statefulset | `false` |
|
||||
| `primary.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` |
|
||||
| `primary.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
|
||||
| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` |
|
||||
| `primary.configuration` | PostgreSQL Primary main configuration to be injected as ConfigMap | `""` |
|
||||
| `primary.pgHbaConfiguration` | PostgreSQL Primary client authentication configuration | `""` |
|
||||
| `primary.existingConfigmap` | Name of an existing ConfigMap with PostgreSQL Primary configuration | `""` |
|
||||
| `primary.extendedConfiguration` | Extended PostgreSQL Primary configuration (appended to main or default configuration) | `""` |
|
||||
| `primary.existingExtendedConfigmap` | Name of an existing ConfigMap with PostgreSQL Primary extended configuration | `""` |
|
||||
| `primary.initdb.args` | PostgreSQL initdb extra arguments | `""` |
|
||||
| `primary.initdb.postgresqlWalDir` | Specify a custom location for the PostgreSQL transaction log | `""` |
|
||||
| `primary.initdb.scripts` | Dictionary of initdb scripts | `{}` |
|
||||
| `primary.initdb.scriptsConfigMap` | ConfigMap with scripts to be run at first boot | `""` |
|
||||
| `primary.initdb.scriptsSecret` | Secret with scripts to be run at first boot (in case it contains sensitive information) | `""` |
|
||||
| `primary.initdb.user` | Specify the PostgreSQL username to execute the initdb scripts | `""` |
|
||||
| `primary.initdb.password` | Specify the PostgreSQL password to execute the initdb scripts | `""` |
|
||||
| `primary.standby.enabled` | Whether to enable current cluster's primary as standby server of another cluster or not | `false` |
|
||||
| `primary.standby.primaryHost` | The Host of replication primary in the other cluster | `""` |
|
||||
| `primary.standby.primaryPort` | The Port of replication primary in the other cluster | `""` |
|
||||
| `primary.extraEnvVars` | Array with extra environment variables to add to PostgreSQL Primary nodes | `[]` |
|
||||
| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for PostgreSQL Primary nodes | `""` |
|
||||
| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for PostgreSQL Primary nodes | `""` |
|
||||
| `primary.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `primary.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `primary.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Primary containers | `true` |
|
||||
| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
|
||||
| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `primary.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Primary containers | `true` |
|
||||
| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `primary.startupProbe.enabled` | Enable startupProbe on PostgreSQL Primary containers | `false` |
|
||||
| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
||||
| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `primary.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `primary.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `primary.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `primary.lifecycleHooks` | for the PostgreSQL Primary container to automate configuration before or after startup | `{}` |
|
||||
| `primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `none` |
|
||||
| `primary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `primary.podSecurityContext.enabled` | Enable security context | `true` |
|
||||
| `primary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `primary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
|
||||
| `primary.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `primary.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `primary.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `primary.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `primary.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `primary.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `primary.hostAliases` | PostgreSQL primary pods host aliases | `[]` |
|
||||
| `primary.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (postgresql primary) | `false` |
|
||||
| `primary.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` |
|
||||
| `primary.labels` | Map of labels to add to the statefulset (postgresql primary) | `{}` |
|
||||
| `primary.annotations` | Annotations for PostgreSQL primary pods | `{}` |
|
||||
| `primary.podLabels` | Map of labels to add to the pods (postgresql primary) | `{}` |
|
||||
| `primary.podAnnotations` | Map of annotations to add to the pods (postgresql primary) | `{}` |
|
||||
| `primary.podAffinityPreset` | PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `primary.podAntiAffinityPreset` | PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `primary.nodeAffinityPreset.type` | PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `primary.nodeAffinityPreset.key` | PostgreSQL primary node label key to match Ignored if `primary.affinity` is set. | `""` |
|
||||
| `primary.nodeAffinityPreset.values` | PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` |
|
||||
| `primary.affinity` | Affinity for PostgreSQL primary pods assignment | `{}` |
|
||||
| `primary.nodeSelector` | Node labels for PostgreSQL primary pods assignment | `{}` |
|
||||
| `primary.tolerations` | Tolerations for PostgreSQL primary pods assignment | `[]` |
|
||||
| `primary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `primary.priorityClassName` | Priority Class to use for each pod (postgresql primary) | `""` |
|
||||
| `primary.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
|
||||
| `primary.terminationGracePeriodSeconds` | Seconds PostgreSQL primary pod needs to terminate gracefully | `""` |
|
||||
| `primary.updateStrategy.type` | PostgreSQL Primary statefulset strategy type | `RollingUpdate` |
|
||||
| `primary.updateStrategy.rollingUpdate` | PostgreSQL Primary statefulset rolling update configuration parameters | `{}` |
|
||||
| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the PostgreSQL Primary container(s) | `[]` |
|
||||
| `primary.extraVolumes` | Optionally specify extra list of additional volumes for the PostgreSQL Primary pod(s) | `[]` |
|
||||
| `primary.sidecars` | Add additional sidecar containers to the PostgreSQL Primary pod(s) | `[]` |
|
||||
| `primary.initContainers` | Add additional init containers to the PostgreSQL Primary pod(s) | `[]` |
|
||||
| `primary.extraPodSpec` | Optionally specify extra PodSpec for the PostgreSQL Primary pod(s) | `{}` |
|
||||
| `primary.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `primary.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
|
||||
| `primary.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||
| `primary.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
|
||||
| `primary.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `primary.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `primary.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `primary.service.type` | Kubernetes Service type | `ClusterIP` |
|
||||
| `primary.service.ports.postgresql` | PostgreSQL service port | `5432` |
|
||||
| `primary.service.nodePorts.postgresql` | Node port for PostgreSQL | `""` |
|
||||
| `primary.service.clusterIP` | Static clusterIP or None for headless services | `""` |
|
||||
| `primary.service.annotations` | Annotations for PostgreSQL primary service | `{}` |
|
||||
| `primary.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` |
|
||||
| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `primary.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` |
|
||||
| `primary.service.extraPorts` | Extra ports to expose in the PostgreSQL primary service | `[]` |
|
||||
| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `primary.service.headless.annotations` | Additional custom annotations for headless PostgreSQL primary service | `{}` |
|
||||
| `primary.persistence.enabled` | Enable PostgreSQL Primary data persistence using PVC | `true` |
|
||||
| `primary.persistence.existingClaim` | Name of an existing PVC to use | `""` |
|
||||
| `primary.persistence.mountPath` | The path the volume will be mounted at | `/bitnami/postgresql` |
|
||||
| `primary.persistence.subPath` | The subdirectory of the volume to mount to | `""` |
|
||||
| `primary.persistence.storageClass` | PVC Storage Class for PostgreSQL Primary data volume | `""` |
|
||||
| `primary.persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `["ReadWriteOnce"]` |
|
||||
| `primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` |
|
||||
| `primary.persistence.annotations` | Annotations for the PVC | `{}` |
|
||||
| `primary.persistence.labels` | Labels for the PVC | `{}` |
|
||||
| `primary.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` |
|
||||
| `primary.persistence.dataSource` | Custom PVC data source | `{}` |
|
||||
| `primary.persistentVolumeClaimRetentionPolicy.enabled` | Enable Persistent volume retention policy for Primary Statefulset | `false` |
|
||||
| `primary.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` |
|
||||
| `primary.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` |
|
||||
|
||||
### PostgreSQL read only replica parameters (only used when `architecture` is set to `replication`)
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- |
|
||||
| `readReplicas.name` | Name of the read replicas database (eg secondary, slave, ...) | `read` |
|
||||
| `readReplicas.replicaCount` | Number of PostgreSQL read only replicas | `1` |
|
||||
| `readReplicas.extendedConfiguration` | Extended PostgreSQL read only replicas configuration (appended to main or default configuration) | `""` |
|
||||
| `readReplicas.extraEnvVars` | Array with extra environment variables to add to PostgreSQL read only nodes | `[]` |
|
||||
| `readReplicas.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for PostgreSQL read only nodes | `""` |
|
||||
| `readReplicas.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for PostgreSQL read only nodes | `""` |
|
||||
| `readReplicas.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `readReplicas.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `readReplicas.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL read only containers | `true` |
|
||||
| `readReplicas.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
|
||||
| `readReplicas.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `readReplicas.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `readReplicas.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `readReplicas.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readReplicas.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL read only containers | `true` |
|
||||
| `readReplicas.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `readReplicas.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `readReplicas.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `readReplicas.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `readReplicas.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `readReplicas.startupProbe.enabled` | Enable startupProbe on PostgreSQL read only containers | `false` |
|
||||
| `readReplicas.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
||||
| `readReplicas.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `readReplicas.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `readReplicas.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `readReplicas.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `readReplicas.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `readReplicas.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `readReplicas.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `readReplicas.lifecycleHooks` | for the PostgreSQL read only container to automate configuration before or after startup | `{}` |
|
||||
| `readReplicas.resources.limits` | The resources limits for the PostgreSQL read only containers | `{}` |
|
||||
| `readReplicas.resources.requests.memory` | The requested memory for the PostgreSQL read only containers | `256Mi` |
|
||||
| `readReplicas.resources.requests.cpu` | The requested cpu for the PostgreSQL read only containers | `250m` |
|
||||
| `readReplicas.podSecurityContext.enabled` | Enable security context | `true` |
|
||||
| `readReplicas.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `readReplicas.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `readReplicas.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
|
||||
| `readReplicas.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `readReplicas.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `readReplicas.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `readReplicas.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `readReplicas.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `readReplicas.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `readReplicas.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `readReplicas.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `readReplicas.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `readReplicas.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `readReplicas.hostAliases` | PostgreSQL read only pods host aliases | `[]` |
|
||||
| `readReplicas.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) | `false` |
|
||||
| `readReplicas.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` |
|
||||
| `readReplicas.labels` | Map of labels to add to the statefulset (PostgreSQL read only) | `{}` |
|
||||
| `readReplicas.annotations` | Annotations for PostgreSQL read only pods | `{}` |
|
||||
| `readReplicas.podLabels` | Map of labels to add to the pods (PostgreSQL read only) | `{}` |
|
||||
| `readReplicas.podAnnotations` | Map of annotations to add to the pods (PostgreSQL read only) | `{}` |
|
||||
| `readReplicas.podAffinityPreset` | PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `readReplicas.podAntiAffinityPreset` | PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `readReplicas.nodeAffinityPreset.type` | PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `readReplicas.nodeAffinityPreset.key` | PostgreSQL read only node label key to match Ignored if `primary.affinity` is set. | `""` |
|
||||
| `readReplicas.nodeAffinityPreset.values` | PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set. | `[]` |
|
||||
| `readReplicas.affinity` | Affinity for PostgreSQL read only pods assignment | `{}` |
|
||||
| `readReplicas.nodeSelector` | Node labels for PostgreSQL read only pods assignment | `{}` |
|
||||
| `readReplicas.tolerations` | Tolerations for PostgreSQL read only pods assignment | `[]` |
|
||||
| `readReplicas.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `readReplicas.priorityClassName` | Priority Class to use for each pod (PostgreSQL read only) | `""` |
|
||||
| `readReplicas.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
|
||||
| `readReplicas.terminationGracePeriodSeconds` | Seconds PostgreSQL read only pod needs to terminate gracefully | `""` |
|
||||
| `readReplicas.updateStrategy.type` | PostgreSQL read only statefulset strategy type | `RollingUpdate` |
|
||||
| `readReplicas.updateStrategy.rollingUpdate` | PostgreSQL read only statefulset rolling update configuration parameters | `{}` |
|
||||
| `readReplicas.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the PostgreSQL read only container(s) | `[]` |
|
||||
| `readReplicas.extraVolumes` | Optionally specify extra list of additional volumes for the PostgreSQL read only pod(s) | `[]` |
|
||||
| `readReplicas.sidecars` | Add additional sidecar containers to the PostgreSQL read only pod(s) | `[]` |
|
||||
| `readReplicas.initContainers` | Add additional init containers to the PostgreSQL read only pod(s) | `[]` |
|
||||
| `readReplicas.extraPodSpec` | Optionally specify extra PodSpec for the PostgreSQL read only pod(s) | `{}` |
|
||||
| `readReplicas.service.type` | Kubernetes Service type | `ClusterIP` |
|
||||
| `readReplicas.service.ports.postgresql` | PostgreSQL service port | `5432` |
|
||||
| `readReplicas.service.nodePorts.postgresql` | Node port for PostgreSQL | `""` |
|
||||
| `readReplicas.service.clusterIP` | Static clusterIP or None for headless services | `""` |
|
||||
| `readReplicas.service.annotations` | Annotations for PostgreSQL read only service | `{}` |
|
||||
| `readReplicas.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` |
|
||||
| `readReplicas.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `readReplicas.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` |
|
||||
| `readReplicas.service.extraPorts` | Extra ports to expose in the PostgreSQL read only service | `[]` |
|
||||
| `readReplicas.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `readReplicas.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `readReplicas.service.headless.annotations` | Additional custom annotations for headless PostgreSQL read only service | `{}` |
|
||||
| `readReplicas.persistence.enabled` | Enable PostgreSQL read only data persistence using PVC | `true` |
|
||||
| `readReplicas.persistence.existingClaim` | Name of an existing PVC to use | `""` |
|
||||
| `readReplicas.persistence.mountPath` | The path the volume will be mounted at | `/bitnami/postgresql` |
|
||||
| `readReplicas.persistence.subPath` | The subdirectory of the volume to mount to | `""` |
|
||||
| `readReplicas.persistence.storageClass` | PVC Storage Class for PostgreSQL read only data volume | `""` |
|
||||
| `readReplicas.persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `["ReadWriteOnce"]` |
|
||||
| `readReplicas.persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` |
|
||||
| `readReplicas.persistence.annotations` | Annotations for the PVC | `{}` |
|
||||
| `readReplicas.persistence.labels` | Labels for the PVC | `{}` |
|
||||
| `readReplicas.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` |
|
||||
| `readReplicas.persistence.dataSource` | Custom PVC data source | `{}` |
|
||||
| `readReplicas.persistentVolumeClaimRetentionPolicy.enabled` | Enable Persistent volume retention policy for read only Statefulset | `false` |
|
||||
| `readReplicas.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` |
|
||||
| `readReplicas.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------- |
|
||||
| `readReplicas.name` | Name of the read replicas database (eg secondary, slave, ...) | `read` |
|
||||
| `readReplicas.replicaCount` | Number of PostgreSQL read only replicas | `1` |
|
||||
| `readReplicas.extendedConfiguration` | Extended PostgreSQL read only replicas configuration (appended to main or default configuration) | `""` |
|
||||
| `readReplicas.extraEnvVars` | Array with extra environment variables to add to PostgreSQL read only nodes | `[]` |
|
||||
| `readReplicas.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for PostgreSQL read only nodes | `""` |
|
||||
| `readReplicas.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for PostgreSQL read only nodes | `""` |
|
||||
| `readReplicas.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `readReplicas.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `readReplicas.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL read only containers | `true` |
|
||||
| `readReplicas.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
|
||||
| `readReplicas.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `readReplicas.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `readReplicas.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `readReplicas.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readReplicas.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL read only containers | `true` |
|
||||
| `readReplicas.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `readReplicas.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `readReplicas.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `readReplicas.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `readReplicas.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `readReplicas.startupProbe.enabled` | Enable startupProbe on PostgreSQL read only containers | `false` |
|
||||
| `readReplicas.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
||||
| `readReplicas.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `readReplicas.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `readReplicas.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `readReplicas.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `readReplicas.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `readReplicas.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `readReplicas.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `readReplicas.lifecycleHooks` | for the PostgreSQL read only container to automate configuration before or after startup | `{}` |
|
||||
| `readReplicas.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if readReplicas.resources is set (readReplicas.resources is recommended for production). | `none` |
|
||||
| `readReplicas.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `readReplicas.podSecurityContext.enabled` | Enable security context | `true` |
|
||||
| `readReplicas.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `readReplicas.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `readReplicas.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
|
||||
| `readReplicas.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `readReplicas.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `readReplicas.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `readReplicas.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `readReplicas.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `readReplicas.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `readReplicas.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `readReplicas.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `readReplicas.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `readReplicas.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `readReplicas.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `readReplicas.hostAliases` | PostgreSQL read only pods host aliases | `[]` |
|
||||
| `readReplicas.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) | `false` |
|
||||
| `readReplicas.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` |
|
||||
| `readReplicas.labels` | Map of labels to add to the statefulset (PostgreSQL read only) | `{}` |
|
||||
| `readReplicas.annotations` | Annotations for PostgreSQL read only pods | `{}` |
|
||||
| `readReplicas.podLabels` | Map of labels to add to the pods (PostgreSQL read only) | `{}` |
|
||||
| `readReplicas.podAnnotations` | Map of annotations to add to the pods (PostgreSQL read only) | `{}` |
|
||||
| `readReplicas.podAffinityPreset` | PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `readReplicas.podAntiAffinityPreset` | PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `readReplicas.nodeAffinityPreset.type` | PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `readReplicas.nodeAffinityPreset.key` | PostgreSQL read only node label key to match Ignored if `primary.affinity` is set. | `""` |
|
||||
| `readReplicas.nodeAffinityPreset.values` | PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set. | `[]` |
|
||||
| `readReplicas.affinity` | Affinity for PostgreSQL read only pods assignment | `{}` |
|
||||
| `readReplicas.nodeSelector` | Node labels for PostgreSQL read only pods assignment | `{}` |
|
||||
| `readReplicas.tolerations` | Tolerations for PostgreSQL read only pods assignment | `[]` |
|
||||
| `readReplicas.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `readReplicas.priorityClassName` | Priority Class to use for each pod (PostgreSQL read only) | `""` |
|
||||
| `readReplicas.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
|
||||
| `readReplicas.terminationGracePeriodSeconds` | Seconds PostgreSQL read only pod needs to terminate gracefully | `""` |
|
||||
| `readReplicas.updateStrategy.type` | PostgreSQL read only statefulset strategy type | `RollingUpdate` |
|
||||
| `readReplicas.updateStrategy.rollingUpdate` | PostgreSQL read only statefulset rolling update configuration parameters | `{}` |
|
||||
| `readReplicas.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the PostgreSQL read only container(s) | `[]` |
|
||||
| `readReplicas.extraVolumes` | Optionally specify extra list of additional volumes for the PostgreSQL read only pod(s) | `[]` |
|
||||
| `readReplicas.sidecars` | Add additional sidecar containers to the PostgreSQL read only pod(s) | `[]` |
|
||||
| `readReplicas.initContainers` | Add additional init containers to the PostgreSQL read only pod(s) | `[]` |
|
||||
| `readReplicas.extraPodSpec` | Optionally specify extra PodSpec for the PostgreSQL read only pod(s) | `{}` |
|
||||
| `readReplicas.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `readReplicas.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
|
||||
| `readReplicas.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||
| `readReplicas.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
|
||||
| `readReplicas.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `readReplicas.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `readReplicas.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `readReplicas.service.type` | Kubernetes Service type | `ClusterIP` |
|
||||
| `readReplicas.service.ports.postgresql` | PostgreSQL service port | `5432` |
|
||||
| `readReplicas.service.nodePorts.postgresql` | Node port for PostgreSQL | `""` |
|
||||
| `readReplicas.service.clusterIP` | Static clusterIP or None for headless services | `""` |
|
||||
| `readReplicas.service.annotations` | Annotations for PostgreSQL read only service | `{}` |
|
||||
| `readReplicas.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` |
|
||||
| `readReplicas.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `readReplicas.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` |
|
||||
| `readReplicas.service.extraPorts` | Extra ports to expose in the PostgreSQL read only service | `[]` |
|
||||
| `readReplicas.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `readReplicas.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `readReplicas.service.headless.annotations` | Additional custom annotations for headless PostgreSQL read only service | `{}` |
|
||||
| `readReplicas.persistence.enabled` | Enable PostgreSQL read only data persistence using PVC | `true` |
|
||||
| `readReplicas.persistence.existingClaim` | Name of an existing PVC to use | `""` |
|
||||
| `readReplicas.persistence.mountPath` | The path the volume will be mounted at | `/bitnami/postgresql` |
|
||||
| `readReplicas.persistence.subPath` | The subdirectory of the volume to mount to | `""` |
|
||||
| `readReplicas.persistence.storageClass` | PVC Storage Class for PostgreSQL read only data volume | `""` |
|
||||
| `readReplicas.persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `["ReadWriteOnce"]` |
|
||||
| `readReplicas.persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` |
|
||||
| `readReplicas.persistence.annotations` | Annotations for the PVC | `{}` |
|
||||
| `readReplicas.persistence.labels` | Labels for the PVC | `{}` |
|
||||
| `readReplicas.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` |
|
||||
| `readReplicas.persistence.dataSource` | Custom PVC data source | `{}` |
|
||||
| `readReplicas.persistentVolumeClaimRetentionPolicy.enabled` | Enable Persistent volume retention policy for read only Statefulset | `false` |
|
||||
| `readReplicas.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` |
|
||||
| `readReplicas.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` |
|
||||
|
||||
### Backup parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| `backup.enabled` | Enable the logical dump of the database "regularly" | `false` |
|
||||
| `backup.cronjob.schedule` | Set the cronjob parameter schedule | `@daily` |
|
||||
| `backup.cronjob.timeZone` | Set the cronjob parameter timeZone | `""` |
|
||||
| `backup.cronjob.concurrencyPolicy` | Set the cronjob parameter concurrencyPolicy | `Allow` |
|
||||
| `backup.cronjob.failedJobsHistoryLimit` | Set the cronjob parameter failedJobsHistoryLimit | `1` |
|
||||
| `backup.cronjob.successfulJobsHistoryLimit` | Set the cronjob parameter successfulJobsHistoryLimit | `3` |
|
||||
| `backup.cronjob.startingDeadlineSeconds` | Set the cronjob parameter startingDeadlineSeconds | `""` |
|
||||
| `backup.cronjob.ttlSecondsAfterFinished` | Set the cronjob parameter ttlSecondsAfterFinished | `""` |
|
||||
| `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` |
|
||||
| `backup.cronjob.podSecurityContext.enabled` | Enable PodSecurityContext for CronJob/Backup | `true` |
|
||||
| `backup.cronjob.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `backup.cronjob.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `backup.cronjob.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` |
|
||||
| `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `backup.cronjob.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `backup.cronjob.command` | Set backup container's command to run | `["/bin/sh","-c","pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"]` |
|
||||
| `backup.cronjob.labels` | Set the cronjob labels | `{}` |
|
||||
| `backup.cronjob.annotations` | Set the cronjob annotations | `{}` |
|
||||
| `backup.cronjob.nodeSelector` | Node labels for PostgreSQL backup CronJob pod assignment | `{}` |
|
||||
| `backup.cronjob.storage.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` |
|
||||
| `backup.cronjob.storage.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` |
|
||||
| `backup.cronjob.storage.storageClass` | PVC Storage Class for the backup data volume | `""` |
|
||||
| `backup.cronjob.storage.accessModes` | PV Access Mode | `["ReadWriteOnce"]` |
|
||||
| `backup.cronjob.storage.size` | PVC Storage Request for the backup data volume | `8Gi` |
|
||||
| `backup.cronjob.storage.annotations` | PVC annotations | `{}` |
|
||||
| `backup.cronjob.storage.mountPath` | Path to mount the volume at | `/backup/pgdump` |
|
||||
| `backup.cronjob.storage.subPath` | Subdirectory of the volume to mount at | `""` |
|
||||
| `backup.cronjob.storage.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` |
|
||||
|
||||
### NetworkPolicy parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
|
||||
| `networkPolicy.enabled` | Enable network policies | `false` |
|
||||
| `networkPolicy.metrics.enabled` | Enable network policies for metrics (prometheus) | `false` |
|
||||
| `networkPolicy.metrics.namespaceSelector` | Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. | `{}` |
|
||||
| `networkPolicy.metrics.podSelector` | Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. | `{}` |
|
||||
| `networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled` | Enable ingress rule that makes PostgreSQL primary node only accessible from a particular origin. | `false` |
|
||||
| `networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed namespace(s). | `{}` |
|
||||
| `networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed pod(s). | `{}` |
|
||||
| `networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules` | Custom network policy for the PostgreSQL primary node. | `[]` |
|
||||
| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled` | Enable ingress rule that makes PostgreSQL read-only nodes only accessible from a particular origin. | `false` |
|
||||
| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed namespace(s). | `{}` |
|
||||
| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed pod(s). | `{}` |
|
||||
| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules` | Custom network policy for the PostgreSQL read-only nodes. | `[]` |
|
||||
| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` |
|
||||
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `[]` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| `backup.enabled` | Enable the logical dump of the database "regularly" | `false` |
|
||||
| `backup.cronjob.schedule` | Set the cronjob parameter schedule | `@daily` |
|
||||
| `backup.cronjob.timeZone` | Set the cronjob parameter timeZone | `""` |
|
||||
| `backup.cronjob.concurrencyPolicy` | Set the cronjob parameter concurrencyPolicy | `Allow` |
|
||||
| `backup.cronjob.failedJobsHistoryLimit` | Set the cronjob parameter failedJobsHistoryLimit | `1` |
|
||||
| `backup.cronjob.successfulJobsHistoryLimit` | Set the cronjob parameter successfulJobsHistoryLimit | `3` |
|
||||
| `backup.cronjob.startingDeadlineSeconds` | Set the cronjob parameter startingDeadlineSeconds | `""` |
|
||||
| `backup.cronjob.ttlSecondsAfterFinished` | Set the cronjob parameter ttlSecondsAfterFinished | `""` |
|
||||
| `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` |
|
||||
| `backup.cronjob.podSecurityContext.enabled` | Enable PodSecurityContext for CronJob/Backup | `true` |
|
||||
| `backup.cronjob.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `backup.cronjob.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `backup.cronjob.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` |
|
||||
| `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `backup.cronjob.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `backup.cronjob.command` | Set backup container's command to run | `["/bin/sh","-c","pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"]` |
|
||||
| `backup.cronjob.labels` | Set the cronjob labels | `{}` |
|
||||
| `backup.cronjob.annotations` | Set the cronjob annotations | `{}` |
|
||||
| `backup.cronjob.nodeSelector` | Node labels for PostgreSQL backup CronJob pod assignment | `{}` |
|
||||
| `backup.cronjob.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if backup.cronjob.resources is set (backup.cronjob.resources is recommended for production). | `none` |
|
||||
| `backup.cronjob.resources` | Set container requests and limits for different resources like CPU or memory | `{}` |
|
||||
| `backup.cronjob.storage.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` |
|
||||
| `backup.cronjob.storage.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` |
|
||||
| `backup.cronjob.storage.storageClass` | PVC Storage Class for the backup data volume | `""` |
|
||||
| `backup.cronjob.storage.accessModes` | PV Access Mode | `["ReadWriteOnce"]` |
|
||||
| `backup.cronjob.storage.size` | PVC Storage Request for the backup data volume | `8Gi` |
|
||||
| `backup.cronjob.storage.annotations` | PVC annotations | `{}` |
|
||||
| `backup.cronjob.storage.mountPath` | Path to mount the volume at | `/backup/pgdump` |
|
||||
| `backup.cronjob.storage.subPath` | Subdirectory of the volume to mount at | `""` |
|
||||
| `backup.cronjob.storage.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` |
|
||||
|
||||
### Volume Permissions parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
|
||||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
|
||||
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
|
||||
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
|
||||
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
|
||||
| `volumePermissions.containerSecurityContext.runAsGroup` | Group ID for the init container | `0` |
|
||||
| `volumePermissions.containerSecurityContext.runAsNonRoot` | runAsNonRoot for the init container | `false` |
|
||||
| `volumePermissions.containerSecurityContext.seccompProfile.type` | seccompProfile.type for the init container | `RuntimeDefault` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
|
||||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
|
||||
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` |
|
||||
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
|
||||
| `volumePermissions.containerSecurityContext.runAsGroup` | Group ID for the init container | `0` |
|
||||
| `volumePermissions.containerSecurityContext.runAsNonRoot` | runAsNonRoot for the init container | `false` |
|
||||
| `volumePermissions.containerSecurityContext.seccompProfile.type` | seccompProfile.type for the init container | `RuntimeDefault` |
|
||||
|
||||
### Other Parameters
|
||||
|
||||
|
|
@ -473,68 +472,69 @@ kubectl delete pvc -l release=my-release
|
|||
|
||||
### Metrics Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | ----------------------------------- |
|
||||
| `metrics.enabled` | Start a prometheus exporter | `false` |
|
||||
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `REGISTRY_NAME` |
|
||||
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `REPOSITORY_NAME/postgres-exporter` |
|
||||
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |
|
||||
| `metrics.collectors` | Control enabled collectors | `{}` |
|
||||
| `metrics.customMetrics` | Define additional custom metrics | `{}` |
|
||||
| `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` |
|
||||
| `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `metrics.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Prometheus exporter containers | `true` |
|
||||
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `metrics.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Prometheus exporter containers | `true` |
|
||||
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `metrics.startupProbe.enabled` | Enable startupProbe on PostgreSQL Prometheus exporter containers | `false` |
|
||||
| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `metrics.containerPorts.metrics` | PostgreSQL Prometheus exporter metrics container port | `9187` |
|
||||
| `metrics.resources.limits` | The resources limits for the PostgreSQL Prometheus exporter container | `{}` |
|
||||
| `metrics.resources.requests` | The requested resources for the PostgreSQL Prometheus exporter container | `{}` |
|
||||
| `metrics.service.ports.metrics` | PostgreSQL Prometheus Exporter service port | `9187` |
|
||||
| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
|
||||
| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
|
||||
| `metrics.service.annotations` | Annotations for Prometheus to auto-discover the metrics endpoint | `{}` |
|
||||
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` |
|
||||
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
|
||||
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
|
||||
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
|
||||
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
|
||||
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
|
||||
| `metrics.prometheusRule.enabled` | Create a PrometheusRule for Prometheus Operator | `false` |
|
||||
| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
|
||||
| `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
|
||||
| `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
|
||||
| `metrics.enabled` | Start a prometheus exporter | `false` |
|
||||
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `REGISTRY_NAME` |
|
||||
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `REPOSITORY_NAME/postgres-exporter` |
|
||||
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |
|
||||
| `metrics.collectors` | Control enabled collectors | `{}` |
|
||||
| `metrics.customMetrics` | Define additional custom metrics | `{}` |
|
||||
| `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` |
|
||||
| `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `metrics.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Prometheus exporter containers | `true` |
|
||||
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `metrics.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Prometheus exporter containers | `true` |
|
||||
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `metrics.startupProbe.enabled` | Enable startupProbe on PostgreSQL Prometheus exporter containers | `false` |
|
||||
| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `metrics.containerPorts.metrics` | PostgreSQL Prometheus exporter metrics container port | `9187` |
|
||||
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` |
|
||||
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `metrics.service.ports.metrics` | PostgreSQL Prometheus Exporter service port | `9187` |
|
||||
| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
|
||||
| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
|
||||
| `metrics.service.annotations` | Annotations for Prometheus to auto-discover the metrics endpoint | `{}` |
|
||||
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` |
|
||||
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
|
||||
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
|
||||
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
|
||||
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
|
||||
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
|
||||
| `metrics.prometheusRule.enabled` | Create a PrometheusRule for Prometheus Operator | `false` |
|
||||
| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
|
||||
| `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
|
||||
| `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` |
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
|
||||
|
||||
|
|
@ -562,6 +562,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/postg
|
|||
|
||||
## Configuration and installation details
|
||||
|
||||
### Resource requests and limits
|
||||
|
||||
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
|
||||
|
||||
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
|
||||
|
||||
### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
|
||||
|
||||
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
|
||||
|
|
@ -787,6 +793,12 @@ Find more information about how to deal with common errors related to Bitnami's
|
|||
|
||||
## Upgrading
|
||||
|
||||
### To 14.0.0
|
||||
|
||||
This major version adapts the NetworkPolicy objects to the most recent Bitnami standards. Now there is a separate object for `primary` and for `readReplicas`, being located in their corresponding sections. It is also enabled by default in other to comply with the best security standards.
|
||||
|
||||
Check the parameter section for the new value structure.
|
||||
|
||||
### To 13.0.0
|
||||
|
||||
This major version changes the default PostgreSQL image from 15.x to 16.x. Follow the [official instructions](https://www.postgresql.org/docs/16/upgrading.html) to upgrade to 16.x.
|
||||
|
|
|
|||
|
|
@ -20,3 +20,5 @@
|
|||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
# img folder
|
||||
img/
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ annotations:
|
|||
category: Infrastructure
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 2.14.1
|
||||
appVersion: 2.19.0
|
||||
description: A Library Helm Chart for grouping common logic between bitnami charts.
|
||||
This chart is not deployable by itself.
|
||||
home: https://bitnami.com
|
||||
|
|
@ -20,4 +20,4 @@ name: common
|
|||
sources:
|
||||
- https://github.com/bitnami/charts
|
||||
type: library
|
||||
version: 2.14.1
|
||||
version: 2.19.0
|
||||
|
|
|
|||
|
|
@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01=""
|
|||
|
||||
## License
|
||||
|
||||
Copyright © 2023 VMware, Inc.
|
||||
Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,39 @@
|
|||
{{/*
|
||||
Copyright VMware, Inc.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/*
|
||||
Return true if the detected platform is Openshift
|
||||
Usage:
|
||||
{{- include "common.compatibility.isOpenshift" . -}}
|
||||
*/}}
|
||||
{{- define "common.compatibility.isOpenshift" -}}
|
||||
{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC
|
||||
Usage:
|
||||
{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}}
|
||||
*/}}
|
||||
{{- define "common.compatibility.renderSecurityContext" -}}
|
||||
{{- $adaptedContext := .secContext -}}
|
||||
{{- if .context.Values.global.compatibility -}}
|
||||
{{- if .context.Values.global.compatibility.openshift -}}
|
||||
{{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}}
|
||||
{{/* Remove incompatible user/group values that do not work in Openshift out of the box */}}
|
||||
{{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
|
||||
{{- if not .secContext.seLinuxOptions -}}
|
||||
{{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}}
|
||||
{{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- omit $adaptedContext "enabled" | toYaml -}}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,50 @@
|
|||
{{/*
|
||||
Copyright VMware, Inc.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/*
|
||||
Return a resource request/limit object based on a given preset.
|
||||
These presets are for basic testing and not meant to be used in production
|
||||
{{ include "common.resources.preset" (dict "type" "nano") -}}
|
||||
*/}}
|
||||
{{- define "common.resources.preset" -}}
|
||||
{{/* The limits are the requests increased by 50% (except ephemeral-storage)*/}}
|
||||
{{- $presets := dict
|
||||
"nano" (dict
|
||||
"requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi")
|
||||
)
|
||||
"micro" (dict
|
||||
"requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi")
|
||||
)
|
||||
"small" (dict
|
||||
"requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi")
|
||||
)
|
||||
"medium" (dict
|
||||
"requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi")
|
||||
)
|
||||
"large" (dict
|
||||
"requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi")
|
||||
)
|
||||
"xlarge" (dict
|
||||
"requests" (dict "cpu" "2.0" "memory" "4096Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi")
|
||||
)
|
||||
"2xlarge" (dict
|
||||
"requests" (dict "cpu" "4.0" "memory" "8192Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi")
|
||||
)
|
||||
}}
|
||||
{{- if hasKey $presets .type -}}
|
||||
{{- index $presets .type | toYaml -}}
|
||||
{{- else -}}
|
||||
{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
@ -13,7 +13,70 @@ Usage:
|
|||
|
||||
{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
|
||||
WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
|
||||
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
|
||||
+info https://docs.bitnami.com/tutorials/understand-rolling-tags-containers
|
||||
{{- end }}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Warning about not setting the resource object in all deployments.
|
||||
Usage:
|
||||
{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }}
|
||||
Example:
|
||||
{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }}
|
||||
The list in the example assumes that the following values exist:
|
||||
- csiProvider.provider.resources
|
||||
- server.resources
|
||||
- volumePermissions.resources
|
||||
- resources
|
||||
*/}}
|
||||
{{- define "common.warnings.resources" -}}
|
||||
{{- $values := .context.Values -}}
|
||||
{{- $printMessage := false -}}
|
||||
{{ $affectedSections := list -}}
|
||||
{{- range .sections -}}
|
||||
{{- if eq . "" -}}
|
||||
{{/* Case where the resources section is at the root (one main deployment in the chart) */}}
|
||||
{{- if not (index $values "resources") -}}
|
||||
{{- $affectedSections = append $affectedSections "resources" -}}
|
||||
{{- $printMessage = true -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}}
|
||||
{{- $keys := split "." . -}}
|
||||
{{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}}
|
||||
{{- $section := $values -}}
|
||||
{{- range $keys -}}
|
||||
{{- $section = index $section . -}}
|
||||
{{- end -}}
|
||||
{{- if not (index $section "resources") -}}
|
||||
{{/* If the section has enabled=false or replicaCount=0, do not include it */}}
|
||||
{{- if and (hasKey $section "enabled") -}}
|
||||
{{- if index $section "enabled" -}}
|
||||
{{/* enabled=true */}}
|
||||
{{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
|
||||
{{- $printMessage = true -}}
|
||||
{{- end -}}
|
||||
{{- else if and (hasKey $section "replicaCount") -}}
|
||||
{{/* We need a casting to int because number 0 is not treated as an int by default */}}
|
||||
{{- if (gt (index $section "replicaCount" | int) 0) -}}
|
||||
{{/* replicaCount > 0 */}}
|
||||
{{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
|
||||
{{- $printMessage = true -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{/* Default case, add it to the affected sections */}}
|
||||
{{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
|
||||
{{- $printMessage = true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if $printMessage }}
|
||||
|
||||
WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
|
||||
{{- range $affectedSections }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
|
|||
|
|
@ -113,3 +113,4 @@ WARNING: The configured password will be ignored on new installation in case whe
|
|||
{{- include "postgresql.v1.validateValues" . -}}
|
||||
{{- include "common.warnings.rollingTag" .Values.image -}}
|
||||
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
|
||||
{{- include "common.warnings.resources" (dict "sections" (list "metrics" "primary" "readReplicas" "volumePermissions") "context" $) }}
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@ spec:
|
|||
{{- if .Values.tls.autoGenerated }}
|
||||
value: /tmp/certs/ca.crt
|
||||
{{- else }}
|
||||
value: {{- printf "/tmp/certs/%s" .Values.tls.certCAFilename -}}
|
||||
value: {{ printf "/tmp/certs/%s" .Values.tls.certCAFilename }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.command "context" $) | nindent 14 }}
|
||||
|
|
@ -89,8 +89,16 @@ spec:
|
|||
- name: datadir
|
||||
mountPath: {{ .Values.backup.cronjob.storage.mountPath }}
|
||||
subPath: {{ .Values.backup.cronjob.storage.subPath }}
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- if .Values.backup.cronjob.containerSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.backup.cronjob.containerSecurityContext "enabled" | toYaml | nindent 14 }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.backup.cronjob.containerSecurityContext "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- if .Values.backup.cronjob.resources }}
|
||||
resources: {{- toYaml .Values.backup.cronjob.resources | nindent 14 }}
|
||||
{{- else if ne .Values.backup.cronjob.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.backup.cronjob.resourcesPreset) | nindent 14 }}
|
||||
{{- end }}
|
||||
restartPolicy: {{ .Values.backup.cronjob.restartPolicy }}
|
||||
{{- if .Values.backup.cronjob.podSecurityContext.enabled }}
|
||||
|
|
@ -111,4 +119,6 @@ spec:
|
|||
persistentVolumeClaim:
|
||||
claimName: {{ include "postgresql.v1.primary.fullname" . }}-pgdumpall
|
||||
{{- end }}
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -1,34 +0,0 @@
|
|||
{{- /*
|
||||
Copyright VMware, Inc.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }}
|
||||
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ printf "%s-egress" (include "common.names.fullname" .) }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
|
||||
policyTypes:
|
||||
- Egress
|
||||
egress:
|
||||
{{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }}
|
||||
- ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
- to:
|
||||
- namespaceSelector: {}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.egressRules.customRules }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -3,59 +3,76 @@ Copyright VMware, Inc.
|
|||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled) }}
|
||||
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
|
||||
{{- if .Values.primary.networkPolicy.enabled }}
|
||||
kind: NetworkPolicy
|
||||
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
|
||||
metadata:
|
||||
name: {{ printf "%s-ingress" (include "postgresql.v1.primary.fullname" .) }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
name: {{ include "postgresql.v1.primary.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: primary
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- $primaryPodLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $primaryPodLabels "context" $ ) | nindent 6 }}
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
app.kubernetes.io/component: primary
|
||||
ingress:
|
||||
{{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }}
|
||||
- from:
|
||||
{{- if .Values.networkPolicy.metrics.namespaceSelector }}
|
||||
- namespaceSelector:
|
||||
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.metrics.podSelector }}
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.metrics.containerPorts.metrics }}
|
||||
{{- end }}
|
||||
{{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector) }}
|
||||
- from:
|
||||
{{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector }}
|
||||
- namespaceSelector:
|
||||
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector }}
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
{{- if .Values.primary.networkPolicy.allowExternalEgress }}
|
||||
egress:
|
||||
- {}
|
||||
{{- else }}
|
||||
egress:
|
||||
# Allow dns resolution
|
||||
- ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
# Allow outbound connections to read-replicas
|
||||
- ports:
|
||||
- port: {{ .Values.containerPorts.postgresql }}
|
||||
{{- end }}
|
||||
{{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (eq .Values.architecture "replication") }}
|
||||
- from:
|
||||
{{- $readPodLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.readReplicas.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
to:
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $readPodLabels "context" $ ) | nindent 14 }}
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
|
||||
app.kubernetes.io/component: read
|
||||
ports:
|
||||
- port: {{ .Values.containerPorts.postgresql }}
|
||||
{{- if .Values.primary.networkPolicy.extraEgress }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
ingress:
|
||||
- ports:
|
||||
- port: {{ .Values.containerPorts.postgresql }}
|
||||
{{- if .Values.metrics.enabled }}
|
||||
- port: {{ .Values.metrics.containerPorts.metrics }}
|
||||
{{- end }}
|
||||
{{- if not .Values.primary.networkPolicy.allowExternal }}
|
||||
from:
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{ template "postgresql.v1.primary.fullname" . }}-client: "true"
|
||||
{{- if .Values.primary.networkPolicy.ingressNSMatchLabels }}
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
{{- range $key, $value := .Values.primary.networkPolicy.ingressNSMatchLabels }}
|
||||
{{ $key | quote }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.networkPolicy.ingressNSPodMatchLabels }}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- range $key, $value := .Values.primary.networkPolicy.ingressNSPodMatchLabels }}
|
||||
{{ $key | quote }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.networkPolicy.extraIngress }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ spec:
|
|||
terminationGracePeriodSeconds: {{ .Values.primary.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.podSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.primary.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.primary.podSecurityContext "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
hostNetwork: {{ .Values.primary.hostNetwork }}
|
||||
hostIPC: {{ .Values.primary.hostIPC }}
|
||||
|
|
@ -92,10 +92,12 @@ spec:
|
|||
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
|
||||
{{- if .Values.primary.resources }}
|
||||
resources: {{- toYaml .Values.primary.resources | nindent 12 }}
|
||||
{{- else if ne .Values.primary.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.primary.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
# We don't require a privileged container in this case
|
||||
{{- if .Values.primary.containerSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.primary.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
|
|
@ -104,6 +106,9 @@ spec:
|
|||
cp /tmp/certs/* /opt/bitnami/postgresql/certs/
|
||||
chmod 600 {{ include "postgresql.v1.tlsCertKey" . }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: raw-certificates
|
||||
mountPath: /tmp/certs
|
||||
- name: postgresql-certificates
|
||||
|
|
@ -114,6 +119,8 @@ spec:
|
|||
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
|
||||
{{- if .Values.volumePermissions.resources }}
|
||||
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
|
||||
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
|
|
@ -152,13 +159,14 @@ spec:
|
|||
securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{- if .Values.primary.persistence.enabled }}
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: data
|
||||
mountPath: {{ .Values.primary.persistence.mountPath }}
|
||||
{{- if .Values.primary.persistence.subPath }}
|
||||
subPath: {{ .Values.primary.persistence.subPath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.shmVolume.enabled }}
|
||||
- name: dshm
|
||||
mountPath: /dev/shm
|
||||
|
|
@ -179,7 +187,7 @@ spec:
|
|||
image: {{ include "postgresql.v1.image" . }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
{{- if .Values.primary.containerSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.primary.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
|
||||
|
|
@ -442,11 +450,25 @@ spec:
|
|||
{{- end }}
|
||||
{{- if .Values.primary.resources }}
|
||||
resources: {{- toYaml .Values.primary.resources | nindent 12 }}
|
||||
{{- else if ne .Values.primary.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.primary.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.lifecycleHooks }}
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.primary.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/postgresql/conf
|
||||
subPath: app-conf-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/postgresql/tmp
|
||||
subPath: app-tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/postgresql/logs
|
||||
subPath: app-logs-dir
|
||||
{{- if or .Values.primary.initdb.scriptsConfigMap .Values.primary.initdb.scripts }}
|
||||
- name: custom-init-scripts
|
||||
mountPath: /docker-entrypoint-initdb.d/
|
||||
|
|
@ -491,7 +513,7 @@ spec:
|
|||
image: {{ include "postgresql.v1.metrics.image" . }}
|
||||
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
|
||||
{{- if .Values.metrics.containerSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
|
||||
|
|
@ -555,6 +577,9 @@ spec:
|
|||
{{- end }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- if .Values.auth.usePasswordFiles }}
|
||||
- name: postgresql-password
|
||||
mountPath: /opt/bitnami/postgresql/secrets/
|
||||
|
|
@ -566,12 +591,16 @@ spec:
|
|||
{{- end }}
|
||||
{{- if .Values.metrics.resources }}
|
||||
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
|
||||
{{- else if ne .Values.metrics.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.primary.sidecars }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.sidecars "context" $ ) | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
{{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }}
|
||||
- name: postgresql-config
|
||||
configMap:
|
||||
|
|
|
|||
|
|
@ -3,12 +3,13 @@ Copyright VMware, Inc.
|
|||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.networkPolicy.enabled (eq .Values.architecture "replication") .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled }}
|
||||
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
|
||||
{{- if eq .Values.architecture "replication" }}
|
||||
{{- if .Values.readReplicas.networkPolicy.enabled }}
|
||||
kind: NetworkPolicy
|
||||
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
|
||||
metadata:
|
||||
name: {{ printf "%s-ingress" (include "postgresql.v1.readReplica.fullname" .) }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
name: {{ include "postgresql.v1.readReplica.fullname" . }}
|
||||
namespace: {{ include "common.names.namespace" . | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: read
|
||||
{{- if .Values.commonAnnotations }}
|
||||
|
|
@ -19,21 +20,61 @@ spec:
|
|||
podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
app.kubernetes.io/component: read
|
||||
ingress:
|
||||
{{- if and .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector) }}
|
||||
- from:
|
||||
{{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector }}
|
||||
- namespaceSelector:
|
||||
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector }}
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
{{- if .Values.readReplicas.networkPolicy.allowExternalEgress }}
|
||||
egress:
|
||||
- {}
|
||||
{{- else }}
|
||||
egress:
|
||||
# Allow dns resolution
|
||||
- ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
# Allow outbound connections to primary
|
||||
- ports:
|
||||
- port: {{ .Values.containerPorts.postgresql }}
|
||||
to:
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
|
||||
app.kubernetes.io/component: primary
|
||||
{{- if .Values.readReplicas.networkPolicy.extraEgress }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
ingress:
|
||||
- ports:
|
||||
- port: {{ .Values.containerPorts.postgresql }}
|
||||
{{- if .Values.metrics.enabled }}
|
||||
- port: {{ .Values.metrics.containerPorts.metrics }}
|
||||
{{- end }}
|
||||
{{- if not .Values.readReplicas.networkPolicy.allowExternal }}
|
||||
from:
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{ template "postgresql.v1.readReplica.fullname" . }}-client: "true"
|
||||
{{- if .Values.readReplicas.networkPolicy.ingressNSMatchLabels }}
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
{{- range $key, $value := .Values.readReplicas.networkPolicy.ingressNSMatchLabels }}
|
||||
{{ $key | quote }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.readReplicas.networkPolicy.ingressNSPodMatchLabels }}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- range $key, $value := .Values.readReplicas.networkPolicy.ingressNSPodMatchLabels }}
|
||||
{{ $key | quote }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.readReplicas.networkPolicy.extraIngress }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ spec:
|
|||
terminationGracePeriodSeconds: {{ .Values.readReplicas.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
{{- if .Values.readReplicas.podSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.readReplicas.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.readReplicas.podSecurityContext "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
hostNetwork: {{ .Values.readReplicas.hostNetwork }}
|
||||
hostIPC: {{ .Values.readReplicas.hostIPC }}
|
||||
|
|
@ -90,10 +90,12 @@ spec:
|
|||
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
|
||||
{{- if .Values.readReplicas.resources }}
|
||||
resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }}
|
||||
{{- else if ne .Values.readReplicas.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.readReplicas.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
# We don't require a privileged container in this case
|
||||
{{- if .Values.readReplicas.containerSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.readReplicas.containerSecurityContext "enabled" | toYaml | nindent 12 }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.readReplicas.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
|
|
@ -102,6 +104,9 @@ spec:
|
|||
cp /tmp/certs/* /opt/bitnami/postgresql/certs/
|
||||
chmod 600 {{ include "postgresql.v1.tlsCertKey" . }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: raw-certificates
|
||||
mountPath: /tmp/certs
|
||||
- name: postgresql-certificates
|
||||
|
|
@ -112,6 +117,8 @@ spec:
|
|||
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
|
||||
{{- if .Values.readReplicas.resources }}
|
||||
resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }}
|
||||
{{- else if ne .Values.readReplicas.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.readReplicas.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
|
|
@ -150,13 +157,14 @@ spec:
|
|||
securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{ if .Values.readReplicas.persistence.enabled }}
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: data
|
||||
mountPath: {{ .Values.readReplicas.persistence.mountPath }}
|
||||
{{- if .Values.readReplicas.persistence.subPath }}
|
||||
subPath: {{ .Values.readReplicas.persistence.subPath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.shmVolume.enabled }}
|
||||
- name: dshm
|
||||
mountPath: /dev/shm
|
||||
|
|
@ -177,7 +185,7 @@ spec:
|
|||
image: {{ include "postgresql.v1.image" . }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
{{- if .Values.readReplicas.containerSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.readReplicas.containerSecurityContext "enabled" | toYaml | nindent 12 }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.readReplicas.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
|
||||
|
|
@ -369,11 +377,25 @@ spec:
|
|||
{{- end }}
|
||||
{{- if .Values.readReplicas.resources }}
|
||||
resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }}
|
||||
{{- else if ne .Values.readReplicas.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.readReplicas.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.readReplicas.lifecycleHooks }}
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/postgresql/conf
|
||||
subPath: app-conf-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/postgresql/tmp
|
||||
subPath: app-tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/postgresql/logs
|
||||
subPath: app-logs-dir
|
||||
{{- if .Values.auth.usePasswordFiles }}
|
||||
- name: postgresql-password
|
||||
mountPath: /opt/bitnami/postgresql/secrets/
|
||||
|
|
@ -406,7 +428,7 @@ spec:
|
|||
image: {{ include "postgresql.v1.metrics.image" . }}
|
||||
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
|
||||
{{- if .Values.metrics.containerSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
|
||||
|
|
@ -462,6 +484,9 @@ spec:
|
|||
{{- end }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- if .Values.auth.usePasswordFiles }}
|
||||
- name: postgresql-password
|
||||
mountPath: /opt/bitnami/postgresql/secrets/
|
||||
|
|
@ -473,6 +498,8 @@ spec:
|
|||
{{- end }}
|
||||
{{- if .Values.metrics.resources }}
|
||||
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
|
||||
{{- else if ne .Values.metrics.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.readReplicas.sidecars }}
|
||||
|
|
@ -509,6 +536,8 @@ spec:
|
|||
sizeLimit: {{ .Values.shmVolume.sizeLimit }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
{{- if .Values.readReplicas.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extraVolumes "context" $ ) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
@ -526,7 +555,9 @@ spec:
|
|||
whenScaled: {{ .Values.readReplicas.persistentVolumeClaimRetentionPolicy.whenScaled }}
|
||||
{{- end }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
- apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: data
|
||||
{{- if .Values.readReplicas.persistence.annotations }}
|
||||
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.annotations "context" $) | nindent 10 }}
|
||||
|
|
|
|||
|
|
@ -42,7 +42,15 @@ global:
|
|||
service:
|
||||
ports:
|
||||
postgresql: ""
|
||||
|
||||
## Compatibility adaptations for Kubernetes platforms
|
||||
##
|
||||
compatibility:
|
||||
## Compatibility adaptations for Openshift
|
||||
##
|
||||
openshift:
|
||||
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
|
||||
##
|
||||
adaptSecurityContext: disabled
|
||||
## @section Common parameters
|
||||
##
|
||||
|
||||
|
|
@ -81,7 +89,6 @@ diagnosticMode:
|
|||
##
|
||||
args:
|
||||
- infinity
|
||||
|
||||
## @section PostgreSQL common parameters
|
||||
##
|
||||
|
||||
|
|
@ -98,7 +105,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/postgresql
|
||||
tag: 16.1.0-debian-11-r25
|
||||
tag: 16.2.0-debian-12-r8
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
|
@ -286,7 +293,6 @@ tls:
|
|||
## @param tls.crlFilename File containing a Certificate Revocation List
|
||||
##
|
||||
crlFilename: ""
|
||||
|
||||
## @section PostgreSQL Primary parameters
|
||||
##
|
||||
primary:
|
||||
|
|
@ -439,15 +445,21 @@ primary:
|
|||
lifecycleHooks: {}
|
||||
## PostgreSQL Primary resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## @param primary.resources.limits The resources limits for the PostgreSQL Primary containers
|
||||
## @param primary.resources.requests.memory The requested memory for the PostgreSQL Primary containers
|
||||
## @param primary.resources.requests.cpu The requested cpu for the PostgreSQL Primary containers
|
||||
## @param primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resources:
|
||||
limits: {}
|
||||
requests:
|
||||
memory: 256Mi
|
||||
cpu: 250m
|
||||
resourcesPreset: "none"
|
||||
## @param primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
##
|
||||
resources: {}
|
||||
## Pod Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
## @param primary.podSecurityContext.enabled Enable security context
|
||||
|
|
@ -467,6 +479,7 @@ primary:
|
|||
## @param primary.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param primary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param primary.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param primary.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
||||
## @param primary.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param primary.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param primary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
|
|
@ -478,6 +491,7 @@ primary:
|
|||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
|
|
@ -602,6 +616,61 @@ primary:
|
|||
## @param primary.extraPodSpec Optionally specify extra PodSpec for the PostgreSQL Primary pod(s)
|
||||
##
|
||||
extraPodSpec: {}
|
||||
## Network Policies
|
||||
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
|
||||
##
|
||||
networkPolicy:
|
||||
## @param primary.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
|
||||
##
|
||||
enabled: true
|
||||
## @param primary.networkPolicy.allowExternal Don't require server label for connections
|
||||
## The Policy model to apply. When set to false, only pods with the correct
|
||||
## server label will have network access to the ports server is listening
|
||||
## on. When true, server will accept connections from any source
|
||||
## (with the correct destination port).
|
||||
##
|
||||
allowExternal: true
|
||||
## @param primary.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
|
||||
##
|
||||
allowExternalEgress: true
|
||||
## @param primary.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
|
||||
## e.g:
|
||||
## extraIngress:
|
||||
## - ports:
|
||||
## - port: 1234
|
||||
## from:
|
||||
## - podSelector:
|
||||
## - matchLabels:
|
||||
## - role: frontend
|
||||
## - podSelector:
|
||||
## - matchExpressions:
|
||||
## - key: role
|
||||
## operator: In
|
||||
## values:
|
||||
## - frontend
|
||||
extraIngress: []
|
||||
## @param primary.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
|
||||
## e.g:
|
||||
## extraEgress:
|
||||
## - ports:
|
||||
## - port: 1234
|
||||
## to:
|
||||
## - podSelector:
|
||||
## - matchLabels:
|
||||
## - role: frontend
|
||||
## - podSelector:
|
||||
## - matchExpressions:
|
||||
## - key: role
|
||||
## operator: In
|
||||
## values:
|
||||
## - frontend
|
||||
##
|
||||
extraEgress: []
|
||||
## @param primary.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
|
||||
## @param primary.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
|
||||
##
|
||||
ingressNSMatchLabels: {}
|
||||
ingressNSPodMatchLabels: {}
|
||||
## PostgreSQL Primary service configuration
|
||||
##
|
||||
service:
|
||||
|
|
@ -723,7 +792,6 @@ primary:
|
|||
## @param primary.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
|
||||
##
|
||||
whenDeleted: Retain
|
||||
|
||||
## @section PostgreSQL read only replica parameters (only used when `architecture` is set to `replication`)
|
||||
##
|
||||
readReplicas:
|
||||
|
|
@ -814,15 +882,21 @@ readReplicas:
|
|||
lifecycleHooks: {}
|
||||
## PostgreSQL read only resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## @param readReplicas.resources.limits The resources limits for the PostgreSQL read only containers
|
||||
## @param readReplicas.resources.requests.memory The requested memory for the PostgreSQL read only containers
|
||||
## @param readReplicas.resources.requests.cpu The requested cpu for the PostgreSQL read only containers
|
||||
## @param readReplicas.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if readReplicas.resources is set (readReplicas.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resources:
|
||||
limits: {}
|
||||
requests:
|
||||
memory: 256Mi
|
||||
cpu: 250m
|
||||
resourcesPreset: "none"
|
||||
## @param readReplicas.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
##
|
||||
resources: {}
|
||||
## Pod Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
## @param readReplicas.podSecurityContext.enabled Enable security context
|
||||
|
|
@ -842,6 +916,7 @@ readReplicas:
|
|||
## @param readReplicas.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param readReplicas.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param readReplicas.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param readReplicas.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
||||
## @param readReplicas.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param readReplicas.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param readReplicas.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
|
|
@ -853,6 +928,7 @@ readReplicas:
|
|||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
|
|
@ -977,6 +1053,61 @@ readReplicas:
|
|||
## @param readReplicas.extraPodSpec Optionally specify extra PodSpec for the PostgreSQL read only pod(s)
|
||||
##
|
||||
extraPodSpec: {}
|
||||
## Network Policies
|
||||
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
|
||||
##
|
||||
networkPolicy:
|
||||
## @param readReplicas.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
|
||||
##
|
||||
enabled: true
|
||||
## @param readReplicas.networkPolicy.allowExternal Don't require server label for connections
|
||||
## The Policy model to apply. When set to false, only pods with the correct
|
||||
## server label will have network access to the ports server is listening
|
||||
## on. When true, server will accept connections from any source
|
||||
## (with the correct destination port).
|
||||
##
|
||||
allowExternal: true
|
||||
## @param readReplicas.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
|
||||
##
|
||||
allowExternalEgress: true
|
||||
## @param readReplicas.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
|
||||
## e.g:
|
||||
## extraIngress:
|
||||
## - ports:
|
||||
## - port: 1234
|
||||
## from:
|
||||
## - podSelector:
|
||||
## - matchLabels:
|
||||
## - role: frontend
|
||||
## - podSelector:
|
||||
## - matchExpressions:
|
||||
## - key: role
|
||||
## operator: In
|
||||
## values:
|
||||
## - frontend
|
||||
extraIngress: []
|
||||
## @param readReplicas.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
|
||||
## e.g:
|
||||
## extraEgress:
|
||||
## - ports:
|
||||
## - port: 1234
|
||||
## to:
|
||||
## - podSelector:
|
||||
## - matchLabels:
|
||||
## - role: frontend
|
||||
## - podSelector:
|
||||
## - matchExpressions:
|
||||
## - key: role
|
||||
## operator: In
|
||||
## values:
|
||||
## - frontend
|
||||
##
|
||||
extraEgress: []
|
||||
## @param readReplicas.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
|
||||
## @param readReplicas.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
|
||||
##
|
||||
ingressNSMatchLabels: {}
|
||||
ingressNSPodMatchLabels: {}
|
||||
## PostgreSQL read only service configuration
|
||||
##
|
||||
service:
|
||||
|
|
@ -1098,8 +1229,6 @@ readReplicas:
|
|||
## @param readReplicas.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
|
||||
##
|
||||
whenDeleted: Retain
|
||||
|
||||
|
||||
## @section Backup parameters
|
||||
## This section implements a trivial logical dump cronjob of the database.
|
||||
## This only comes with the consistency guarantees of the dump program.
|
||||
|
|
@ -1141,6 +1270,7 @@ backup:
|
|||
## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param backup.cronjob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param backup.cronjob.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
||||
## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
|
|
@ -1151,6 +1281,7 @@ backup:
|
|||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
|
|
@ -1164,7 +1295,6 @@ backup:
|
|||
- /bin/sh
|
||||
- -c
|
||||
- "pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"
|
||||
|
||||
## @param backup.cronjob.labels Set the cronjob labels
|
||||
labels: {}
|
||||
## @param backup.cronjob.annotations Set the cronjob annotations
|
||||
|
|
@ -1173,6 +1303,22 @@ backup:
|
|||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/
|
||||
##
|
||||
nodeSelector: {}
|
||||
## backup cronjob container resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## @param backup.cronjob.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if backup.cronjob.resources is set (backup.cronjob.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "none"
|
||||
## @param backup.cronjob.resources Set container requests and limits for different resources like CPU or memory
|
||||
## Example:
|
||||
resources: {}
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 1
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 2
|
||||
## memory: 1024Mi
|
||||
storage:
|
||||
## @param backup.cronjob.storage.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
|
||||
## If defined, PVC must be created manually before volume will be bound
|
||||
|
|
@ -1191,7 +1337,7 @@ backup:
|
|||
## @param backup.cronjob.storage.accessModes PV Access Mode
|
||||
##
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
- ReadWriteOnce
|
||||
## @param backup.cronjob.storage.size PVC Storage Request for the backup data volume
|
||||
##
|
||||
size: 8Gi
|
||||
|
|
@ -1213,103 +1359,6 @@ backup:
|
|||
## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
|
||||
##
|
||||
selector: {}
|
||||
|
||||
## @section NetworkPolicy parameters
|
||||
##
|
||||
|
||||
## Add networkpolicies
|
||||
##
|
||||
networkPolicy:
|
||||
## @param networkPolicy.enabled Enable network policies
|
||||
##
|
||||
enabled: false
|
||||
## @param networkPolicy.metrics.enabled Enable network policies for metrics (prometheus)
|
||||
## @param networkPolicy.metrics.namespaceSelector [object] Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace.
|
||||
## @param networkPolicy.metrics.podSelector [object] Monitoring pod selector labels. These labels will be used to identify the Prometheus pods.
|
||||
##
|
||||
metrics:
|
||||
enabled: false
|
||||
## e.g:
|
||||
## namespaceSelector:
|
||||
## label: monitoring
|
||||
##
|
||||
namespaceSelector: {}
|
||||
## e.g:
|
||||
## podSelector:
|
||||
## label: monitoring
|
||||
##
|
||||
podSelector: {}
|
||||
## Ingress Rules
|
||||
##
|
||||
ingressRules:
|
||||
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled Enable ingress rule that makes PostgreSQL primary node only accessible from a particular origin.
|
||||
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed namespace(s).
|
||||
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed pod(s).
|
||||
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules Custom network policy for the PostgreSQL primary node.
|
||||
##
|
||||
primaryAccessOnlyFrom:
|
||||
enabled: false
|
||||
## e.g:
|
||||
## namespaceSelector:
|
||||
## label: ingress
|
||||
##
|
||||
namespaceSelector: {}
|
||||
## e.g:
|
||||
## podSelector:
|
||||
## label: access
|
||||
##
|
||||
podSelector: {}
|
||||
## custom ingress rules
|
||||
## e.g:
|
||||
## customRules:
|
||||
## - from:
|
||||
## - namespaceSelector:
|
||||
## matchLabels:
|
||||
## label: example
|
||||
##
|
||||
customRules: []
|
||||
## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled Enable ingress rule that makes PostgreSQL read-only nodes only accessible from a particular origin.
|
||||
## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed namespace(s).
|
||||
## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed pod(s).
|
||||
## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules Custom network policy for the PostgreSQL read-only nodes.
|
||||
##
|
||||
readReplicasAccessOnlyFrom:
|
||||
enabled: false
|
||||
## e.g:
|
||||
## namespaceSelector:
|
||||
## label: ingress
|
||||
##
|
||||
namespaceSelector: {}
|
||||
## e.g:
|
||||
## podSelector:
|
||||
## label: access
|
||||
##
|
||||
podSelector: {}
|
||||
## custom ingress rules
|
||||
## e.g:
|
||||
## CustomRules:
|
||||
## - from:
|
||||
## - namespaceSelector:
|
||||
## matchLabels:
|
||||
## label: example
|
||||
##
|
||||
customRules: []
|
||||
## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53).
|
||||
## @param networkPolicy.egressRules.customRules Custom network policy rule
|
||||
##
|
||||
egressRules:
|
||||
# Deny connections to external. This is not compatible with an external database.
|
||||
denyConnectionsToExternal: false
|
||||
## Additional custom egress rules
|
||||
## e.g:
|
||||
## customRules:
|
||||
## - to:
|
||||
## - namespaceSelector:
|
||||
## matchLabels:
|
||||
## label: example
|
||||
##
|
||||
customRules: []
|
||||
|
||||
## @section Volume Permissions parameters
|
||||
##
|
||||
|
||||
|
|
@ -1330,7 +1379,7 @@ volumePermissions:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/os-shell
|
||||
tag: 11-debian-11-r95
|
||||
tag: 12-debian-12-r16
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
|
@ -1343,12 +1392,21 @@ volumePermissions:
|
|||
pullSecrets: []
|
||||
## Init container resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## @param volumePermissions.resources.limits Init container volume-permissions resource limits
|
||||
## @param volumePermissions.resources.requests Init container volume-permissions resource requests
|
||||
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resources:
|
||||
limits: {}
|
||||
requests: {}
|
||||
resourcesPreset: "none"
|
||||
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
##
|
||||
resources: {}
|
||||
## Init container' Security Context
|
||||
## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
|
||||
## and not the below volumePermissions.containerSecurityContext.runAsUser
|
||||
|
|
@ -1373,7 +1431,6 @@ volumePermissions:
|
|||
##
|
||||
serviceBindings:
|
||||
enabled: false
|
||||
|
||||
## Service account for PostgreSQL to use.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
||||
##
|
||||
|
|
@ -1415,10 +1472,8 @@ rbac:
|
|||
##
|
||||
psp:
|
||||
create: false
|
||||
|
||||
## @section Metrics Parameters
|
||||
##
|
||||
|
||||
metrics:
|
||||
## @param metrics.enabled Start a prometheus exporter
|
||||
##
|
||||
|
|
@ -1433,7 +1488,7 @@ metrics:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/postgres-exporter
|
||||
tag: 0.15.0-debian-11-r7
|
||||
tag: 0.15.0-debian-12-r14
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
|
@ -1477,6 +1532,7 @@ metrics:
|
|||
## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param metrics.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
||||
## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
|
|
@ -1488,6 +1544,7 @@ metrics:
|
|||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
|
|
@ -1555,12 +1612,21 @@ metrics:
|
|||
metrics: 9187
|
||||
## PostgreSQL Prometheus exporter resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## @param metrics.resources.limits The resources limits for the PostgreSQL Prometheus exporter container
|
||||
## @param metrics.resources.requests The requested resources for the PostgreSQL Prometheus exporter container
|
||||
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resources:
|
||||
limits: {}
|
||||
requests: {}
|
||||
resourcesPreset: "none"
|
||||
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
##
|
||||
resources: {}
|
||||
## Service configuration
|
||||
##
|
||||
service:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.14.1
|
||||
digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3
|
||||
generated: "2023-12-19T19:11:00.40217662Z"
|
||||
version: 2.19.0
|
||||
digest: sha256:ac559eb57710d8904e266424ee364cd686d7e24517871f0c5c67f7c4500c2bcc
|
||||
generated: "2024-03-08T15:56:40.04210215Z"
|
||||
|
|
|
|||
|
|
@ -1,14 +1,16 @@
|
|||
annotations:
|
||||
category: Database
|
||||
images: |
|
||||
- name: kubectl
|
||||
image: docker.io/bitnami/kubectl:1.29.2-debian-12-r3
|
||||
- name: os-shell
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r96
|
||||
- name: redis-exporter
|
||||
image: docker.io/bitnami/redis-exporter:1.57.0-debian-11-r2
|
||||
- name: redis-sentinel
|
||||
image: docker.io/bitnami/redis-sentinel:7.2.4-debian-11-r6
|
||||
image: docker.io/bitnami/os-shell:12-debian-12-r16
|
||||
- name: redis
|
||||
image: docker.io/bitnami/redis:7.2.4-debian-11-r5
|
||||
image: docker.io/bitnami/redis:7.2.4-debian-12-r9
|
||||
- name: redis-exporter
|
||||
image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r4
|
||||
- name: redis-sentinel
|
||||
image: docker.io/bitnami/redis-sentinel:7.2.4-debian-12-r7
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 7.2.4
|
||||
|
|
@ -33,4 +35,4 @@ maintainers:
|
|||
name: redis
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/redis
|
||||
version: 18.13.0
|
||||
version: 18.19.2
|
||||
|
|
|
|||
|
|
@ -71,12 +71,13 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### Global parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------- | ------------------------------------------------------ | ----- |
|
||||
| `global.imageRegistry` | Global Docker image registry | `""` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
||||
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
|
||||
| `global.redis.password` | Global Redis® password (overrides `auth.password`) | `""` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
|
||||
| `global.imageRegistry` | Global Docker image registry | `""` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
||||
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
|
||||
| `global.redis.password` | Global Redis® password (overrides `auth.password`) | `""` |
|
||||
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
|
||||
|
||||
### Common parameters
|
||||
|
||||
|
|
@ -120,342 +121,347 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `auth.existingSecret` | The name of an existing secret with Redis® credentials | `""` |
|
||||
| `auth.existingSecretPasswordKey` | Password key to be retrieved from existing secret | `""` |
|
||||
| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` |
|
||||
| `auth.usePasswordFileFromSecret` | Mount password file from secret | `true` |
|
||||
| `commonConfiguration` | Common configuration to be added into the ConfigMap | `""` |
|
||||
| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for Redis® nodes | `""` |
|
||||
|
||||
### Redis® master configuration parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `master.count` | Number of Redis® master instances to deploy (experimental, requires additional configuration) | `1` |
|
||||
| `master.configuration` | Configuration for Redis® master nodes | `""` |
|
||||
| `master.disableCommands` | Array with Redis® commands to disable on master nodes | `["FLUSHDB","FLUSHALL"]` |
|
||||
| `master.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `master.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `master.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
|
||||
| `master.preExecCmds` | Additional commands to run prior to starting Redis® master | `[]` |
|
||||
| `master.extraFlags` | Array with additional command line flags for Redis® master | `[]` |
|
||||
| `master.extraEnvVars` | Array with extra environment variables to add to Redis® master nodes | `[]` |
|
||||
| `master.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® master nodes | `""` |
|
||||
| `master.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® master nodes | `""` |
|
||||
| `master.containerPorts.redis` | Container port to open on Redis® master nodes | `6379` |
|
||||
| `master.startupProbe.enabled` | Enable startupProbe on Redis® master nodes | `false` |
|
||||
| `master.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `20` |
|
||||
| `master.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` |
|
||||
| `master.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `master.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
|
||||
| `master.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `master.livenessProbe.enabled` | Enable livenessProbe on Redis® master nodes | `true` |
|
||||
| `master.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
|
||||
| `master.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` |
|
||||
| `master.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `master.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
|
||||
| `master.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `master.readinessProbe.enabled` | Enable readinessProbe on Redis® master nodes | `true` |
|
||||
| `master.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
|
||||
| `master.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
|
||||
| `master.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `master.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
|
||||
| `master.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `master.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `master.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `master.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `master.resources.limits` | The resources limits for the Redis® master containers | `{}` |
|
||||
| `master.resources.requests` | The requested resources for the Redis® master containers | `{}` |
|
||||
| `master.podSecurityContext.enabled` | Enabled Redis® master pods' Security Context | `true` |
|
||||
| `master.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `master.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `master.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `master.podSecurityContext.fsGroup` | Set Redis® master pod's Security Context fsGroup | `1001` |
|
||||
| `master.containerSecurityContext.enabled` | Enabled Redis® master containers' Security Context | `true` |
|
||||
| `master.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `master.containerSecurityContext.runAsUser` | Set Redis® master containers' Security Context runAsUser | `1001` |
|
||||
| `master.containerSecurityContext.runAsGroup` | Set Redis® master containers' Security Context runAsGroup | `0` |
|
||||
| `master.containerSecurityContext.runAsNonRoot` | Set Redis® master containers' Security Context runAsNonRoot | `true` |
|
||||
| `master.containerSecurityContext.allowPrivilegeEscalation` | Is it possible to escalate Redis® pod(s) privileges | `false` |
|
||||
| `master.containerSecurityContext.seccompProfile.type` | Set Redis® master containers' Security Context seccompProfile | `RuntimeDefault` |
|
||||
| `master.containerSecurityContext.capabilities.drop` | Set Redis® master containers' Security Context capabilities to drop | `["ALL"]` |
|
||||
| `master.kind` | Use either Deployment, StatefulSet (default) or DaemonSet | `StatefulSet` |
|
||||
| `master.schedulerName` | Alternate scheduler for Redis® master pods | `""` |
|
||||
| `master.updateStrategy.type` | Redis® master statefulset strategy type | `RollingUpdate` |
|
||||
| `master.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` |
|
||||
| `master.priorityClassName` | Redis® master pods' priorityClassName | `""` |
|
||||
| `master.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `master.hostAliases` | Redis® master pods host aliases | `[]` |
|
||||
| `master.podLabels` | Extra labels for Redis® master pods | `{}` |
|
||||
| `master.podAnnotations` | Annotations for Redis® master pods | `{}` |
|
||||
| `master.shareProcessNamespace` | Share a single process namespace between all of the containers in Redis® master pods | `false` |
|
||||
| `master.podAffinityPreset` | Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `master.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `master.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `master.nodeAffinityPreset.key` | Node label key to match. Ignored if `master.affinity` is set | `""` |
|
||||
| `master.nodeAffinityPreset.values` | Node label values to match. Ignored if `master.affinity` is set | `[]` |
|
||||
| `master.affinity` | Affinity for Redis® master pods assignment | `{}` |
|
||||
| `master.nodeSelector` | Node labels for Redis® master pods assignment | `{}` |
|
||||
| `master.tolerations` | Tolerations for Redis® master pods assignment | `[]` |
|
||||
| `master.topologySpreadConstraints` | Spread Constraints for Redis® master pod assignment | `[]` |
|
||||
| `master.dnsPolicy` | DNS Policy for Redis® master pod | `""` |
|
||||
| `master.dnsConfig` | DNS Configuration for Redis® master pod | `{}` |
|
||||
| `master.lifecycleHooks` | for the Redis® master container(s) to automate configuration before or after startup | `{}` |
|
||||
| `master.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® master pod(s) | `[]` |
|
||||
| `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® master container(s) | `[]` |
|
||||
| `master.sidecars` | Add additional sidecar containers to the Redis® master pod(s) | `[]` |
|
||||
| `master.initContainers` | Add additional init containers to the Redis® master pod(s) | `[]` |
|
||||
| `master.persistence.enabled` | Enable persistence on Redis® master nodes using Persistent Volume Claims | `true` |
|
||||
| `master.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` |
|
||||
| `master.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` |
|
||||
| `master.persistence.path` | The path the volume will be mounted at on Redis® master containers | `/data` |
|
||||
| `master.persistence.subPath` | The subdirectory of the volume to mount on Redis® master containers | `""` |
|
||||
| `master.persistence.subPathExpr` | Used to construct the subPath subdirectory of the volume to mount on Redis® master containers | `""` |
|
||||
| `master.persistence.storageClass` | Persistent Volume storage class | `""` |
|
||||
| `master.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
|
||||
| `master.persistence.size` | Persistent Volume size | `8Gi` |
|
||||
| `master.persistence.annotations` | Additional custom annotations for the PVC | `{}` |
|
||||
| `master.persistence.labels` | Additional custom labels for the PVC | `{}` |
|
||||
| `master.persistence.selector` | Additional labels to match for the PVC | `{}` |
|
||||
| `master.persistence.dataSource` | Custom PVC data source | `{}` |
|
||||
| `master.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` |
|
||||
| `master.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` |
|
||||
| `master.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` |
|
||||
| `master.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` |
|
||||
| `master.service.type` | Redis® master service type | `ClusterIP` |
|
||||
| `master.service.ports.redis` | Redis® master service port | `6379` |
|
||||
| `master.service.nodePorts.redis` | Node port for Redis® master | `""` |
|
||||
| `master.service.externalTrafficPolicy` | Redis® master service external traffic policy | `Cluster` |
|
||||
| `master.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `master.service.internalTrafficPolicy` | Redis® master service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster` |
|
||||
| `master.service.clusterIP` | Redis® master service Cluster IP | `""` |
|
||||
| `master.service.loadBalancerIP` | Redis® master service Load Balancer IP | `""` |
|
||||
| `master.service.loadBalancerClass` | master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` |
|
||||
| `master.service.loadBalancerSourceRanges` | Redis® master service Load Balancer sources | `[]` |
|
||||
| `master.service.externalIPs` | Redis® master service External IPs | `[]` |
|
||||
| `master.service.annotations` | Additional custom annotations for Redis® master service | `{}` |
|
||||
| `master.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `master.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `master.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-master pods | `30` |
|
||||
| `master.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
|
||||
| `master.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
|
||||
| `master.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` |
|
||||
| `master.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------ |
|
||||
| `master.count` | Number of Redis® master instances to deploy (experimental, requires additional configuration) | `1` |
|
||||
| `master.configuration` | Configuration for Redis® master nodes | `""` |
|
||||
| `master.disableCommands` | Array with Redis® commands to disable on master nodes | `["FLUSHDB","FLUSHALL"]` |
|
||||
| `master.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `master.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `master.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
|
||||
| `master.preExecCmds` | Additional commands to run prior to starting Redis® master | `[]` |
|
||||
| `master.extraFlags` | Array with additional command line flags for Redis® master | `[]` |
|
||||
| `master.extraEnvVars` | Array with extra environment variables to add to Redis® master nodes | `[]` |
|
||||
| `master.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® master nodes | `""` |
|
||||
| `master.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® master nodes | `""` |
|
||||
| `master.containerPorts.redis` | Container port to open on Redis® master nodes | `6379` |
|
||||
| `master.startupProbe.enabled` | Enable startupProbe on Redis® master nodes | `false` |
|
||||
| `master.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `20` |
|
||||
| `master.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` |
|
||||
| `master.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `master.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
|
||||
| `master.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `master.livenessProbe.enabled` | Enable livenessProbe on Redis® master nodes | `true` |
|
||||
| `master.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
|
||||
| `master.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` |
|
||||
| `master.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `master.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
|
||||
| `master.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `master.readinessProbe.enabled` | Enable readinessProbe on Redis® master nodes | `true` |
|
||||
| `master.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
|
||||
| `master.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
|
||||
| `master.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `master.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
|
||||
| `master.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `master.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `master.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `master.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `master.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production). | `none` |
|
||||
| `master.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `master.podSecurityContext.enabled` | Enabled Redis® master pods' Security Context | `true` |
|
||||
| `master.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `master.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `master.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `master.podSecurityContext.fsGroup` | Set Redis® master pod's Security Context fsGroup | `1001` |
|
||||
| `master.containerSecurityContext.enabled` | Enabled Redis® master containers' Security Context | `true` |
|
||||
| `master.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `master.containerSecurityContext.runAsUser` | Set Redis® master containers' Security Context runAsUser | `1001` |
|
||||
| `master.containerSecurityContext.runAsGroup` | Set Redis® master containers' Security Context runAsGroup | `0` |
|
||||
| `master.containerSecurityContext.runAsNonRoot` | Set Redis® master containers' Security Context runAsNonRoot | `true` |
|
||||
| `master.containerSecurityContext.allowPrivilegeEscalation` | Is it possible to escalate Redis® pod(s) privileges | `false` |
|
||||
| `master.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `false` |
|
||||
| `master.containerSecurityContext.seccompProfile.type` | Set Redis® master containers' Security Context seccompProfile | `RuntimeDefault` |
|
||||
| `master.containerSecurityContext.capabilities.drop` | Set Redis® master containers' Security Context capabilities to drop | `["ALL"]` |
|
||||
| `master.kind` | Use either Deployment, StatefulSet (default) or DaemonSet | `StatefulSet` |
|
||||
| `master.schedulerName` | Alternate scheduler for Redis® master pods | `""` |
|
||||
| `master.updateStrategy.type` | Redis® master statefulset strategy type | `RollingUpdate` |
|
||||
| `master.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` |
|
||||
| `master.priorityClassName` | Redis® master pods' priorityClassName | `""` |
|
||||
| `master.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `master.hostAliases` | Redis® master pods host aliases | `[]` |
|
||||
| `master.podLabels` | Extra labels for Redis® master pods | `{}` |
|
||||
| `master.podAnnotations` | Annotations for Redis® master pods | `{}` |
|
||||
| `master.shareProcessNamespace` | Share a single process namespace between all of the containers in Redis® master pods | `false` |
|
||||
| `master.podAffinityPreset` | Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `master.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `master.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `master.nodeAffinityPreset.key` | Node label key to match. Ignored if `master.affinity` is set | `""` |
|
||||
| `master.nodeAffinityPreset.values` | Node label values to match. Ignored if `master.affinity` is set | `[]` |
|
||||
| `master.affinity` | Affinity for Redis® master pods assignment | `{}` |
|
||||
| `master.nodeSelector` | Node labels for Redis® master pods assignment | `{}` |
|
||||
| `master.tolerations` | Tolerations for Redis® master pods assignment | `[]` |
|
||||
| `master.topologySpreadConstraints` | Spread Constraints for Redis® master pod assignment | `[]` |
|
||||
| `master.dnsPolicy` | DNS Policy for Redis® master pod | `""` |
|
||||
| `master.dnsConfig` | DNS Configuration for Redis® master pod | `{}` |
|
||||
| `master.lifecycleHooks` | for the Redis® master container(s) to automate configuration before or after startup | `{}` |
|
||||
| `master.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® master pod(s) | `[]` |
|
||||
| `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® master container(s) | `[]` |
|
||||
| `master.sidecars` | Add additional sidecar containers to the Redis® master pod(s) | `[]` |
|
||||
| `master.initContainers` | Add additional init containers to the Redis® master pod(s) | `[]` |
|
||||
| `master.persistence.enabled` | Enable persistence on Redis® master nodes using Persistent Volume Claims | `true` |
|
||||
| `master.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` |
|
||||
| `master.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` |
|
||||
| `master.persistence.path` | The path the volume will be mounted at on Redis® master containers | `/data` |
|
||||
| `master.persistence.subPath` | The subdirectory of the volume to mount on Redis® master containers | `""` |
|
||||
| `master.persistence.subPathExpr` | Used to construct the subPath subdirectory of the volume to mount on Redis® master containers | `""` |
|
||||
| `master.persistence.storageClass` | Persistent Volume storage class | `""` |
|
||||
| `master.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
|
||||
| `master.persistence.size` | Persistent Volume size | `8Gi` |
|
||||
| `master.persistence.annotations` | Additional custom annotations for the PVC | `{}` |
|
||||
| `master.persistence.labels` | Additional custom labels for the PVC | `{}` |
|
||||
| `master.persistence.selector` | Additional labels to match for the PVC | `{}` |
|
||||
| `master.persistence.dataSource` | Custom PVC data source | `{}` |
|
||||
| `master.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` |
|
||||
| `master.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` |
|
||||
| `master.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` |
|
||||
| `master.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` |
|
||||
| `master.service.type` | Redis® master service type | `ClusterIP` |
|
||||
| `master.service.ports.redis` | Redis® master service port | `6379` |
|
||||
| `master.service.nodePorts.redis` | Node port for Redis® master | `""` |
|
||||
| `master.service.externalTrafficPolicy` | Redis® master service external traffic policy | `Cluster` |
|
||||
| `master.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `master.service.internalTrafficPolicy` | Redis® master service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster` |
|
||||
| `master.service.clusterIP` | Redis® master service Cluster IP | `""` |
|
||||
| `master.service.loadBalancerIP` | Redis® master service Load Balancer IP | `""` |
|
||||
| `master.service.loadBalancerClass` | master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` |
|
||||
| `master.service.loadBalancerSourceRanges` | Redis® master service Load Balancer sources | `[]` |
|
||||
| `master.service.externalIPs` | Redis® master service External IPs | `[]` |
|
||||
| `master.service.annotations` | Additional custom annotations for Redis® master service | `{}` |
|
||||
| `master.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `master.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `master.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-master pods | `30` |
|
||||
| `master.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
|
||||
| `master.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
|
||||
| `master.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` |
|
||||
| `master.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
|
||||
|
||||
### Redis® replicas configuration parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `replica.kind` | Use either DaemonSet or StatefulSet (default) | `StatefulSet` |
|
||||
| `replica.replicaCount` | Number of Redis® replicas to deploy | `3` |
|
||||
| `replica.configuration` | Configuration for Redis® replicas nodes | `""` |
|
||||
| `replica.disableCommands` | Array with Redis® commands to disable on replicas nodes | `["FLUSHDB","FLUSHALL"]` |
|
||||
| `replica.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `replica.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `replica.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
|
||||
| `replica.preExecCmds` | Additional commands to run prior to starting Redis® replicas | `[]` |
|
||||
| `replica.extraFlags` | Array with additional command line flags for Redis® replicas | `[]` |
|
||||
| `replica.extraEnvVars` | Array with extra environment variables to add to Redis® replicas nodes | `[]` |
|
||||
| `replica.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® replicas nodes | `""` |
|
||||
| `replica.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® replicas nodes | `""` |
|
||||
| `replica.externalMaster.enabled` | Use external master for bootstrapping | `false` |
|
||||
| `replica.externalMaster.host` | External master host to bootstrap from | `""` |
|
||||
| `replica.externalMaster.port` | Port for Redis service external master host | `6379` |
|
||||
| `replica.containerPorts.redis` | Container port to open on Redis® replicas nodes | `6379` |
|
||||
| `replica.startupProbe.enabled` | Enable startupProbe on Redis® replicas nodes | `true` |
|
||||
| `replica.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `replica.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `replica.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `replica.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` |
|
||||
| `replica.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `replica.livenessProbe.enabled` | Enable livenessProbe on Redis® replicas nodes | `true` |
|
||||
| `replica.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
|
||||
| `replica.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` |
|
||||
| `replica.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `replica.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
|
||||
| `replica.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `replica.readinessProbe.enabled` | Enable readinessProbe on Redis® replicas nodes | `true` |
|
||||
| `replica.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
|
||||
| `replica.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
|
||||
| `replica.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `replica.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
|
||||
| `replica.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `replica.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `replica.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `replica.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `replica.resources.limits` | The resources limits for the Redis® replicas containers | `{}` |
|
||||
| `replica.resources.requests` | The requested resources for the Redis® replicas containers | `{}` |
|
||||
| `replica.podSecurityContext.enabled` | Enabled Redis® replicas pods' Security Context | `true` |
|
||||
| `replica.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `replica.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `replica.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `replica.podSecurityContext.fsGroup` | Set Redis® replicas pod's Security Context fsGroup | `1001` |
|
||||
| `replica.containerSecurityContext.enabled` | Enabled Redis® replicas containers' Security Context | `true` |
|
||||
| `replica.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `replica.containerSecurityContext.runAsUser` | Set Redis® replicas containers' Security Context runAsUser | `1001` |
|
||||
| `replica.containerSecurityContext.runAsGroup` | Set Redis® replicas containers' Security Context runAsGroup | `0` |
|
||||
| `replica.containerSecurityContext.runAsNonRoot` | Set Redis® replicas containers' Security Context runAsNonRoot | `true` |
|
||||
| `replica.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® replicas pod's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `replica.containerSecurityContext.seccompProfile.type` | Set Redis® replicas containers' Security Context seccompProfile | `RuntimeDefault` |
|
||||
| `replica.containerSecurityContext.capabilities.drop` | Set Redis® replicas containers' Security Context capabilities to drop | `["ALL"]` |
|
||||
| `replica.schedulerName` | Alternate scheduler for Redis® replicas pods | `""` |
|
||||
| `replica.updateStrategy.type` | Redis® replicas statefulset strategy type | `RollingUpdate` |
|
||||
| `replica.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` |
|
||||
| `replica.priorityClassName` | Redis® replicas pods' priorityClassName | `""` |
|
||||
| `replica.podManagementPolicy` | podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods | `""` |
|
||||
| `replica.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `replica.hostAliases` | Redis® replicas pods host aliases | `[]` |
|
||||
| `replica.podLabels` | Extra labels for Redis® replicas pods | `{}` |
|
||||
| `replica.podAnnotations` | Annotations for Redis® replicas pods | `{}` |
|
||||
| `replica.shareProcessNamespace` | Share a single process namespace between all of the containers in Redis® replicas pods | `false` |
|
||||
| `replica.podAffinityPreset` | Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `replica.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `replica.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `replica.nodeAffinityPreset.key` | Node label key to match. Ignored if `replica.affinity` is set | `""` |
|
||||
| `replica.nodeAffinityPreset.values` | Node label values to match. Ignored if `replica.affinity` is set | `[]` |
|
||||
| `replica.affinity` | Affinity for Redis® replicas pods assignment | `{}` |
|
||||
| `replica.nodeSelector` | Node labels for Redis® replicas pods assignment | `{}` |
|
||||
| `replica.tolerations` | Tolerations for Redis® replicas pods assignment | `[]` |
|
||||
| `replica.topologySpreadConstraints` | Spread Constraints for Redis® replicas pod assignment | `[]` |
|
||||
| `replica.dnsPolicy` | DNS Policy for Redis® replica pods | `""` |
|
||||
| `replica.dnsConfig` | DNS Configuration for Redis® replica pods | `{}` |
|
||||
| `replica.lifecycleHooks` | for the Redis® replica container(s) to automate configuration before or after startup | `{}` |
|
||||
| `replica.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® replicas pod(s) | `[]` |
|
||||
| `replica.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® replicas container(s) | `[]` |
|
||||
| `replica.sidecars` | Add additional sidecar containers to the Redis® replicas pod(s) | `[]` |
|
||||
| `replica.initContainers` | Add additional init containers to the Redis® replicas pod(s) | `[]` |
|
||||
| `replica.persistence.enabled` | Enable persistence on Redis® replicas nodes using Persistent Volume Claims | `true` |
|
||||
| `replica.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` |
|
||||
| `replica.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` |
|
||||
| `replica.persistence.path` | The path the volume will be mounted at on Redis® replicas containers | `/data` |
|
||||
| `replica.persistence.subPath` | The subdirectory of the volume to mount on Redis® replicas containers | `""` |
|
||||
| `replica.persistence.subPathExpr` | Used to construct the subPath subdirectory of the volume to mount on Redis® replicas containers | `""` |
|
||||
| `replica.persistence.storageClass` | Persistent Volume storage class | `""` |
|
||||
| `replica.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
|
||||
| `replica.persistence.size` | Persistent Volume size | `8Gi` |
|
||||
| `replica.persistence.annotations` | Additional custom annotations for the PVC | `{}` |
|
||||
| `replica.persistence.labels` | Additional custom labels for the PVC | `{}` |
|
||||
| `replica.persistence.selector` | Additional labels to match for the PVC | `{}` |
|
||||
| `replica.persistence.dataSource` | Custom PVC data source | `{}` |
|
||||
| `replica.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` |
|
||||
| `replica.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` |
|
||||
| `replica.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` |
|
||||
| `replica.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` |
|
||||
| `replica.service.type` | Redis® replicas service type | `ClusterIP` |
|
||||
| `replica.service.ports.redis` | Redis® replicas service port | `6379` |
|
||||
| `replica.service.nodePorts.redis` | Node port for Redis® replicas | `""` |
|
||||
| `replica.service.externalTrafficPolicy` | Redis® replicas service external traffic policy | `Cluster` |
|
||||
| `replica.service.internalTrafficPolicy` | Redis® replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster` |
|
||||
| `replica.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `replica.service.clusterIP` | Redis® replicas service Cluster IP | `""` |
|
||||
| `replica.service.loadBalancerIP` | Redis® replicas service Load Balancer IP | `""` |
|
||||
| `replica.service.loadBalancerClass` | replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` |
|
||||
| `replica.service.loadBalancerSourceRanges` | Redis® replicas service Load Balancer sources | `[]` |
|
||||
| `replica.service.annotations` | Additional custom annotations for Redis® replicas service | `{}` |
|
||||
| `replica.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `replica.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `replica.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-replicas pods | `30` |
|
||||
| `replica.autoscaling.enabled` | Enable replica autoscaling settings | `false` |
|
||||
| `replica.autoscaling.minReplicas` | Minimum replicas for the pod autoscaling | `1` |
|
||||
| `replica.autoscaling.maxReplicas` | Maximum replicas for the pod autoscaling | `11` |
|
||||
| `replica.autoscaling.targetCPU` | Percentage of CPU to consider when autoscaling | `""` |
|
||||
| `replica.autoscaling.targetMemory` | Percentage of Memory to consider when autoscaling | `""` |
|
||||
| `replica.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
|
||||
| `replica.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
|
||||
| `replica.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` |
|
||||
| `replica.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
|
||||
| `replica.kind` | Use either DaemonSet or StatefulSet (default) | `StatefulSet` |
|
||||
| `replica.replicaCount` | Number of Redis® replicas to deploy | `3` |
|
||||
| `replica.configuration` | Configuration for Redis® replicas nodes | `""` |
|
||||
| `replica.disableCommands` | Array with Redis® commands to disable on replicas nodes | `["FLUSHDB","FLUSHALL"]` |
|
||||
| `replica.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `replica.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `replica.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
|
||||
| `replica.preExecCmds` | Additional commands to run prior to starting Redis® replicas | `[]` |
|
||||
| `replica.extraFlags` | Array with additional command line flags for Redis® replicas | `[]` |
|
||||
| `replica.extraEnvVars` | Array with extra environment variables to add to Redis® replicas nodes | `[]` |
|
||||
| `replica.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® replicas nodes | `""` |
|
||||
| `replica.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® replicas nodes | `""` |
|
||||
| `replica.externalMaster.enabled` | Use external master for bootstrapping | `false` |
|
||||
| `replica.externalMaster.host` | External master host to bootstrap from | `""` |
|
||||
| `replica.externalMaster.port` | Port for Redis service external master host | `6379` |
|
||||
| `replica.containerPorts.redis` | Container port to open on Redis® replicas nodes | `6379` |
|
||||
| `replica.startupProbe.enabled` | Enable startupProbe on Redis® replicas nodes | `true` |
|
||||
| `replica.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `replica.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `replica.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `replica.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` |
|
||||
| `replica.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `replica.livenessProbe.enabled` | Enable livenessProbe on Redis® replicas nodes | `true` |
|
||||
| `replica.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
|
||||
| `replica.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` |
|
||||
| `replica.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `replica.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
|
||||
| `replica.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `replica.readinessProbe.enabled` | Enable readinessProbe on Redis® replicas nodes | `true` |
|
||||
| `replica.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
|
||||
| `replica.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
|
||||
| `replica.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `replica.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
|
||||
| `replica.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `replica.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `replica.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `replica.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `replica.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production). | `none` |
|
||||
| `replica.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `replica.podSecurityContext.enabled` | Enabled Redis® replicas pods' Security Context | `true` |
|
||||
| `replica.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `replica.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `replica.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `replica.podSecurityContext.fsGroup` | Set Redis® replicas pod's Security Context fsGroup | `1001` |
|
||||
| `replica.containerSecurityContext.enabled` | Enabled Redis® replicas containers' Security Context | `true` |
|
||||
| `replica.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `replica.containerSecurityContext.runAsUser` | Set Redis® replicas containers' Security Context runAsUser | `1001` |
|
||||
| `replica.containerSecurityContext.runAsGroup` | Set Redis® replicas containers' Security Context runAsGroup | `0` |
|
||||
| `replica.containerSecurityContext.runAsNonRoot` | Set Redis® replicas containers' Security Context runAsNonRoot | `true` |
|
||||
| `replica.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® replicas pod's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `replica.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `false` |
|
||||
| `replica.containerSecurityContext.seccompProfile.type` | Set Redis® replicas containers' Security Context seccompProfile | `RuntimeDefault` |
|
||||
| `replica.containerSecurityContext.capabilities.drop` | Set Redis® replicas containers' Security Context capabilities to drop | `["ALL"]` |
|
||||
| `replica.schedulerName` | Alternate scheduler for Redis® replicas pods | `""` |
|
||||
| `replica.updateStrategy.type` | Redis® replicas statefulset strategy type | `RollingUpdate` |
|
||||
| `replica.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` |
|
||||
| `replica.priorityClassName` | Redis® replicas pods' priorityClassName | `""` |
|
||||
| `replica.podManagementPolicy` | podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods | `""` |
|
||||
| `replica.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `replica.hostAliases` | Redis® replicas pods host aliases | `[]` |
|
||||
| `replica.podLabels` | Extra labels for Redis® replicas pods | `{}` |
|
||||
| `replica.podAnnotations` | Annotations for Redis® replicas pods | `{}` |
|
||||
| `replica.shareProcessNamespace` | Share a single process namespace between all of the containers in Redis® replicas pods | `false` |
|
||||
| `replica.podAffinityPreset` | Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `replica.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `replica.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `replica.nodeAffinityPreset.key` | Node label key to match. Ignored if `replica.affinity` is set | `""` |
|
||||
| `replica.nodeAffinityPreset.values` | Node label values to match. Ignored if `replica.affinity` is set | `[]` |
|
||||
| `replica.affinity` | Affinity for Redis® replicas pods assignment | `{}` |
|
||||
| `replica.nodeSelector` | Node labels for Redis® replicas pods assignment | `{}` |
|
||||
| `replica.tolerations` | Tolerations for Redis® replicas pods assignment | `[]` |
|
||||
| `replica.topologySpreadConstraints` | Spread Constraints for Redis® replicas pod assignment | `[]` |
|
||||
| `replica.dnsPolicy` | DNS Policy for Redis® replica pods | `""` |
|
||||
| `replica.dnsConfig` | DNS Configuration for Redis® replica pods | `{}` |
|
||||
| `replica.lifecycleHooks` | for the Redis® replica container(s) to automate configuration before or after startup | `{}` |
|
||||
| `replica.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® replicas pod(s) | `[]` |
|
||||
| `replica.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® replicas container(s) | `[]` |
|
||||
| `replica.sidecars` | Add additional sidecar containers to the Redis® replicas pod(s) | `[]` |
|
||||
| `replica.initContainers` | Add additional init containers to the Redis® replicas pod(s) | `[]` |
|
||||
| `replica.persistence.enabled` | Enable persistence on Redis® replicas nodes using Persistent Volume Claims | `true` |
|
||||
| `replica.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` |
|
||||
| `replica.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` |
|
||||
| `replica.persistence.path` | The path the volume will be mounted at on Redis® replicas containers | `/data` |
|
||||
| `replica.persistence.subPath` | The subdirectory of the volume to mount on Redis® replicas containers | `""` |
|
||||
| `replica.persistence.subPathExpr` | Used to construct the subPath subdirectory of the volume to mount on Redis® replicas containers | `""` |
|
||||
| `replica.persistence.storageClass` | Persistent Volume storage class | `""` |
|
||||
| `replica.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
|
||||
| `replica.persistence.size` | Persistent Volume size | `8Gi` |
|
||||
| `replica.persistence.annotations` | Additional custom annotations for the PVC | `{}` |
|
||||
| `replica.persistence.labels` | Additional custom labels for the PVC | `{}` |
|
||||
| `replica.persistence.selector` | Additional labels to match for the PVC | `{}` |
|
||||
| `replica.persistence.dataSource` | Custom PVC data source | `{}` |
|
||||
| `replica.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` |
|
||||
| `replica.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` |
|
||||
| `replica.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` |
|
||||
| `replica.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` |
|
||||
| `replica.service.type` | Redis® replicas service type | `ClusterIP` |
|
||||
| `replica.service.ports.redis` | Redis® replicas service port | `6379` |
|
||||
| `replica.service.nodePorts.redis` | Node port for Redis® replicas | `""` |
|
||||
| `replica.service.externalTrafficPolicy` | Redis® replicas service external traffic policy | `Cluster` |
|
||||
| `replica.service.internalTrafficPolicy` | Redis® replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster` |
|
||||
| `replica.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `replica.service.clusterIP` | Redis® replicas service Cluster IP | `""` |
|
||||
| `replica.service.loadBalancerIP` | Redis® replicas service Load Balancer IP | `""` |
|
||||
| `replica.service.loadBalancerClass` | replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` |
|
||||
| `replica.service.loadBalancerSourceRanges` | Redis® replicas service Load Balancer sources | `[]` |
|
||||
| `replica.service.annotations` | Additional custom annotations for Redis® replicas service | `{}` |
|
||||
| `replica.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `replica.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `replica.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-replicas pods | `30` |
|
||||
| `replica.autoscaling.enabled` | Enable replica autoscaling settings | `false` |
|
||||
| `replica.autoscaling.minReplicas` | Minimum replicas for the pod autoscaling | `1` |
|
||||
| `replica.autoscaling.maxReplicas` | Maximum replicas for the pod autoscaling | `11` |
|
||||
| `replica.autoscaling.targetCPU` | Percentage of CPU to consider when autoscaling | `""` |
|
||||
| `replica.autoscaling.targetMemory` | Percentage of Memory to consider when autoscaling | `""` |
|
||||
| `replica.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
|
||||
| `replica.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
|
||||
| `replica.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` |
|
||||
| `replica.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
|
||||
|
||||
### Redis® Sentinel configuration parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
|
||||
| `sentinel.enabled` | Use Redis® Sentinel on Redis® pods. | `false` |
|
||||
| `sentinel.image.registry` | Redis® Sentinel image registry | `REGISTRY_NAME` |
|
||||
| `sentinel.image.repository` | Redis® Sentinel image repository | `REPOSITORY_NAME/redis-sentinel` |
|
||||
| `sentinel.image.digest` | Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `sentinel.image.pullPolicy` | Redis® Sentinel image pull policy | `IfNotPresent` |
|
||||
| `sentinel.image.pullSecrets` | Redis® Sentinel image pull secrets | `[]` |
|
||||
| `sentinel.image.debug` | Enable image debug mode | `false` |
|
||||
| `sentinel.annotations` | Additional custom annotations for Redis® Sentinel resource | `{}` |
|
||||
| `sentinel.masterSet` | Master set name | `mymaster` |
|
||||
| `sentinel.quorum` | Sentinel Quorum | `2` |
|
||||
| `sentinel.getMasterTimeout` | Amount of time to allow before get_sentinel_master_info() times out. | `90` |
|
||||
| `sentinel.automateClusterRecovery` | Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. | `false` |
|
||||
| `sentinel.redisShutdownWaitFailover` | Whether the Redis® master container waits for the failover at shutdown (in addition to the Redis® Sentinel container). | `true` |
|
||||
| `sentinel.downAfterMilliseconds` | Timeout for detecting a Redis® node is down | `60000` |
|
||||
| `sentinel.failoverTimeout` | Timeout for performing a election failover | `180000` |
|
||||
| `sentinel.parallelSyncs` | Number of replicas that can be reconfigured in parallel to use the new master after a failover | `1` |
|
||||
| `sentinel.configuration` | Configuration for Redis® Sentinel nodes | `""` |
|
||||
| `sentinel.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `sentinel.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `sentinel.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
|
||||
| `sentinel.preExecCmds` | Additional commands to run prior to starting Redis® Sentinel | `[]` |
|
||||
| `sentinel.extraEnvVars` | Array with extra environment variables to add to Redis® Sentinel nodes | `[]` |
|
||||
| `sentinel.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® Sentinel nodes | `""` |
|
||||
| `sentinel.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® Sentinel nodes | `""` |
|
||||
| `sentinel.externalMaster.enabled` | Use external master for bootstrapping | `false` |
|
||||
| `sentinel.externalMaster.host` | External master host to bootstrap from | `""` |
|
||||
| `sentinel.externalMaster.port` | Port for Redis service external master host | `6379` |
|
||||
| `sentinel.containerPorts.sentinel` | Container port to open on Redis® Sentinel nodes | `26379` |
|
||||
| `sentinel.startupProbe.enabled` | Enable startupProbe on Redis® Sentinel nodes | `true` |
|
||||
| `sentinel.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `sentinel.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `sentinel.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `sentinel.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` |
|
||||
| `sentinel.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `sentinel.livenessProbe.enabled` | Enable livenessProbe on Redis® Sentinel nodes | `true` |
|
||||
| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
|
||||
| `sentinel.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `sentinel.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `sentinel.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `sentinel.readinessProbe.enabled` | Enable readinessProbe on Redis® Sentinel nodes | `true` |
|
||||
| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
|
||||
| `sentinel.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
|
||||
| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `sentinel.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `sentinel.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `sentinel.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `sentinel.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `sentinel.persistence.enabled` | Enable persistence on Redis® sentinel nodes using Persistent Volume Claims (Experimental) | `false` |
|
||||
| `sentinel.persistence.storageClass` | Persistent Volume storage class | `""` |
|
||||
| `sentinel.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
|
||||
| `sentinel.persistence.size` | Persistent Volume size | `100Mi` |
|
||||
| `sentinel.persistence.annotations` | Additional custom annotations for the PVC | `{}` |
|
||||
| `sentinel.persistence.labels` | Additional custom labels for the PVC | `{}` |
|
||||
| `sentinel.persistence.selector` | Additional labels to match for the PVC | `{}` |
|
||||
| `sentinel.persistence.dataSource` | Custom PVC data source | `{}` |
|
||||
| `sentinel.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` |
|
||||
| `sentinel.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` |
|
||||
| `sentinel.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` |
|
||||
| `sentinel.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` |
|
||||
| `sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` |
|
||||
| `sentinel.resources.limits` | The resources limits for the Redis® Sentinel containers | `{}` |
|
||||
| `sentinel.resources.requests` | The requested resources for the Redis® Sentinel containers | `{}` |
|
||||
| `sentinel.containerSecurityContext.enabled` | Enabled Redis® Sentinel containers' Security Context | `true` |
|
||||
| `sentinel.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `sentinel.containerSecurityContext.runAsUser` | Set Redis® Sentinel containers' Security Context runAsUser | `1001` |
|
||||
| `sentinel.containerSecurityContext.runAsGroup` | Set Redis® Sentinel containers' Security Context runAsGroup | `0` |
|
||||
| `sentinel.containerSecurityContext.runAsNonRoot` | Set Redis® Sentinel containers' Security Context runAsNonRoot | `true` |
|
||||
| `sentinel.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® Sentinel containers' Security Context allowPrivilegeEscalation | `false` |
|
||||
| `sentinel.containerSecurityContext.seccompProfile.type` | Set Redis® Sentinel containers' Security Context seccompProfile | `RuntimeDefault` |
|
||||
| `sentinel.containerSecurityContext.capabilities.drop` | Set Redis® Sentinel containers' Security Context capabilities to drop | `["ALL"]` |
|
||||
| `sentinel.lifecycleHooks` | for the Redis® sentinel container(s) to automate configuration before or after startup | `{}` |
|
||||
| `sentinel.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® Sentinel | `[]` |
|
||||
| `sentinel.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® Sentinel container(s) | `[]` |
|
||||
| `sentinel.service.type` | Redis® Sentinel service type | `ClusterIP` |
|
||||
| `sentinel.service.ports.redis` | Redis® service port for Redis® | `6379` |
|
||||
| `sentinel.service.ports.sentinel` | Redis® service port for Redis® Sentinel | `26379` |
|
||||
| `sentinel.service.nodePorts.redis` | Node port for Redis® | `""` |
|
||||
| `sentinel.service.nodePorts.sentinel` | Node port for Sentinel | `""` |
|
||||
| `sentinel.service.externalTrafficPolicy` | Redis® Sentinel service external traffic policy | `Cluster` |
|
||||
| `sentinel.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `sentinel.service.clusterIP` | Redis® Sentinel service Cluster IP | `""` |
|
||||
| `sentinel.service.loadBalancerIP` | Redis® Sentinel service Load Balancer IP | `""` |
|
||||
| `sentinel.service.loadBalancerClass` | sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` |
|
||||
| `sentinel.service.loadBalancerSourceRanges` | Redis® Sentinel service Load Balancer sources | `[]` |
|
||||
| `sentinel.service.annotations` | Additional custom annotations for Redis® Sentinel service | `{}` |
|
||||
| `sentinel.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `sentinel.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `sentinel.service.headless.annotations` | Annotations for the headless service. | `{}` |
|
||||
| `sentinel.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-node pods | `30` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
|
||||
| `sentinel.enabled` | Use Redis® Sentinel on Redis® pods. | `false` |
|
||||
| `sentinel.image.registry` | Redis® Sentinel image registry | `REGISTRY_NAME` |
|
||||
| `sentinel.image.repository` | Redis® Sentinel image repository | `REPOSITORY_NAME/redis-sentinel` |
|
||||
| `sentinel.image.digest` | Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `sentinel.image.pullPolicy` | Redis® Sentinel image pull policy | `IfNotPresent` |
|
||||
| `sentinel.image.pullSecrets` | Redis® Sentinel image pull secrets | `[]` |
|
||||
| `sentinel.image.debug` | Enable image debug mode | `false` |
|
||||
| `sentinel.annotations` | Additional custom annotations for Redis® Sentinel resource | `{}` |
|
||||
| `sentinel.masterSet` | Master set name | `mymaster` |
|
||||
| `sentinel.quorum` | Sentinel Quorum | `2` |
|
||||
| `sentinel.getMasterTimeout` | Amount of time to allow before get_sentinel_master_info() times out. | `90` |
|
||||
| `sentinel.automateClusterRecovery` | Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. | `false` |
|
||||
| `sentinel.redisShutdownWaitFailover` | Whether the Redis® master container waits for the failover at shutdown (in addition to the Redis® Sentinel container). | `true` |
|
||||
| `sentinel.downAfterMilliseconds` | Timeout for detecting a Redis® node is down | `60000` |
|
||||
| `sentinel.failoverTimeout` | Timeout for performing a election failover | `180000` |
|
||||
| `sentinel.parallelSyncs` | Number of replicas that can be reconfigured in parallel to use the new master after a failover | `1` |
|
||||
| `sentinel.configuration` | Configuration for Redis® Sentinel nodes | `""` |
|
||||
| `sentinel.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `sentinel.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `sentinel.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
|
||||
| `sentinel.preExecCmds` | Additional commands to run prior to starting Redis® Sentinel | `[]` |
|
||||
| `sentinel.extraEnvVars` | Array with extra environment variables to add to Redis® Sentinel nodes | `[]` |
|
||||
| `sentinel.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® Sentinel nodes | `""` |
|
||||
| `sentinel.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® Sentinel nodes | `""` |
|
||||
| `sentinel.externalMaster.enabled` | Use external master for bootstrapping | `false` |
|
||||
| `sentinel.externalMaster.host` | External master host to bootstrap from | `""` |
|
||||
| `sentinel.externalMaster.port` | Port for Redis service external master host | `6379` |
|
||||
| `sentinel.containerPorts.sentinel` | Container port to open on Redis® Sentinel nodes | `26379` |
|
||||
| `sentinel.startupProbe.enabled` | Enable startupProbe on Redis® Sentinel nodes | `true` |
|
||||
| `sentinel.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `sentinel.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `sentinel.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `sentinel.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` |
|
||||
| `sentinel.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `sentinel.livenessProbe.enabled` | Enable livenessProbe on Redis® Sentinel nodes | `true` |
|
||||
| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
|
||||
| `sentinel.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `sentinel.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `sentinel.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `sentinel.readinessProbe.enabled` | Enable readinessProbe on Redis® Sentinel nodes | `true` |
|
||||
| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
|
||||
| `sentinel.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
|
||||
| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `sentinel.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `sentinel.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `sentinel.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `sentinel.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `sentinel.persistence.enabled` | Enable persistence on Redis® sentinel nodes using Persistent Volume Claims (Experimental) | `false` |
|
||||
| `sentinel.persistence.storageClass` | Persistent Volume storage class | `""` |
|
||||
| `sentinel.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
|
||||
| `sentinel.persistence.size` | Persistent Volume size | `100Mi` |
|
||||
| `sentinel.persistence.annotations` | Additional custom annotations for the PVC | `{}` |
|
||||
| `sentinel.persistence.labels` | Additional custom labels for the PVC | `{}` |
|
||||
| `sentinel.persistence.selector` | Additional labels to match for the PVC | `{}` |
|
||||
| `sentinel.persistence.dataSource` | Custom PVC data source | `{}` |
|
||||
| `sentinel.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` |
|
||||
| `sentinel.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` |
|
||||
| `sentinel.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` |
|
||||
| `sentinel.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` |
|
||||
| `sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` |
|
||||
| `sentinel.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production). | `none` |
|
||||
| `sentinel.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `sentinel.containerSecurityContext.enabled` | Enabled Redis® Sentinel containers' Security Context | `true` |
|
||||
| `sentinel.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `sentinel.containerSecurityContext.runAsUser` | Set Redis® Sentinel containers' Security Context runAsUser | `1001` |
|
||||
| `sentinel.containerSecurityContext.runAsGroup` | Set Redis® Sentinel containers' Security Context runAsGroup | `0` |
|
||||
| `sentinel.containerSecurityContext.runAsNonRoot` | Set Redis® Sentinel containers' Security Context runAsNonRoot | `true` |
|
||||
| `sentinel.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `false` |
|
||||
| `sentinel.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® Sentinel containers' Security Context allowPrivilegeEscalation | `false` |
|
||||
| `sentinel.containerSecurityContext.seccompProfile.type` | Set Redis® Sentinel containers' Security Context seccompProfile | `RuntimeDefault` |
|
||||
| `sentinel.containerSecurityContext.capabilities.drop` | Set Redis® Sentinel containers' Security Context capabilities to drop | `["ALL"]` |
|
||||
| `sentinel.lifecycleHooks` | for the Redis® sentinel container(s) to automate configuration before or after startup | `{}` |
|
||||
| `sentinel.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® Sentinel | `[]` |
|
||||
| `sentinel.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® Sentinel container(s) | `[]` |
|
||||
| `sentinel.service.type` | Redis® Sentinel service type | `ClusterIP` |
|
||||
| `sentinel.service.ports.redis` | Redis® service port for Redis® | `6379` |
|
||||
| `sentinel.service.ports.sentinel` | Redis® service port for Redis® Sentinel | `26379` |
|
||||
| `sentinel.service.nodePorts.redis` | Node port for Redis® | `""` |
|
||||
| `sentinel.service.nodePorts.sentinel` | Node port for Sentinel | `""` |
|
||||
| `sentinel.service.externalTrafficPolicy` | Redis® Sentinel service external traffic policy | `Cluster` |
|
||||
| `sentinel.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `sentinel.service.clusterIP` | Redis® Sentinel service Cluster IP | `""` |
|
||||
| `sentinel.service.createMaster` | Enable master service pointing to the current master (experimental) | `false` |
|
||||
| `sentinel.service.loadBalancerIP` | Redis® Sentinel service Load Balancer IP | `""` |
|
||||
| `sentinel.service.loadBalancerClass` | sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` |
|
||||
| `sentinel.service.loadBalancerSourceRanges` | Redis® Sentinel service Load Balancer sources | `[]` |
|
||||
| `sentinel.service.annotations` | Additional custom annotations for Redis® Sentinel service | `{}` |
|
||||
| `sentinel.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `sentinel.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `sentinel.service.headless.annotations` | Annotations for the headless service. | `{}` |
|
||||
| `sentinel.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-node pods | `30` |
|
||||
|
||||
### Other Parameters
|
||||
|
||||
|
|
@ -495,119 +501,128 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### Metrics Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
|
||||
| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` |
|
||||
| `metrics.image.registry` | Redis® Exporter image registry | `REGISTRY_NAME` |
|
||||
| `metrics.image.repository` | Redis® Exporter image repository | `REPOSITORY_NAME/redis-exporter` |
|
||||
| `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` |
|
||||
| `metrics.containerPorts.http` | Metrics HTTP container port | `9121` |
|
||||
| `metrics.startupProbe.enabled` | Enable startupProbe on Redis® replicas nodes | `false` |
|
||||
| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
|
||||
| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `metrics.livenessProbe.enabled` | Enable livenessProbe on Redis® replicas nodes | `true` |
|
||||
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` |
|
||||
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
|
||||
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `metrics.readinessProbe.enabled` | Enable readinessProbe on Redis® replicas nodes | `true` |
|
||||
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `metrics.command` | Override default metrics container init command (useful when using custom images) | `[]` |
|
||||
| `metrics.redisTargetHost` | A way to specify an alternative Redis® hostname | `localhost` |
|
||||
| `metrics.extraArgs` | Extra arguments for Redis® exporter, for example: | `{}` |
|
||||
| `metrics.extraEnvVars` | Array with extra environment variables to add to Redis® exporter | `[]` |
|
||||
| `metrics.containerSecurityContext.enabled` | Enabled Redis® exporter containers' Security Context | `true` |
|
||||
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `metrics.containerSecurityContext.runAsUser` | Set Redis® exporter containers' Security Context runAsUser | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsGroup` | Set Redis® exporter containers' Security Context runAsGroup | `0` |
|
||||
| `metrics.containerSecurityContext.runAsNonRoot` | Set Redis® exporter containers' Security Context runAsNonRoot | `true` |
|
||||
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® exporter containers' Security Context allowPrivilegeEscalation | `false` |
|
||||
| `metrics.containerSecurityContext.seccompProfile.type` | Set Redis® exporter containers' Security Context seccompProfile | `RuntimeDefault` |
|
||||
| `metrics.containerSecurityContext.capabilities.drop` | Set Redis® exporter containers' Security Context capabilities to drop | `["ALL"]` |
|
||||
| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® metrics sidecar | `[]` |
|
||||
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar | `[]` |
|
||||
| `metrics.resources.limits` | The resources limits for the Redis® exporter container | `{}` |
|
||||
| `metrics.resources.requests` | The requested resources for the Redis® exporter container | `{}` |
|
||||
| `metrics.podLabels` | Extra labels for Redis® exporter pods | `{}` |
|
||||
| `metrics.podAnnotations` | Annotations for Redis® exporter pods | `{}` |
|
||||
| `metrics.service.enabled` | Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor | `true` |
|
||||
| `metrics.service.type` | Redis® exporter service type | `ClusterIP` |
|
||||
| `metrics.service.ports.http` | Redis® exporter service port | `9121` |
|
||||
| `metrics.service.externalTrafficPolicy` | Redis® exporter service external traffic policy | `Cluster` |
|
||||
| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `metrics.service.loadBalancerIP` | Redis® exporter service Load Balancer IP | `""` |
|
||||
| `metrics.service.loadBalancerClass` | exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` |
|
||||
| `metrics.service.loadBalancerSourceRanges` | Redis® exporter service Load Balancer sources | `[]` |
|
||||
| `metrics.service.annotations` | Additional custom annotations for Redis® exporter service | `{}` |
|
||||
| `metrics.service.clusterIP` | Redis® exporter service Cluster IP | `""` |
|
||||
| `metrics.serviceMonitor.port` | the service port to scrape metrics from | `http-metrics` |
|
||||
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` |
|
||||
| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` |
|
||||
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
|
||||
| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` |
|
||||
| `metrics.serviceMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` |
|
||||
| `metrics.serviceMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` |
|
||||
| `metrics.serviceMonitor.targetLimit` | Limit of how many targets should be scraped | `false` |
|
||||
| `metrics.serviceMonitor.additionalEndpoints` | Additional endpoints to scrape (e.g sentinel) | `[]` |
|
||||
| `metrics.podMonitor.port` | the pod port to scrape metrics from | `metrics` |
|
||||
| `metrics.podMonitor.enabled` | Create PodMonitor resource(s) for scraping metrics using PrometheusOperator | `false` |
|
||||
| `metrics.podMonitor.namespace` | The namespace in which the PodMonitor will be created | `""` |
|
||||
| `metrics.podMonitor.interval` | The interval at which metrics should be scraped | `30s` |
|
||||
| `metrics.podMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` |
|
||||
| `metrics.podMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` |
|
||||
| `metrics.podMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` |
|
||||
| `metrics.podMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
|
||||
| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus | `{}` |
|
||||
| `metrics.podMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` |
|
||||
| `metrics.podMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` |
|
||||
| `metrics.podMonitor.targetLimit` | Limit of how many targets should be scraped | `false` |
|
||||
| `metrics.podMonitor.additionalEndpoints` | Additional endpoints to scrape (e.g sentinel) | `[]` |
|
||||
| `metrics.prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` |
|
||||
| `metrics.prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` |
|
||||
| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` |
|
||||
| `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
|
||||
| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` |
|
||||
| `metrics.image.registry` | Redis® Exporter image registry | `REGISTRY_NAME` |
|
||||
| `metrics.image.repository` | Redis® Exporter image repository | `REPOSITORY_NAME/redis-exporter` |
|
||||
| `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` |
|
||||
| `metrics.containerPorts.http` | Metrics HTTP container port | `9121` |
|
||||
| `metrics.startupProbe.enabled` | Enable startupProbe on Redis® replicas nodes | `false` |
|
||||
| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
|
||||
| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `metrics.livenessProbe.enabled` | Enable livenessProbe on Redis® replicas nodes | `true` |
|
||||
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` |
|
||||
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
|
||||
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `metrics.readinessProbe.enabled` | Enable readinessProbe on Redis® replicas nodes | `true` |
|
||||
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `metrics.command` | Override default metrics container init command (useful when using custom images) | `[]` |
|
||||
| `metrics.redisTargetHost` | A way to specify an alternative Redis® hostname | `localhost` |
|
||||
| `metrics.extraArgs` | Extra arguments for Redis® exporter, for example: | `{}` |
|
||||
| `metrics.extraEnvVars` | Array with extra environment variables to add to Redis® exporter | `[]` |
|
||||
| `metrics.containerSecurityContext.enabled` | Enabled Redis® exporter containers' Security Context | `true` |
|
||||
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `metrics.containerSecurityContext.runAsUser` | Set Redis® exporter containers' Security Context runAsUser | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsGroup` | Set Redis® exporter containers' Security Context runAsGroup | `0` |
|
||||
| `metrics.containerSecurityContext.runAsNonRoot` | Set Redis® exporter containers' Security Context runAsNonRoot | `true` |
|
||||
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® exporter containers' Security Context allowPrivilegeEscalation | `false` |
|
||||
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `false` |
|
||||
| `metrics.containerSecurityContext.seccompProfile.type` | Set Redis® exporter containers' Security Context seccompProfile | `RuntimeDefault` |
|
||||
| `metrics.containerSecurityContext.capabilities.drop` | Set Redis® exporter containers' Security Context capabilities to drop | `["ALL"]` |
|
||||
| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® metrics sidecar | `[]` |
|
||||
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar | `[]` |
|
||||
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` |
|
||||
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `metrics.podLabels` | Extra labels for Redis® exporter pods | `{}` |
|
||||
| `metrics.podAnnotations` | Annotations for Redis® exporter pods | `{}` |
|
||||
| `metrics.service.enabled` | Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor | `true` |
|
||||
| `metrics.service.type` | Redis® exporter service type | `ClusterIP` |
|
||||
| `metrics.service.ports.http` | Redis® exporter service port | `9121` |
|
||||
| `metrics.service.externalTrafficPolicy` | Redis® exporter service external traffic policy | `Cluster` |
|
||||
| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `metrics.service.loadBalancerIP` | Redis® exporter service Load Balancer IP | `""` |
|
||||
| `metrics.service.loadBalancerClass` | exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` |
|
||||
| `metrics.service.loadBalancerSourceRanges` | Redis® exporter service Load Balancer sources | `[]` |
|
||||
| `metrics.service.annotations` | Additional custom annotations for Redis® exporter service | `{}` |
|
||||
| `metrics.service.clusterIP` | Redis® exporter service Cluster IP | `""` |
|
||||
| `metrics.serviceMonitor.port` | the service port to scrape metrics from | `http-metrics` |
|
||||
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` |
|
||||
| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` |
|
||||
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
|
||||
| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` |
|
||||
| `metrics.serviceMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` |
|
||||
| `metrics.serviceMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` |
|
||||
| `metrics.serviceMonitor.targetLimit` | Limit of how many targets should be scraped | `false` |
|
||||
| `metrics.serviceMonitor.additionalEndpoints` | Additional endpoints to scrape (e.g sentinel) | `[]` |
|
||||
| `metrics.podMonitor.port` | the pod port to scrape metrics from | `metrics` |
|
||||
| `metrics.podMonitor.enabled` | Create PodMonitor resource(s) for scraping metrics using PrometheusOperator | `false` |
|
||||
| `metrics.podMonitor.namespace` | The namespace in which the PodMonitor will be created | `""` |
|
||||
| `metrics.podMonitor.interval` | The interval at which metrics should be scraped | `30s` |
|
||||
| `metrics.podMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` |
|
||||
| `metrics.podMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` |
|
||||
| `metrics.podMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` |
|
||||
| `metrics.podMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
|
||||
| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus | `{}` |
|
||||
| `metrics.podMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` |
|
||||
| `metrics.podMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` |
|
||||
| `metrics.podMonitor.targetLimit` | Limit of how many targets should be scraped | `false` |
|
||||
| `metrics.podMonitor.additionalEndpoints` | Additional endpoints to scrape (e.g sentinel) | `[]` |
|
||||
| `metrics.prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` |
|
||||
| `metrics.prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` |
|
||||
| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` |
|
||||
| `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` |
|
||||
|
||||
### Init Container Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | -------------------------- |
|
||||
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
|
||||
| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` |
|
||||
| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` |
|
||||
| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
|
||||
| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` |
|
||||
| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` |
|
||||
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` |
|
||||
| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` |
|
||||
| `sysctl.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` |
|
||||
| `sysctl.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` |
|
||||
| `sysctl.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `sysctl.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
|
||||
| `sysctl.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
|
||||
| `sysctl.command` | Override default init-sysctl container command (useful when using custom images) | `[]` |
|
||||
| `sysctl.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` |
|
||||
| `sysctl.resources.limits` | The resources limits for the init container | `{}` |
|
||||
| `sysctl.resources.requests` | The requested resources for the init container | `{}` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- |
|
||||
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
|
||||
| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` |
|
||||
| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` |
|
||||
| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
|
||||
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` |
|
||||
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` |
|
||||
| `kubectl.image.registry` | Kubectl image registry | `REGISTRY_NAME` |
|
||||
| `kubectl.image.repository` | Kubectl image repository | `REPOSITORY_NAME/kubectl` |
|
||||
| `kubectl.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `kubectl.image.pullPolicy` | Kubectl image pull policy | `IfNotPresent` |
|
||||
| `kubectl.image.pullSecrets` | Kubectl pull secrets | `[]` |
|
||||
| `kubectl.command` | kubectl command to execute | `["/opt/bitnami/scripts/kubectl-scripts/update-master-label.sh"]` |
|
||||
| `kubectl.resources.limits` | The resources limits for the kubectl containers | `{}` |
|
||||
| `kubectl.resources.requests` | The requested resources for the kubectl containers | `{}` |
|
||||
| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` |
|
||||
| `sysctl.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` |
|
||||
| `sysctl.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` |
|
||||
| `sysctl.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `sysctl.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
|
||||
| `sysctl.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
|
||||
| `sysctl.command` | Override default init-sysctl container command (useful when using custom images) | `[]` |
|
||||
| `sysctl.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` |
|
||||
| `sysctl.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production). | `none` |
|
||||
| `sysctl.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
|
||||
### useExternalDNS Parameters
|
||||
|
||||
|
|
@ -643,6 +658,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/redis
|
|||
|
||||
## Configuration and installation details
|
||||
|
||||
### Resource requests and limits
|
||||
|
||||
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
|
||||
|
||||
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
|
||||
|
||||
### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
|
||||
|
||||
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
|
||||
|
|
|
|||
|
|
@ -20,3 +20,5 @@
|
|||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
# img folder
|
||||
img/
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ annotations:
|
|||
category: Infrastructure
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 2.14.1
|
||||
appVersion: 2.19.0
|
||||
description: A Library Helm Chart for grouping common logic between bitnami charts.
|
||||
This chart is not deployable by itself.
|
||||
home: https://bitnami.com
|
||||
|
|
@ -20,4 +20,4 @@ name: common
|
|||
sources:
|
||||
- https://github.com/bitnami/charts
|
||||
type: library
|
||||
version: 2.14.1
|
||||
version: 2.19.0
|
||||
|
|
|
|||
|
|
@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01=""
|
|||
|
||||
## License
|
||||
|
||||
Copyright © 2023 VMware, Inc.
|
||||
Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue