From b71f147ff75b22a6aa67f13e8b9acd3bd2fc21cf Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 10 Oct 2023 17:30:38 +0800 Subject: [PATCH 001/122] chore(mysql-cluster): modify networkpolicy --- .../templates/networkpolicy.yaml | 31 ++++++++--------- .../8.0/chart/mysql-cluster/values.yaml | 33 +++++++++---------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index 45a67db3..827f8311 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -23,23 +23,24 @@ spec: ingress: # Allow inbound connections - ports: - - port: {{ .Values.primary.service.ports.mysql }} - {{- if not .Values.networkPolicy.allowExternal }} + - port: {{ .Values.router.service.portrw }} + - port: {{ .Values.router.service.portro }} + {{- if and .Values.metrics.enabled }} + - port: {{ .Values.metrics.service.port }} + {{ end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: - - podSelector: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} + kubernetes.io/metadata.name: {{ $namespace }} {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes - - ports: - - port: 9104 - {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index cdbfd0a3..ebfe4ed2 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -971,28 +971,16 @@ rbac: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: false + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening ## on. When true, MySQL will accept connections from any source ## (with the correct destination port). ## - allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## - explicitNamespacesSelector: {} + allowCurrentNamespace: true + allowNamespaces: [] + ## @section Volume Permissions parameters @@ -1035,7 +1023,7 @@ volumePermissions: metrics: ## @param metrics.enabled Start a side-car prometheus exporter ## - enabled: false + enabled: true ## @param metrics.image.registry Exporter image registry ## @param metrics.image.repository Exporter image repository ## @param metrics.image.tag Exporter image tag (immutable tags are recommended) @@ -1132,6 +1120,17 @@ metrics: ## cpu: 100m ## memory: 256Mi requests: {} + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsGroup: 0 + runAsNonRoot: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL ## Mysqld Prometheus exporter liveness probe ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param metrics.livenessProbe.enabled Enable livenessProbe From d30010a82334ad1a5d6345a43ff3b578e084e79a Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 10 Oct 2023 17:33:07 +0800 Subject: [PATCH 002/122] fix(prometheus): fix typo --- addons/prometheus/2/{plan => plans}/standard-1-2/bind.yaml | 0 .../2/{plan => plans}/standard-1-2/create-instance-schema.json | 0 addons/prometheus/2/{plan => plans}/standard-1-2/meta.yaml | 0 addons/prometheus/2/{plan => plans}/standard-1-2/values.yaml | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename addons/prometheus/2/{plan => plans}/standard-1-2/bind.yaml (100%) rename addons/prometheus/2/{plan => plans}/standard-1-2/create-instance-schema.json (100%) rename addons/prometheus/2/{plan => plans}/standard-1-2/meta.yaml (100%) rename addons/prometheus/2/{plan => plans}/standard-1-2/values.yaml (100%) diff --git a/addons/prometheus/2/plan/standard-1-2/bind.yaml b/addons/prometheus/2/plans/standard-1-2/bind.yaml similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/bind.yaml rename to addons/prometheus/2/plans/standard-1-2/bind.yaml diff --git a/addons/prometheus/2/plan/standard-1-2/create-instance-schema.json b/addons/prometheus/2/plans/standard-1-2/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/create-instance-schema.json rename to addons/prometheus/2/plans/standard-1-2/create-instance-schema.json diff --git a/addons/prometheus/2/plan/standard-1-2/meta.yaml b/addons/prometheus/2/plans/standard-1-2/meta.yaml similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/meta.yaml rename to addons/prometheus/2/plans/standard-1-2/meta.yaml diff --git a/addons/prometheus/2/plan/standard-1-2/values.yaml b/addons/prometheus/2/plans/standard-1-2/values.yaml similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/values.yaml rename to addons/prometheus/2/plans/standard-1-2/values.yaml From 842cb24e279faaf75683363681d3a1f83bb78071 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 12 Oct 2023 09:41:04 +0800 Subject: [PATCH 003/122] chore(prometheus): add plans 50 --- .../{standard-1-2 => standard-10}/bind.yaml | 0 .../create-instance-schema.json | 0 .../{standard-1-2 => standard-10}/meta.yaml | 0 .../{standard-1-2 => standard-10}/values.yaml | 0 .../prometheus/2/plans/standard-50/bind.yaml | 34 +++++++++++++++++++ .../standard-50/create-instance-schema.json | 12 +++++++ .../prometheus/2/plans/standard-50/meta.yaml | 6 ++++ .../2/plans/standard-50/values.yaml | 7 ++++ 8 files changed, 59 insertions(+) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/bind.yaml (100%) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/create-instance-schema.json (100%) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/meta.yaml (100%) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/values.yaml (100%) create mode 100644 addons/prometheus/2/plans/standard-50/bind.yaml create mode 100644 addons/prometheus/2/plans/standard-50/create-instance-schema.json create mode 100644 addons/prometheus/2/plans/standard-50/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-50/values.yaml diff --git a/addons/prometheus/2/plans/standard-1-2/bind.yaml b/addons/prometheus/2/plans/standard-10/bind.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/bind.yaml rename to addons/prometheus/2/plans/standard-10/bind.yaml diff --git a/addons/prometheus/2/plans/standard-1-2/create-instance-schema.json b/addons/prometheus/2/plans/standard-10/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/create-instance-schema.json rename to addons/prometheus/2/plans/standard-10/create-instance-schema.json diff --git a/addons/prometheus/2/plans/standard-1-2/meta.yaml b/addons/prometheus/2/plans/standard-10/meta.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/meta.yaml rename to addons/prometheus/2/plans/standard-10/meta.yaml diff --git a/addons/prometheus/2/plans/standard-1-2/values.yaml b/addons/prometheus/2/plans/standard-10/values.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/values.yaml rename to addons/prometheus/2/plans/standard-10/values.yaml diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-50/bind.yaml new file mode 100644 index 00000000..5ee819d9 --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ printf "%s-router" (include "common.names.fullname" .) }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + {{- end }} + diff --git a/addons/prometheus/2/plans/standard-50/create-instance-schema.json b/addons/prometheus/2/plans/standard-50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/meta.yaml b/addons/prometheus/2/plans/standard-50/meta.yaml new file mode 100644 index 00000000..0baaf0f9 --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-50" +id: eb7b3f73-dd94-4d05-8a48-63e7775f534d +description: "Prometheus Cluster standard-50 plan persistence size 50Gi." +displayName: "50Gi" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-50/values.yaml b/addons/prometheus/2/plans/standard-50/values.yaml new file mode 100644 index 00000000..0dc80c4f --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/values.yaml @@ -0,0 +1,7 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-50 + +server: + persistence: + size: 50Gi \ No newline at end of file From 4155cdf4f1a0cd6eb8df499fd79f57ff7ef5dd61 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 16 Oct 2023 14:16:44 +0800 Subject: [PATCH 004/122] chore(mysql-cluster): add networkpolicy --- .../chart/mysql-cluster/templates/networkpolicy.yaml | 1 + .../mysql-cluster/templates/primary/statefulset.yaml | 2 +- .../mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 10 +++++----- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index 827f8311..74013298 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -25,6 +25,7 @@ spec: - ports: - port: {{ .Values.router.service.portrw }} - port: {{ .Values.router.service.portro }} + - port: 24901 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.service.port }} {{ end }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 79694e68..56b3ec79 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -298,7 +298,7 @@ spec: if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi - MYSQLD_EXPORTER_PASSWORD=${password_aux} /bin/mysqld_exporter --mysqld.address=localhost:3306 --mysqld.username=root {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} + MYSQLD_EXPORTER_PASSWORD=${password_aux} /opt/drycc/mysqld_exporter/bin/mysqld_exporter --mysqld.address=localhost:3306 --mysqld.username=root {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} {{- end }} ports: - name: metrics diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index ebfe4ed2..9d5e4293 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -971,7 +971,7 @@ rbac: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening @@ -1023,7 +1023,7 @@ volumePermissions: metrics: ## @param metrics.enabled Start a side-car prometheus exporter ## - enabled: true + enabled: true ## @param metrics.image.registry Exporter image registry ## @param metrics.image.repository Exporter image repository ## @param metrics.image.tag Exporter image tag (immutable tags are recommended) @@ -1032,9 +1032,9 @@ metrics: ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array ## image: - registry: docker.io - repository: drycc/mysqld-exporter - tag: 0.14.0-debian-11-r45 + registry: registry.drycc.cc + repository: drycc-addons/mysqld-exporter + tag: 0 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From f333fe78dd171a94c34f4d75e93a23cd2fc52cdf Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 16 Oct 2023 15:03:23 +0800 Subject: [PATCH 005/122] chore(prometheus): add networkpolicy --- .../2/chart/prometheus/templates/bind.yaml | 34 ++++++++++++++ .../prometheus/templates/networkpolicy.yaml | 47 +++++++++++++++++++ .../prometheus/2/chart/prometheus/values.yaml | 18 ++++++- .../prometheus/2/plans/standard-10/bind.yaml | 42 +++++++---------- .../prometheus/2/plans/standard-50/bind.yaml | 4 +- 5 files changed, 117 insertions(+), 28 deletions(-) create mode 100644 addons/prometheus/2/chart/prometheus/templates/bind.yaml create mode 100644 addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml diff --git a/addons/prometheus/2/chart/prometheus/templates/bind.yaml b/addons/prometheus/2/chart/prometheus/templates/bind.yaml new file mode 100644 index 00000000..8528bf3e --- /dev/null +++ b/addons/prometheus/2/chart/prometheus/templates/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ printf "%s" (include "common.names.fullname" .) }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + {{- end }} + diff --git a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml new file mode 100644 index 00000000..1ef0125d --- /dev/null +++ b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml @@ -0,0 +1,47 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.alertmanager.service.ports.http }} + - port: {{ .Values.alertmanager.service.ports.cluster }} + - port: {{ .Values.alertmanager.containerPorts.http }} + - port: {{ .Values.alertmanager.containerPorts.cluster }} + - port: {{ .Values.server.containerPorts.http }} + - port: {{ .Values.server.service.ports.http }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 5d24a56a..206aeabe 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -360,7 +360,7 @@ alertmanager: ingress: ## @param alertmanager.ingress.enabled Enable ingress record generation for Alertmanager ## - enabled: false + enabled: true ## @param alertmanager.ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -1225,7 +1225,7 @@ server: ingress: ## @param server.ingress.enabled Enable ingress record generation for Prometheus ## - enabled: false + enabled: true ## @param server.ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -1460,6 +1460,20 @@ server: ## rules: [] +## Prometheus Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port MySQL is listening + ## on. When true, MySQL will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] ## @section Init Container Parameters ## diff --git a/addons/prometheus/2/plans/standard-10/bind.yaml b/addons/prometheus/2/plans/standard-10/bind.yaml index 5ee819d9..c6efaaba 100644 --- a/addons/prometheus/2/plans/standard-10/bind.yaml +++ b/addons/prometheus/2/plans/standard-10/bind.yaml @@ -1,34 +1,28 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} + {{- if (eq .Values.server.service.type "LoadBalancer") }} - name: host valueFrom: serviceRef: - name: {{ printf "%s-router" (include "common.names.fullname" .) }} + name: {{ printf "%s" (include "common.names.fullname" .) }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: database + - name: port valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - - name: password - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: username - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portrw + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .spec.ports.port }' + {{- end }} + +alertmanager + + {{- if (eq .Values.alertmanager.service.type "LoadBalancer") }} + - name: host valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - - name: portro + serviceRef: + name: {{ printf "%s" (include "common.names.fullname" .) }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: port valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - {{- end }} - + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .spec.ports.port }' + {{- end }} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-50/bind.yaml index 5ee819d9..3e652f1c 100644 --- a/addons/prometheus/2/plans/standard-50/bind.yaml +++ b/addons/prometheus/2/plans/standard-50/bind.yaml @@ -1,9 +1,9 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} + {{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: serviceRef: - name: {{ printf "%s-router" (include "common.names.fullname" .) }} + name: {{ printf "%s" (include "common.names.fullname" .) }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - name: database valueFrom: From 14de943df62001dd7fdfc2373671c5162c69e9de Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 18 Oct 2023 14:57:47 +0800 Subject: [PATCH 006/122] chore(promtheus): service discovery in namespace --- .../prometheus/templates/_scrape_config.tpl | 3 +- .../2/chart/prometheus/templates/bind.yaml | 34 ----------- .../prometheus/2/chart/prometheus/values.yaml | 57 +++++++++++++++++-- 3 files changed, 54 insertions(+), 40 deletions(-) delete mode 100644 addons/prometheus/2/chart/prometheus/templates/bind.yaml diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index ea669ead..7fb0e110 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -12,6 +12,7 @@ Usage: kubernetes_sd_configs: - role: endpoints namespaces: + own_namespace: true names: - {{ include "common.names.namespace" .context }} metrics_path: /metrics @@ -83,4 +84,4 @@ relabel_configs: - __tmp_hash regex: 0 action: keep -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/addons/prometheus/2/chart/prometheus/templates/bind.yaml b/addons/prometheus/2/chart/prometheus/templates/bind.yaml deleted file mode 100644 index 8528bf3e..00000000 --- a/addons/prometheus/2/chart/prometheus/templates/bind.yaml +++ /dev/null @@ -1,34 +0,0 @@ -credential: - {{- if (eq .Values.server.service.type "LoadBalancer") }} - - name: host - valueFrom: - serviceRef: - name: {{ printf "%s" (include "common.names.fullname" .) }} - jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: database - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - - name: password - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: username - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - {{- end }} - diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 206aeabe..a551fa68 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -628,6 +628,9 @@ server: {{- if .Values.server.extraScrapeConfigs}} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraScrapeConfigs "context" $) | nindent 2 }} {{- end }} + {{- if .Values.server.dsScrapeConfigs}} + {{- include "common.tplvalues.render" (dict "value" .Values.server.dsScrapeConfigs "context" $) | nindent 2 }} + {{- end }} {{- if or .Values.alertmanager.enabled .Values.server.alertingEndpoints}} alerting: alertmanagers: @@ -649,7 +652,50 @@ server: ## @param server.extraScrapeConfigs Promethus configuration, useful to declare new scrape_configs. This content will be merged with the 'server.configuration' value and stored in the the prometheus.yaml file. ## ref: ## - extraScrapeConfigs: [] + extraScrapeConfigs: [] + dsScrapeConfigs: + - job_name: 'service-endpoints' + honor_labels: true + kubernetes_sd_configs: + - role: endpoints + namespaces: + own_namespace: true + names: + - default + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node ## @param server.replicaCount Number of Prometheus replicas to deploy ## replicaCount: 1 @@ -824,7 +870,7 @@ server: ## StrategyType ## Can be set to RollingUpdate or Recreate ## - type: RollingUpdate + type: Recreate ## @param server.priorityClassName Prometheus pods' priorityClassName ## @@ -1465,7 +1511,7 @@ server: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening @@ -1473,7 +1519,8 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: [] + allowNamespaces: + - traefik ## @section Init Container Parameters ## @@ -1521,4 +1568,4 @@ volumePermissions: ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) ## containerSecurityContext: - runAsUser: 0 \ No newline at end of file + runAsUser: 0 From 58ce2cb1700478e79b045cad88a8fe1b238a2cdf Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 11:49:13 +0800 Subject: [PATCH 007/122] chore(mysql-cluster): plans 10 --- .../templates/primary/statefulset.yaml | 4 ++++ .../8.0/chart/mysql-cluster/values.yaml | 8 ++++++-- .../8.0/plans/standard-10/values.yaml | 16 +++++++++------- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 56b3ec79..49b8c703 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -156,6 +156,10 @@ spec: - name: MYSQL_DATABASE value: {{ .Values.auth.database | quote }} {{- end }} + {{- if and .Values.auth.createDatabase .Values.auth.database }} + - name: MAX_CONNECTION_LIMIT + value: {{ .Values.maxConnectionLimit | quote }} + {{- end }} {{- if or (eq .Values.architecture "replication") (eq .Values.architecture "mgr") }} - name: MYSQL_REPLICATION_MODE value: "master" diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 9d5e4293..3199eede 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -149,7 +149,7 @@ auth: ## initdbScripts: ## my_init_script.sh: | ## #!/bin/bash -## echo "Do something." +## echo "Do something." ## initdbScripts: int-mysql.sh: | @@ -181,6 +181,8 @@ initdbScripts: echo loose-group_replication_group_seeds="$svc_mgr_host-0.$svc_mgr_host:24901,$svc_mgr_host-1.$svc_mgr_host:24901,$svc_mgr_host-2.$svc_mgr_host:24901" >> $base_conf_file echo plugin_load_add='group_replication.so' >> $base_conf_file + + echo max_connections=$MAX_CONNECTION_LIMIT ## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) ## @@ -211,10 +213,12 @@ primary: ## @param primary.configuration [string] Configure MySQL Primary with a custom my.cnf file ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file ## + maxConnectionLimit: 2000 + configuration: |- [mysqld] # server - max_connections=500 + max_connections=10000 default_authentication_plugin=caching_sha2_password skip-name-resolve relay-log=relay-log diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml index baca4920..e8d14da0 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml @@ -11,13 +11,15 @@ fullnameOverride: hb-mysql-cluster-standard-10 ## @param resources.limits The resources limits for the MinIO® container ## @param resources.requests The requested resources for the MinIO® container ## -resources: - limits: - cpu: 1000m - memory: 1024Mi - requests: - cpu: 100m - memory: 512Mi +primary: + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 100m + memory: 512Mi + ## @section Persistence parameters From 7c93cee8b35b03477f674658fdd6ed9f88ddbb62 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 15:11:19 +0800 Subject: [PATCH 008/122] chore(mysql-cluster): add max_connection_limit --- .../chart/mysql-cluster/templates/primary/statefulset.yaml | 5 +++-- addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 49b8c703..24d81878 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -156,9 +156,9 @@ spec: - name: MYSQL_DATABASE value: {{ .Values.auth.database | quote }} {{- end }} - {{- if and .Values.auth.createDatabase .Values.auth.database }} + {{- if .Values.primary.maxConnectionLimit }} - name: MAX_CONNECTION_LIMIT - value: {{ .Values.maxConnectionLimit | quote }} + value: {{ .Values.primary.maxConnectionLimit | quote }} {{- end }} {{- if or (eq .Values.architecture "replication") (eq .Values.architecture "mgr") }} - name: MYSQL_REPLICATION_MODE @@ -397,3 +397,4 @@ spec: selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }} {{- end -}} {{- end }} + diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 3199eede..a33e364c 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -182,7 +182,7 @@ initdbScripts: echo plugin_load_add='group_replication.so' >> $base_conf_file - echo max_connections=$MAX_CONNECTION_LIMIT + echo max_connections=$MAX_CONNECTION_LIMIT >> $base_conf_file ## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) ## From ae4809d6a88a8f4c9949139b7fa9a169fc1d7553 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 16:06:56 +0800 Subject: [PATCH 009/122] chore(mysql-cluster): add plans --- .../8.0/plans/standard-10/bind.yaml | 9 ++- .../8.0/plans/standard-10/meta.yaml | 2 +- .../8.0/plans/standard-10/values.yaml | 7 ++- .../8.0/plans/standard-100/bind.yaml | 34 +++++++++++ .../standard-100/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-100/meta.yaml | 6 ++ .../8.0/plans/standard-100/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-20/bind.yaml | 34 +++++++++++ .../standard-20/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-20/meta.yaml | 6 ++ .../8.0/plans/standard-20/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-200/bind.yaml | 34 +++++++++++ .../standard-200/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-200/meta.yaml | 6 ++ .../8.0/plans/standard-200/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-400/bind.yaml | 34 +++++++++++ .../standard-400/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-400/meta.yaml | 6 ++ .../8.0/plans/standard-400/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-50/bind.yaml | 34 +++++++++++ .../standard-50/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-50/meta.yaml | 6 ++ .../8.0/plans/standard-50/values.yaml | 60 ++++++++++++++++++ .../8.0/plans/standard-800/bind.yaml | 34 +++++++++++ .../standard-800/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-800/meta.yaml | 6 ++ .../8.0/plans/standard-800/values.yaml | 61 +++++++++++++++++++ 27 files changed, 689 insertions(+), 6 deletions(-) create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index fa1ceb8e..e8b99314 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -20,10 +20,15 @@ credential: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: port + - name: portro valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.port }' + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' {{- end }} diff --git a/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml index 426c302e..6c738828 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml @@ -1,6 +1,6 @@ name: "standard-10" id: 2b455154-8725-482a-95b2-a193c180d9b5 -description: "Mysql Cluster standard-10 plan which limit persistence size 10Gi." +description: "Mysql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" displayName: "standard-10" bindable: true maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml index e8d14da0..f90075a8 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml @@ -12,14 +12,15 @@ fullnameOverride: hb-mysql-cluster-standard-10 ## @param resources.requests The requested resources for the MinIO® container ## primary: + maxConnectionLimit: 600 resources: limits: cpu: 1000m memory: 1024Mi requests: - cpu: 100m - memory: 512Mi - + cpu: 1000m + memory: 1024Mi + ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml new file mode 100644 index 00000000..1856a446 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-100" +id: 8205e5d3-a954-4c68-a570-efa8c607c1d7 +description: "Mysql Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 4000" +displayName: "standard-100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-100/values.yaml b/addons/mysql-cluster/8.0/plans/standard-100/values.yaml new file mode 100644 index 00000000..1c6b865b --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-100 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 4000 + resources: + limits: + cpu: 4000m + memory: 16Gi + requests: + cpu: 4000m + memory: 16Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 100Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml new file mode 100644 index 00000000..e749a7db --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-20" +id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc +description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-20/values.yaml b/addons/mysql-cluster/8.0/plans/standard-20/values.yaml new file mode 100644 index 00000000..d9422e70 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-20 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 1000 + resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 20Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml new file mode 100644 index 00000000..b857ef1e --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-200" +id: 8205e5d3-a954-4c68-a570-efa8c607c1d7 +description: "Mysql Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 8000" +displayName: "standard-200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-200/values.yaml new file mode 100644 index 00000000..baf7e8a9 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-200 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 8000 + resources: + limits: + cpu: 8000m + memory: 32Gi + requests: + cpu: 8000m + memory: 32Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 200Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml new file mode 100644 index 00000000..c802ccc6 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-400" +id: f96fb7d8-3012-4175-931e-902e26697441 +description: "Mysql Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 1600" +displayName: "standard-400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-400/values.yaml new file mode 100644 index 00000000..2cc0d06e --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-400 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 1600 + resources: + limits: + cpu: 16000m + memory: 64Gi + requests: + cpu: 16000m + memory: 64Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 400Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml new file mode 100644 index 00000000..a6d4e5bd --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-50" +id: 6f69bee2-6de2-4baf-bbe1-27844a2998b2 +description: "Mysql Cluster standard-10 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-50/values.yaml b/addons/mysql-cluster/8.0/plans/standard-50/values.yaml new file mode 100644 index 00000000..bc9fd336 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/values.yaml @@ -0,0 +1,60 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-50 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 2000 + resources: + limits: + cpu: 2000m + memory: 8Gi + requests: + cpu: 2000m + memory: 8Gi + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 50Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml new file mode 100644 index 00000000..72806d97 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-800" +id: 829768aa-f287-42ee-b98c-db40ec670d38 +description: "Mysql Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 32000" +displayName: "standard-800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-800/values.yaml new file mode 100644 index 00000000..82a515d7 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-800 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 32000 + resources: + limits: + cpu: 32000m + memory: 128Gi + requests: + cpu: 32000m + memory: 128Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 800Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} From 8a97c7ed3aaf794c1b614b3828415242f749cda5 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 17:00:36 +0800 Subject: [PATCH 010/122] chore(prometheus): support discovery addons in namespaces --- .../prometheus/templates/_scrape_config.tpl | 44 ++++++++++++++ .../prometheus/2/chart/prometheus/values.yaml | 57 ++++--------------- 2 files changed, 55 insertions(+), 46 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index 7fb0e110..316031e2 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -85,3 +85,47 @@ relabel_configs: regex: 0 action: keep {{- end -}} + +{{- define "addons.ds_scrape_config" -}} +honor_labels: true +kubernetes_sd_configs: + - role: endpoints + namespaces: + own_namespace: true + names: + - {{ include "common.names.namespace" .context }} +relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node +{{- end -}} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index a551fa68..fb195934 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -625,12 +625,16 @@ server: - job_name: alertmanager {{- include "prometheus.scrape_config" (dict "component" "alertmanager" "context" $) | nindent 4 }} {{- end }} + {{- if .Values.scrapeAddons.enabled }} + - job_name: addons + {{- include "addons.ds_scrape_config" (dict "context" $) | nindent 4 }} + {{- end }} {{- if .Values.server.extraScrapeConfigs}} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraScrapeConfigs "context" $) | nindent 2 }} {{- end }} - {{- if .Values.server.dsScrapeConfigs}} - {{- include "common.tplvalues.render" (dict "value" .Values.server.dsScrapeConfigs "context" $) | nindent 2 }} - {{- end }} + # {{- if .Values.server.dsScrapeConfigs}} + # {{- include "common.tplvalues.render" (dict "value" .Values.server.dsScrapeConfigs "context" $) | nindent 2 }} + # {{- end }} {{- if or .Values.alertmanager.enabled .Values.server.alertingEndpoints}} alerting: alertmanagers: @@ -653,49 +657,7 @@ server: ## ref: ## extraScrapeConfigs: [] - dsScrapeConfigs: - - job_name: 'service-endpoints' - honor_labels: true - kubernetes_sd_configs: - - role: endpoints - namespaces: - own_namespace: true - names: - - default - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] - action: drop - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: (.+?)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) - replacement: __param_$1 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: service - - source_labels: [__meta_kubernetes_pod_node_name] - action: replace - target_label: node + ## @param server.replicaCount Number of Prometheus replicas to deploy ## replicaCount: 1 @@ -1569,3 +1531,6 @@ volumePermissions: ## containerSecurityContext: runAsUser: 0 + +scrapeAddons: + enable: true From 187ec9991af7c2bc26e58b9f3cfb686d4ed40092 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 17:33:57 +0800 Subject: [PATCH 011/122] fix(prometheus): is enabled scrape addons metrics --- addons/prometheus/2/chart/prometheus/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index fb195934..21331135 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -1533,4 +1533,4 @@ volumePermissions: runAsUser: 0 scrapeAddons: - enable: true + enabled: true From 3a2818243cbcf7f58a6cd822db11716dc5b89545 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 2 Nov 2023 10:36:19 +0800 Subject: [PATCH 012/122] feat(drycc-addons): add postgresql-cluster --- .../15/chart/postgresql/Chart.yaml | 27 ++ .../15/chart/postgresql/README.md | 151 +++++++++++ .../15/chart/postgresql/templates/NOTES.txt | 25 ++ .../chart/postgresql/templates/_helpers.tpl | 43 +++ .../15/chart/postgresql/templates/ep.yaml | 12 + .../postgresql/templates/networkpolicy.yaml | 45 +++ .../15/chart/postgresql/templates/role.yaml | 49 ++++ .../postgresql/templates/rolebinding.yaml | 19 ++ .../15/chart/postgresql/templates/sec.yaml | 16 ++ .../postgresql/templates/serviceaccount.yaml | 12 + .../postgresql/templates/statefulset.yaml | 256 ++++++++++++++++++ .../postgresql/templates/svc-config.yaml | 11 + .../chart/postgresql/templates/svc-relp.yaml | 21 ++ .../15/chart/postgresql/templates/svc.yaml | 18 ++ .../15/chart/postgresql/values.yaml | 147 ++++++++++ addons/postgresql-cluster/15/meta.yaml | 20 ++ 16 files changed, 872 insertions(+) create mode 100644 addons/postgresql-cluster/15/chart/postgresql/Chart.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/README.md create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/values.yaml create mode 100644 addons/postgresql-cluster/15/meta.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml new file mode 100644 index 00000000..f0397f67 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml @@ -0,0 +1,27 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: "15" +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + version: ~1.1.1 +description: PostgreSQL (Postgres) is an open source object-relational database known for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, views, triggers and stored procedures. +engine: gotpl +home: https://github.com/bitnami/charts/tree/master/bitnami/postgresql +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png +keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster +maintainers: + - email: zhang.eamon@hotmail.com + name: zhangeamon +name: postgresql +sources: + - https://github.com/drycc-addons/ + - https://www.postgresql.org/ +version: 15.4.1 diff --git a/addons/postgresql-cluster/15/chart/postgresql/README.md b/addons/postgresql-cluster/15/chart/postgresql/README.md new file mode 100644 index 00000000..8d44fca1 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/README.md @@ -0,0 +1,151 @@ +# ⚠️ Repo Archive Notice + +As of Nov 13, 2020, charts in this repo will no longer be updated. +For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/). + +# Patroni Helm Chart + +This directory contains a Kubernetes chart to deploy a five node [Patroni](https://github.com/zalando/patroni/) cluster using a [Spilo](https://github.com/zalando/spilo) and a StatefulSet. + + +## Prerequisites Details +* Kubernetes 1.9+ +* PV support on the underlying infrastructure + +## StatefulSet Details +* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ + +## StatefulSet Caveats +* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations + + +## Chart Details +This chart will do the following: + +* Implement a HA scalable PostgreSQL 10 cluster using a Kubernetes StatefulSet. + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add +$ helm dependency update +$ helm install --name my-release postgresql-cluster +``` + +To install the chart with randomly generated passwords: + +```console +$ helm install --name my-release postgresql-cluster \ + --set credentials.superuser="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.admin="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.standby="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)" +``` + +## Connecting to PostgreSQL + +Your access point is a cluster IP. In order to access it spin up another pod: + +```console +$ kubectl run -i --tty --rm psql --image=postgres --restart=Never -- bash -il +``` + +Then, from inside the pod, connect to PostgreSQL: + +```console +$ psql -U admin -h my-release-patroni.default.svc.cluster.local postgres + +postgres=> +``` + +## Configuration + +The following table lists the configurable parameters of the patroni chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------|---------------------------------------------|-----------------------------------------------------| +| `nameOverride` | Override the name of the chart | `nil` | +| `fullnameOverride` | Override the fullname of the chart | `nil` | +| `replicaCount` | Amount of pods to spawn | `5` | +| `image.repository` | The image to pull | `registry.opensource.zalan.do/acid/spilo-10` | +| `image.tag` | The version of the image to pull | `1.5-p5` | +| `image.pullPolicy` | The pull policy | `IfNotPresent` | +| `credentials.superuser` | Password of the superuser | `tea` | +| `credentials.admin` | Password of the admin | `cola` | +| `credentials.standby` | Password of the replication user | `pinacolada` | +| `kubernetes.dcs.enable` | Using Kubernetes as DCS | `true` | +| `kubernetes.configmaps.enable` | Using Kubernetes configmaps instead of endpoints | `false` | +| `etcd.enable` | Using etcd as DCS | `false` | +| `etcd.deployChart` | Deploy etcd chart | `false` | +| `etcd.host` | Host name of etcd cluster | `nil` | +| `etcd.discovery` | Domain name of etcd cluster | `nil` | +| `zookeeper.enable` | Using ZooKeeper as DCS | `false` | +| `zookeeper.deployChart` | Deploy ZooKeeper chart | `false` | +| `zookeeper.hosts` | List of ZooKeeper cluster members | `host1:port1,host2:port,etc...` | +| `consul.enable` | Using Consul as DCS | `false` | +| `consul.deployChart` | Deploy Consul chart | `false` | +| `consul.host` | Host name of consul cluster | `nil` | +| `env` | Extra custom environment variables | `{}` | +| `walE.enable` | Use of Wal-E tool for base backup/restore | `false` | +| `walE.scheduleCronJob` | Schedule of Wal-E backups | `00 01 * * *` | +| `walE.retainBackups` | Number of base backups to retain | `2` | +| `walE.s3Bucket:` | Amazon S3 bucket used for wal-e backups | `nil` | +| `walE.gcsBucket` | GCS storage used for Wal-E backups | `nil` | +| `walE.kubernetesSecret` | K8s secret name for provider bucket | `nil` | +| `walE.backupThresholdMegabytes` | Maximum size of the WAL segments accumulated after the base backup to consider WAL-E restore instead of pg_basebackup | `1024` | +| `walE.backupThresholdPercentage` | Maximum ratio (in percents) of the accumulated WAL files to the base backup to consider WAL-E restore instead of pg_basebackup | `30` | +| `resources` | Any resources you wish to assign to the pod | `{}` | +| `nodeSelector` | Node label to use for scheduling | `{}` | +| `tolerations` | List of node taints to tolerate | `[]` | +| `affinityTemplate` | A template string to use to generate the affinity settings | Anti-affinity preferred on hostname | +| `affinity` | Affinity settings. Overrides `affinityTemplate` if set. | `{}` | +| `schedulerName` | Alternate scheduler name | `nil` | +| `persistentVolume.accessModes` | Persistent Volume access modes | `[ReadWriteOnce]` | +| `persistentVolume.annotations` | Annotations for Persistent Volume Claim` | `{}` | +| `persistentVolume.mountPath` | Persistent Volume mount root path | `/home/postgres/pgdata` | +| `persistentVolume.size` | Persistent Volume size | `2Gi` | +| `persistentVolume.storageClass` | Persistent Volume Storage Class | `volume.alpha.kubernetes.io/storage-class: default` | +| `persistentVolume.subPath` | Subdirectory of Persistent Volume to mount | `""` | +| `rbac.create` | Create required role and rolebindings | `true` | +| `serviceAccount.create` | If true, create a new service account | `true` | +| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `nil` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install --name my-release -f values.yaml incubator/patroni +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Cleanup + +To remove the spawned pods you can run a simple `helm delete `. + +Helm will however preserve created persistent volume claims, +to also remove them execute the commands below. + +```console +$ release= +$ helm delete $release +$ kubectl delete pvc -l release=$release +``` + +## Internals + +Patroni is responsible for electing a PostgreSQL master pod by leveraging the +DCS of your choice. After election it adds a `spilo-role=master` label to the +elected master and set the label to `spilo-role=replica` for all replicas. +Simultaneously it will update the `-patroni` endpoint to let the +service route traffic to the elected master. + +```console +$ kubectl get pods -l spilo-role -L spilo-role +NAME READY STATUS RESTARTS AGE SPILO-ROLE +my-release-patroni-0 1/1 Running 0 9m replica +my-release-patroni-1 1/1 Running 0 9m master +my-release-patroni-2 1/1 Running 0 8m replica +my-release-patroni-3 1/1 Running 0 8m replica +my-release-patroni-4 1/1 Running 0 8m replica +``` diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt b/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt new file mode 100644 index 00000000..22a4f2d2 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt @@ -0,0 +1,25 @@ +Patroni can be accessed via port 5432 on the following DNS name from within your cluster: +{{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To get your password for superuser run: + + # superuser password + PGPASSWORD_SUPERUSER=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "patroni.fullname" . }} -o jsonpath="{.data.password-superuser}" | base64 --decode) + + # admin password + PGPASSWORD_ADMIN=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "patroni.fullname" . }} -o jsonpath="{.data.password-admin}" | base64 --decode) + +To connect to your database: + +1. Run a postgres pod and connect using the psql cli: + # login as superuser + kubectl run -i --tty --rm psql --image=postgres \ + --env "PGPASSWORD=$PGPASSWORD_SUPERUSER" \ + --command -- psql -U postgres \ + -h {{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local postgres + + # login as admin + kubectl run -i -tty --rm psql --image=postgres \ + --env "PGPASSWORD=$PGPASSWORD_ADMIN" \ + --command -- psql -U admin \ + -h {{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local postgres diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl new file mode 100644 index 00000000..2b1b6d45 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "patroni.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "patroni.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "patroni.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use. +*/}} +{{- define "patroni.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "patroni.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml new file mode 100644 index 00000000..23b7b2eb --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +subsets: [] diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml new file mode 100644 index 00000000..06617f8a --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml @@ -0,0 +1,45 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + - ports: + - port: 5432 + {{- if and .Values.metrics.enabled }} + - port: {{ .Values.metrics.service.port }} + {{ end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml new file mode 100644 index 00000000..c81b39a8 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml @@ -0,0 +1,49 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete +- apiGroups: [""] + resources: ["services"] + verbs: + - create +- apiGroups: [""] + resources: ["endpoints"] + verbs: + - create + - get + - patch + - update + # the following three privileges are necessary only when using endpoints + - list + - watch + # delete is required only for for 'patronictl remove' + - delete + - deletecollection +- apiGroups: [""] + resources: ["pods"] + verbs: + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml new file mode 100644 index 00000000..d09de1c8 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ template "patroni.serviceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "patroni.fullname" . }} +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml new file mode 100644 index 00000000..40082291 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +type: Opaque +data: + password-superuser: {{ .Values.credentials.superuser | b64enc }} + password-admin: {{ .Values.credentials.admin | b64enc }} + password-replication: {{ .Values.credentials.standby | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml new file mode 100644 index 00000000..819bb983 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "patroni.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml new file mode 100644 index 00000000..ce657a5e --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -0,0 +1,256 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + serviceName: {{ template "patroni.fullname" . }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} + template: + metadata: + name: {{ template "patroni.fullname" . }} + labels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} + spec: + serviceAccountName: {{ template "patroni.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + {{- if .Values.kubernetes.dcs.enable }} + - name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' + - name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' + - name: PATRONI_KUBERNETES_LABELS + value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' + - name: PATRONI_SUPERUSER_USERNAME + value: postgres + - name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: PATRONI_REPLICATION_USERNAME + value: standby + - name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication + - name: PATRONI_SCOPE + value: {{ template "patroni.fullname" . }} + - name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: PATRONI_POSTGRESQL_DATA_DIR + value: "{{ .Values.persistentVolume.mountPath }}/data" + - name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass + - name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' + - name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' + + {{- if .Values.kubernetes.configmaps.enable }} + - name: KUBERNETES_USE_CONFIGMAPS + value: "true" + {{- end }} + {{- end }} + {{- if .Values.etcd.enable }} + {{- if .Values.etcd.deployChart }} + - name: ETCD_DISCOVERY_DOMAIN + value: {{default (printf "%s-etcd" .Release.Name | trunc 63) .Values.etcd.discovery }} + {{- else }} + - name: ETCD_HOST + value: {{ .Values.etcd.host | quote }} + {{- end }} + {{- else if .Values.zookeeper.enable }} + {{- if .Values.zookeeper.deployChart }} + - name: ZOOKEEPER_HOSTS + value: {{(printf "'%s-zookeeper-headless:2181'" .Release.Name | trunc 63)}} + {{- else }} + - name: ZOOKEEPER_HOSTS + value: {{ .Values.zookeeper.hosts | quote }} + {{- end }} + {{- else if .Values.consul.enable }} + {{- if .Values.consul.deployChart }} + - name: PATRONI_CONSUL_HOST + value: {{(printf "'%s-consul'" .Release.Name | trunc 63)}} + {{- else }} + - name: PATRONI_CONSUL_HOST + value: {{ .Values.consul.host | quote }} + {{- end }} + {{- end }} + - name: SCOPE + value: {{ template "patroni.fullname" . }} + {{- if .Values.walE.enable }} + - name: USE_WALE + value: {{ .Values.walE.enable | quote }} + {{- if .Values.walE.scheduleCronJob }} + - name: BACKUP_SCHEDULE + value: {{ .Values.walE.scheduleCronJob | quote}} + {{- end }} + {{- if .Values.walE.retainBackups }} + - name: BACKUP_NUM_TO_RETAIN + value: {{ .Values.walE.retainBackups | quote}} + {{- end }} + {{- if .Values.walE.s3Bucket }} + - name: WAL_S3_BUCKET + value: {{ .Values.walE.s3Bucket | quote }} + {{else if .Values.walE.gcsBucket }} + - name: WAL_GCS_BUCKET + value: {{ .Values.walE.gcsBucket | quote }} + {{- if .Values.walE.kubernetesSecret }} + - name: GOOGLE_APPLICATION_CREDENTIALS + value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" + {{- end }} + {{- end }} + {{- if .Values.walE.backupThresholdMegabytes }} + - name: WALE_BACKUP_THRESHOLD_MEGABYTES + value: {{ .Values.walE.backupThresholdMegabytes | quote }} + {{- end }} + {{- if .Values.walE.backupThresholdPercentage }} + - name: WALE_BACKUP_THRESHOLD_PERCENTAGE + value: {{ .Values.walE.backupThresholdPercentage | quote }} + {{- end }} + {{- else }} + - name: USE_WALE + value: "" + {{- end }} + - name: PGROOT + value: "{{ .Values.persistentVolume.mountPath }}/pgroot" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote | upper }} + value: {{ $val | quote }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + scheme: HTTP + path: /readiness + port: 8008 + initialDelaySeconds: 3 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /liveness + port: 8008 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + ports: + - containerPort: 8008 + protocol: TCP + - containerPort: 5432 + protocol: TCP + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + volumeMounts: "{{ .Values.persistentVolume.subPath }}" + # - mountPath: /etc/patroni + # name: patroni-config + # readOnly: true + {{- if .Values.walE.enable }} + {{- if .Values.walE.kubernetesSecret }} + - name: {{ .Values.walE.kubernetesSecret }} + mountPath: /etc/credentials + readOnly: true + {{- end }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ .Values.affinity | toYaml | indent 8 }} + {{- else if .Values.affinityTemplate }} + affinity: +{{ tpl .Values.affinityTemplate . | indent 8 }} + {{- end }} + volumes: + - name: patroni-config + secret: + secretName: {{ template "patroni.fullname" . }} + {{- if .Values.walE.enable }} + {{- if .Values.walE.kubernetesSecret }} + - name: {{ .Values.walE.kubernetesSecret }} + secret: + secretName: {{ .Values.walE.kubernetesSecret }} + {{- end }} + {{- end }} + {{- if not .Values.persistentVolume.enabled }} + - name: storage-volume + emptyDir: {} + {{- end }} + {{- if .Values.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: storage-volume + annotations: + {{- if .Values.persistentVolume.annotations }} +{{ toYaml .Values.persistentVolume.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + accessModes: +{{ toYaml .Values.persistentVolume.accessModes | indent 8 }} + resources: + requests: + storage: "{{ .Values.persistentVolume.size }}" + {{- if .Values.persistentVolume.storageClass }} + {{- if (eq "-" .Values.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistentVolume.storageClass }}" + {{- end }} + {{- end }} + {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml new file mode 100644 index 00000000..442be2f3 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml @@ -0,0 +1,11 @@ +# headless service to avoid deletion of patronidemo-config endpoint +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-config + labels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + clusterIP: None diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml new file mode 100644 index 00000000..cccaf8ce --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-repl + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + role: replica +spec: + type: ClusterIP + selector: + app: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: replica + ports: + - port: 5432 + targetPort: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml new file mode 100644 index 00000000..430a6a8f --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + type: ClusterIP + ports: + - name: postgresql + port: 5432 + targetPort: postgresql + protocol: TCP diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml new file mode 100644 index 00000000..1be7c5f6 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -0,0 +1,147 @@ +replicaCount: 3 + +image: + # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 + # https://github.com/zalando/spilo/tree/master/postgres-appliance + repository: registry.drycc.cc/drycc-addons/patroni + tag: 3.2 + pullPolicy: 'IfNotPresent' + +# Credentials used by Patroni +# https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql +# https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst +credentials: + superuser: tea + admin: cola + standby: reppasswd + +# Distribution Configuration stores +# Please note that only one of the following stores should be enabled. +kubernetes: + dcs: + enable: true + configmaps: + enable: false +etcd: + enable: false + deployChart: false + # If not deploying etcd chart, fill-in value for etcd service + # ..svc.cluster.local + host: + # Leave blank to use vendored etcd chart + discovery: +zookeeper: + enable: false + deployChart: false + # If not deploying etcd chart, fill-in list of ZooKeeper members in format: + # 'host1:port1','host2:port2','etc...' + hosts: +consul: + enable: false + deployChart: false + # Leave blank to use vendored consul chart + hosts: + +# Extra custom environment variables. +env: {} + +walE: + # Specifies whether Wal-E should be enabled + enable: false + # Cron schedule for doing base backups + scheduleCronJob: 00 01 * * * + # Amount of base backups to retain + retainBackups: 2 + # Path to the S3 or GCS bucket used for WAL-E base backups + s3Bucket: + gcsBucket: + # Name of the secret that holds the credentials to the bucket + kubernetesSecret: + # Maximum size of the WAL segments accumulated after the base backup to + # consider WAL-E restore instead of pg_basebackup + backupThresholdMegabytes: 1024 + # Maximum ratio (in percents) of the accumulated WAL files to the base backup + # to consider WAL-E restore instead of pg_basebackup + backupThresholdPercentage: 30 + +persistentVolume: + enabled: false + size: 10G + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + subPath: "" + mountPath: "/home/postgres/pgdata" + annotations: {} + accessModes: + - ReadWriteOnce + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 1000m + memory: 1Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 1000m + memory: 1Gi + +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +nodeSelector: {} + +# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinityTemplate: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app: {{ template "patroni.name" . }} + release: {{ .Release.Name | quote }} +affinity: {} + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + +## Postgresql Prometheus exporter parameters +## +metrics: + enabled: false +## Postgresql Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: false + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port MySQL is listening + ## on. When true, MySQL will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] \ No newline at end of file diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml new file mode 100644 index 00000000..f7e21529 --- /dev/null +++ b/addons/postgresql-cluster/15/meta.yaml @@ -0,0 +1,20 @@ +name: postgresql-cluster +version: 15.0 +id: 5cfb0abf-276c-445b-9060-9aa964ede87d +description: "postgresql-cluster" +displayName: "postgresql-cluster-15.0" +metadata: + displayName: "postgresql-cluster-15.0" + provider: + name: drycc + supportURL: https://www.postgresql.org/ + documentationURL: https://github.com/drycc-addons/drycc-docker-postgresql-cluster +tags: postgresql-cluster +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "networkPolicy.allowNamespaces" + description: "networkPolicy allowNamespaces config for values.yaml" +archive: false \ No newline at end of file From c317ad3ac5802173ffcae6cd2ffa63a3d90fed9f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 3 Nov 2023 09:13:06 +0800 Subject: [PATCH 013/122] chore(postgresql-cluster): move patroni env to helper --- .../chart/postgresql/templates/_helpers.tpl | 95 +++++++++++++ .../postgresql/templates/statefulset.yaml | 131 ++---------------- .../15/chart/postgresql/values.yaml | 24 +--- 3 files changed, 111 insertions(+), 139 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl index 2b1b6d45..f684f499 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -41,3 +41,98 @@ Create the name of the service account to use. {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} + +{{/* +Create patroni envs. +*/}} +{{- define "patroni.envs" }} +{{- if .Values.kubernetes.configmaps.enable }} +- name: KUBERNETES_USE_CONFIGMAPS + value: "true" +{{- end }} +{{- if .Values.kubernetes.endpoints.enable }} +- name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' +{{- end }} +- name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP +- name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +- name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' +- name: PATRONI_KUBERNETES_LABELS + value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' +- name: PATRONI_SUPERUSER_USERNAME + value: postgres +- name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser +- name: PATRONI_REPLICATION_USERNAME + value: standby +- name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication +- name: PATRONI_SCOPE + value: {{ template "patroni.fullname" . }} +- name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name +- name: PATRONI_POSTGRESQL_DATA_DIR + value: "{{ .Values.persistentVolume.mountPath }}/data" +- name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass +- name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' +- name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' +{{- end -}} + +{{/* +Create wale envs. +*/}} +{{- define "wale.envs" }} +{{- if .Values.walE.enable }} +- name: USE_WALE + value: {{ .Values.walE.enable | quote }} +{{- if .Values.walE.scheduleCronJob }} +- name: BACKUP_SCHEDULE + value: {{ .Values.walE.scheduleCronJob | quote}} +{{- end }} +{{- if .Values.walE.retainBackups }} +- name: BACKUP_NUM_TO_RETAIN + value: {{ .Values.walE.retainBackups | quote}} +{{- end }} +{{- if .Values.walE.s3Bucket }} +- name: WAL_S3_BUCKET + value: {{ .Values.walE.s3Bucket | quote }} +{{else if .Values.walE.gcsBucket }} +- name: WAL_GCS_BUCKET + value: {{ .Values.walE.gcsBucket | quote }} +{{- if .Values.walE.kubernetesSecret }} +- name: GOOGLE_APPLICATION_CREDENTIALS + value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" +{{- end }} + +{{- if .Values.walE.backupThresholdMegabytes }} +- name: WALE_BACKUP_THRESHOLD_MEGABYTES + value: {{ .Values.walE.backupThresholdMegabytes | quote }} +{{- end }} +{{- if .Values.walE.backupThresholdPercentage }} +- name: WALE_BACKUP_THRESHOLD_PERCENTAGE + value: {{ .Values.walE.backupThresholdPercentage | quote }} +{{- end }} +{{- else }} +- name: USE_WALE + value: "" +{{- end }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index ce657a5e..14895620 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -31,123 +31,7 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - {{- if .Values.kubernetes.dcs.enable }} - - name: PATRONI_KUBERNETES_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: PATRONI_KUBERNETES_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE - value: 'true' - - name: PATRONI_KUBERNETES_USE_ENDPOINTS - value: 'true' - - name: PATRONI_KUBERNETES_LABELS - value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' - - name: PATRONI_SUPERUSER_USERNAME - value: postgres - - name: PATRONI_SUPERUSER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: password-superuser - - name: PATRONI_REPLICATION_USERNAME - value: standby - - name: PATRONI_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: password-replication - - name: PATRONI_SCOPE - value: {{ template "patroni.fullname" . }} - - name: PATRONI_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: PATRONI_POSTGRESQL_DATA_DIR - value: "{{ .Values.persistentVolume.mountPath }}/data" - - name: PATRONI_POSTGRESQL_PGPASS - value: /tmp/pgpass - - name: PATRONI_POSTGRESQL_LISTEN - value: '0.0.0.0:5432' - - name: PATRONI_RESTAPI_LISTEN - value: '0.0.0.0:8008' - - {{- if .Values.kubernetes.configmaps.enable }} - - name: KUBERNETES_USE_CONFIGMAPS - value: "true" - {{- end }} - {{- end }} - {{- if .Values.etcd.enable }} - {{- if .Values.etcd.deployChart }} - - name: ETCD_DISCOVERY_DOMAIN - value: {{default (printf "%s-etcd" .Release.Name | trunc 63) .Values.etcd.discovery }} - {{- else }} - - name: ETCD_HOST - value: {{ .Values.etcd.host | quote }} - {{- end }} - {{- else if .Values.zookeeper.enable }} - {{- if .Values.zookeeper.deployChart }} - - name: ZOOKEEPER_HOSTS - value: {{(printf "'%s-zookeeper-headless:2181'" .Release.Name | trunc 63)}} - {{- else }} - - name: ZOOKEEPER_HOSTS - value: {{ .Values.zookeeper.hosts | quote }} - {{- end }} - {{- else if .Values.consul.enable }} - {{- if .Values.consul.deployChart }} - - name: PATRONI_CONSUL_HOST - value: {{(printf "'%s-consul'" .Release.Name | trunc 63)}} - {{- else }} - - name: PATRONI_CONSUL_HOST - value: {{ .Values.consul.host | quote }} - {{- end }} - {{- end }} - - name: SCOPE - value: {{ template "patroni.fullname" . }} - {{- if .Values.walE.enable }} - - name: USE_WALE - value: {{ .Values.walE.enable | quote }} - {{- if .Values.walE.scheduleCronJob }} - - name: BACKUP_SCHEDULE - value: {{ .Values.walE.scheduleCronJob | quote}} - {{- end }} - {{- if .Values.walE.retainBackups }} - - name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.walE.retainBackups | quote}} - {{- end }} - {{- if .Values.walE.s3Bucket }} - - name: WAL_S3_BUCKET - value: {{ .Values.walE.s3Bucket | quote }} - {{else if .Values.walE.gcsBucket }} - - name: WAL_GCS_BUCKET - value: {{ .Values.walE.gcsBucket | quote }} - {{- if .Values.walE.kubernetesSecret }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" - {{- end }} - {{- end }} - {{- if .Values.walE.backupThresholdMegabytes }} - - name: WALE_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.walE.backupThresholdMegabytes | quote }} - {{- end }} - {{- if .Values.walE.backupThresholdPercentage }} - - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.walE.backupThresholdPercentage | quote }} - {{- end }} - {{- else }} - - name: USE_WALE - value: "" - {{- end }} - - name: PGROOT - value: "{{ .Values.persistentVolume.mountPath }}/pgroot" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + {{- include "patroni.envs" . | indent 8 }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} - name: {{ $key | quote | upper }} @@ -174,6 +58,18 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 + lifecycle: + preStop: + exec: + command: + - /usr/bin/env + - bash + - -c + - | + # switch leader pod if the current pod is the leader + if curl --fail http://localhost:8008/read-write; then + init-stack patronictl switchover --force + fi ports: - containerPort: 8008 protocol: TCP @@ -182,7 +78,6 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - volumeMounts: "{{ .Values.persistentVolume.subPath }}" # - mountPath: /etc/patroni # name: patroni-config # readOnly: true diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index 1be7c5f6..f7bdc8a7 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -5,6 +5,7 @@ image: # https://github.com/zalando/spilo/tree/master/postgres-appliance repository: registry.drycc.cc/drycc-addons/patroni tag: 3.2 + # IfNotPresent , Always pullPolicy: 'IfNotPresent' # Credentials used by Patroni @@ -18,29 +19,10 @@ credentials: # Distribution Configuration stores # Please note that only one of the following stores should be enabled. kubernetes: - dcs: + endpoints: enable: true configmaps: enable: false -etcd: - enable: false - deployChart: false - # If not deploying etcd chart, fill-in value for etcd service - # ..svc.cluster.local - host: - # Leave blank to use vendored etcd chart - discovery: -zookeeper: - enable: false - deployChart: false - # If not deploying etcd chart, fill-in list of ZooKeeper members in format: - # 'host1:port1','host2:port2','etc...' - hosts: -consul: - enable: false - deployChart: false - # Leave blank to use vendored consul chart - hosts: # Extra custom environment variables. env: {} @@ -136,7 +118,7 @@ metrics: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: false + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening From 9891e1050911ce0c4e2f19453956acb2287f3d9e Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 6 Nov 2023 11:00:32 +0800 Subject: [PATCH 014/122] chore(postgresql-cluster):adjust patroni config use configmap --- .../chart/postgresql/templates/_helpers.tpl | 10 ++++ .../chart/postgresql/templates/configmap.yaml | 19 ++++++++ .../15/chart/postgresql/templates/ep.yaml | 12 ----- .../postgresql/templates/networkpolicy.yaml | 6 +-- .../postgresql/templates/statefulset.yaml | 17 +++++-- .../15/chart/postgresql/values.yaml | 46 +++++++++++++++++++ 6 files changed, 88 insertions(+), 22 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml delete mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl index f684f499..8e146ffd 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -42,6 +42,16 @@ Create the name of the service account to use. {{- end -}} {{- end -}} +{{/* +Return true if a configmap object should be created for MySQL Secondary +*/}} +{{- define "patroni.createConfigmap" -}} +{{- if and .Values.configuration }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + {{/* Create patroni envs. */}} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml new file mode 100644 index 00000000..5f26b266 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml @@ -0,0 +1,19 @@ +{{- if (include "patroni.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-cm + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + patroni.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.configuration "context" $ ) | nindent 4 }} +{{- end -}} + diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml deleted file mode 100644 index 23b7b2eb..00000000 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "patroni.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: - app: {{ template "patroni.fullname" . }} - chart: {{ template "patroni.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - cluster-name: {{ template "patroni.fullname" . }} -subsets: [] diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml index 06617f8a..a6d317e6 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml @@ -1,8 +1,3 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - {{- if .Values.networkPolicy.enabled }} kind: NetworkPolicy apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} @@ -13,6 +8,7 @@ metadata: {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} + cluster-name: {{ template "patroni.fullname" . }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 14895620..4bf6e766 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -26,10 +26,17 @@ spec: cluster-name: {{ template "patroni.fullname" . }} spec: serviceAccountName: {{ template "patroni.serviceAccountName" . }} + + # securityContext: + # runAsUser: postgres + # fsGroup: postgres containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} {{- if .Values.env }} @@ -78,9 +85,9 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - # - mountPath: /etc/patroni - # name: patroni-config - # readOnly: true + - mountPath: "/opt/drycc/scripts/patroni/" + name: patroni-config + # readOnly: true {{- if .Values.walE.enable }} {{- if .Values.walE.kubernetesSecret }} - name: {{ .Values.walE.kubernetesSecret }} @@ -110,8 +117,8 @@ spec: {{- end }} volumes: - name: patroni-config - secret: - secretName: {{ template "patroni.fullname" . }} + configMap: + name: {{ template "common.names.fullname" . }}-cm {{- if .Values.walE.enable }} {{- if .Values.walE.kubernetesSecret }} - name: {{ .Values.walE.kubernetesSecret }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index f7bdc8a7..6e159f91 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -27,6 +27,52 @@ kubernetes: # Extra custom environment variables. env: {} +# +#custom patroni.yaml used by patroni boot +# configuration: {} +configuration: | + cat > /home/postgres/patroni.yml <<__EOF__ + log: + level: DEBUG + bootstrap: + dcs: + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + parameters: + wal_level: hot_standby + hot_standby: "on" + max_connections: 1000 + max_worker_processes: 8 + wal_keep_segments: 8 + max_wal_senders: 10 + max_replication_slots: 10 + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 1800s + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + password: '${PATRONI_REPLICATION_PASSWORD}' + __EOF__ + walE: # Specifies whether Wal-E should be enabled enable: false From 4f1a35012c0b68a506175ebb649b6c66d71487a4 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 9 Nov 2023 13:35:34 +0800 Subject: [PATCH 015/122] chore(postgresql-cluster):organize code structure --- .../chart/postgresql/templates/_helpers.tpl | 28 ++++++++- .../chart/postgresql/templates/configmap.yaml | 9 +-- .../15/chart/postgresql/templates/sec.yaml | 7 ++- .../postgresql/templates/statefulset.yaml | 2 +- .../15/chart/postgresql/values.yaml | 61 +++++++++++++++---- .../15/plans/standard-10/bind.yaml | 34 +++++++++++ .../standard-10/create-instance-schema.json | 12 ++++ .../15/plans/standard-10/meta.yaml | 6 ++ .../15/plans/standard-10/values.yaml | 61 +++++++++++++++++++ .../15/plans/standard-20/bind.yaml | 34 +++++++++++ .../standard-20/create-instance-schema.json | 12 ++++ .../15/plans/standard-20/meta.yaml | 6 ++ .../15/plans/standard-20/values.yaml | 61 +++++++++++++++++++ 13 files changed, 311 insertions(+), 22 deletions(-) create mode 100644 addons/postgresql-cluster/15/plans/standard-10/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-10/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-10/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-20/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-20/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-20/values.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl index 8e146ffd..41b3a94d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -43,10 +43,10 @@ Create the name of the service account to use. {{- end -}} {{/* -Return true if a configmap object should be created for MySQL Secondary +Return true if a configmap object should be created for Postgresql HA patroni */}} {{- define "patroni.createConfigmap" -}} -{{- if and .Values.configuration }} +{{- if and .Values.preInitScript }} {{- true -}} {{- else -}} {{- end -}} @@ -90,6 +90,13 @@ Create patroni envs. secretKeyRef: name: {{ template "patroni.fullname" . }} key: password-replication +- name: PATRONI_REWIND_USERNAME + value: rewinder +- name: PATRONI_REWIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-rewind - name: PATRONI_SCOPE value: {{ template "patroni.fullname" . }} - name: PATRONI_NAME @@ -104,6 +111,23 @@ Create patroni envs. value: '0.0.0.0:5432' - name: PATRONI_RESTAPI_LISTEN value: '0.0.0.0:8008' + +- name: DATABASE_NAME + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: data-name +- name: DATABASE_USER + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: data-user +- name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: data-password + {{- end -}} {{/* diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml index 5f26b266..877d5879 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml @@ -13,7 +13,8 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} data: - patroni.sh: |- - {{- include "common.tplvalues.render" ( dict "value" .Values.configuration "context" $ ) | nindent 4 }} -{{- end -}} - + pre_init.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.preInitScript "context" $ ) | nindent 4 }} + post_init.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.postInitScript "context" $ ) | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml index 40082291..89214502 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml @@ -12,5 +12,8 @@ metadata: type: Opaque data: password-superuser: {{ .Values.credentials.superuser | b64enc }} - password-admin: {{ .Values.credentials.admin | b64enc }} - password-replication: {{ .Values.credentials.standby | b64enc }} + password-rewind: {{ .Values.credentials.rewind | b64enc }} + password-replication: {{ .Values.credentials.replication | b64enc }} + data-user: {{ .Values.dataname.username | b64enc }} + data-name: {{ .Values.dataname.dbname | b64enc }} + data-password: {{ .Values.dataname.password | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 4bf6e766..29fdbed9 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -85,7 +85,7 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - - mountPath: "/opt/drycc/scripts/patroni/" + - mountPath: "/opt/drycc/postgresql/scripts/" name: patroni-config # readOnly: true {{- if .Values.walE.enable }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index 6e159f91..679f4072 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -3,18 +3,23 @@ replicaCount: 3 image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 # https://github.com/zalando/spilo/tree/master/postgres-appliance - repository: registry.drycc.cc/drycc-addons/patroni - tag: 3.2 + repository: registry.drycc.cc/drycc-addons/postgresql-patroni + tag: 15 # IfNotPresent , Always pullPolicy: 'IfNotPresent' -# Credentials used by Patroni +# Credentials used by Patroni , passwd # https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql # https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst credentials: superuser: tea - admin: cola - standby: reppasswd + rewind: cola + replication: reppasswd + +dataname: + dbname: db1 + username: us1 + password: 111w # Distribution Configuration stores # Please note that only one of the following stores should be enabled. @@ -30,8 +35,8 @@ env: {} # #custom patroni.yaml used by patroni boot # configuration: {} -configuration: | - cat > /home/postgres/patroni.yml <<__EOF__ +preInitScript: | + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ log: level: DEBUG bootstrap: @@ -40,12 +45,13 @@ configuration: | use_pg_rewind: true use_slots: true pg_hba: + - local all all peer - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 parameters: wal_level: hot_standby hot_standby: "on" - max_connections: 1000 + max_connections: 1005 max_worker_processes: 8 wal_keep_segments: 8 max_wal_senders: 10 @@ -56,23 +62,52 @@ configuration: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 1800s + archive_command: /bin/true + # timescaledb.license: 'timescale' + shared_preload_libraries: 'auto_explain,pg_stat_statements' initdb: - - auth-host: scram-sha-256 - - auth-local: trust - - encoding: UTF8 - - locale: en_US.UTF-8 - - data-checksums + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh restapi: connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' postgresql: connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' authentication: superuser: + username: postgres password: '${PATRONI_SUPERUSER_PASSWORD}' replication: + username: standby password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_USERNAME}' + watchdog: + mode: off __EOF__ +postInitScript: | + #!/bin/bash + set -Eeu + # Create monitor user + psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" + # Create init database & user + if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then + echo "Creating user ${DATABASE_USER}" + psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" + echo "Creating database ${DATABASE_NAME} " + psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" + psql -w -d ${DATABASE_NAME} -c "create extension postgis" + psql -w -c "CHECKPOINT;CHECKPOINT;" + else + echo "Skipping user creation" + echo "Skipping database creation" + fi + walE: # Specifies whether Wal-E should be enabled enable: false diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml new file mode 100644 index 00000000..e5b14d98 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml new file mode 100644 index 00000000..6c738828 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-10" +id: 2b455154-8725-482a-95b2-a193c180d9b5 +description: "Mysql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" +displayName: "standard-10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml new file mode 100644 index 00000000..f90075a8 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 600 + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 1000m + memory: 1024Mi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 10Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml new file mode 100644 index 00000000..e749a7db --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-20" +id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc +description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml new file mode 100644 index 00000000..d9422e70 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-20 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 1000 + resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 20Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} From 324971644e32b2961fa02ca51b8f19e9a55d3540 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 9 Nov 2023 17:40:44 +0800 Subject: [PATCH 016/122] chore(postgresql-cluster): add metrics --- .../postgresql/templates/networkpolicy.yaml | 2 +- .../postgresql/templates/statefulset.yaml | 49 +++++++++++++++++++ .../15/chart/postgresql/templates/svc.yaml | 2 +- .../15/chart/postgresql/values.yaml | 41 ++++++++++++++-- 4 files changed, 87 insertions(+), 7 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml index a6d317e6..3b3baa56 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml @@ -21,7 +21,7 @@ spec: - ports: - port: 5432 {{- if and .Values.metrics.enabled }} - - port: {{ .Values.metrics.service.port }} + - port: {{ .Values.metrics.containerPort }} {{ end }} {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 29fdbed9..630fd990 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -97,6 +97,55 @@ spec: {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: "{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}" + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.customMetrics }} + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + env: + - name: DATA_SOURCE_NAME + value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/%s?sslmode=disable" $.Values.dataname.dbname }} + ports: + - name: http-metrics + containerPort: {{ .Values.metrics.containerPort }} + startupProbe: + initialDelaySeconds: 10 + tcpSocket: + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + livenessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml index 430a6a8f..301216e1 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml @@ -15,4 +15,4 @@ spec: - name: postgresql port: 5432 targetPort: postgresql - protocol: TCP + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index 679f4072..f9f86f8c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -1,4 +1,6 @@ replicaCount: 3 +diagnosticMode: + enable: false image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 @@ -46,6 +48,7 @@ preInitScript: | use_slots: true pg_hba: - local all all peer + - host all tea_mon 127.0.0.1/32 trust - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 parameters: @@ -108,6 +111,39 @@ postInitScript: | echo "Skipping database creation" fi +## Postgresql Prometheus exporter parameters +## +metrics: + enabled: true + image: + repository: registry.drycc.cc/drycc-addons/postgres-exporter + tag: "0" + # IfNotPresent , Always + pullPolicy: 'IfNotPresent' + ## @param metrics.customMetrics Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + ## customMetrics: + ## pg_database: + ## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + ## metrics: + ## - name: + ## usage: "LABEL" + ## description: "Name of the database" + ## - size_bytes: + ## usage: "GAUGE" + ## description: "Size of the database in bytes" + ## + customMetrics: {} + containerPort: 9187 + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: true + customLivenessProbe: {} + customReadinessProbe: + enabled: true + service: port + resources: {} walE: # Specifies whether Wal-E should be enabled enable: false @@ -189,11 +225,6 @@ serviceAccount: # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: - -## Postgresql Prometheus exporter parameters -## -metrics: - enabled: false ## Postgresql Nework Policy configuration ## networkPolicy: From 53f6af72ed236ad1e815870ad2ae7d69e0254741 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 10 Nov 2023 11:47:43 +0800 Subject: [PATCH 017/122] chore(postgresql-cluster): add metrics --- .../15/chart/postgresql/Chart.yaml | 3 +- .../postgresql/templates/metrics-svc.yaml | 31 +++++++++++++++++++ .../postgresql/templates/statefulset.yaml | 9 ++++-- .../15/chart/postgresql/values.yaml | 16 +++++++++- 4 files changed, 54 insertions(+), 5 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml index f0397f67..375ae4fe 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml @@ -17,6 +17,7 @@ keywords: - sql - replication - cluster + - patroni maintainers: - email: zhang.eamon@hotmail.com name: zhangeamon @@ -24,4 +25,4 @@ name: postgresql sources: - https://github.com/drycc-addons/ - https://www.postgresql.org/ -version: 15.4.1 +version: 15.3.1 diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml new file mode 100644 index 00000000..0cd24f48 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml @@ -0,0 +1,31 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "patroni.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} + {{- if .Values.metrics.service.clusterIP }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.service.ports.metrics }} + targetPort: http-metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: patroni +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 630fd990..803b9702 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -3,7 +3,8 @@ kind: StatefulSet metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni app: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} @@ -13,14 +14,16 @@ spec: serviceName: {{ template "patroni.fullname" . }} replicas: {{ .Values.replicaCount }} selector: - matchLabels: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: patroni app: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} cluster-name: {{ template "patroni.fullname" . }} template: metadata: name: {{ template "patroni.fullname" . }} - labels: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: patroni app: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index f9f86f8c..4d28d660 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -133,6 +133,21 @@ metrics: ## usage: "GAUGE" ## description: "Size of the database in bytes" ## + service: + ports: + metrics: 9187 + clusterIP: "" + ## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + customMetrics: {} containerPort: 9187 containerSecurityContext: @@ -142,7 +157,6 @@ metrics: customLivenessProbe: {} customReadinessProbe: enabled: true - service: port resources: {} walE: # Specifies whether Wal-E should be enabled From c7969725b66e4bb86481c4514ef584f0fc1ec8d8 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 10 Nov 2023 11:51:19 +0800 Subject: [PATCH 018/122] chore(postgresql-cluster): rename postgresql to postgresql-cluster --- .../15/chart/{postgresql => postgresql-cluster}/Chart.yaml | 0 .../15/chart/{postgresql => postgresql-cluster}/README.md | 0 .../chart/{postgresql => postgresql-cluster}/templates/NOTES.txt | 0 .../{postgresql => postgresql-cluster}/templates/_helpers.tpl | 0 .../{postgresql => postgresql-cluster}/templates/configmap.yaml | 0 .../{postgresql => postgresql-cluster}/templates/metrics-svc.yaml | 0 .../templates/networkpolicy.yaml | 0 .../chart/{postgresql => postgresql-cluster}/templates/role.yaml | 0 .../{postgresql => postgresql-cluster}/templates/rolebinding.yaml | 0 .../chart/{postgresql => postgresql-cluster}/templates/sec.yaml | 0 .../templates/serviceaccount.yaml | 0 .../{postgresql => postgresql-cluster}/templates/statefulset.yaml | 0 .../{postgresql => postgresql-cluster}/templates/svc-config.yaml | 0 .../{postgresql => postgresql-cluster}/templates/svc-relp.yaml | 0 .../chart/{postgresql => postgresql-cluster}/templates/svc.yaml | 0 .../15/chart/{postgresql => postgresql-cluster}/values.yaml | 0 16 files changed, 0 insertions(+), 0 deletions(-) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/Chart.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/README.md (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/NOTES.txt (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/_helpers.tpl (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/configmap.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/metrics-svc.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/networkpolicy.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/role.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/rolebinding.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/sec.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/serviceaccount.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/statefulset.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/svc-config.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/svc-relp.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/svc.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/values.yaml (100%) diff --git a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/Chart.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/README.md rename to addons/postgresql-cluster/15/chart/postgresql-cluster/README.md diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/NOTES.txt similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/NOTES.txt diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/values.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml From f57e768f3e9c9b3843a3ab17e031958279745b24 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 15 Nov 2023 15:55:53 +0800 Subject: [PATCH 019/122] chore(postgresql-cluster) add wal-g for backup --- addons/postgresql-cluster/15/chart/cj.yaml | 605 ++++++++++++++++++ .../postgresql-cluster/templates/_helpers.tpl | 68 +- .../postgresql-cluster/templates/cronjob.yaml | 58 ++ .../templates/networkpolicy.yaml | 1 + .../postgresql-cluster/templates/role.yaml | 2 +- .../templates/rolebinding.yaml | 2 +- .../postgresql-cluster/templates/sec.yaml | 2 +- .../templates/serviceaccount.yaml | 2 +- .../templates/statefulset.yaml | 26 +- .../templates/svc-config.yaml | 2 +- .../templates/svc-master.yaml | 24 + .../{metrics-svc.yaml => svc-metrics.yaml} | 1 + .../templates/svc-relp.yaml | 9 +- .../postgresql-cluster/templates/svc.yaml | 14 +- .../15/chart/postgresql-cluster/values.yaml | 42 +- .../15/plans/standard-10/bind.yaml | 2 +- .../15/plans/standard-10/meta.yaml | 4 +- .../15/plans/standard-10/values.yaml | 130 ++-- .../15/plans/standard-20/values.yaml | 2 +- 19 files changed, 865 insertions(+), 131 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/cj.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml rename addons/postgresql-cluster/15/chart/postgresql-cluster/templates/{metrics-svc.yaml => svc-metrics.yaml} (96%) diff --git a/addons/postgresql-cluster/15/chart/cj.yaml b/addons/postgresql-cluster/15/chart/cj.yaml new file mode 100644 index 00000000..48880e1c --- /dev/null +++ b/addons/postgresql-cluster/15/chart/cj.yaml @@ -0,0 +1,605 @@ +--- +# Source: postgresql/templates/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + cluster-name: release-name-postgresql +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: release-name + ingress: + # Allow inbound connections + - ports: + - port: 5432 + - port: 9187 + + from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: default +--- +# Source: postgresql/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm +--- +# Source: postgresql/templates/sec.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql +type: Opaque +data: + password-superuser: dGVh + password-rewind: Y29sYQ== + password-replication: cmVwcGFzc3dk + data-user: dXMx + data-name: ZGIx + data-password: MTExdw== +--- +# Source: postgresql/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: release-name-postgresql-cm + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + cluster-name: release-name-postgresql +data: + pre_init.sh: |- + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ + log: + level: DEBUG + bootstrap: + dcs: + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - local all all peer + - host all tea_mon 127.0.0.1/32 trust + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + parameters: + wal_level: hot_standby + hot_standby: "on" + max_connections: 1005 + max_worker_processes: 8 + wal_keep_segments: 8 + max_wal_senders: 10 + max_replication_slots: 10 + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 1800s + archive_command: /bin/true + # timescaledb.license: 'timescale' + shared_preload_libraries: 'auto_explain,pg_stat_statements' + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + username: postgres + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + username: standby + password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_USERNAME}' + watchdog: + mode: off + __EOF__ + + post_init.sh: |- + #!/bin/bash + set -Eeu + # Create monitor user + psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" + # Create init database & user + if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then + echo "Creating user ${DATABASE_USER}" + psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" + echo "Creating database ${DATABASE_NAME} " + psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" + psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" + psql -w -c "CHECKPOINT;CHECKPOINT;" + else + echo "Skipping user creation" + echo "Skipping database creation" + fi +--- +# Source: postgresql/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete +- apiGroups: [""] + resources: ["services"] + verbs: + - create +- apiGroups: [""] + resources: ["endpoints"] + verbs: + - create + - get + - patch + - update + # the following three privileges are necessary only when using endpoints + - list + - watch + # delete is required only for for 'patronictl remove' + - delete + - deletecollection +- apiGroups: [""] + resources: ["pods"] + verbs: + - get + - list + - patch + - update + - watch +--- +# Source: postgresql/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm +subjects: + - kind: ServiceAccount + name: release-name-postgresql +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: release-name-postgresql +--- +# Source: postgresql/templates/svc-config.yaml +# headless service to avoid deletion of patronidemo-config endpoint +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql-config + labels: + app: release-name-postgresql + release: release-name + cluster-name: release-name-postgresql +spec: + clusterIP: None +--- +# Source: postgresql/templates/svc-metrics.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql-metrics + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app.kubernetes.io/component: metrics + annotations: + prometheus.io/port: '9187' + prometheus.io/scrape: "true" +spec: + type: ClusterIP + sessionAffinity: None + ports: + - name: http-metrics + port: 9187 + targetPort: http-metrics + selector: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: patroni +--- +# Source: postgresql/templates/svc-relp.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql-repl + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + role: replica +spec: + type: LoadBalancer + selector: + app: release-name-postgresql + cluster-name: release-name-postgresql + role: replica + ports: + - port: 5432 + targetPort: 5432 +--- +# Source: postgresql/templates/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + role: master +spec: + type: LoadBalancer + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + protocol: TCP +--- +# Source: postgresql/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql +spec: + serviceName: release-name-postgresql + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + template: + metadata: + name: release-name-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + spec: + serviceAccountName: release-name-postgresql + + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + containers: + - name: postgresql + image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" + imagePullPolicy: IfNotPresent + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + env: + - name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' + - name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' + - name: PATRONI_KUBERNETES_LABELS + value: '{app: release-name-postgresql,release: release-name,cluster-name: release-name-postgresql}' + - name: PATRONI_SUPERUSER_USERNAME + value: postgres + - name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-superuser + - name: PATRONI_REPLICATION_USERNAME + value: standby + - name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-replication + - name: PATRONI_REWIND_USERNAME + value: rewinder + - name: PATRONI_REWIND_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-rewind + - name: PATRONI_SCOPE + value: release-name-postgresql + - name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: PATRONI_POSTGRESQL_DATA_DIR + value: "/home/postgres/pgdata/data" + - name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass + - name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' + - name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' + + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: data-name + - name: DATABASE_USER + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: data-user + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: data-password + readinessProbe: + httpGet: + scheme: HTTP + path: /readiness + port: 8008 + initialDelaySeconds: 3 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /liveness + port: 8008 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + lifecycle: + preStop: + exec: + command: + - /usr/bin/env + - bash + - -c + - | + # switch leader pod if the current pod is the leader + if curl --fail http://localhost:8008/read-write; then + init-stack patronictl switchover --force + fi + ports: + - containerPort: 8008 + protocol: TCP + - containerPort: 5432 + protocol: TCP + volumeMounts: + - name: storage-volume + mountPath: "/home/postgres/pgdata" + - mountPath: "/opt/drycc/postgresql/scripts/" + name: patroni-config + # readOnly: true + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + - name: metrics + image: "registry.drycc.cc/drycc-addons/postgres-exporter:0" + imagePullPolicy: "IfNotPresent" + env: + - name: DATA_SOURCE_NAME + value: postgresql://tea_mon:password@127.0.0.1:5432/db1?sslmode=disable + ports: + - name: http-metrics + containerPort: 9187 + startupProbe: + initialDelaySeconds: 10 + tcpSocket: + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + livenessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app: postgresql + release: "release-name" + + volumes: + - name: patroni-config + configMap: + name: release-name-postgresql-cm + - name: storage-volume + emptyDir: {} +--- +# Source: postgresql/templates/cronjob.yaml +apiVersion: batch/v1 +kind: CronJob +metadata: + name: release-name-postgresql-backup + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + cluster-name: release-name-postgresql + +spec: + schedule: "*/1 * * * *" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: postgresql-backup + image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" + imagePullPolicy: Always + #imagePullPolicy: "IfNotPresent" + command: + - /usr/bin/env + - bash + - -c + - | + echo "sleeping ...." + sleep 10000 + echo "Successfull" + init-stack /opt/drycc/wal-g/bin/wal-g backup-push + init-stack /opt/drycc/wal-g/bin/wal-g delete + env: + - name: USE_WALG + value: "true" + - name: BACKUP_SCHEDULE + value: "eee" + - name: BACKUP_NUM_TO_RETAIN + value: "2" + - name: WALG_BACKUP_THRESHOLD_MEGABYTES + value: "1024" + - name: WALE_BACKUP_THRESHOLD_PERCENTAGE + value: "30" + - name: PGHOST + value: release-name-postgresql-repl + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-replication + - name: PGUSER + value: standby + - name: PGPORT + value: "5432" diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index 41b3a94d..c75c3b29 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -42,6 +42,16 @@ Create the name of the service account to use. {{- end -}} {{- end -}} +{{/* +Return true if a cronjob object should be created for Postgresql HA patroni +*/}} +{{- define "patroni.createCronJob" -}} +{{- if and .Values.walG.enable }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + {{/* Return true if a configmap object should be created for Postgresql HA patroni */}} @@ -75,7 +85,7 @@ Create patroni envs. - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE value: 'true' - name: PATRONI_KUBERNETES_LABELS - value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' + value: '{application: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' - name: PATRONI_SUPERUSER_USERNAME value: postgres - name: PATRONI_SUPERUSER_PASSWORD @@ -131,42 +141,44 @@ Create patroni envs. {{- end -}} {{/* -Create wale envs. +Create walg envs. */}} -{{- define "wale.envs" }} -{{- if .Values.walE.enable }} -- name: USE_WALE - value: {{ .Values.walE.enable | quote }} -{{- if .Values.walE.scheduleCronJob }} +{{- define "walg.envs" }} +{{- if .Values.walG.enable }} +- name: USE_WALG + value: {{ .Values.walG.enable | quote }} +{{- if .Values.walG.scheduleCronJob }} - name: BACKUP_SCHEDULE - value: {{ .Values.walE.scheduleCronJob | quote}} + value: {{ .Values.walG.scheduleCronJob | quote}} {{- end }} -{{- if .Values.walE.retainBackups }} +{{- if .Values.walG.retainBackups }} - name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.walE.retainBackups | quote}} + value: {{ .Values.walG.retainBackups | quote}} {{- end }} -{{- if .Values.walE.s3Bucket }} -- name: WAL_S3_BUCKET - value: {{ .Values.walE.s3Bucket | quote }} -{{else if .Values.walE.gcsBucket }} -- name: WAL_GCS_BUCKET - value: {{ .Values.walE.gcsBucket | quote }} -{{- if .Values.walE.kubernetesSecret }} -- name: GOOGLE_APPLICATION_CREDENTIALS - value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" +{{- if .Values.walG.backupThresholdMegabytes }} +- name: WALG_BACKUP_THRESHOLD_MEGABYTES + value: {{ .Values.walG.backupThresholdMegabytes | quote }} {{- end }} - -{{- if .Values.walE.backupThresholdMegabytes }} -- name: WALE_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.walE.backupThresholdMegabytes | quote }} -{{- end }} -{{- if .Values.walE.backupThresholdPercentage }} +{{- if .Values.walG.backupThresholdPercentage }} - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.walE.backupThresholdPercentage | quote }} + value: {{ .Values.walG.backupThresholdPercentage | quote }} +{{- end }} +{{- if .Values.walG.s3.used }} +- name: AWS_ACCESS_KEY_ID + value: {{ .Values.walG.s3.awsAccessKeyId | quote }} +- name: AWS_SECRET_ACCESS_KEY + value: {{ .Values.walG.s3.awsSecretAccessKey | quote }} +- name: WALG_S3_PREFIX + value: {{ .Values.walG.s3.walGS3Prefix | quote }} +- name: AWS_ENDPOINT + value: {{ .Values.walG.s3.awsEndpoint | quote }} +- name: AWS_S3_FORCE_PATH_STYLE + value: {{ .Values.walG.s3.awsS3ForcePathStyle | quote }} +- name: AWS_REGION + value: {{ .Values.walG.s3.awsRegion | quote }} {{- end }} {{- else }} -- name: USE_WALE +- name: USE_WALG value: "" {{- end }} {{- end }} -{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml new file mode 100644 index 00000000..0bfb4b40 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml @@ -0,0 +1,58 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- if (include "patroni.createCronJob" .) }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "patroni.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + schedule: "*/1 * * * *" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ .Chart.Name }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: Always + #imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: + - /usr/bin/env + - bash + - -c + - | + echo "sleeping ...." + sleep 10000 + echo "Successfull" + init-stack /opt/drycc/wal-g/bin/wal-g backup-push + init-stack /opt/drycc/wal-g/bin/wal-g delete + env: + {{- include "walg.envs" . | indent 14 }} + - name: PGHOST + value: {{ include "patroni.fullname" . }}-repl + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication + - name: PGUSER + value: standby + - name: PGPORT + value: "5432" +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index 3b3baa56..dfad66c3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -8,6 +8,7 @@ metadata: {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} + app.kubernetes.io/component: patroni cluster-name: {{ template "patroni.fullname" . }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml index c81b39a8..8dec5309 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml index d09de1c8..5e15948f 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 89214502..306e93e7 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -4,7 +4,7 @@ metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml index 819bb983..e1b2ebf6 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "patroni.serviceAccountName" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 803b9702..335ea342 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -5,7 +5,7 @@ metadata: namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: patroni - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -16,16 +16,20 @@ spec: selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} app.kubernetes.io/component: patroni - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} + heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} template: metadata: name: {{ template "patroni.fullname" . }} labels: {{- include "common.labels.standard" . | nindent 8 }} app.kubernetes.io/component: patroni - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} + heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: serviceAccountName: {{ template "patroni.serviceAccountName" . }} @@ -91,13 +95,6 @@ spec: - mountPath: "/opt/drycc/postgresql/scripts/" name: patroni-config # readOnly: true - {{- if .Values.walE.enable }} - {{- if .Values.walE.kubernetesSecret }} - - name: {{ .Values.walE.kubernetesSecret }} - mountPath: /etc/credentials - readOnly: true - {{- end }} - {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} {{- if .Values.metrics.enabled }} @@ -171,13 +168,6 @@ spec: - name: patroni-config configMap: name: {{ template "common.names.fullname" . }}-cm - {{- if .Values.walE.enable }} - {{- if .Values.walE.kubernetesSecret }} - - name: {{ .Values.walE.kubernetesSecret }} - secret: - secretName: {{ .Values.walE.kubernetesSecret }} - {{- end }} - {{- end }} {{- if not .Values.persistentVolume.enabled }} - name: storage-volume emptyDir: {} @@ -191,7 +181,7 @@ spec: {{ toYaml .Values.persistentVolume.annotations | indent 8 }} {{- end }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml index 442be2f3..5f7b0f60 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml @@ -4,7 +4,7 @@ kind: Service metadata: name: {{ template "patroni.fullname" . }}-config labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} cluster-name: {{ template "patroni.fullname" . }} spec: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml new file mode 100644 index 00000000..48dba13d --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-master + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + role: master +spec: + type: LoadBalancer + selector: + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: master + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-metrics.yaml similarity index 96% rename from addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-metrics.yaml index 0cd24f48..862c6a0c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-metrics.yaml @@ -5,6 +5,7 @@ metadata: name: {{ printf "%s-metrics" (include "patroni.fullname" .) }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni app.kubernetes.io/component: metrics {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml index cccaf8ce..c5861935 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml @@ -3,17 +3,18 @@ kind: Service metadata: name: {{ template "patroni.fullname" . }}-repl namespace: {{ include "common.names.namespace" . | quote }} - labels: - app: {{ template "patroni.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} role: replica spec: - type: ClusterIP + type: LoadBalancer selector: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} role: replica ports: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index 301216e1..adc0ab69 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -3,16 +3,22 @@ kind: Service metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: - app: {{ template "patroni.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} + role: master spec: - type: ClusterIP + type: LoadBalancer + selector: + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: master ports: - name: postgresql port: 5432 - targetPort: postgresql + targetPort: 5432 protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 4d28d660..43a38eb0 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -1,7 +1,10 @@ -replicaCount: 3 +replicaCount: 1 diagnosticMode: enable: false +service: + type: LoadBalancer + image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 # https://github.com/zalando/spilo/tree/master/postgres-appliance @@ -104,7 +107,7 @@ postInitScript: | psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" echo "Creating database ${DATABASE_NAME} " psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" - psql -w -d ${DATABASE_NAME} -c "create extension postgis" + psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" psql -w -c "CHECKPOINT;CHECKPOINT;" else echo "Skipping user creation" @@ -114,7 +117,7 @@ postInitScript: | ## Postgresql Prometheus exporter parameters ## metrics: - enabled: true + enabled: false image: repository: registry.drycc.cc/drycc-addons/postgres-exporter tag: "0" @@ -157,17 +160,21 @@ metrics: customLivenessProbe: {} customReadinessProbe: enabled: true - resources: {} -walE: + resources: + limits: + cpu: 100m + memory: 512Mi + # hugepages-2Mi: 4Mi + requests: + cpu: 100m + memory: 512Mi +walG: # Specifies whether Wal-E should be enabled enable: false # Cron schedule for doing base backups scheduleCronJob: 00 01 * * * # Amount of base backups to retain retainBackups: 2 - # Path to the S3 or GCS bucket used for WAL-E base backups - s3Bucket: - gcsBucket: # Name of the secret that holds the credentials to the bucket kubernetesSecret: # Maximum size of the WAL segments accumulated after the base backup to @@ -176,6 +183,13 @@ walE: # Maximum ratio (in percents) of the accumulated WAL files to the base backup # to consider WAL-E restore instead of pg_basebackup backupThresholdPercentage: 30 + s3: + awsAccessKeyID: "xxx" + awsSecretAccessKey: "xx" + walGS3Prefix: "xxx" + awsEndpoint: "xxx" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 persistentVolume: enabled: false @@ -198,12 +212,12 @@ resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: - cpu: 1000m - memory: 1Gi + cpu: 100m + memory: 512Mi # hugepages-2Mi: 4Mi requests: - cpu: 1000m - memory: 1Gi + cpu: 100m + memory: 512Mi # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} @@ -220,7 +234,7 @@ affinityTemplate: | topologyKey: "kubernetes.io/hostname" labelSelector: matchLabels: - app: {{ template "patroni.name" . }} + application: {{ template "patroni.name" . }} release: {{ .Release.Name | quote }} affinity: {} @@ -244,7 +258,7 @@ serviceAccount: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: false ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index e5b14d98..cf57e76b 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,5 +1,5 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} + {{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml index 6c738828..f5c2257b 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml @@ -1,6 +1,6 @@ name: "standard-10" -id: 2b455154-8725-482a-95b2-a193c180d9b5 -description: "Mysql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" +id: 83c3b52e-2685-4362-9ea1-42e170060c78 +description: "Postgresql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" displayName: "standard-10" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index f90075a8..2082d76c 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -1,61 +1,83 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: hb-mysql-cluster-standard-10 +fullnameOverride: hb-postgresql-cluster-standard-10 -## MinIO® containers' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the MinIO® container -## @param resources.requests The requested resources for the MinIO® container -## -primary: - maxConnectionLimit: 600 - resources: +preInitScript: | + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ + log: + level: DEBUG + bootstrap: + dcs: + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - local all all peer + - host all tea_mon 127.0.0.1/32 trust + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + parameters: + wal_level: hot_standby + hot_standby: "on" + max_connections: 1005 + max_worker_processes: 8 + wal_keep_segments: 8 + max_wal_senders: 10 + max_replication_slots: 10 + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 1800s + archive_command: /bin/true + # timescaledb.license: 'timescale' + shared_preload_libraries: 'pg_stat_statements' + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + username: postgres + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + username: standby + password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_USERNAME}' + watchdog: + mode: off + __EOF__ + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 1000m + memory: 1Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 1000m + memory: 1Gi + +persistentVolume: + enabled: true + size: 10G + +metrics: + resources: limits: cpu: 1000m - memory: 1024Mi + memory: 1Gi requests: cpu: 1000m - memory: 1024Mi - - -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## - persistence: - ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir - ## - enabled: true - ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas - ## NOTE: When it's set the rest of persistence parameters are ignored - ## - existingClaim: "" - ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations - ## - annotations: {} - ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param primary.persistence.size MySQL primary persistent volume size - ## - size: 10Gi - ## @param primary.persistence.selector Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} + memory: 1Gi diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index d9422e70..12db2471 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -56,6 +56,6 @@ primary: ## @param primary.persistence.selector Selector to match an existing Persistent Volume ## selector: ## matchLabels: - ## app: my-app + ## application: my-app ## selector: {} From 56ce8454d8837add5343e505a9501b2384d5c2d6 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 17 Nov 2023 15:47:53 +0800 Subject: [PATCH 020/122] chore(postgresql-cluster): redirect postgresql log --- addons/postgresql-cluster/15/chart/cj.yaml | 605 ------------------ .../templates/networkpolicy.yaml | 2 +- .../templates/statefulset.yaml | 12 +- .../postgresql-cluster/templates/svc.yaml | 12 +- .../15/chart/postgresql-cluster/values.yaml | 60 +- 5 files changed, 71 insertions(+), 620 deletions(-) delete mode 100644 addons/postgresql-cluster/15/chart/cj.yaml diff --git a/addons/postgresql-cluster/15/chart/cj.yaml b/addons/postgresql-cluster/15/chart/cj.yaml deleted file mode 100644 index 48880e1c..00000000 --- a/addons/postgresql-cluster/15/chart/cj.yaml +++ /dev/null @@ -1,605 +0,0 @@ ---- -# Source: postgresql/templates/networkpolicy.yaml -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - cluster-name: release-name-postgresql -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: release-name - ingress: - # Allow inbound connections - - ports: - - port: 5432 - - port: 9187 - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: default ---- -# Source: postgresql/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm ---- -# Source: postgresql/templates/sec.yaml -apiVersion: v1 -kind: Secret -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql -type: Opaque -data: - password-superuser: dGVh - password-rewind: Y29sYQ== - password-replication: cmVwcGFzc3dk - data-user: dXMx - data-name: ZGIx - data-password: MTExdw== ---- -# Source: postgresql/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: release-name-postgresql-cm - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - cluster-name: release-name-postgresql -data: - pre_init.sh: |- - cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ - log: - level: DEBUG - bootstrap: - dcs: - postgresql: - use_pg_rewind: true - use_slots: true - pg_hba: - - local all all peer - - host all tea_mon 127.0.0.1/32 trust - - host all all 0.0.0.0/0 scram-sha-256 - - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 - parameters: - wal_level: hot_standby - hot_standby: "on" - max_connections: 1005 - max_worker_processes: 8 - wal_keep_segments: 8 - max_wal_senders: 10 - max_replication_slots: 10 - max_prepared_transactions: 0 - max_locks_per_transaction: 64 - wal_log_hints: "on" - track_commit_timestamp: "off" - archive_mode: "on" - archive_timeout: 1800s - archive_command: /bin/true - # timescaledb.license: 'timescale' - shared_preload_libraries: 'auto_explain,pg_stat_statements' - initdb: - - auth-host: scram-sha-256 - - auth-local: trust - - encoding: UTF8 - - locale: en_US.UTF-8 - - data-checksums - post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh - restapi: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' - postgresql: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' - authentication: - superuser: - username: postgres - password: '${PATRONI_SUPERUSER_PASSWORD}' - replication: - username: standby - password: '${PATRONI_REPLICATION_PASSWORD}' - rewind: # Has no effect on postgres 10 and lower - username: rewinder - password: '${PATRONI_REWIND_USERNAME}' - watchdog: - mode: off - __EOF__ - - post_init.sh: |- - #!/bin/bash - set -Eeu - # Create monitor user - psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" - # Create init database & user - if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then - echo "Creating user ${DATABASE_USER}" - psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" - echo "Creating database ${DATABASE_NAME} " - psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" - psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" - psql -w -c "CHECKPOINT;CHECKPOINT;" - else - echo "Skipping user creation" - echo "Skipping database creation" - fi ---- -# Source: postgresql/templates/role.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: - - create - - get - - list - - patch - - update - - watch - # delete is required only for 'patronictl remove' - - delete -- apiGroups: [""] - resources: ["services"] - verbs: - - create -- apiGroups: [""] - resources: ["endpoints"] - verbs: - - create - - get - - patch - - update - # the following three privileges are necessary only when using endpoints - - list - - watch - # delete is required only for for 'patronictl remove' - - delete - - deletecollection -- apiGroups: [""] - resources: ["pods"] - verbs: - - get - - list - - patch - - update - - watch ---- -# Source: postgresql/templates/rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm -subjects: - - kind: ServiceAccount - name: release-name-postgresql -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: release-name-postgresql ---- -# Source: postgresql/templates/svc-config.yaml -# headless service to avoid deletion of patronidemo-config endpoint -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql-config - labels: - app: release-name-postgresql - release: release-name - cluster-name: release-name-postgresql -spec: - clusterIP: None ---- -# Source: postgresql/templates/svc-metrics.yaml -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql-metrics - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app.kubernetes.io/component: metrics - annotations: - prometheus.io/port: '9187' - prometheus.io/scrape: "true" -spec: - type: ClusterIP - sessionAffinity: None - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: release-name - app.kubernetes.io/component: patroni ---- -# Source: postgresql/templates/svc-relp.yaml -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql-repl - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - role: replica -spec: - type: LoadBalancer - selector: - app: release-name-postgresql - cluster-name: release-name-postgresql - role: replica - ports: - - port: 5432 - targetPort: 5432 ---- -# Source: postgresql/templates/svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - role: master -spec: - type: LoadBalancer - ports: - - name: postgresql - port: 5432 - targetPort: 5432 - protocol: TCP ---- -# Source: postgresql/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql -spec: - serviceName: release-name-postgresql - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: release-name - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - template: - metadata: - name: release-name-postgresql - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - spec: - serviceAccountName: release-name-postgresql - - # securityContext: - # runAsUser: postgres - # fsGroup: postgres - containers: - - name: postgresql - image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" - imagePullPolicy: IfNotPresent - # securityContext: - # runAsUser: postgres - # fsGroup: postgres - env: - - name: PATRONI_KUBERNETES_USE_ENDPOINTS - value: 'true' - - name: PATRONI_KUBERNETES_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: PATRONI_KUBERNETES_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE - value: 'true' - - name: PATRONI_KUBERNETES_LABELS - value: '{app: release-name-postgresql,release: release-name,cluster-name: release-name-postgresql}' - - name: PATRONI_SUPERUSER_USERNAME - value: postgres - - name: PATRONI_SUPERUSER_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-superuser - - name: PATRONI_REPLICATION_USERNAME - value: standby - - name: PATRONI_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-replication - - name: PATRONI_REWIND_USERNAME - value: rewinder - - name: PATRONI_REWIND_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-rewind - - name: PATRONI_SCOPE - value: release-name-postgresql - - name: PATRONI_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: PATRONI_POSTGRESQL_DATA_DIR - value: "/home/postgres/pgdata/data" - - name: PATRONI_POSTGRESQL_PGPASS - value: /tmp/pgpass - - name: PATRONI_POSTGRESQL_LISTEN - value: '0.0.0.0:5432' - - name: PATRONI_RESTAPI_LISTEN - value: '0.0.0.0:8008' - - - name: DATABASE_NAME - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: data-name - - name: DATABASE_USER - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: data-user - - name: DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: data-password - readinessProbe: - httpGet: - scheme: HTTP - path: /readiness - port: 8008 - initialDelaySeconds: 3 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 8008 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - lifecycle: - preStop: - exec: - command: - - /usr/bin/env - - bash - - -c - - | - # switch leader pod if the current pod is the leader - if curl --fail http://localhost:8008/read-write; then - init-stack patronictl switchover --force - fi - ports: - - containerPort: 8008 - protocol: TCP - - containerPort: 5432 - protocol: TCP - volumeMounts: - - name: storage-volume - mountPath: "/home/postgres/pgdata" - - mountPath: "/opt/drycc/postgresql/scripts/" - name: patroni-config - # readOnly: true - resources: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 512Mi - - name: metrics - image: "registry.drycc.cc/drycc-addons/postgres-exporter:0" - imagePullPolicy: "IfNotPresent" - env: - - name: DATA_SOURCE_NAME - value: postgresql://tea_mon:password@127.0.0.1:5432/db1?sslmode=disable - ports: - - name: http-metrics - containerPort: 9187 - startupProbe: - initialDelaySeconds: 10 - tcpSocket: - port: http-metrics - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - livenessProbe: - initialDelaySeconds: 5 - httpGet: - path: / - port: http-metrics - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - readinessProbe: - initialDelaySeconds: 5 - httpGet: - path: / - port: http-metrics - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - resources: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 512Mi - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: "kubernetes.io/hostname" - labelSelector: - matchLabels: - app: postgresql - release: "release-name" - - volumes: - - name: patroni-config - configMap: - name: release-name-postgresql-cm - - name: storage-volume - emptyDir: {} ---- -# Source: postgresql/templates/cronjob.yaml -apiVersion: batch/v1 -kind: CronJob -metadata: - name: release-name-postgresql-backup - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - cluster-name: release-name-postgresql - -spec: - schedule: "*/1 * * * *" - failedJobsHistoryLimit: 1 - successfulJobsHistoryLimit: 1 - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - containers: - - name: postgresql-backup - image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" - imagePullPolicy: Always - #imagePullPolicy: "IfNotPresent" - command: - - /usr/bin/env - - bash - - -c - - | - echo "sleeping ...." - sleep 10000 - echo "Successfull" - init-stack /opt/drycc/wal-g/bin/wal-g backup-push - init-stack /opt/drycc/wal-g/bin/wal-g delete - env: - - name: USE_WALG - value: "true" - - name: BACKUP_SCHEDULE - value: "eee" - - name: BACKUP_NUM_TO_RETAIN - value: "2" - - name: WALG_BACKUP_THRESHOLD_MEGABYTES - value: "1024" - - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: "30" - - name: PGHOST - value: release-name-postgresql-repl - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-replication - - name: PGUSER - value: standby - - name: PGPORT - value: "5432" diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index dfad66c3..8b429517 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -23,7 +23,7 @@ spec: - port: 5432 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.containerPort }} - {{ end }} + {{ end }} `` {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 335ea342..8e436be3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -32,8 +32,18 @@ spec: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: + {{- if .Values.patroni.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.patroni.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.patroni.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.patroni.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.patroni.nodeAffinityPreset.type "key" .Values.patroni.nodeAffinityPreset.key "values" .Values.patroni.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.patroni.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.patroni.nodeSelector "context" $) | nindent 8 }} + {{- end }} serviceAccountName: {{ template "patroni.serviceAccountName" . }} - # securityContext: # runAsUser: postgres # fsGroup: postgres diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index adc0ab69..77ffd855 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -10,15 +10,9 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} - role: master spec: type: LoadBalancer - selector: - application: {{ template "patroni.fullname" . }} - cluster-name: {{ template "patroni.fullname" . }} - role: master ports: - - name: postgresql - port: 5432 - targetPort: 5432 - protocol: TCP \ No newline at end of file + - port: 5432 + targetPort: 5432 + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 43a38eb0..20d57dc3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -1,4 +1,4 @@ -replicaCount: 1 +replicaCount: 3 diagnosticMode: enable: false @@ -41,9 +41,11 @@ env: {} #custom patroni.yaml used by patroni boot # configuration: {} preInitScript: | + mkdir /home/postgres/pgdata/log + ln -sf /dev/stdout "/home/postgres/pgdata/log/postgresql.csv" cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ log: - level: DEBUG + level: INFO bootstrap: dcs: postgresql: @@ -71,6 +73,14 @@ preInitScript: | archive_command: /bin/true # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' + log_destination: 'csvlog' + log_filename: postgresql.log + logging_collector: on + log_directory: /home/postgres/pgdata/log + log_min_messages: 'info' + log_min_duration_statement: 1000 + log_lock_waits: on + log_statement: 'ddl' initdb: - auth-host: scram-sha-256 - auth-local: trust @@ -114,6 +124,48 @@ postInitScript: | echo "Skipping database creation" fi +patroni: + ## @param patroni.podAnnotations Additional pod annotations for Postgresql patroni pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param patroni.podAffinityPreset Postgresql patroni pod affinity preset. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param patroni.podAntiAffinityPreset Postgresql patroni pod anti-affinity preset. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Postgresql Primary node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param patroni.nodeAffinityPreset.type Postgresql patroni node affinity preset type. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param patroni.nodeAffinityPreset.key Postgresql patroni node label key to match Ignored if `patroni.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param patroni.nodeAffinityPreset.values Postgresql patroni node label values to match. Ignored if `patroni.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param patroni.affinity Affinity for Postgresql patroni pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param patroni.nodeSelector Node labels for Postgresql patroni pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## Postgresql Prometheus exporter parameters ## metrics: @@ -261,8 +313,8 @@ networkPolicy: enabled: false ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct - ## client label will have network access to the port MySQL is listening - ## on. When true, MySQL will accept connections from any source + ## client label will have network access to the port Postgresql is listening + ## on. When true, Postgresql will accept connections from any source ## (with the correct destination port). ## allowCurrentNamespace: true From 5c95bf455b0c9cdbbc1ba83338422d88ee3baab2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 22 Nov 2023 09:32:25 +0800 Subject: [PATCH 021/122] chore(postgresql-cluster): add pgbackup --- .../postgresql-cluster/templates/_helpers.tpl | 18 ++++---- .../postgresql-cluster/templates/cronjob.yaml | 25 +++-------- .../templates/statefulset.yaml | 41 ++++++++++++++++++- .../templates/svc-relp.yaml | 8 +++- .../15/chart/postgresql-cluster/values.yaml | 18 ++++---- 5 files changed, 68 insertions(+), 42 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index c75c3b29..1e4e50bc 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -43,10 +43,10 @@ Create the name of the service account to use. {{- end -}} {{/* -Return true if a cronjob object should be created for Postgresql HA patroni +Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature */}} {{- define "patroni.createCronJob" -}} -{{- if and .Values.walG.enable }} +{{- if and .Values.walG.enabled }} {{- true -}} {{- else -}} {{- end -}} @@ -115,13 +115,14 @@ Create patroni envs. fieldPath: metadata.name - name: PATRONI_POSTGRESQL_DATA_DIR value: "{{ .Values.persistentVolume.mountPath }}/data" +- name: PGDATA + value: "{{ .Values.persistentVolume.mountPath }}/data" - name: PATRONI_POSTGRESQL_PGPASS value: /tmp/pgpass - name: PATRONI_POSTGRESQL_LISTEN value: '0.0.0.0:5432' - name: PATRONI_RESTAPI_LISTEN value: '0.0.0.0:8008' - - name: DATABASE_NAME valueFrom: secretKeyRef: @@ -137,20 +138,15 @@ Create patroni envs. secretKeyRef: name: {{ template "patroni.fullname" . }} key: data-password - {{- end -}} {{/* Create walg envs. */}} {{- define "walg.envs" }} -{{- if .Values.walG.enable }} +{{- if .Values.walG.enabled }} - name: USE_WALG - value: {{ .Values.walG.enable | quote }} -{{- if .Values.walG.scheduleCronJob }} -- name: BACKUP_SCHEDULE - value: {{ .Values.walG.scheduleCronJob | quote}} -{{- end }} + value: {{ .Values.walG.enabled | quote }} {{- if .Values.walG.retainBackups }} - name: BACKUP_NUM_TO_RETAIN value: {{ .Values.walG.retainBackups | quote}} @@ -165,7 +161,7 @@ Create walg envs. {{- end }} {{- if .Values.walG.s3.used }} - name: AWS_ACCESS_KEY_ID - value: {{ .Values.walG.s3.awsAccessKeyId | quote }} + value: {{ .Values.walG.s3.awsAccessKeyID | quote }} - name: AWS_SECRET_ACCESS_KEY value: {{ .Values.walG.s3.awsSecretAccessKey | quote }} - name: WALG_S3_PREFIX diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml index 0bfb4b40..39c08de3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml @@ -19,7 +19,7 @@ metadata: {{- end }} spec: - schedule: "*/1 * * * *" + schedule: "{{ .Values.walG.scheduleCronJob }}" failedJobsHistoryLimit: 1 successfulJobsHistoryLimit: 1 jobTemplate: @@ -30,29 +30,14 @@ spec: containers: - name: {{ .Chart.Name }}-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: Always - #imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} command: - /usr/bin/env - bash - -c - | - echo "sleeping ...." - sleep 10000 - echo "Successfull" - init-stack /opt/drycc/wal-g/bin/wal-g backup-push - init-stack /opt/drycc/wal-g/bin/wal-g delete + curl "http://${REPLHOST}:9000/pg_backup" env: - {{- include "walg.envs" . | indent 14 }} - - name: PGHOST - value: {{ include "patroni.fullname" . }}-repl - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: password-replication - - name: PGUSER - value: standby - - name: PGPORT - value: "5432" + - name: REPLHOST + value: {{ include "patroni.fullname" . }}-repl {{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 8e436be3..a14a3139 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -56,6 +56,9 @@ spec: # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} + {{- if .Values.walG.enabled }} + {{- include "walg.envs" . | indent 8 }} + {{- end }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} - name: {{ $key | quote | upper }} @@ -156,7 +159,43 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} - {{- with .Values.nodeSelector }} + {{- if .Values.walG.enabled }} + - name: {{ .Chart.Name }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + command: + - /usr/bin/env + - bash + - -c + - | + python3 /opt/drycc/postgresql/pgbackup.py 0.0.0.0 9000 + env: + {{- include "walg.envs" . | indent 8 }} + - name: PGHOST + value: localhost + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: PGUSER + value: postgres + - name: PGDATABASE + value: postgres + - name: PGPORT + value: "5432" + - name: PGDATA + value: "{{ .Values.persistentVolume.mountPath }}/data" + ports: + - containerPort: 9000 + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + {{- end }} + {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml index c5861935..ba50b3bd 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml @@ -18,5 +18,9 @@ spec: cluster-name: {{ template "patroni.fullname" . }} role: replica ports: - - port: 5432 - targetPort: 5432 \ No newline at end of file + - name: postgresql + port: 5432 + targetPort: 5432 + - name: pgbackup + port: 9000 + targetPort: 9000 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 20d57dc3..693681bf 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -56,6 +56,7 @@ preInitScript: | - host all tea_mon 127.0.0.1/32 trust - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + - host replication postgres 0.0.0.0/0 scram-sha-256 parameters: wal_level: hot_standby hot_standby: "on" @@ -69,8 +70,8 @@ preInitScript: | wal_log_hints: "on" track_commit_timestamp: "off" archive_mode: "on" - archive_timeout: 1800s - archive_command: /bin/true + archive_timeout: 300s + archive_command: sh /opt/drycc/postgresql/walbackup.sh %f # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -222,9 +223,9 @@ metrics: memory: 512Mi walG: # Specifies whether Wal-E should be enabled - enable: false + enabled: true # Cron schedule for doing base backups - scheduleCronJob: 00 01 * * * + scheduleCronJob: "*/5 * * * *" # Amount of base backups to retain retainBackups: 2 # Name of the secret that holds the credentials to the bucket @@ -236,10 +237,11 @@ walG: # to consider WAL-E restore instead of pg_basebackup backupThresholdPercentage: 30 s3: - awsAccessKeyID: "xxx" - awsSecretAccessKey: "xx" - walGS3Prefix: "xxx" - awsEndpoint: "xxx" + used: true + awsAccessKeyID: "minioadmin" + awsSecretAccessKey: "minioadmin" + walGS3Prefix: "s3://pg1" + awsEndpoint: "http://10.10.2.11:9000" awsS3ForcePathStyle: "true" awsRegion: dx-1 From b940caa3e413a6986eb15feb41338df9ae6a7569 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 22 Nov 2023 14:27:30 +0800 Subject: [PATCH 022/122] chore(postgresql-cluster): add plans --- .../templates/cm -postgresql.yaml | 18 +++ .../{configmap.yaml => cm-patroni.yaml} | 2 +- .../templates/statefulset.yaml | 7 +- .../15/chart/postgresql-cluster/values.yaml | 28 +++- .../15/plans/standard-10/bind.yaml | 39 +++-- .../15/plans/standard-10/values.yaml | 123 ++++++++-------- .../15/plans/standard-100/bind.yaml | 30 ++++ .../standard-100/create-instance-schema.json | 12 ++ .../15/plans/standard-100/meta.yaml | 6 + .../15/plans/standard-100/values.yaml | 76 ++++++++++ .../15/plans/standard-20/bind.yaml | 40 +++--- .../15/plans/standard-20/meta.yaml | 2 +- .../15/plans/standard-20/values.yaml | 134 ++++++++++-------- .../15/plans/standard-200/bind.yaml | 30 ++++ .../standard-200/create-instance-schema.json | 12 ++ .../15/plans/standard-200/meta.yaml | 6 + .../15/plans/standard-200/values.yaml | 75 ++++++++++ .../15/plans/standard-400/bind.yaml | 30 ++++ .../standard-400/create-instance-schema.json | 12 ++ .../15/plans/standard-400/meta.yaml | 6 + .../15/plans/standard-400/values.yaml | 75 ++++++++++ .../15/plans/standard-50/bind.yaml | 30 ++++ .../standard-50/create-instance-schema.json | 12 ++ .../15/plans/standard-50/meta.yaml | 6 + .../15/plans/standard-50/values.yaml | 76 ++++++++++ .../15/plans/standard-800/bind.yaml | 30 ++++ .../standard-800/create-instance-schema.json | 12 ++ .../15/plans/standard-800/meta.yaml | 6 + .../15/plans/standard-800/values.yaml | 75 ++++++++++ 29 files changed, 837 insertions(+), 173 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml rename addons/postgresql-cluster/15/chart/postgresql-cluster/templates/{configmap.yaml => cm-patroni.yaml} (93%) create mode 100644 addons/postgresql-cluster/15/plans/standard-100/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-100/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-100/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-200/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-200/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-200/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-400/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-400/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-400/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-50/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-50/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-50/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-800/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-800/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-800/values.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml new file mode 100644 index 00000000..8aba698a --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml @@ -0,0 +1,18 @@ +{{- if (include "patroni.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-postgresql + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom_conf.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.postgresql.config "context" $ ) | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-patroni.yaml similarity index 93% rename from addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-patroni.yaml index 877d5879..ad4b5849 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-patroni.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "common.names.fullname" . }}-cm + name: {{ template "common.names.fullname" . }}-patroni namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index a14a3139..0d1ed21a 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -107,6 +107,8 @@ spec: mountPath: "{{ .Values.persistentVolume.mountPath }}" - mountPath: "/opt/drycc/postgresql/scripts/" name: patroni-config + - mountPath: "/opt/drycc/postgresql/config/" + name: postgresql-config # readOnly: true resources: {{ toYaml .Values.resources | indent 10 }} @@ -216,7 +218,10 @@ spec: volumes: - name: patroni-config configMap: - name: {{ template "common.names.fullname" . }}-cm + name: {{ template "common.names.fullname" . }}-patroni + - name: postgresql-config + configMap: + name: {{ template "common.names.fullname" . }}-postgresql {{- if not .Values.persistentVolume.enabled }} - name: storage-volume emptyDir: {} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 693681bf..451cb0ba 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -41,13 +41,23 @@ env: {} #custom patroni.yaml used by patroni boot # configuration: {} preInitScript: | - mkdir /home/postgres/pgdata/log + mkdir -p /home/postgres/pgdata/log ln -sf /dev/stdout "/home/postgres/pgdata/log/postgresql.csv" cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ log: level: INFO + restapi: + listen: 0.0.0.0:8008 + connect_address: 0.0.0.0:8008 + authentication: + username: NzUwNjg3MTEtMDgzOS00YTNkLWEyNjAt + password: YjJjMDNjYjQtMDA0Ny00NTgwLTgwYjMt bootstrap: dcs: + ttl: 30 + loop_wait: 10 + retry_timeout: 10 + maximum_lag_on_failover: 1048576 postgresql: use_pg_rewind: true use_slots: true @@ -57,12 +67,13 @@ preInitScript: | - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 - host replication postgres 0.0.0.0/0 scram-sha-256 + custom_conf: '/opt/drycc/postgresql/config/custom_conf.conf' parameters: wal_level: hot_standby hot_standby: "on" max_connections: 1005 max_worker_processes: 8 - wal_keep_segments: 8 + wal_keep_segments: 1024 max_wal_senders: 10 max_replication_slots: 10 max_prepared_transactions: 0 @@ -71,7 +82,7 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s - archive_command: sh /opt/drycc/postgresql/walbackup.sh %f + archive_command: sh /opt/drycc/postgresql/walbackup.sh %p # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -124,6 +135,17 @@ postInitScript: | echo "Skipping user creation" echo "Skipping database creation" fi +postgresql: + config: |- + log_min_duration_statement = 1008 + max_wal_size = 4GB + min_wal_size = 4GB + max_connections = 1005 + max_worker_processes = 8 + max_wal_senders = 10 + max_replication_slots = 10 + max_prepared_transactions = 0 + max_locks_per_transaction = 64 patroni: ## @param patroni.podAnnotations Additional pod annotations for Postgresql patroni pods diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index cf57e76b..d48323b0 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,34 +1,31 @@ credential: - {{- if (eq .Values.service.type "LoadBalancer") }} +{{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' - name: database valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' - name: password valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.password }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' - name: username valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index 2082d76c..b6037e16 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -2,82 +2,75 @@ ## fullnameOverride: hb-postgresql-cluster-standard-10 -preInitScript: | - cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ - log: - level: DEBUG - bootstrap: - dcs: - postgresql: - use_pg_rewind: true - use_slots: true - pg_hba: - - local all all peer - - host all tea_mon 127.0.0.1/32 trust - - host all all 0.0.0.0/0 scram-sha-256 - - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 - parameters: - wal_level: hot_standby - hot_standby: "on" - max_connections: 1005 - max_worker_processes: 8 - wal_keep_segments: 8 - max_wal_senders: 10 - max_replication_slots: 10 - max_prepared_transactions: 0 - max_locks_per_transaction: 64 - wal_log_hints: "on" - track_commit_timestamp: "off" - archive_mode: "on" - archive_timeout: 1800s - archive_command: /bin/true - # timescaledb.license: 'timescale' - shared_preload_libraries: 'pg_stat_statements' - initdb: - - auth-host: scram-sha-256 - - auth-local: trust - - encoding: UTF8 - - locale: en_US.UTF-8 - - data-checksums - post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh - restapi: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' - postgresql: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' - authentication: - superuser: - username: postgres - password: '${PATRONI_SUPERUSER_PASSWORD}' - replication: - username: standby - password: '${PATRONI_REPLICATION_PASSWORD}' - rewind: # Has no effect on postgres 10 and lower - username: rewinder - password: '${PATRONI_REWIND_USERNAME}' - watchdog: - mode: off - __EOF__ +postgresql: + config: |- + # Connectivity + max_connections = 980 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '256 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '1 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 2 + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 1000m - memory: 1Gi + memory: 2Gi # hugepages-2Mi: 4Mi requests: cpu: 1000m - memory: 1Gi + memory: 2Gi persistentVolume: enabled: true size: 10G -metrics: - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 1000m - memory: 1Gi diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml new file mode 100644 index 00000000..8b3352c9 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-100" +id: c44160a6-5ec4-49e5-af1e-a1c1676871cf +description: "Mysql Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" +displayName: "standard-100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml new file mode 100644 index 00000000..c937e07a --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -0,0 +1,76 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-100 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '4096 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '11 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 4 + max_parallel_workers_per_gather = 2 + max_parallel_maintenance_workers = 2 + max_parallel_workers = 4 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 4000m + memory: 16Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 4000m + memory: 16Gi + +persistentVolume: + enabled: true + size: 100G diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml index e8b99314..619e1429 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -1,34 +1,30 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} +{{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' - name: database valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' - name: password valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' - name: username valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml index e749a7db..e9580d73 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml @@ -1,5 +1,5 @@ name: "standard-20" -id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc +id: edf8bdfe-b1dc-4f41-b042-801153794df7 description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" displayName: "standard-20" bindable: true diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index 12db2471..f460d01f 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -1,61 +1,77 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: hb-mysql-cluster-standard-20 - -## MinIO® containers' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the MinIO® container -## @param resources.requests The requested resources for the MinIO® container -## -primary: - maxConnectionLimit: 1000 - resources: - limits: - cpu: 2000m - memory: 4Gi - requests: - cpu: 2000m - memory: 4Gi - - -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## - persistence: - ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir - ## - enabled: true - ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas - ## NOTE: When it's set the rest of persistence parameters are ignored - ## - existingClaim: "" - ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations - ## - annotations: {} - ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param primary.persistence.size MySQL primary persistent volume size - ## - size: 20Gi - ## @param primary.persistence.selector Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## application: my-app - ## - selector: {} +fullnameOverride: hb-postgresql-cluster-standard-20 + +postgresql: + config: |- + # Connectivity + max_connections = 1000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '1024 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '3 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 2 + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 2000m + memory: 4Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 2000m + memory: 4Gi + +persistentVolume: + enabled: true + size: 20G diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml new file mode 100644 index 00000000..89b4292b --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-200" +id: a2160ac2-6c35-4162-b8a2-8dfb2e01816f +description: "Mysql Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" +displayName: "standard-200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml new file mode 100644 index 00000000..9db720e6 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-200 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '8192 MB' + work_mem = '32 MB' + maintenance_work_mem = '420 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '22 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 8 + max_parallel_workers_per_gather = 4 + max_parallel_maintenance_workers = 4 + max_parallel_workers = 8 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 8000m + memory: 32Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 8000m + memory: 32Gi + +persistentVolume: + enabled: true + size: 200G diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml new file mode 100644 index 00000000..b9472699 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-400" +id: 16bfd3a8-1080-4731-93d0-bd90e6ba6dad +description: "Mysql Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml new file mode 100644 index 00000000..b1afad1d --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-400 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '16384 MB' + work_mem = '32 MB' + maintenance_work_mem = '520 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '45 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 16 + max_parallel_workers_per_gather = 8 + max_parallel_maintenance_workers = 8 + max_parallel_workers = 16 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 16000m + memory: 64Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 16000m + memory: 64Gi + +persistentVolume: + enabled: true + size: 400G diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml new file mode 100644 index 00000000..9fbb08f1 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-50" +id: 0542f411-4e7b-46af-966c-c9989e54873c +description: "Mysql Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml new file mode 100644 index 00000000..fbf8db1f --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -0,0 +1,76 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-50 + +postgresql: + config: |- + # Connectivity + max_connections = 1000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '2048 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '6 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 2 + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 2000m + memory: 8Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 2000m + memory: 8Gi + +persistentVolume: + enabled: true + size: 50G diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml new file mode 100644 index 00000000..1748ac9e --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-800" +id: 60f37e20-e69e-4f6f-9cce-e43caec34963 +description: "Mysql Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" +displayName: "standard-800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml new file mode 100644 index 00000000..3e88193a --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-800 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '32768 MB' + work_mem = '64 MB' + maintenance_work_mem = '720 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '90 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '10240 MB' + min_wal_size = '5120 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '22080 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 32 + max_parallel_workers_per_gather = 16 + max_parallel_maintenance_workers = 16 + max_parallel_workers = 32 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 32000m + memory: 128Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 32000m + memory: 128Gi + +persistentVolume: + enabled: true + size: 800G From 665deb48e500156f1629763fc103c7a6070a179d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 30 Nov 2023 14:07:27 +0800 Subject: [PATCH 023/122] chore(addons): add cloudbeaver --- .../23/chart/cloudbeaver/Chart.yaml | 24 + .../23/chart/cloudbeaver/README.md | 0 .../23/chart/cloudbeaver/templates/NOTES.txt | 3 + .../chart/cloudbeaver/templates/_helpers.tpl | 28 + .../cloudbeaver/templates/deployment.yaml | 138 +++++ .../cloudbeaver/templates/extra-list.yaml | 4 + .../chart/cloudbeaver/templates/ingress.yaml | 63 +++ .../23/chart/cloudbeaver/templates/pvc.yaml | 32 ++ .../cloudbeaver/templates/serviceaccount.yaml | 21 + .../23/chart/cloudbeaver/templates/svc.yaml | 46 ++ .../cloudbeaver/templates/tls-secrets.yaml | 44 ++ .../23/chart/cloudbeaver/values.yaml | 516 ++++++++++++++++++ addons/cloudbeaver/23/meta.yaml | 20 + .../cloudbeaver/23/plans/standard-5/bind.yaml | 20 + .../standard-5/create-instance-schema.json | 12 + .../cloudbeaver/23/plans/standard-5/meta.yaml | 6 + .../23/plans/standard-5/values.yaml | 60 ++ 17 files changed, 1037 insertions(+) create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/Chart.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/README.md create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/NOTES.txt create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/_helpers.tpl create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/extra-list.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/ingress.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/serviceaccount.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/svc.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/values.yaml create mode 100644 addons/cloudbeaver/23/meta.yaml create mode 100644 addons/cloudbeaver/23/plans/standard-5/bind.yaml create mode 100644 addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json create mode 100644 addons/cloudbeaver/23/plans/standard-5/meta.yaml create mode 100644 addons/cloudbeaver/23/plans/standard-5/values.yaml diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/Chart.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/Chart.yaml new file mode 100644 index 00000000..d5505574 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 23.2.5 +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + tags: + - drycc-common + version: ~1.1.2 +description: Cloud Database Manager +engine: gotpl +home: https://github.com/drycc-addons/addons +icon: https://github.com/dbeaver/cloudbeaver/wiki/images/cloudbeaver-logo.png +keywords: + - cloudbeaver + - database +maintainers: + - name: drycc + url: https://github.com/drycc-addons/addons +name: cloudbeaver +sources: + - https://github.com/dbeaver/cloudbeaver +version: 23.2.5 diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/README.md b/addons/cloudbeaver/23/chart/cloudbeaver/README.md new file mode 100644 index 00000000..e69de29b diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/NOTES.txt b/addons/cloudbeaver/23/chart/cloudbeaver/templates/NOTES.txt new file mode 100644 index 00000000..3eed111b --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/NOTES.txt @@ -0,0 +1,3 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} \ No newline at end of file diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/_helpers.tpl b/addons/cloudbeaver/23/chart/cloudbeaver/templates/_helpers.tpl new file mode 100644 index 00000000..dda6955a --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/_helpers.tpl @@ -0,0 +1,28 @@ +{{/* vim: set filetype=mustache: */}} + + +{{/* +Return the proper cloudbeaver image name +*/}} +{{- define "cloudbeaver.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} +{{- end -}} + + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "cloudbeaver.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) -}} +{{- end -}} + +{{/* + Create the name of the service account to use + */}} +{{- define "cloudbeaver.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml new file mode 100644 index 00000000..c00c3656 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml @@ -0,0 +1,138 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + {{- if .Values.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "cloudbeaver.serviceAccountName" . }} + {{- include "cloudbeaver.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: cloudbeaver + image: {{ include "cloudbeaver.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + workingDir: /opt/drycc/cloudbeaver/ + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit (omit .Values.livenessProbe "enabled") "path") "context" $) | nindent 12 }} + httpGet: + path: {{ .Values.livenessProbe.path }} + port: http + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit (omit .Values.readinessProbe "enabled") "path") "context" $) | nindent 12 }} + httpGet: + path: {{ .Values.readinessProbe.path }} + port: http + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit (omit .Values.startupProbe "enabled") "path") "context" $) | nindent 12 }} + httpGet: + path: {{ .Values.startupProbe.path }} + port: http + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath | quote }} + volumes: +{{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- end }} +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + annotations: + {{- if .Values.persistence.annotations }} +{{ toYaml .Values.persistence.annotations | indent 8 }} + {{- end }} + labels: + application: {{ template "cloudbeaver.fullname" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + accessModes: +{{ toYaml .Values.persistence.accessModes | indent 8 }} + resources: + requests: + storage: "{{ .Values.persistence.size }}" + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} + {{- end }} + diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/extra-list.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/extra-list.yaml new file mode 100644 index 00000000..9ac65f9e --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/ingress.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/ingress.yaml new file mode 100644 index 00000000..a857fcea --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/ingress.yaml @@ -0,0 +1,63 @@ +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname | quote }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + {{- range .Values.ingress.extraHosts }} + - {{ .name }} + {{- end }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml new file mode 100644 index 00000000..7a36a217 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ printf "%s-binding" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations .Values.persistence.resourcePolicy }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.resourcePolicy }} + helm.sh/resource-policy: {{ .Values.persistence.resourcePolicy | quote }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} +{{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/serviceaccount.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/serviceaccount.yaml new file mode 100644 index 00000000..341c96f8 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "node.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/svc.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/svc.yaml new file mode 100644 index 00000000..bb846a3a --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/svc.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.service.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: http + port: {{ .Values.service.ports.http }} + targetPort: http + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml new file mode 100644 index 00000000..b2aafcc1 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml @@ -0,0 +1,44 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $ca := genCA "node-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls" .Values.ingress.hostname }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml new file mode 100644 index 00000000..19515399 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml @@ -0,0 +1,516 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + imagePullSecrets: [] + storageClass: "" + +## @section Common parameters + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param nameOverride String to partially override node.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override node.fullname template +## +fullnameOverride: "" +## @param namespaceOverride Override namespace for resources +## Useful when including Node as a chart dependency, so it can be released into a different namespace than the parent +## +namespaceOverride: "" +## @param commonLabels Add labels to all the deployed resources +## +commonLabels: {} +## @param commonAnnotations Add annotations to all the deployed resources +## +commonAnnotations: {} + +## @param command Override default container command (useful when using custom images) +## +command: "" +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param hostAliases Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param extraEnvVars Extra environment variables to be set on Node container +## For example: +## - name: BEARER_AUTH +## value: true +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra environment variables +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra environment variables +## +extraEnvVarsSecret: "" +## MongoDB® chart configuration +## ref: https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml +## + +## Bitnami node image version +## ref: https://hub.docker.com/r/bitnami/node/tags/ +## @param image.registry NodeJS image registry +## @param image.repository NodeJS image repository +## @param image.tag NodeJS image tag (immutable tags are recommended) +## @param image.digest NodeJS image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy NodeJS image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Set to true if you would like to see extra information on logs +## +image: + registry: registry.drycc.cc + repository: drycc-addons/cloudbeaver + tag: 23 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false +## @param replicaCount Specify the number of replicas for the application +## +replicaCount: 1 +## @param updateStrategy.type Strategy to use to replace existing pods. +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## Example: +## updateStrategy: +## type: RollingUpdate +## rollingUpdate: +## maxSurge: 25% +## maxUnavailable: 25% +## +updateStrategy: + type: RollingUpdate +## @param containerPorts.http Specify the port where your application will be running +## +containerPorts: + http: 8978 +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## @param nodeSelector Node labels for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param podAnnotations Additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podLabels Additional labels for Node pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) +## +extraDeploy: [] +## Enable diagnostic mode in the deployment(s)/statefulset(s) +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s) + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s) + ## + args: + - infinity +## Configure extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.path Request path for livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + path: '/' + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## Configure extra options for readiness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.path Request path for readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + path: '/' + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 3 + successThreshold: 1 +## Configure extra options for startup probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-startup-readiness-probes/#configure-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.path Request path for startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + path: '/' + initialDelaySeconds: 5 + periodSeconds: 3 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 +## @param customLivenessProbe Override default liveness probe +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe +## +customReadinessProbe: {} +## @param customStartupProbe Override default startup probe +## +customStartupProbe: {} +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods +## +topologySpreadConstraints: [] +## @param priorityClassName Node priorityClassName +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param schedulerName Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param terminationGracePeriodSeconds Seconds Airflow web pod needs to terminate gracefully +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +terminationGracePeriodSeconds: "" +## @param lifecycleHooks lifecycleHooks for the Node container to automate configuration before or after startup. +## +lifecycleHooks: {} +## @param sidecars Add sidecars to the Node pods +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +extraVolumes: [] +## @param extraVolumeMounts Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for node pod + ## + create: false + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the `common.names.fullname` template + name: "" + ## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. + ## Only used if `create` is `true`. + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## + automountServiceAccountToken: false +## SecurityContext configuration +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## @param containerSecurityContext.enabled Node Container securityContext +## @param containerSecurityContext.runAsUser User ID for the Node container +## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true +## @param podSecurityContext.enabled Enable security context for Node pods +## @param podSecurityContext.fsGroup Group ID for the volumes of the pod +## +podSecurityContext: + enabled: true + fsGroup: 1001 +## Node conatiners' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the Node container +## @param resources.requests The requested resources for the Node container +## +resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + requests: {} + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable persistence using PVC + ## + enabled: true + ## @param persistence.mountPath Path where the volume will be mount at. + ## + mountPath: /opt/drycc/cloudbeaver/workspace/ + ## @param persistence.subPath Subdirectory of the volume to mount + ## + subPath: "" + ## @param persistence.existingClaim Name of an existing PVC to use + ## + existingClaim: "" + ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted + resourcePolicy: "" + ## @param persistence.storageClass Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.accessModes PVC Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request + ## + size: 1Gi + ## @param persistence.annotations Annotations for the PVC + ## + annotations: {} + +## @section Traffic exposure parameters + +## Service parameters +## +service: + ## @param service.type Kubernetes Service type + ## + type: LoadBalancer + ## @param service.ports.http Kubernetes Service port + ## + ports: + http: 80 + ## @param service.clusterIP Service Cluster IP + ## + clusterIP: "" + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: 'None' + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## @param service.nodePorts.http NodePort if Service type is `LoadBalancer` or `NodePort` + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "" + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.loadBalancerIP LoadBalancer IP if Service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges In order to limit which client IP's can access the Network Load Balancer, specify loadBalancerSourceRanges + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-support + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Annotations for the Service + ## This can be used to set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} +## Configure the ingress resource that allows you to access the +## Node.js installation. Set up the URL +## ref: https://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## @param ingress.enabled Set to true to enable ingress record generation + ## + enabled: false + + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Override API Version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.hostname When the ingress is enabled, a host pointing to this will be created + ## + hostname: cloudbeaver.local + ## @param ingress.path The Path to Node.js. You may need to set this to '/*' in order to use this with ALB ingress controllers. + ## + path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter + ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} + ## You can use the ingress.secrets parameter to create this TLS secret or rely on cert-manager to create it + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: node.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - node.local + ## secretName: node.local-tls + ## + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: node.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] diff --git a/addons/cloudbeaver/23/meta.yaml b/addons/cloudbeaver/23/meta.yaml new file mode 100644 index 00000000..4d740156 --- /dev/null +++ b/addons/cloudbeaver/23/meta.yaml @@ -0,0 +1,20 @@ +name: cloudbeaver +version: 7.0 +id: b7cb26a4-b258-445c-860b-a664239a67f8 +description: "cloudbeaver" +displayName: "cloudbeaver" +metadata: + displayName: "cloudbeaver" + provider: + name: drycc + supportURL: http://cloudbeaver.io/ + documentationURL: https://github.com/drycc-addons/drycc-docker-redis +tags: cloudbeaver +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "networkPolicy.allowNamespaces" + description: "networkPolicy allowNamespaces config for values.yaml" +archive: false diff --git a/addons/cloudbeaver/23/plans/standard-5/bind.yaml b/addons/cloudbeaver/23/plans/standard-5/bind.yaml new file mode 100644 index 00000000..5ee51e2a --- /dev/null +++ b/addons/cloudbeaver/23/plans/standard-5/bind.yaml @@ -0,0 +1,20 @@ +credential: + {{- if (eq .Values.service.type "LoadBalancer") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: PORT + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .spec.ports[?(@.name=="http")].port }' + diff --git a/addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json b/addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/cloudbeaver/23/plans/standard-5/meta.yaml b/addons/cloudbeaver/23/plans/standard-5/meta.yaml new file mode 100644 index 00000000..3c070e39 --- /dev/null +++ b/addons/cloudbeaver/23/plans/standard-5/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-5" +id: 9d92b94d-c63e-47a8-ac91-352f511ef0a9 +description: "Cloudbeaver standard-5 plan: Disk 5Gi ,vCPUs 1 , RAM 2G" +displayName: "standard-5" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/cloudbeaver/23/plans/standard-5/values.yaml b/addons/cloudbeaver/23/plans/standard-5/values.yaml new file mode 100644 index 00000000..920f16ca --- /dev/null +++ b/addons/cloudbeaver/23/plans/standard-5/values.yaml @@ -0,0 +1,60 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-cloudbeaver-standard-10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## + +resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 1000m + memory: 1024Mi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 5Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} From b3e6351c760972192d8518e9d712a76ed931a92d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 30 Nov 2023 17:18:09 +0800 Subject: [PATCH 024/122] chore(addons): fix plan binds --- .../23/chart/cloudbeaver/values.yaml | 2 +- addons/cloudbeaver/23/meta.yaml | 10 +++--- addons/grafana/10/chart/grafana/values.yaml | 2 +- addons/grafana/10/meta.yaml | 20 +++++++++++ .../grafana/10/plans/standard-1-2/values.yaml | 7 ---- .../{standard-1-2 => standard-5}/bind.yaml | 29 ++++++++-------- .../{standard-1-2 => standard-5}/meta.yaml | 4 +-- .../grafana/10/plans/standard-5/values.yaml | 14 ++++++++ .../8.0/chart/mysql-cluster/values.yaml | 2 +- addons/mysql-cluster/8.0/meta.yaml | 4 ++- .../8.0/plans/standard-10/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-100/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-20/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-200/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-400/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-50/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-800/bind.yaml | 31 +++++++++-------- .../templates/svc-master.yaml | 2 +- .../templates/svc-relp.yaml | 2 +- .../postgresql-cluster/templates/svc.yaml | 2 +- .../15/chart/postgresql-cluster/values.yaml | 4 +-- addons/postgresql-cluster/15/meta.yaml | 8 ++++- .../15/plans/standard-10/bind.yaml | 31 +++++++++++------ .../15/plans/standard-100/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-20/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-200/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-400/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-50/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-800/bind.yaml | 33 ++++++++++++------- 29 files changed, 353 insertions(+), 205 deletions(-) create mode 100644 addons/grafana/10/meta.yaml delete mode 100644 addons/grafana/10/plans/standard-1-2/values.yaml rename addons/grafana/10/plans/{standard-1-2 => standard-5}/bind.yaml (58%) rename addons/grafana/10/plans/{standard-1-2 => standard-5}/meta.yaml (83%) create mode 100644 addons/grafana/10/plans/standard-5/values.yaml diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml index 19515399..149c69d3 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml @@ -358,7 +358,7 @@ persistence: - ReadWriteOnce ## @param persistence.size PVC Storage Request ## - size: 1Gi + size: 10Gi ## @param persistence.annotations Annotations for the PVC ## annotations: {} diff --git a/addons/cloudbeaver/23/meta.yaml b/addons/cloudbeaver/23/meta.yaml index 4d740156..b74fe7f5 100644 --- a/addons/cloudbeaver/23/meta.yaml +++ b/addons/cloudbeaver/23/meta.yaml @@ -1,5 +1,5 @@ name: cloudbeaver -version: 7.0 +version: 23 id: b7cb26a4-b258-445c-860b-a664239a67f8 description: "cloudbeaver" displayName: "cloudbeaver" @@ -8,13 +8,13 @@ metadata: provider: name: drycc supportURL: http://cloudbeaver.io/ - documentationURL: https://github.com/drycc-addons/drycc-docker-redis + documentationURL: https://github.com/drycc-addons/ tags: cloudbeaver bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: true +plan_updateable: false allow_parameters: -- name: "networkPolicy.allowNamespaces" - description: "networkPolicy allowNamespaces config for values.yaml" +- name: "service.type" + description: "service type config for values.yaml" archive: false diff --git a/addons/grafana/10/chart/grafana/values.yaml b/addons/grafana/10/chart/grafana/values.yaml index 9b029425..f18c0343 100644 --- a/addons/grafana/10/chart/grafana/values.yaml +++ b/addons/grafana/10/chart/grafana/values.yaml @@ -575,7 +575,7 @@ serviceAccount: service: ## @param service.type Kubernetes Service type ## - type: LoadBalancer + type: ClusterIP ## @param service.clusterIP Grafana service Cluster IP ## e.g.: ## clusterIP: None diff --git a/addons/grafana/10/meta.yaml b/addons/grafana/10/meta.yaml new file mode 100644 index 00000000..224ca287 --- /dev/null +++ b/addons/grafana/10/meta.yaml @@ -0,0 +1,20 @@ +name: Grafana +version: 7.0 +id: fff5b6c7-ed85-429b-8265-493e40cc53c7 +description: "grafana" +displayName: "grafana" +metadata: + displayName: "grafana" + provider: + name: drycc + supportURL: http://grafana.io/ + documentationURL: https://github.com/drycc-addons/ +tags: cloudbeaver +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: false +allow_parameters: +- name: "service.type" + description: "service type config for values.yaml" +archive: false diff --git a/addons/grafana/10/plans/standard-1-2/values.yaml b/addons/grafana/10/plans/standard-1-2/values.yaml deleted file mode 100644 index 840b3303..00000000 --- a/addons/grafana/10/plans/standard-1-2/values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-grafana-standard-10 - -server: - persistence: - size: 10Gi \ No newline at end of file diff --git a/addons/grafana/10/plans/standard-1-2/bind.yaml b/addons/grafana/10/plans/standard-5/bind.yaml similarity index 58% rename from addons/grafana/10/plans/standard-1-2/bind.yaml rename to addons/grafana/10/plans/standard-5/bind.yaml index 8b14d5a5..a41ae66e 100644 --- a/addons/grafana/10/plans/standard-1-2/bind.yaml +++ b/addons/grafana/10/plans/standard-5/bind.yaml @@ -1,29 +1,30 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host + - name: HOST valueFrom: serviceRef: name: {{ printf "%s-router" (include "common.names.fullname" .) }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: password + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-admin jsonpath: '{ .data.GF_SECURITY_ADMIN_PASSWORD }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-admin jsonpath: '{ .data.GF_SECURITY_ADMIN_USER }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - {{- end }} + - name: PORT + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .spec.ports[?(@.name=="http")].port }' diff --git a/addons/grafana/10/plans/standard-1-2/meta.yaml b/addons/grafana/10/plans/standard-5/meta.yaml similarity index 83% rename from addons/grafana/10/plans/standard-1-2/meta.yaml rename to addons/grafana/10/plans/standard-5/meta.yaml index 5facd66f..ae70fd93 100644 --- a/addons/grafana/10/plans/standard-1-2/meta.yaml +++ b/addons/grafana/10/plans/standard-5/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-10" +name: "standard-5" id: 2b455154-8725-482a-95b2-a193c180d9b5 -description: "grafana plan which limit 1c1g ,default persistence size 10Gi." +description: "grafana plan which limit 1c1g ,default persistence size 5Gi." displayName: "1C2G" bindable: true maximum_polling_duration: 1800 diff --git a/addons/grafana/10/plans/standard-5/values.yaml b/addons/grafana/10/plans/standard-5/values.yaml new file mode 100644 index 00000000..ce943f14 --- /dev/null +++ b/addons/grafana/10/plans/standard-5/values.yaml @@ -0,0 +1,14 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-grafana-standard-5 + +resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 1000m + memory: 1024Mi + +persistence: + size: 5Gi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index a33e364c..2c70143b 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -858,7 +858,7 @@ router: service: ## @param secondary.service.type MySQL secondary Kubernetes service type ## - type: LoadBalancer + type: ClusterIP ## @param secondary.service.ports.mysql MySQL secondary Kubernetes service port ## portrw: 3306 diff --git a/addons/mysql-cluster/8.0/meta.yaml b/addons/mysql-cluster/8.0/meta.yaml index 9394d02a..4d54dd35 100644 --- a/addons/mysql-cluster/8.0/meta.yaml +++ b/addons/mysql-cluster/8.0/meta.yaml @@ -13,8 +13,10 @@ tags: mysql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: true +plan_updateable: false allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" +- name: "router.service.type" + description: "service type config for values.yaml" archive: false diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml index 48dba13d..e162dc3b 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml @@ -12,7 +12,7 @@ metadata: cluster-name: {{ template "patroni.fullname" . }} role: master spec: - type: LoadBalancer + type: {{ .Value.service.type }} selector: application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml index ba50b3bd..adc82d13 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml @@ -12,7 +12,7 @@ metadata: cluster-name: {{ template "patroni.fullname" . }} role: replica spec: - type: LoadBalancer + type: {{ .Value.service.type }} selector: application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index 77ffd855..0922fb57 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -11,7 +11,7 @@ metadata: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: - type: LoadBalancer + type: {{ .Value.service.type }} ports: - port: 5432 targetPort: 5432 diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 451cb0ba..e3128f72 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -3,7 +3,7 @@ diagnosticMode: enable: false service: - type: LoadBalancer + type: ClusterIP image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 @@ -244,7 +244,7 @@ metrics: cpu: 100m memory: 512Mi walG: - # Specifies whether Wal-E should be enabled + # Specifies whether Wal-G should be enabled enabled: true # Cron schedule for doing base backups scheduleCronJob: "*/5 * * * *" diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index f7e21529..8a78429d 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -13,8 +13,14 @@ tags: postgresql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: true +plan_updateable: false allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" +- name: "service.type" + description: "service type config for values.yaml" +- name: "metrics.enabled" + description: "metrics enable or not config for values.yaml" +- name: "walG.enabled" + description: "backup enable or not config for values.yaml" archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index d48323b0..41676f6e 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,31 +1,42 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port + - name: PORT value: 5432 -{{- end }} diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml index 619e1429..a95ec5b2 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DATABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file From 657f6f459ff980432488029bca222af12f1dbc2d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Dec 2023 11:04:27 +0800 Subject: [PATCH 025/122] chore(prometheus): add auth --- addons/postgresql-cluster/15/meta.yaml | 4 +- .../2/chart/prometheus/templates/_helpers.tpl | 8 ++++ .../templates/server/configmap.yaml | 4 +- .../templates/server/deployment.yaml | 19 +++++++- .../prometheus/templates/server/sec.yaml | 14 ++++++ .../prometheus/2/chart/prometheus/values.yaml | 10 ++++- addons/prometheus/2/meta.yaml | 6 ++- .../prometheus/2/plans/standard-10/bind.yaml | 36 +++++++-------- .../2/plans/standard-10/values.yaml | 3 +- .../prometheus/2/plans/standard-50/bind.yaml | 44 +++++++------------ .../2/plans/standard-50/values.yaml | 3 +- 11 files changed, 94 insertions(+), 57 deletions(-) create mode 100644 addons/prometheus/2/chart/prometheus/templates/server/sec.yaml diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index 8a78429d..e870c5f5 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -20,7 +20,7 @@ allow_parameters: - name: "service.type" description: "service type config for values.yaml" - name: "metrics.enabled" - description: "metrics enable or not config for values.yaml" + description: "Whether to enable metrics. default true" - name: "walG.enabled" - description: "backup enable or not config for values.yaml" + description: "Whether to use S3 for backup your data. default true . ps: Make sure there is a available S3 " archive: false \ No newline at end of file diff --git a/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl b/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl index 9136398b..45a72ec7 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl @@ -108,6 +108,14 @@ Get the Prometheus configuration configmap key. {{- end -}} {{- end -}} +{{/* +Get the Prometheus Alertmanager configuration configmap key. +*/}} +{{- define "prometheus.serever.web.configmapKey" -}} +{{- printf "web-config.yaml" -}} +{{- end -}} + + {{/* Get the Prometheus Alertmanager configuration configmap key. */}} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml index 36d64f70..3c9703e8 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml @@ -17,7 +17,9 @@ metadata: {{- end }} data: {{ include "prometheus.server.configmapKey" . }}: - {{- include "common.tplvalues.render" (dict "value" .Values.server.configuration "context" $) | toYaml | nindent 4 }} + {{- include "common.tplvalues.render" (dict "value" .Values.server.configuration "context" $) | toYaml | nindent 4 }} + {{ include "prometheus.serever.web.configmapKey" .}}: + {{- include "common.tplvalues.render" (dict "value" .Values.server.webconfig "context" $) | toYaml | nindent 4 }} rules.yaml: {{- include "common.tplvalues.render" (dict "value" .Values.server.alertingRules "context" $) | toYaml | nindent 4 }} {{- end }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml index 8429060a..026b0139 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml @@ -114,13 +114,13 @@ spec: args: - "--config.file=/opt/drycc/prometheus/conf/{{ include "prometheus.server.configmapKey" . }}" - "--storage.tsdb.path={{ .Values.server.persistence.mountPath }}" - - "--storage.tsdb.retention.time={{ .Values.server.retention }}" - "--storage.tsdb.retention.size={{ .Values.server.retentionSize }}" - "--log.level={{ .Values.server.logLevel }}" - "--log.format={{ .Values.server.logFormat }}" - "--web.listen-address=:{{ .Values.server.containerPorts.http }}" - "--web.console.libraries=/opt/drycc/prometheus/conf/console_libraries" - "--web.console.templates=/opt/drycc/prometheus/conf/consoles" + - "--web.config.file=/opt/drycc/prometheus/conf/web-config.yaml" {{- if .Values.server.enableAdminAPI}} - "--web.enable-admin-api" {{- end }} @@ -141,6 +141,11 @@ spec: {{- if .Values.server.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraEnvVars "context" $) | nindent 12 }} {{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "prometheus.server.fullname" . }} + key: PASSWORD envFrom: {{- if .Values.server.extraEnvVarsCM }} - configMapRef: @@ -164,6 +169,9 @@ spec: httpGet: path: /-/healthy port: http + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.server.username .Values.server.password | b64enc }} {{- end }} {{- if .Values.server.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.server.customReadinessProbe "context" $) | nindent 12 }} @@ -172,13 +180,20 @@ spec: httpGet: path: /-/ready port: http + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.server.username .Values.server.password | b64enc }} {{- end }} {{- if .Values.server.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.server.customStartupProbe "context" $) | nindent 12 }} {{- else if .Values.server.startupProbe.enabled }} startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.server.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: + httpGet: + path: /-/ready port: http + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.server.username .Values.server.password | b64enc }} {{- end }} {{- end }} {{- if .Values.server.lifecycleHooks }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml b/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml new file mode 100644 index 00000000..fd0b368c --- /dev/null +++ b/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "prometheus.server.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "prometheus.server.fullname" . }} + chart: {{ template "prometheus.server.fullname" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "prometheus.server.fullname" . }} +type: Opaque +data: + PASSWORD: {{ if .Values.password | default "" | ne "" }} {{ .Values.service.password | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 21331135..f7f91f7e 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -80,7 +80,7 @@ ingress: ## @param alertmanager.image.pullSecrets Alertmanager image pull secrets ## alertmanager: - enabled: true + enabled: false image: registry: registry.drycc.cc repository: drycc-addons/alertmanager @@ -577,6 +577,8 @@ alertmanager: ## @param server.image.pullSecrets Prometheus image pull secrets ## server: + username: admin + password: admin image: registry: registry.drycc.cc repository: drycc-addons/prometheus @@ -599,6 +601,10 @@ server: ## @param server.configuration [string] Promethus configuration. This content will be stored in the the prometheus.yaml file and the content can be a template. ## ref: ## + webconfig : | + basic_auth_users: + {{ htpasswd .Values.server.username .Values.server.password | replace ":" ": "}} + configuration: | global: {{- if .Values.server.scrapeInterval }} @@ -703,7 +709,7 @@ server: ## @param server.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: - enabled: false + enabled: true initialDelaySeconds: 2 periodSeconds: 5 timeoutSeconds: 2 diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index ddf83945..7ac5e2af 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -13,8 +13,12 @@ tags: prometheus bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: true +plan_updateable: false allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" +- name: "server.username" + description: "set username . default amdin" +- name: "server.username" + description: "set passsword . default amdin" archive: false diff --git a/addons/prometheus/2/plans/standard-10/bind.yaml b/addons/prometheus/2/plans/standard-10/bind.yaml index c6efaaba..e453fade 100644 --- a/addons/prometheus/2/plans/standard-10/bind.yaml +++ b/addons/prometheus/2/plans/standard-10/bind.yaml @@ -1,28 +1,24 @@ credential: - {{- if (eq .Values.server.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: HOST valueFrom: serviceRef: - name: {{ printf "%s" (include "common.names.fullname" .) }} + name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: port - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .spec.ports.port }' - {{- end }} - -alertmanager - - {{- if (eq .Values.alertmanager.service.type "LoadBalancer") }} - - name: host +{{- else if (eq .Values.service.type "ClusterIP") }} + - name: HOST valueFrom: serviceRef: - name: {{ printf "%s" (include "common.names.fullname" .) }} - jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: port + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PORT valueFrom: - secretKeyRef: + serviceRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .spec.ports.port }' - {{- end }} \ No newline at end of file + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + valule: {{ .Values.server.username }} + - name: PASSWORD + valule: {{ .Values.server.password }} + {{- end }} diff --git a/addons/prometheus/2/plans/standard-10/values.yaml b/addons/prometheus/2/plans/standard-10/values.yaml index 3470d0d5..796ae97e 100644 --- a/addons/prometheus/2/plans/standard-10/values.yaml +++ b/addons/prometheus/2/plans/standard-10/values.yaml @@ -4,4 +4,5 @@ fullnameOverride: hb-prometheus-standard-10 server: persistence: - size: 10Gi \ No newline at end of file + size: 10Gi + retentionSize: 8Gi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-50/bind.yaml index 3e652f1c..e453fade 100644 --- a/addons/prometheus/2/plans/standard-50/bind.yaml +++ b/addons/prometheus/2/plans/standard-50/bind.yaml @@ -1,34 +1,24 @@ credential: - {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: HOST valueFrom: serviceRef: - name: {{ printf "%s" (include "common.names.fullname" .) }} + name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: database +{{- else if (eq .Values.service.type "ClusterIP") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - - name: password - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: username - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - - name: portro + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PORT valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' + serviceRef: + name: {{ template "common.names.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + valule: {{ .Values.server.username }} + - name: PASSWORD + valule: {{ .Values.server.password }} {{- end }} - diff --git a/addons/prometheus/2/plans/standard-50/values.yaml b/addons/prometheus/2/plans/standard-50/values.yaml index 0dc80c4f..69caeefa 100644 --- a/addons/prometheus/2/plans/standard-50/values.yaml +++ b/addons/prometheus/2/plans/standard-50/values.yaml @@ -4,4 +4,5 @@ fullnameOverride: hb-prometheus-standard-50 server: persistence: - size: 50Gi \ No newline at end of file + size: 50Gi + retentionSize: 48Gi \ No newline at end of file From 96cc9a69fcb9c5f01914aa868cc7308bbc0a700d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Dec 2023 11:21:52 +0800 Subject: [PATCH 026/122] fix(postgresql-cluster): service type nil --- .../15/chart/postgresql-cluster/templates/svc-master.yaml | 2 +- .../15/chart/postgresql-cluster/templates/svc-relp.yaml | 2 +- .../15/chart/postgresql-cluster/templates/svc.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml index e162dc3b..f3d20fd2 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml @@ -12,7 +12,7 @@ metadata: cluster-name: {{ template "patroni.fullname" . }} role: master spec: - type: {{ .Value.service.type }} + type: {{ .Values.service.type }} selector: application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml index adc82d13..252882b3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml @@ -12,7 +12,7 @@ metadata: cluster-name: {{ template "patroni.fullname" . }} role: replica spec: - type: {{ .Value.service.type }} + type: {{ .Values.service.type }} selector: application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index 0922fb57..3644db78 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -11,7 +11,7 @@ metadata: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: - type: {{ .Value.service.type }} + type: {{ .Values.service.type }} ports: - port: 5432 targetPort: 5432 From 510b272277191288ac5288cd7a1e01f085fa2762 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Dec 2023 11:31:45 +0800 Subject: [PATCH 027/122] fix(cloudbeaver): labels application --- .../cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml index c00c3656..2b1fe314 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml @@ -118,7 +118,7 @@ spec: {{ toYaml .Values.persistence.annotations | indent 8 }} {{- end }} labels: - application: {{ template "cloudbeaver.fullname" . }} + application: {{ include "common.names.fullname" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: From 735f5376937aa661b37206593f89a4731bfecde9 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 5 Dec 2023 11:31:10 +0800 Subject: [PATCH 028/122] fix(postgresql-cluster): plans describe typo --- addons/index.yaml | 3 +++ .../15/chart/postgresql-cluster/values.yaml | 6 +++++- addons/postgresql-cluster/15/meta.yaml | 6 ++++++ addons/postgresql-cluster/15/plans/standard-100/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-20/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-200/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-400/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-50/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-800/meta.yaml | 2 +- 9 files changed, 20 insertions(+), 7 deletions(-) diff --git a/addons/index.yaml b/addons/index.yaml index 75ec5191..fb67bcb2 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -1,5 +1,8 @@ apiVersion: v1 entries: + cloudbeaver: + - version: 23 + description: "Cloud Database Manager." mysql-cluster: - version: 8.0 description: "The world's most popular open source database cluster." diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index e3128f72..960735da 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -82,7 +82,11 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s + {{- if .Values.walG.enabled }} archive_command: sh /opt/drycc/postgresql/walbackup.sh %p + {{- else }} + archive_command: /bin/true + {{- end }} # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -245,7 +249,7 @@ metrics: memory: 512Mi walG: # Specifies whether Wal-G should be enabled - enabled: true + enabled: false # Cron schedule for doing base backups scheduleCronJob: "*/5 * * * *" # Amount of base backups to retain diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index 1b5450bc..a9bfe787 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -23,4 +23,10 @@ allow_parameters: description: "Whether to enable metrics. default true" - name: "walG.enabled" description: "Whether to use S3 for backup your data. default true . ps: Make sure there is a available S3 " +- name: "walG.s3.awsAccessKeyID" + description: "S3 awsAccessKeyID" +- name: "walG.s3.awsSecretAccessKey" + description: "S3 awsSecretAccessKey" +- name: "walG.s3.walGS3Prefix" + description: "S3 walGS3Prefix : etc . s3://bucket001" archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml index 8b3352c9..699f4aaa 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml @@ -1,6 +1,6 @@ name: "standard-100" id: c44160a6-5ec4-49e5-af1e-a1c1676871cf -description: "Mysql Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" displayName: "standard-100" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml index e9580d73..0f67097a 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml @@ -1,6 +1,6 @@ name: "standard-20" id: edf8bdfe-b1dc-4f41-b042-801153794df7 -description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +description: "PostgreSQL Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" displayName: "standard-20" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml index 89b4292b..cbfb48ce 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml @@ -1,6 +1,6 @@ name: "standard-200" id: a2160ac2-6c35-4162-b8a2-8dfb2e01816f -description: "Mysql Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" displayName: "standard-200" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml index b9472699..8ec2aacb 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml @@ -1,6 +1,6 @@ name: "standard-400" id: 16bfd3a8-1080-4731-93d0-bd90e6ba6dad -description: "Mysql Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" displayName: "standard-400" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml index 9fbb08f1..29e67ad5 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml @@ -1,6 +1,6 @@ name: "standard-50" id: 0542f411-4e7b-46af-966c-c9989e54873c -description: "Mysql Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +description: "PostgreSQL standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" displayName: "standard-50" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml index 1748ac9e..72ab5126 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml @@ -1,6 +1,6 @@ name: "standard-800" id: 60f37e20-e69e-4f6f-9cce-e43caec34963 -description: "Mysql Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" displayName: "standard-800" bindable: true maximum_polling_duration: 1800 From 4efae114771740f61ff1c84642691ac9ee563879 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 8 Dec 2023 14:02:13 +0800 Subject: [PATCH 029/122] chore(postgresql-cluster): allow dyrcc params --- .../15/chart/postgresql-cluster/README.md | 164 ++---------------- .../postgresql-cluster/templates/_helpers.tpl | 34 ++-- .../postgresql-cluster/templates/cronjob.yaml | 2 +- .../templates/networkpolicy.yaml | 2 +- .../postgresql-cluster/templates/sec.yaml | 6 +- .../templates/statefulset.yaml | 10 +- .../15/chart/postgresql-cluster/values.yaml | 20 ++- addons/postgresql-cluster/15/meta.yaml | 10 +- .../15/plans/standard-10/values.yaml | 2 +- .../15/plans/standard-100/values.yaml | 1 - .../15/plans/standard-20/values.yaml | 2 +- .../15/plans/standard-200/values.yaml | 1 - .../15/plans/standard-50/values.yaml | 1 - 13 files changed, 61 insertions(+), 194 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 8d44fca1..3bab0f21 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -1,151 +1,17 @@ -# ⚠️ Repo Archive Notice -As of Nov 13, 2020, charts in this repo will no longer be updated. -For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/). - -# Patroni Helm Chart - -This directory contains a Kubernetes chart to deploy a five node [Patroni](https://github.com/zalando/patroni/) cluster using a [Spilo](https://github.com/zalando/spilo) and a StatefulSet. - - -## Prerequisites Details -* Kubernetes 1.9+ -* PV support on the underlying infrastructure - -## StatefulSet Details -* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ - -## StatefulSet Caveats -* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations - - -## Chart Details -This chart will do the following: - -* Implement a HA scalable PostgreSQL 10 cluster using a Kubernetes StatefulSet. - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add -$ helm dependency update -$ helm install --name my-release postgresql-cluster -``` - -To install the chart with randomly generated passwords: - -```console -$ helm install --name my-release postgresql-cluster \ - --set credentials.superuser="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.admin="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.standby="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)" -``` - -## Connecting to PostgreSQL - -Your access point is a cluster IP. In order to access it spin up another pod: - -```console -$ kubectl run -i --tty --rm psql --image=postgres --restart=Never -- bash -il -``` - -Then, from inside the pod, connect to PostgreSQL: - -```console -$ psql -U admin -h my-release-patroni.default.svc.cluster.local postgres - -postgres=> -``` - -## Configuration - -The following table lists the configurable parameters of the patroni chart and their default values. - -| Parameter | Description | Default | -|-----------------------------------|---------------------------------------------|-----------------------------------------------------| -| `nameOverride` | Override the name of the chart | `nil` | -| `fullnameOverride` | Override the fullname of the chart | `nil` | -| `replicaCount` | Amount of pods to spawn | `5` | -| `image.repository` | The image to pull | `registry.opensource.zalan.do/acid/spilo-10` | -| `image.tag` | The version of the image to pull | `1.5-p5` | -| `image.pullPolicy` | The pull policy | `IfNotPresent` | -| `credentials.superuser` | Password of the superuser | `tea` | -| `credentials.admin` | Password of the admin | `cola` | -| `credentials.standby` | Password of the replication user | `pinacolada` | -| `kubernetes.dcs.enable` | Using Kubernetes as DCS | `true` | -| `kubernetes.configmaps.enable` | Using Kubernetes configmaps instead of endpoints | `false` | -| `etcd.enable` | Using etcd as DCS | `false` | -| `etcd.deployChart` | Deploy etcd chart | `false` | -| `etcd.host` | Host name of etcd cluster | `nil` | -| `etcd.discovery` | Domain name of etcd cluster | `nil` | -| `zookeeper.enable` | Using ZooKeeper as DCS | `false` | -| `zookeeper.deployChart` | Deploy ZooKeeper chart | `false` | -| `zookeeper.hosts` | List of ZooKeeper cluster members | `host1:port1,host2:port,etc...` | -| `consul.enable` | Using Consul as DCS | `false` | -| `consul.deployChart` | Deploy Consul chart | `false` | -| `consul.host` | Host name of consul cluster | `nil` | -| `env` | Extra custom environment variables | `{}` | -| `walE.enable` | Use of Wal-E tool for base backup/restore | `false` | -| `walE.scheduleCronJob` | Schedule of Wal-E backups | `00 01 * * *` | -| `walE.retainBackups` | Number of base backups to retain | `2` | -| `walE.s3Bucket:` | Amazon S3 bucket used for wal-e backups | `nil` | -| `walE.gcsBucket` | GCS storage used for Wal-E backups | `nil` | -| `walE.kubernetesSecret` | K8s secret name for provider bucket | `nil` | -| `walE.backupThresholdMegabytes` | Maximum size of the WAL segments accumulated after the base backup to consider WAL-E restore instead of pg_basebackup | `1024` | -| `walE.backupThresholdPercentage` | Maximum ratio (in percents) of the accumulated WAL files to the base backup to consider WAL-E restore instead of pg_basebackup | `30` | -| `resources` | Any resources you wish to assign to the pod | `{}` | -| `nodeSelector` | Node label to use for scheduling | `{}` | -| `tolerations` | List of node taints to tolerate | `[]` | -| `affinityTemplate` | A template string to use to generate the affinity settings | Anti-affinity preferred on hostname | -| `affinity` | Affinity settings. Overrides `affinityTemplate` if set. | `{}` | -| `schedulerName` | Alternate scheduler name | `nil` | -| `persistentVolume.accessModes` | Persistent Volume access modes | `[ReadWriteOnce]` | -| `persistentVolume.annotations` | Annotations for Persistent Volume Claim` | `{}` | -| `persistentVolume.mountPath` | Persistent Volume mount root path | `/home/postgres/pgdata` | -| `persistentVolume.size` | Persistent Volume size | `2Gi` | -| `persistentVolume.storageClass` | Persistent Volume Storage Class | `volume.alpha.kubernetes.io/storage-class: default` | -| `persistentVolume.subPath` | Subdirectory of Persistent Volume to mount | `""` | -| `rbac.create` | Create required role and rolebindings | `true` | -| `serviceAccount.create` | If true, create a new service account | `true` | -| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `nil` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install --name my-release -f values.yaml incubator/patroni -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Cleanup - -To remove the spawned pods you can run a simple `helm delete `. - -Helm will however preserve created persistent volume claims, -to also remove them execute the commands below. - -```console -$ release= -$ helm delete $release -$ kubectl delete pvc -l release=$release -``` - -## Internals - -Patroni is responsible for electing a PostgreSQL master pod by leveraging the -DCS of your choice. After election it adds a `spilo-role=master` label to the -elected master and set the label to `spilo-role=replica` for all replicas. -Simultaneously it will update the `-patroni` endpoint to let the -service route traffic to the elected master. - -```console -$ kubectl get pods -l spilo-role -L spilo-role -NAME READY STATUS RESTARTS AGE SPILO-ROLE -my-release-patroni-0 1/1 Running 0 9m replica -my-release-patroni-1 1/1 Running 0 9m master -my-release-patroni-2 1/1 Running 0 8m replica -my-release-patroni-3 1/1 Running 0 8m replica -my-release-patroni-4 1/1 Running 0 8m replica ``` +dataname: + dbname: dbn + username: admin + password: R3Dv0NEmwZkhhz +networkPolicy.allowNamespaces: + - mx-test1 +service.type: ClusterIP +metrics.enabled: true +backup: + enabled: true + s3: + awsAccessKeyID: DO9l771LqiwZkhhz + awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn + walGS3Prefix: mx-test +``` \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index 1e4e50bc..feddfa57 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -46,7 +46,7 @@ Create the name of the service account to use. Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature */}} {{- define "patroni.createCronJob" -}} -{{- if and .Values.walG.enabled }} +{{- if and .Values.backup.enabled }} {{- true -}} {{- else -}} {{- end -}} @@ -143,35 +143,35 @@ Create patroni envs. {{/* Create walg envs. */}} -{{- define "walg.envs" }} -{{- if .Values.walG.enabled }} +{{- define "backup.envs" }} +{{- if .Values.backup.enabled }} - name: USE_WALG - value: {{ .Values.walG.enabled | quote }} -{{- if .Values.walG.retainBackups }} + value: {{ .Values.backup.enabled | quote }} +{{- if .Values.backup.retainBackups }} - name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.walG.retainBackups | quote}} + value: {{ .Values.backup.retainBackups | quote}} {{- end }} -{{- if .Values.walG.backupThresholdMegabytes }} +{{- if .Values.backup.backupThresholdMegabytes }} - name: WALG_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.walG.backupThresholdMegabytes | quote }} + value: {{ .Values.backup.backupThresholdMegabytes | quote }} {{- end }} -{{- if .Values.walG.backupThresholdPercentage }} +{{- if .Values.backup.backupThresholdPercentage }} - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.walG.backupThresholdPercentage | quote }} + value: {{ .Values.backup.backupThresholdPercentage | quote }} {{- end }} -{{- if .Values.walG.s3.used }} +{{- if .Values.backup.s3.used }} - name: AWS_ACCESS_KEY_ID - value: {{ .Values.walG.s3.awsAccessKeyID | quote }} + value: {{ .Values.backup.s3.awsAccessKeyID | quote }} - name: AWS_SECRET_ACCESS_KEY - value: {{ .Values.walG.s3.awsSecretAccessKey | quote }} + value: {{ .Values.backup.s3.awsSecretAccessKey | quote }} - name: WALG_S3_PREFIX - value: {{ .Values.walG.s3.walGS3Prefix | quote }} + value: {{ .Values.backup.s3.walGS3Prefix | quote }} - name: AWS_ENDPOINT - value: {{ .Values.walG.s3.awsEndpoint | quote }} + value: {{ .Values.backup.s3.awsEndpoint | quote }} - name: AWS_S3_FORCE_PATH_STYLE - value: {{ .Values.walG.s3.awsS3ForcePathStyle | quote }} + value: {{ .Values.backup.s3.awsS3ForcePathStyle | quote }} - name: AWS_REGION - value: {{ .Values.walG.s3.awsRegion | quote }} + value: {{ .Values.backup.s3.awsRegion | quote }} {{- end }} {{- else }} - name: USE_WALG diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml index 39c08de3..41e42886 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml @@ -19,7 +19,7 @@ metadata: {{- end }} spec: - schedule: "{{ .Values.walG.scheduleCronJob }}" + schedule: "{{ .Values.backup.scheduleCronJob }}" failedJobsHistoryLimit: 1 successfulJobsHistoryLimit: 1 jobTemplate: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index 8b429517..dfad66c3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -23,7 +23,7 @@ spec: - port: 5432 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.containerPort }} - {{ end }} `` + {{ end }} {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 306e93e7..0a5ed63b 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -14,6 +14,6 @@ data: password-superuser: {{ .Values.credentials.superuser | b64enc }} password-rewind: {{ .Values.credentials.rewind | b64enc }} password-replication: {{ .Values.credentials.replication | b64enc }} - data-user: {{ .Values.dataname.username | b64enc }} - data-name: {{ .Values.dataname.dbname | b64enc }} - data-password: {{ .Values.dataname.password | b64enc }} + data-user: {{ .Values.database.username | b64enc }} + data-name: {{ .Values.database.dbname | b64enc }} + data-password: {{ .Values.database.password | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 0d1ed21a..98ded996 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -56,8 +56,8 @@ spec: # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} - {{- if .Values.walG.enabled }} - {{- include "walg.envs" . | indent 8 }} + {{- if .Values.backup.enabled }} + {{- include "backup.envs" . | indent 8 }} {{- end }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} @@ -127,7 +127,7 @@ spec: {{- end }} env: - name: DATA_SOURCE_NAME - value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/%s?sslmode=disable" $.Values.dataname.dbname }} + value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/%s?sslmode=disable" $.Values.database.dbname }} ports: - name: http-metrics containerPort: {{ .Values.metrics.containerPort }} @@ -161,7 +161,7 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.walG.enabled }} + {{- if .Values.backup.enabled }} - name: {{ .Chart.Name }}-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -175,7 +175,7 @@ spec: - | python3 /opt/drycc/postgresql/pgbackup.py 0.0.0.0 9000 env: - {{- include "walg.envs" . | indent 8 }} + {{- include "backup.envs" . | indent 8 }} - name: PGHOST value: localhost - name: PGPASSWORD diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 960735da..d7b24deb 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -21,7 +21,7 @@ credentials: rewind: cola replication: reppasswd -dataname: +database: dbname: db1 username: us1 password: 111w @@ -82,7 +82,7 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s - {{- if .Values.walG.enabled }} + {{- if .Values.backup.enabled }} archive_command: sh /opt/drycc/postgresql/walbackup.sh %p {{- else }} archive_command: /bin/true @@ -243,15 +243,15 @@ metrics: limits: cpu: 100m memory: 512Mi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 20Mi requests: cpu: 100m memory: 512Mi -walG: +backup: # Specifies whether Wal-G should be enabled - enabled: false + enabled: true # Cron schedule for doing base backups - scheduleCronJob: "*/5 * * * *" + scheduleCronJob: "20 0 * * 0" # Amount of base backups to retain retainBackups: 2 # Name of the secret that holds the credentials to the bucket @@ -271,8 +271,9 @@ walG: awsS3ForcePathStyle: "true" awsRegion: dx-1 + persistentVolume: - enabled: false + enabled: true size: 10G ## database data Persistent Volume Storage Class ## If defined, storageClassName: @@ -338,7 +339,7 @@ serviceAccount: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: false + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port Postgresql is listening @@ -346,4 +347,5 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: [] \ No newline at end of file + allowNamespaces: + - mx-test1 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index a9bfe787..28de1baf 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -15,18 +15,20 @@ instances_retrievable: true bindings_retrievable: true plan_updateable: false allow_parameters: +- name: "dataname" + description: "database config for values.yaml" - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" - name: "metrics.enabled" description: "Whether to enable metrics. default true" -- name: "walG.enabled" +- name: "backup.enabled" description: "Whether to use S3 for backup your data. default true . ps: Make sure there is a available S3 " -- name: "walG.s3.awsAccessKeyID" +- name: "backup.s3.awsAccessKeyID" description: "S3 awsAccessKeyID" -- name: "walG.s3.awsSecretAccessKey" +- name: "backup.s3.awsSecretAccessKey" description: "S3 awsSecretAccessKey" -- name: "walG.s3.walGS3Prefix" +- name: "backup.s3.walGS3Prefix" description: "S3 walGS3Prefix : etc . s3://bucket001" archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index b6037e16..94917aff 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -65,7 +65,7 @@ resources: limits: cpu: 1000m memory: 2Gi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 4Mi requests: cpu: 1000m memory: 2Gi diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index c937e07a..2f4c4841 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -66,7 +66,6 @@ resources: limits: cpu: 4000m memory: 16Gi - # hugepages-2Mi: 4Mi requests: cpu: 4000m memory: 16Gi diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index f460d01f..3ef08abf 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -67,7 +67,7 @@ resources: limits: cpu: 2000m memory: 4Gi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 20Mi requests: cpu: 2000m memory: 4Gi diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index 9db720e6..5e9d641b 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -65,7 +65,6 @@ resources: limits: cpu: 8000m memory: 32Gi - # hugepages-2Mi: 4Mi requests: cpu: 8000m memory: 32Gi diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml index fbf8db1f..046e87ea 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -66,7 +66,6 @@ resources: limits: cpu: 2000m memory: 8Gi - # hugepages-2Mi: 4Mi requests: cpu: 2000m memory: 8Gi From 76fff18415ba80187b22ee13195d5b192da77765 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 11 Dec 2023 11:46:05 +0800 Subject: [PATCH 030/122] chore(postgresql-cluster): generate password random --- .../15/chart/postgresql-cluster/README.md | 83 +++++++++++++++-- .../postgresql-cluster/templates/_helpers.tpl | 88 +++++++++++++++---- .../postgresql-cluster/templates/sec.yaml | 13 ++- .../15/chart/postgresql-cluster/values.yaml | 50 +++++------ addons/postgresql-cluster/15/meta.yaml | 14 +-- 5 files changed, 184 insertions(+), 64 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 3bab0f21..9bc0f18b 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -1,17 +1,90 @@ +## CREATE PG INSTANCE ``` -dataname: - dbname: dbn - username: admin - password: R3Dv0NEmwZkhhz +# create or update pg instance template yaml networkPolicy.allowNamespaces: - mx-test1 service.type: ClusterIP metrics.enabled: true backup: + # whether BackUP should be enabled enabled: true + # Cron schedule for doing base backups + scheduleCronJob: "20 0 * * 0" + Amount of base backups to retain + retainBackups: 2 s3: awsAccessKeyID: DO9l771LqiwZkhhz awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn walGS3Prefix: mx-test -``` \ No newline at end of file +``` + +## Create app user and database + +- Login PG with admin user & password + +- CREATE APP USER +``` +CREATE USER `my_user` WITH CONNECTION LIMIT `conn_limit` LOGIN ENCRYPTED PASSWORD 'password'; +``` +- CREATE APP DATABASE +``` +CREATE DATABASE `my_db` OWNER `my_user`; +``` +- CREATE EXTENSIONS +``` +CREATE EXTENSION pg_buffercache; +``` + +## Network Access + +Default access allow policy: only namespace scope. + +- allow `mx-test1` namespace access +``` +networkPolicy.allowNamespaces: + - mx-test1 +``` + + - Assign external network IP address +``` + service.type: LoadBlance +``` + + ## Manger backup your data `Very important` + +`Strongly recommend enabling this feature.` +`Strongly recommend enabling this feature.` +`Strongly recommend enabling this feature.` + +PG data backup use S3 as backenp store. Choose an independent storage space `outside of the current environment` as your backup space. +``` +backup: + # whether BackUP should be enabled + enabled: true + # Cron schedule for doing base backups + scheduleCronJob: "20 0 * * 0" + Amount of base backups to retain + retainBackups: 2 + s3: + awsAccessKeyID: DO9l771LqiwZkhhz + awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn + walGS3Prefix: mx-test +``` + +You can modify multiple content at once, there is no need to modify part of it each time. + +# Plans + +| Resource Specification | Cores | MEMORY | Storage SIZE | +| :---: | :---: | :---: | :---: | +| standard-10 | 1C | 2G | 10G | +| standard-20 | 2C | 4G | 20G | +| standard-50 | 2C | 8G | 50G | +| standard-100 | 4C | 16G | 100G | +| standard-200 | 8C | 32G | 200G | +| standard-400 | 16C | 64G | 400G | +| standard-800 | 32C | 128G | 800G | + +In order to obtain a better experience, it is recommended not to exceed 80% usage of resource utilization for a long period of time. If there is a need for larger resource scale, please apply for private customization. + diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index feddfa57..b11ff28e 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -107,6 +107,16 @@ Create patroni envs. secretKeyRef: name: {{ template "patroni.fullname" . }} key: password-rewind +- name: ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: admin-user +- name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: admin-password - name: PATRONI_SCOPE value: {{ template "patroni.fullname" . }} - name: PATRONI_NAME @@ -123,21 +133,6 @@ Create patroni envs. value: '0.0.0.0:5432' - name: PATRONI_RESTAPI_LISTEN value: '0.0.0.0:8008' -- name: DATABASE_NAME - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: data-name -- name: DATABASE_USER - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: data-user -- name: DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: data-password {{- end -}} {{/* @@ -178,3 +173,66 @@ Create walg envs. value: "" {{- end }} {{- end }} + +{{/* +Generate random password +*/}} + +{{/* +Get the super user password ; +*/}} +{{- define "credentials.superuserValue" }} +{{- if .Values.credentials.superuser }} + {{- .Values.credentials.superuser -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-superuser") -}} +{{- end -}} +{{- end }} + +{{/* +Get the rewind password ; +*/}} +{{- define "credentials.rewindValue" }} +{{- if .Values.credentials.rewind }} + {{- .Values.credentials.rewind -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-rewind") -}} +{{- end -}} +{{- end }} + +{{/* +Get the replication password ; +*/}} +{{- define "credentials.replicationValue" }} +{{- if .Values.credentials.replication }} + {{- .Values.credentials.replication -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} +{{- end -}} +{{- end }} + +{{/* +Get the administrator password ; +*/}} +{{- define "adminRole.passwordValue" }} +{{- if .Values.adminRole.password }} + {{- .Values.adminRole.password -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} +{{- end -}} +{{- end }} + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} +{{- $len := (default 16 .Length) | int -}} +{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $obj }} +{{- index $obj .Key | b64dec -}} +{{- else -}} +{{- randAlphaNum $len -}} +{{- end -}} +{{- end }} + diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 0a5ed63b..8c94ae26 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -10,10 +10,9 @@ metadata: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} type: Opaque -data: - password-superuser: {{ .Values.credentials.superuser | b64enc }} - password-rewind: {{ .Values.credentials.rewind | b64enc }} - password-replication: {{ .Values.credentials.replication | b64enc }} - data-user: {{ .Values.database.username | b64enc }} - data-name: {{ .Values.database.dbname | b64enc }} - data-password: {{ .Values.database.password | b64enc }} +data: + password-superuser: {{ include "credentials.superuserValue" . | b64enc | quote }} + password-rewind: {{ include "credentials.rewindValue" . | b64enc | quote }} + password-replication: {{ include "credentials.replicationValue" . | b64enc | quote }} + admin-user: {{ .Values.adminRole.username | b64enc }} + admin-password: {{ .Values.adminRole.password | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index d7b24deb..389451ec 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -17,14 +17,13 @@ image: # https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql # https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst credentials: - superuser: tea - rewind: cola - replication: reppasswd + superuser: "" + rewind: "" + replication: "" -database: - dbname: db1 - username: us1 - password: 111w +adminRole: + username: administrator + password: "" # Distribution Configuration stores # Please note that only one of the following stores should be enabled. @@ -126,22 +125,21 @@ postInitScript: | #!/bin/bash set -Eeu # Create monitor user - psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" - # Create init database & user - if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then - echo "Creating user ${DATABASE_USER}" - psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" - echo "Creating database ${DATABASE_NAME} " - psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" - psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" - psql -w -c "CHECKPOINT;CHECKPOINT;" + psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor;create extension pg_stat_statements;create extension pg_buffercache ;" + # Create admin user + if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then + echo "Creating user ${ADMIN_USER}" + # psql -w -c "CREATE USER ${ADMIN_USER} WITH NOSUPERUSER CREATEDB CREATEROLE REPLICATION CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" else - echo "Skipping user creation" - echo "Skipping database creation" + echo "Skipping create admin user" fi + psql -w -c "CHECKPOINT;CHECKPOINT;" + #norm user + # + # postgresql: config: |- - log_min_duration_statement = 1008 + log_min_duration_statement = 1000 max_wal_size = 4GB min_wal_size = 4GB max_connections = 1005 @@ -249,7 +247,7 @@ metrics: memory: 512Mi backup: # Specifies whether Wal-G should be enabled - enabled: true + enabled: false # Cron schedule for doing base backups scheduleCronJob: "20 0 * * 0" # Amount of base backups to retain @@ -257,17 +255,17 @@ backup: # Name of the secret that holds the credentials to the bucket kubernetesSecret: # Maximum size of the WAL segments accumulated after the base backup to - # consider WAL-E restore instead of pg_basebackup + # consider WAL-G restore instead of pg_basebackup backupThresholdMegabytes: 1024 # Maximum ratio (in percents) of the accumulated WAL files to the base backup - # to consider WAL-E restore instead of pg_basebackup + # to consider WAL-G restore instead of pg_basebackup backupThresholdPercentage: 30 s3: used: true - awsAccessKeyID: "minioadmin" - awsSecretAccessKey: "minioadmin" - walGS3Prefix: "s3://pg1" - awsEndpoint: "http://10.10.2.11:9000" + awsAccessKeyID: "" + awsSecretAccessKey: "" + walGS3Prefix: "s3://xx" + awsEndpoint: "http://xxxx:9000" awsS3ForcePathStyle: "true" awsRegion: dx-1 diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index 28de1baf..5185d109 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -13,22 +13,14 @@ tags: postgresql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: -- name: "dataname" - description: "database config for values.yaml" - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" - name: "metrics.enabled" description: "Whether to enable metrics. default true" -- name: "backup.enabled" - description: "Whether to use S3 for backup your data. default true . ps: Make sure there is a available S3 " -- name: "backup.s3.awsAccessKeyID" - description: "S3 awsAccessKeyID" -- name: "backup.s3.awsSecretAccessKey" - description: "S3 awsSecretAccessKey" -- name: "backup.s3.walGS3Prefix" - description: "S3 walGS3Prefix : etc . s3://bucket001" +- name: "backup" + description: "Whether to use S3 for backup your data. default false . ps: Make sure there is a available S3 " archive: false \ No newline at end of file From 2e6b61a3680b9454a899c15d0361f03876f4e8e2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 11 Dec 2023 14:46:51 +0800 Subject: [PATCH 031/122] chore(postgresql-cluster): Adjust backup strategy --- .../15/chart/postgresql-cluster/README.md | 2 +- .../postgresql-cluster/templates/_helpers.tpl | 43 +++---------------- .../templates/cm-backup.yaml | 22 ++++++++++ .../templates/statefulset.yaml | 10 +++-- .../15/chart/postgresql-cluster/values.yaml | 24 +++++++---- 5 files changed, 51 insertions(+), 50 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 9bc0f18b..70d31e0c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -74,7 +74,7 @@ backup: You can modify multiple content at once, there is no need to modify part of it each time. -# Plans +## Plans | Resource Specification | Cores | MEMORY | Storage SIZE | | :---: | :---: | :---: | :---: | diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index b11ff28e..e3bedca5 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -136,43 +136,14 @@ Create patroni envs. {{- end -}} {{/* -Create walg envs. +Return true if a configmap object should be created for PG backup. */}} -{{- define "backup.envs" }} -{{- if .Values.backup.enabled }} -- name: USE_WALG - value: {{ .Values.backup.enabled | quote }} -{{- if .Values.backup.retainBackups }} -- name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.backup.retainBackups | quote}} -{{- end }} -{{- if .Values.backup.backupThresholdMegabytes }} -- name: WALG_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.backup.backupThresholdMegabytes | quote }} -{{- end }} -{{- if .Values.backup.backupThresholdPercentage }} -- name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.backup.backupThresholdPercentage | quote }} -{{- end }} -{{- if .Values.backup.s3.used }} -- name: AWS_ACCESS_KEY_ID - value: {{ .Values.backup.s3.awsAccessKeyID | quote }} -- name: AWS_SECRET_ACCESS_KEY - value: {{ .Values.backup.s3.awsSecretAccessKey | quote }} -- name: WALG_S3_PREFIX - value: {{ .Values.backup.s3.walGS3Prefix | quote }} -- name: AWS_ENDPOINT - value: {{ .Values.backup.s3.awsEndpoint | quote }} -- name: AWS_S3_FORCE_PATH_STYLE - value: {{ .Values.backup.s3.awsS3ForcePathStyle | quote }} -- name: AWS_REGION - value: {{ .Values.backup.s3.awsRegion | quote }} -{{- end }} -{{- else }} -- name: USE_WALG - value: "" -{{- end }} -{{- end }} +{{- define "backup.createConfigmap" -}} +{{- if and .Values.backup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} {{/* Generate random password diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml new file mode 100644 index 00000000..b7eb7331 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml @@ -0,0 +1,22 @@ +{{- if (include "backup.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + backup.env: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} + # archive_command.sh: | - + # #/bin/bash + # source backup.env + # [ $USE_WALG ] ? sh /opt/drycc/postgresql/walbackup.sh %p : /bin/true +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 98ded996..036f8b80 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -56,9 +56,6 @@ spec: # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} - {{- if .Values.backup.enabled }} - {{- include "backup.envs" . | indent 8 }} - {{- end }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} - name: {{ $key | quote | upper }} @@ -110,6 +107,9 @@ spec: - mountPath: "/opt/drycc/postgresql/config/" name: postgresql-config # readOnly: true + - mountPath: "/opt/drycc/postgresql/backup/" + name: postgresql-backup + # readOnly: true resources: {{ toYaml .Values.resources | indent 10 }} {{- if .Values.metrics.enabled }} @@ -175,7 +175,6 @@ spec: - | python3 /opt/drycc/postgresql/pgbackup.py 0.0.0.0 9000 env: - {{- include "backup.envs" . | indent 8 }} - name: PGHOST value: localhost - name: PGPASSWORD @@ -222,6 +221,9 @@ spec: - name: postgresql-config configMap: name: {{ template "common.names.fullname" . }}-postgresql + - name: archive-config + configMap: + name: {{ template "common.names.fullname" . }}-backup {{- if not .Values.persistentVolume.enabled }} - name: storage-volume emptyDir: {} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 389451ec..effc9e1d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -81,11 +81,7 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s - {{- if .Values.backup.enabled }} - archive_command: sh /opt/drycc/postgresql/walbackup.sh %p - {{- else }} - archive_command: /bin/true - {{- end }} + archive_command: sh /opt/drycc/postgresql/walbackup.sh %p %p # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -134,9 +130,20 @@ postInitScript: | echo "Skipping create admin user" fi psql -w -c "CHECKPOINT;CHECKPOINT;" - #norm user - # - # + +backupEnv: | + #!/bin/bash + export USE_WALG={{ .Values.backup.enabled | quote }} + export BACKUP_NUM_TO_RETAIN={{ .Values.backup.retainBackups | quote}} + export WALG_BACKUP_THRESHOLD_MEGABYTES={{ .Values.backup.backupThresholdMegabytes | quote }} + export WALE_BACKUP_THRESHOLD_PERCENTAGE={{ .Values.backup.backupThresholdPercentage | quote }} + export AWS_ACCESS_KEY_ID={{ .Values.backup.s3.awsAccessKeyID | quote }} + export AWS_SECRET_ACCESS_KEY={{ .Values.backup.s3.awsSecretAccessKey | quote }} + export WALG_S3_PREFIX={{ .Values.backup.s3.walGS3Prefix | quote }} + export AWS_ENDPOINT={{ .Values.backup.s3.awsEndpoint | quote }} + export AWS_S3_FORCE_PATH_STYLE={{ .Values.backup.s3.awsS3ForcePathStyle | quote }} + export AWS_REGION={{ .Values.backup.s3.awsRegion | quote }} + postgresql: config: |- log_min_duration_statement = 1000 @@ -269,7 +276,6 @@ backup: awsS3ForcePathStyle: "true" awsRegion: dx-1 - persistentVolume: enabled: true size: 10G From 9e6a085f6dd74ad080b6ba18ac62bec52793b0c6 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 12 Dec 2023 09:52:18 +0800 Subject: [PATCH 032/122] chore(postgresql-cluster): bind info --- .../15/chart/postgresql-cluster/README.md | 110 ++++++++++++++---- .../templates/statefulset.yaml | 6 +- .../15/chart/postgresql-cluster/values.yaml | 16 +-- .../15/plans/standard-10/bind.yaml | 10 +- .../15/plans/standard-100/bind.yaml | 7 +- .../15/plans/standard-20/bind.yaml | 7 +- .../15/plans/standard-200/bind.yaml | 7 +- .../15/plans/standard-400/bind.yaml | 9 +- .../15/plans/standard-50/bind.yaml | 7 +- .../15/plans/standard-800/bind.yaml | 7 +- 10 files changed, 121 insertions(+), 65 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 70d31e0c..0b3f8a3d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -1,5 +1,46 @@ -## CREATE PG INSTANCE +# Postgresql cluster addons +## Plans + +View and choose the service resource specifications you need. +``` + # drycc resources:plans postgresql-cluster +``` +### Resource specification list +| Resource Specification | Cores | MEMORY | Storage SIZE | +| :---: | :---: | :---: | :---: | +| standard-10 | 1C | 2G | 10G | +| standard-20 | 2C | 4G | 20G | +| standard-50 | 2C | 8G | 50G | +| standard-100 | 4C | 16G | 100G | +| standard-200 | 8C | 32G | 200G | +| standard-400 | 16C | 64G | 400G | +| standard-800 | 32C | 128G | 800G | + +In order to obtain a better experience, it is recommended not to exceed 80% usage of resource utilization for a long period of time. If there is a need for larger resource scale, please apply for private customization. + +## Create Postgresql Cluster Service instance + +- Create Postgresql service +``` +# drycc resources:create postgresql-cluster:standard-10 `my_pg_001` +``` +- View service status +``` +# drycc resources:descript `my_pg_001` +``` +- Bind service +``` +# drycc resources:bind `my_pg_001` +``` +- View resource status +``` +# drycc resources:descript `my_pg_001` +``` + +## Create Service with parameters + +`vim value.yaml` ``` # create or update pg instance template yaml networkPolicy.allowNamespaces: @@ -14,14 +55,21 @@ backup: Amount of base backups to retain retainBackups: 2 s3: - awsAccessKeyID: DO9l771LqiwZkhhz - awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn - walGS3Prefix: mx-test + awsAccessKeyID: "" + awsSecretAccessKey: "" + walGS3Prefix: "s3://xx" + awsEndpoint: "http://xxxx:9000" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 +``` +``` + drycc resources:create postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml ``` -## Create app user and database +## Update Service +### Create app user and database -- Login PG with admin user & password +- Login database web with admin user & password - CREATE APP USER ``` @@ -36,28 +84,44 @@ CREATE DATABASE `my_db` OWNER `my_user`; CREATE EXTENSION pg_buffercache; ``` -## Network Access +### Network Access Default access allow policy: only namespace scope. - allow `mx-test1` namespace access + +`vim value.yaml ` ``` networkPolicy.allowNamespaces: - mx-test1 ``` +``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +``` + + - Assign external network IP address - - Assign external network IP address +`vim value.yaml` +``` + service.type: LoadBlancer ``` - service.type: LoadBlance ``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +``` +- View resource status +``` +# drycc resources:describe `my_pg_001` +``` - ## Manger backup your data `Very important` + ### Manger backup your data `Very important` `Strongly recommend enabling this feature.` `Strongly recommend enabling this feature.` `Strongly recommend enabling this feature.` PG data backup use S3 as backenp store. Choose an independent storage space `outside of the current environment` as your backup space. + +`vim value.yaml` ``` backup: # whether BackUP should be enabled @@ -71,20 +135,20 @@ backup: awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn walGS3Prefix: mx-test ``` +``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +``` -You can modify multiple content at once, there is no need to modify part of it each time. +You can modify multiple content at once, there is no need to modify part of it each time. -## Plans -| Resource Specification | Cores | MEMORY | Storage SIZE | -| :---: | :---: | :---: | :---: | -| standard-10 | 1C | 2G | 10G | -| standard-20 | 2C | 4G | 20G | -| standard-50 | 2C | 8G | 50G | -| standard-100 | 4C | 16G | 100G | -| standard-200 | 8C | 32G | 200G | -| standard-400 | 16C | 64G | 400G | -| standard-800 | 32C | 128G | 800G | - -In order to obtain a better experience, it is recommended not to exceed 80% usage of resource utilization for a long period of time. If there is a need for larger resource scale, please apply for private customization. +## Destroy Service +- Unbind service first +``` +# drycc resources:unbind `my_pg_001` +``` +- Destroy service +``` +# drycc resources:destroy `my_pg_001` +``` \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 036f8b80..3aa16bdb 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -108,7 +108,7 @@ spec: name: postgresql-config # readOnly: true - mountPath: "/opt/drycc/postgresql/backup/" - name: postgresql-backup + name: backup-config # readOnly: true resources: {{ toYaml .Values.resources | indent 10 }} @@ -127,7 +127,7 @@ spec: {{- end }} env: - name: DATA_SOURCE_NAME - value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/%s?sslmode=disable" $.Values.database.dbname }} + value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/postgres?sslmode=disable" }} ports: - name: http-metrics containerPort: {{ .Values.metrics.containerPort }} @@ -221,7 +221,7 @@ spec: - name: postgresql-config configMap: name: {{ template "common.names.fullname" . }}-postgresql - - name: archive-config + - name: backup-config configMap: name: {{ template "common.names.fullname" . }}-backup {{- if not .Values.persistentVolume.enabled }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index effc9e1d..08560996 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -3,7 +3,8 @@ diagnosticMode: enable: false service: - type: ClusterIP + # ClusterIP LoadBalancer + type: LoadBalancer image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 @@ -81,7 +82,7 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s - archive_command: sh /opt/drycc/postgresql/walbackup.sh %p %p + archive_command: sh /opt/drycc/postgresql/walbackup.sh %p # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -201,7 +202,7 @@ patroni: ## Postgresql Prometheus exporter parameters ## metrics: - enabled: false + enabled: true image: repository: registry.drycc.cc/drycc-addons/postgres-exporter tag: "0" @@ -248,15 +249,15 @@ metrics: limits: cpu: 100m memory: 512Mi - hugepages-2Mi: 20Mi + # hugepages-2Mi: 20Mi requests: cpu: 100m memory: 512Mi backup: # Specifies whether Wal-G should be enabled - enabled: false + enabled: true # Cron schedule for doing base backups - scheduleCronJob: "20 0 * * 0" + scheduleCronJob: "22 0 * * 0" # Amount of base backups to retain retainBackups: 2 # Name of the secret that holds the credentials to the bucket @@ -351,5 +352,4 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: - - mx-test1 \ No newline at end of file + allowNamespaces: \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index 41676f6e..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: @@ -38,5 +37,4 @@ credential: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - name: PORT - value: 5432 - + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml index a95ec5b2..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,8 +21,7 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - - name: DATABASE + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: From ca4ef628084a769ea9e9f8fabaf38e6244b417bd Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 12 Dec 2023 10:04:07 +0800 Subject: [PATCH 033/122] chore(postgresql-cluster): fix typo --- .../15/chart/postgresql-cluster/README.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 0b3f8a3d..5fe50e3b 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -27,7 +27,7 @@ In order to obtain a better experience, it is recommended not to exceed 80% usag ``` - View service status ``` -# drycc resources:descript `my_pg_001` +# drycc resources:describe `my_pg_001` ``` - Bind service ``` @@ -35,12 +35,12 @@ In order to obtain a better experience, it is recommended not to exceed 80% usag ``` - View resource status ``` -# drycc resources:descript `my_pg_001` +# drycc resources:describe `my_pg_001` ``` -## Create Service with parameters +## Create Service with values file -`vim value.yaml` +`vim values.yaml` ``` # create or update pg instance template yaml networkPolicy.allowNamespaces: @@ -63,7 +63,7 @@ backup: awsRegion: dx-1 ``` ``` - drycc resources:create postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml + drycc resources:create postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml ``` ## Update Service @@ -90,23 +90,23 @@ Default access allow policy: only namespace scope. - allow `mx-test1` namespace access -`vim value.yaml ` +`vim values.yaml ` ``` networkPolicy.allowNamespaces: - mx-test1 ``` ``` -drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml ``` - Assign external network IP address -`vim value.yaml` +`vim values.yaml` ``` service.type: LoadBlancer ``` ``` -drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml ``` - View resource status ``` @@ -121,7 +121,7 @@ drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yam PG data backup use S3 as backenp store. Choose an independent storage space `outside of the current environment` as your backup space. -`vim value.yaml` +`vim values.yaml` ``` backup: # whether BackUP should be enabled @@ -136,7 +136,7 @@ backup: walGS3Prefix: mx-test ``` ``` -drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml ``` You can modify multiple content at once, there is no need to modify part of it each time. From ae73604818bab5d4afc5134222b770ad0764d5c9 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 12 Dec 2023 11:33:29 +0800 Subject: [PATCH 034/122] chore(postgresql-cluster): megre --- .../15/chart/postgresql-cluster/values.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 52157896..97d35e84 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -3,12 +3,7 @@ diagnosticMode: enable: false service: -<<<<<<< HEAD - # ClusterIP LoadBalancer - type: LoadBalancer -======= type: ClusterIP ->>>>>>> c98da89fd38c2acf5b6cc3043a3a4faa17fb9acd image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 From bdc049f5203e8dce49b079527e866562fb1fde02 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 12 Dec 2023 11:47:04 +0800 Subject: [PATCH 035/122] chore(postgresql-cluster): megre --- .../15/chart/postgresql-cluster/values.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 97d35e84..deb83746 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -248,17 +248,13 @@ metrics: limits: cpu: 100m memory: 512Mi - # hugepages-2Mi: 20Mi + hugepages-2Mi: 20Mi requests: cpu: 100m memory: 512Mi -<<<<<<< HEAD backup: -======= -walG: ->>>>>>> c98da89fd38c2acf5b6cc3043a3a4faa17fb9acd # Specifies whether Wal-G should be enabled - enabled: true + enabled: false # Cron schedule for doing base backups scheduleCronJob: "22 0 * * 0" # Amount of base backups to retain From 78e1350f1b0ff1fa759d90351963580ead240491 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 13 Dec 2023 09:01:33 +0800 Subject: [PATCH 036/122] chore(cloudbeaver): modify storage method --- .../cloudbeaver/templates/deployment.yaml | 31 +++---------------- .../23/chart/cloudbeaver/templates/pvc.yaml | 2 +- 2 files changed, 5 insertions(+), 28 deletions(-) diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml index 2b1fe314..be9271b3 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml @@ -105,34 +105,11 @@ spec: - name: data mountPath: {{ .Values.persistence.mountPath | quote }} volumes: -{{- if not .Values.persistence.enabled }} - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }} + {{- else }} emptyDir: {} -{{- end }} -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - annotations: - {{- if .Values.persistence.annotations }} -{{ toYaml .Values.persistence.annotations | indent 8 }} {{- end }} - labels: - application: {{ include "common.names.fullname" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - spec: - accessModes: -{{ toYaml .Values.persistence.accessModes | indent 8 }} - resources: - requests: - storage: "{{ .Values.persistence.size }}" - {{- if .Values.persistence.storageClass }} - {{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" - {{- end }} - {{- end }} - {{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml index 7a36a217..ee8ed038 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml @@ -2,7 +2,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ printf "%s-binding" (include "common.names.fullname" .) }} + name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} From b7494c28b2a1b1f24c69aba94bf643c159c453c2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 14 Dec 2023 16:28:08 +0800 Subject: [PATCH 037/122] chore(postgresql-cluster): adjust --- .../15/chart/postgresql-cluster/README.md | 13 +++++++++++-- .../postgresql-cluster/templates/cm-backup.yaml | 8 +------- .../15/chart/postgresql-cluster/templates/sec.yaml | 4 ++-- .../postgresql-cluster/templates/statefulset.yaml | 4 ++-- .../15/chart/postgresql-cluster/values.yaml | 4 ++-- addons/postgresql-cluster/15/meta.yaml | 4 +--- .../15/plans/standard-10/bind.yaml | 13 +++++-------- .../15/plans/standard-100/bind.yaml | 13 +++++-------- .../15/plans/standard-20/bind.yaml | 13 +++++-------- .../15/plans/standard-200/bind.yaml | 13 +++++-------- .../15/plans/standard-400/bind.yaml | 13 +++++-------- .../15/plans/standard-50/bind.yaml | 13 +++++-------- .../15/plans/standard-50/meta.yaml | 2 +- .../15/plans/standard-800/bind.yaml | 13 +++++-------- 14 files changed, 55 insertions(+), 75 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 5fe50e3b..22da4bd3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -71,13 +71,22 @@ backup: - Login database web with admin user & password +- Change administrator initial password +``` +ALTER USER administrator WITH ENCRYPTED PASSWORD 'newpassword'; +``` +- View total connections number in postgresql cluster; +``` +show max_connections ; +``` - CREATE APP USER ``` -CREATE USER `my_user` WITH CONNECTION LIMIT `conn_limit` LOGIN ENCRYPTED PASSWORD 'password'; +CREATE USER `myuser` WITH CONNECTION LIMIT `conn limit` LOGIN ENCRYPTED PASSWORD 'password'; +GRANT `myuser` to administrator ; ``` - CREATE APP DATABASE ``` -CREATE DATABASE `my_db` OWNER `my_user`; +CREATE DATABASE `mydb` OWNER `myuser`; ``` - CREATE EXTENSIONS ``` diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml index b7eb7331..1ebb88ab 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml @@ -1,4 +1,3 @@ -{{- if (include "backup.createConfigmap" .) }} apiVersion: v1 kind: ConfigMap metadata: @@ -14,9 +13,4 @@ metadata: {{- end }} data: backup.env: |- - {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} - # archive_command.sh: | - - # #/bin/bash - # source backup.env - # [ $USE_WALG ] ? sh /opt/drycc/postgresql/walbackup.sh %p : /bin/true -{{- end -}} \ No newline at end of file + {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 8c94ae26..e01a715c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -14,5 +14,5 @@ data: password-superuser: {{ include "credentials.superuserValue" . | b64enc | quote }} password-rewind: {{ include "credentials.rewindValue" . | b64enc | quote }} password-replication: {{ include "credentials.replicationValue" . | b64enc | quote }} - admin-user: {{ .Values.adminRole.username | b64enc }} - admin-password: {{ .Values.adminRole.password | b64enc }} + admin-user: {{ .Values.adminRole.username | b64enc | quote }} + admin-password: {{ include "adminRole.passwordValue" . | b64enc | quote }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 3aa16bdb..d56c34e3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -161,7 +161,7 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.backup.enabled }} + - name: {{ .Chart.Name }}-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -195,7 +195,7 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - {{- end }} + {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index deb83746..a648e096 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -124,8 +124,8 @@ postInitScript: | psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor;create extension pg_stat_statements;create extension pg_buffercache ;" # Create admin user if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then - echo "Creating user ${ADMIN_USER}" - # psql -w -c "CREATE USER ${ADMIN_USER} WITH NOSUPERUSER CREATEDB CREATEROLE REPLICATION CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" + echo "Creating user ${ADMIN_USER}" + psql -w -c "CREATE USER ${ADMIN_USER} WITH SUPERUSER CREATEDB CREATEROLE CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" else echo "Skipping create admin user" fi diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index baa53c9e..cded881f 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -13,14 +13,12 @@ tags: postgresql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" -- name: "metrics.enabled" - description: "Whether to enable metrics. default true" - name: "backup" description: "Whether to use S3 for backup your data. default false . ps: Make sure there is a available S3 " archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml index 29e67ad5..a194f7ef 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml @@ -1,6 +1,6 @@ name: "standard-50" id: 0542f411-4e7b-46af-966c-c9989e54873c -description: "PostgreSQL standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" displayName: "standard-50" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file From 5a4f70f44c91573ea20df2e81589a6400e86d333 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 15 Dec 2023 11:33:58 +0800 Subject: [PATCH 038/122] chore(postgresql-cluster): fix password & netpolicy --- .../15/chart/postgresql-cluster/templates/_helpers.tpl | 2 +- .../15/chart/postgresql-cluster/templates/networkpolicy.yaml | 1 + .../15/chart/postgresql-cluster/templates/statefulset.yaml | 2 ++ .../postgresql-cluster/15/chart/postgresql-cluster/values.yaml | 2 +- 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index e3bedca5..bb67a496 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -189,7 +189,7 @@ Get the administrator password ; {{- if .Values.adminRole.password }} {{- .Values.adminRole.password -}} {{- else -}} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "admin-password") -}} {{- end -}} {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index dfad66c3..92fdc9a7 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -21,6 +21,7 @@ spec: # Allow inbound connections - ports: - port: 5432 + - port: 9000 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.containerPort }} {{ end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index d56c34e3..790854dd 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -195,6 +195,8 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" + - mountPath: "/opt/drycc/postgresql/backup/" + name: backup-config {{- with .Values.nodeSelector }} nodeSelector: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index a648e096..a0d90cb4 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -112,7 +112,7 @@ preInitScript: | password: '${PATRONI_REPLICATION_PASSWORD}' rewind: # Has no effect on postgres 10 and lower username: rewinder - password: '${PATRONI_REWIND_USERNAME}' + password: '${PATRONI_REWIND_PASSWORD}' watchdog: mode: off __EOF__ From d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd Mon Sep 17 00:00:00 2001 From: lijianguo Date: Thu, 21 Dec 2023 17:45:39 +0800 Subject: [PATCH 039/122] chore(addons): add persistentVolumeClaimRetentionPolicy --- .../templates/distributed/statefulset.yaml | 5 ++++ addons/minio/2023/chart/minio/values.yaml | 9 ++++++ .../templates/data/statefulset.yaml | 5 ++++ .../templates/master/statefulset.yaml | 5 ++++ .../chart/rabbitmq/templates/statefulset.yaml | 5 ++++ .../rabbitmq/3.12/chart/rabbitmq/values.yaml | 13 ++++++++ .../templates/redis-statefulset.yaml | 5 ++++ .../7.0/chart/redis-cluster/values.yaml | 9 ++++++ .../redis/templates/master/application.yaml | 5 ++++ .../redis/templates/replicas/statefulset.yaml | 5 ++++ .../redis/templates/sentinel/statefulset.yaml | 5 ++++ addons/redis/7.0/chart/redis/values.yaml | 30 +++++++++++++++++++ .../templates/filer/statefulset.yaml | 5 ++++ .../templates/master/statefulset.yaml | 5 ++++ .../templates/volume/statefulset.yaml | 5 ++++ .../seaweedfs/3/chart/seaweedfs/values.yaml | 27 +++++++++++++++++ addons/spark/3.4/meta.yaml | 4 +++ .../zookeeper/templates/statefulset.yaml | 5 ++++ .../zookeeper/3.9/chart/zookeeper/values.yaml | 10 ++++++- 19 files changed, 161 insertions(+), 1 deletion(-) diff --git a/addons/minio/2023/chart/minio/templates/distributed/statefulset.yaml b/addons/minio/2023/chart/minio/templates/distributed/statefulset.yaml index 467e66e2..65275fee 100644 --- a/addons/minio/2023/chart/minio/templates/distributed/statefulset.yaml +++ b/addons/minio/2023/chart/minio/templates/distributed/statefulset.yaml @@ -298,6 +298,11 @@ spec: - name: data emptyDir: {} {{- else }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: {{- if gt $drivesPerNode 1 }} {{- range $diskId := until $drivesPerNode }} diff --git a/addons/minio/2023/chart/minio/values.yaml b/addons/minio/2023/chart/minio/values.yaml index f5260b4e..1772a858 100644 --- a/addons/minio/2023/chart/minio/values.yaml +++ b/addons/minio/2023/chart/minio/values.yaml @@ -887,6 +887,15 @@ persistence: ## existingClaim: "" +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted ## @section Volume Permissions parameters ## Init containers parameters: diff --git a/addons/opensearch/2.10/chart/opensearch/templates/data/statefulset.yaml b/addons/opensearch/2.10/chart/opensearch/templates/data/statefulset.yaml index c8c6c1c7..527bc948 100644 --- a/addons/opensearch/2.10/chart/opensearch/templates/data/statefulset.yaml +++ b/addons/opensearch/2.10/chart/opensearch/templates/data/statefulset.yaml @@ -327,6 +327,11 @@ spec: persistentVolumeClaim: claimName: {{ .Values.data.persistence.existingClaim }} {{- else }} + {{- if .Values.data.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.data.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.data.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: "data" diff --git a/addons/opensearch/2.10/chart/opensearch/templates/master/statefulset.yaml b/addons/opensearch/2.10/chart/opensearch/templates/master/statefulset.yaml index 3fb19060..e4b18de2 100644 --- a/addons/opensearch/2.10/chart/opensearch/templates/master/statefulset.yaml +++ b/addons/opensearch/2.10/chart/opensearch/templates/master/statefulset.yaml @@ -339,6 +339,11 @@ spec: persistentVolumeClaim: claimName: {{ .Values.master.persistence.existingClaim }} {{- else }} + {{- if .Values.master.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: "data" diff --git a/addons/rabbitmq/3.12/chart/rabbitmq/templates/statefulset.yaml b/addons/rabbitmq/3.12/chart/rabbitmq/templates/statefulset.yaml index c928ee6a..0f94407c 100644 --- a/addons/rabbitmq/3.12/chart/rabbitmq/templates/statefulset.yaml +++ b/addons/rabbitmq/3.12/chart/rabbitmq/templates/statefulset.yaml @@ -406,6 +406,11 @@ spec: claimName: {{ tpl . $ }} {{- end }} {{- else }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: data diff --git a/addons/rabbitmq/3.12/chart/rabbitmq/values.yaml b/addons/rabbitmq/3.12/chart/rabbitmq/values.yaml index 3eca3af5..966b792e 100644 --- a/addons/rabbitmq/3.12/chart/rabbitmq/values.yaml +++ b/addons/rabbitmq/3.12/chart/rabbitmq/values.yaml @@ -835,6 +835,19 @@ persistence: ## example.io/disk-volume-type: SSD ## annotations: {} +## Persistent Volume Claim Retention Policy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## +persistentVolumeClaimRetentionPolicy: + ## @param persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for rabbitmq Statefulset + ## + enabled: true + ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## + whenScaled: Delete + ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + whenDeleted: Delete ## @section Exposure parameters ## diff --git a/addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml b/addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml index fe2a8545..031566ce 100644 --- a/addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml +++ b/addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml @@ -425,6 +425,11 @@ spec: secretName: {{ include "redis-cluster.tlsSecretName" . }} defaultMode: 256 {{- end }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: redis-data diff --git a/addons/redis-cluster/7.0/chart/redis-cluster/values.yaml b/addons/redis-cluster/7.0/chart/redis-cluster/values.yaml index edae7c6f..ff0953d7 100644 --- a/addons/redis-cluster/7.0/chart/redis-cluster/values.yaml +++ b/addons/redis-cluster/7.0/chart/redis-cluster/values.yaml @@ -322,6 +322,15 @@ persistence: ## matchExpressions: {} +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted ## Init containers parameters: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup ## diff --git a/addons/redis/7.0/chart/redis/templates/master/application.yaml b/addons/redis/7.0/chart/redis/templates/master/application.yaml index c5da3282..4d1b220b 100644 --- a/addons/redis/7.0/chart/redis/templates/master/application.yaml +++ b/addons/redis/7.0/chart/redis/templates/master/application.yaml @@ -449,6 +449,11 @@ spec: persistentVolumeClaim: claimName: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} {{- else }} + {{- if .Values.master.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: redis-data diff --git a/addons/redis/7.0/chart/redis/templates/replicas/statefulset.yaml b/addons/redis/7.0/chart/redis/templates/replicas/statefulset.yaml index d7bf8be0..df2d130c 100644 --- a/addons/redis/7.0/chart/redis/templates/replicas/statefulset.yaml +++ b/addons/redis/7.0/chart/redis/templates/replicas/statefulset.yaml @@ -437,6 +437,11 @@ spec: emptyDir: {} {{- end }} {{- else }} + {{- if .Values.replica.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.replica.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.replica.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: redis-data diff --git a/addons/redis/7.0/chart/redis/templates/sentinel/statefulset.yaml b/addons/redis/7.0/chart/redis/templates/sentinel/statefulset.yaml index 5d54e525..fa2ab677 100644 --- a/addons/redis/7.0/chart/redis/templates/sentinel/statefulset.yaml +++ b/addons/redis/7.0/chart/redis/templates/sentinel/statefulset.yaml @@ -637,6 +637,11 @@ spec: emptyDir: {} {{- end }} {{- else }} + {{- if .Values.sentinel.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.sentinel.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: redis-data diff --git a/addons/redis/7.0/chart/redis/values.yaml b/addons/redis/7.0/chart/redis/values.yaml index c877ea98..526428d2 100644 --- a/addons/redis/7.0/chart/redis/values.yaml +++ b/addons/redis/7.0/chart/redis/values.yaml @@ -445,6 +445,16 @@ master: ## NOTE: requires master.persistence.enabled: true ## existingClaim: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param master.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param master.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param master.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete ## Redis™ master service parameters ## service: @@ -805,6 +815,16 @@ replica: ## @param replica.persistence.dataSource Custom PVC data source ## dataSource: {} + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param replica.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param replica.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param replica.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete ## Redis™ replicas service parameters ## service: @@ -1053,6 +1073,16 @@ sentinel: ## @param sentinel.persistence.dataSource Custom PVC data source ## dataSource: {} + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param sentinel.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete ## Redis™ Sentinel resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param sentinel.resources.limits The resources limits for the Redis™ Sentinel containers diff --git a/addons/seaweedfs/3/chart/seaweedfs/templates/filer/statefulset.yaml b/addons/seaweedfs/3/chart/seaweedfs/templates/filer/statefulset.yaml index b22cc244..a5b9640d 100644 --- a/addons/seaweedfs/3/chart/seaweedfs/templates/filer/statefulset.yaml +++ b/addons/seaweedfs/3/chart/seaweedfs/templates/filer/statefulset.yaml @@ -124,6 +124,11 @@ spec: runAsGroup: 1001 runAsUser: 1001 {{- if .Values.filer.persistence.enabled }} + {{- if .Values.filer.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.filer.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.filer.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: datadir diff --git a/addons/seaweedfs/3/chart/seaweedfs/templates/master/statefulset.yaml b/addons/seaweedfs/3/chart/seaweedfs/templates/master/statefulset.yaml index 6acdbe0f..6a7b375c 100644 --- a/addons/seaweedfs/3/chart/seaweedfs/templates/master/statefulset.yaml +++ b/addons/seaweedfs/3/chart/seaweedfs/templates/master/statefulset.yaml @@ -109,6 +109,11 @@ spec: runAsGroup: 1001 runAsUser: 1001 {{- if .Values.master.persistence.enabled }} + {{- if .Values.master.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: datadir diff --git a/addons/seaweedfs/3/chart/seaweedfs/templates/volume/statefulset.yaml b/addons/seaweedfs/3/chart/seaweedfs/templates/volume/statefulset.yaml index f1489f6a..5e52e693 100644 --- a/addons/seaweedfs/3/chart/seaweedfs/templates/volume/statefulset.yaml +++ b/addons/seaweedfs/3/chart/seaweedfs/templates/volume/statefulset.yaml @@ -134,6 +134,11 @@ spec: runAsGroup: 1001 runAsUser: 1001 {{- if or (.Values.volume.persistence.meta.enabled) (.Values.volume.persistence.data.enabled) }} + {{- if .Values.volume.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.volume.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.volume.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: {{- if .Values.volume.persistence.meta.enabled }} - metadata: diff --git a/addons/seaweedfs/3/chart/seaweedfs/values.yaml b/addons/seaweedfs/3/chart/seaweedfs/values.yaml index bd5b274b..4e32b559 100644 --- a/addons/seaweedfs/3/chart/seaweedfs/values.yaml +++ b/addons/seaweedfs/3/chart/seaweedfs/values.yaml @@ -195,6 +195,15 @@ master: storageClass: "" garbageThreshold: 0.3 defaultReplication: "001" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted filer: replicas: 3 @@ -272,6 +281,15 @@ filer: enabled: false size: 5Gi storageClass: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted volume: replicas: 4 @@ -351,6 +369,15 @@ volume: size: 5Gi storageClass: "" compactionMBps: 50 + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted cronjob: scripts: | diff --git a/addons/spark/3.4/meta.yaml b/addons/spark/3.4/meta.yaml index 922087c7..89ed9270 100644 --- a/addons/spark/3.4/meta.yaml +++ b/addons/spark/3.4/meta.yaml @@ -19,6 +19,10 @@ allow_parameters: description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" +- name: "master.configOptions" + description: "master configOptions config for values.yaml" +- name: "worker.configOptions" + description: "worker configOptions config for values.yaml" - name: "metrics.enable" description: "metrics enable or not config for values.yaml" archive: false diff --git a/addons/zookeeper/3.9/chart/zookeeper/templates/statefulset.yaml b/addons/zookeeper/3.9/chart/zookeeper/templates/statefulset.yaml index eb2680b7..fcd5ad0b 100644 --- a/addons/zookeeper/3.9/chart/zookeeper/templates/statefulset.yaml +++ b/addons/zookeeper/3.9/chart/zookeeper/templates/statefulset.yaml @@ -485,6 +485,11 @@ spec: {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} {{- if and .Values.persistence.enabled (not (and .Values.persistence.existingClaim .Values.persistence.dataLogDir.existingClaim) ) }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: {{- if not .Values.persistence.existingClaim }} - metadata: diff --git a/addons/zookeeper/3.9/chart/zookeeper/values.yaml b/addons/zookeeper/3.9/chart/zookeeper/values.yaml index 0a74af78..81e1b734 100644 --- a/addons/zookeeper/3.9/chart/zookeeper/values.yaml +++ b/addons/zookeeper/3.9/chart/zookeeper/values.yaml @@ -637,7 +637,15 @@ persistence: ## app: my-app ## selector: {} - +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted ## @section Volume Permissions parameters ## From 8ecd90270e791666c47919b6d7005e81ba34b9e2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 22 Dec 2023 13:37:27 +0800 Subject: [PATCH 040/122] chore(addons): update support --- .../10/chart/grafana/templates/_helpers.tpl | 22 +++ .../10/chart/grafana/templates/secret.yaml | 2 +- addons/grafana/10/chart/grafana/values.yaml | 2 +- addons/grafana/10/meta.yaml | 10 +- addons/grafana/10/plans/standard-5/bind.yaml | 15 +- .../15/chart/postgresql-cluster/Chart.yaml | 2 +- .../15/plans/standard-10/values.yaml | 2 +- .../15/plans/standard-100/values.yaml | 2 +- .../15/plans/standard-20/values.yaml | 2 +- .../15/plans/standard-200/values.yaml | 2 +- .../15/plans/standard-400/values.yaml | 2 +- .../15/plans/standard-800/values.yaml | 2 +- .../2/chart/prometheus/templates/_helpers.tpl | 24 ++- .../templates/server/configmap.yaml | 5 +- .../templates/server/deployment.yaml | 1 + .../prometheus/templates/server/sec.yaml | 2 +- .../prometheus/2/chart/prometheus/values.yaml | 40 +++-- addons/prometheus/2/meta.yaml | 16 +- .../prometheus/2/plans/standard-10/bind.yaml | 19 +-- .../2/plans/standard-10/values.yaml | 2 +- .../prometheus/2/plans/standard-100/bind.yaml | 23 +++ .../standard-100/create-instance-schema.json | 12 ++ .../prometheus/2/plans/standard-100/meta.yaml | 6 + .../2/plans/standard-100/values.yaml | 8 + .../prometheus/2/plans/standard-200/bind.yaml | 23 +++ .../standard-200/create-instance-schema.json | 12 ++ .../prometheus/2/plans/standard-200/meta.yaml | 6 + .../2/plans/standard-200/values.yaml | 8 + .../prometheus/2/plans/standard-50/bind.yaml | 19 +-- .../2/plans/standard-50/values.yaml | 2 +- .../prometheus/2/plans/standard-500/bind.yaml | 23 +++ .../standard-500/create-instance-schema.json | 12 ++ .../prometheus/2/plans/standard-500/meta.yaml | 6 + .../2/plans/standard-500/values.yaml | 8 + addons/prometheus/rules.yaml | 159 ++++++++++++++++++ 35 files changed, 438 insertions(+), 63 deletions(-) create mode 100644 addons/prometheus/2/plans/standard-100/bind.yaml create mode 100644 addons/prometheus/2/plans/standard-100/create-instance-schema.json create mode 100644 addons/prometheus/2/plans/standard-100/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-100/values.yaml create mode 100644 addons/prometheus/2/plans/standard-200/bind.yaml create mode 100644 addons/prometheus/2/plans/standard-200/create-instance-schema.json create mode 100644 addons/prometheus/2/plans/standard-200/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-200/values.yaml create mode 100644 addons/prometheus/2/plans/standard-500/bind.yaml create mode 100644 addons/prometheus/2/plans/standard-500/create-instance-schema.json create mode 100644 addons/prometheus/2/plans/standard-500/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-500/values.yaml create mode 100644 addons/prometheus/rules.yaml diff --git a/addons/grafana/10/chart/grafana/templates/_helpers.tpl b/addons/grafana/10/chart/grafana/templates/_helpers.tpl index 011ba817..ba7f9a04 100644 --- a/addons/grafana/10/chart/grafana/templates/_helpers.tpl +++ b/addons/grafana/10/chart/grafana/templates/_helpers.tpl @@ -57,6 +57,14 @@ Return the Grafana admin password key {{- end -}} {{- end -}} +{{- define "admin.passwordValue" -}} +{{- if .Values.admin.password }} + {{- .Values.admin.password -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "GF_SECURITY_ADMIN_PASSWORD") -}} +{{- end -}} +{{- end }} + {{/* Return true if a secret object should be created */}} @@ -67,6 +75,20 @@ Return true if a secret object should be created {{- end -}} {{- end -}} +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} +{{- $len := (default 16 .Length) | int -}} +{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $obj }} +{{- index $obj .Key | b64dec -}} +{{- else -}} +{{- randAlphaNum $len -}} +{{- end -}} +{{- end }} + {{/* Return the Grafana SMTP credentials secret */}} diff --git a/addons/grafana/10/chart/grafana/templates/secret.yaml b/addons/grafana/10/chart/grafana/templates/secret.yaml index bbe05846..645ebb05 100644 --- a/addons/grafana/10/chart/grafana/templates/secret.yaml +++ b/addons/grafana/10/chart/grafana/templates/secret.yaml @@ -11,6 +11,6 @@ metadata: app.kubernetes.io/component: grafana type: Opaque data: - GF_SECURITY_ADMIN_PASSWORD: {{ ternary (randAlphaNum 10) .Values.admin.password (empty .Values.admin.password) | b64enc | quote }} + GF_SECURITY_ADMIN_PASSWORD: {{ include "admin.passwordValue" . | b64enc | quote }} GF_SECURITY_ADMIN_USER: {{ .Values.admin.user | b64enc |quote }} {{- end }} diff --git a/addons/grafana/10/chart/grafana/values.yaml b/addons/grafana/10/chart/grafana/values.yaml index f18c0343..9b029425 100644 --- a/addons/grafana/10/chart/grafana/values.yaml +++ b/addons/grafana/10/chart/grafana/values.yaml @@ -575,7 +575,7 @@ serviceAccount: service: ## @param service.type Kubernetes Service type ## - type: ClusterIP + type: LoadBalancer ## @param service.clusterIP Grafana service Cluster IP ## e.g.: ## clusterIP: None diff --git a/addons/grafana/10/meta.yaml b/addons/grafana/10/meta.yaml index 224ca287..53031a14 100644 --- a/addons/grafana/10/meta.yaml +++ b/addons/grafana/10/meta.yaml @@ -1,5 +1,5 @@ -name: Grafana -version: 7.0 +name: grafana +version: "10" id: fff5b6c7-ed85-429b-8265-493e40cc53c7 description: "grafana" displayName: "grafana" @@ -9,12 +9,14 @@ metadata: name: drycc supportURL: http://grafana.io/ documentationURL: https://github.com/drycc-addons/ -tags: cloudbeaver +tags: grafana bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: +- name: "networkPolicy.allowNamespaces" + description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" archive: false diff --git a/addons/grafana/10/plans/standard-5/bind.yaml b/addons/grafana/10/plans/standard-5/bind.yaml index a41ae66e..ba4641b9 100644 --- a/addons/grafana/10/plans/standard-5/bind.yaml +++ b/addons/grafana/10/plans/standard-5/bind.yaml @@ -1,30 +1,29 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + {{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ printf "%s-router" (include "common.names.fullname" .) }} + name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-admin + name: {{ include "common.names.fullname" . }}-admin jsonpath: '{ .data.GF_SECURITY_ADMIN_PASSWORD }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-admin + name: {{ include "common.names.fullname" . }}-admin jsonpath: '{ .data.GF_SECURITY_ADMIN_USER }' - name: PORT valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }} jsonpath: '{ .spec.ports[?(@.name=="http")].port }' diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml index 375ae4fe..da518fb1 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml @@ -25,4 +25,4 @@ name: postgresql sources: - https://github.com/drycc-addons/ - https://www.postgresql.org/ -version: 15.3.1 +version: 15.4.1 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index 94917aff..fd8fd98f 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -72,5 +72,5 @@ resources: persistentVolume: enabled: true - size: 10G + size: 10Gi diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index 2f4c4841..90625a5d 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -72,4 +72,4 @@ resources: persistentVolume: enabled: true - size: 100G + size: 100Gi diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index 3ef08abf..fed1e2da 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -74,4 +74,4 @@ resources: persistentVolume: enabled: true - size: 20G + size: 20Gi diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index 5e9d641b..a0427d92 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -71,4 +71,4 @@ resources: persistentVolume: enabled: true - size: 200G + size: 200Gi diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml index b1afad1d..062ee7cb 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -72,4 +72,4 @@ resources: persistentVolume: enabled: true - size: 400G + size: 400Gi diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml index 3e88193a..c6efbfa0 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -72,4 +72,4 @@ resources: persistentVolume: enabled: true - size: 800G + size: 800Gi diff --git a/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl b/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl index 45a72ec7..9027a2ff 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl @@ -161,4 +161,26 @@ Get the Alertmanager configuration configmap. {{- else }} {{- include "prometheus.alertmanager.fullname" . -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{- define "server.passwordValue" -}} +{{- if .Values.server.password }} + {{- .Values.server.password -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "PASSWORD") -}} +{{- end -}} +{{- end }} + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} +{{- $len := (default 16 .Length) | int -}} +{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $obj }} +{{- index $obj .Key | b64dec -}} +{{- else -}} +{{- randAlphaNum $len -}} +{{- end -}} +{{- end }} \ No newline at end of file diff --git a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml index 3c9703e8..cbd54657 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml @@ -20,6 +20,7 @@ data: {{- include "common.tplvalues.render" (dict "value" .Values.server.configuration "context" $) | toYaml | nindent 4 }} {{ include "prometheus.serever.web.configmapKey" .}}: {{- include "common.tplvalues.render" (dict "value" .Values.server.webconfig "context" $) | toYaml | nindent 4 }} - rules.yaml: - {{- include "common.tplvalues.render" (dict "value" .Values.server.alertingRules "context" $) | toYaml | nindent 4 }} + rules.yaml: + {{- include "common.tplvalues.render" (dict "value" .Values.server.rules "context" $) | toYaml | nindent 4 }} + {{- end }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml index 026b0139..1d5bd7a2 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml @@ -114,6 +114,7 @@ spec: args: - "--config.file=/opt/drycc/prometheus/conf/{{ include "prometheus.server.configmapKey" . }}" - "--storage.tsdb.path={{ .Values.server.persistence.mountPath }}" + - "--storage.tsdb.retention.time={{ .Values.server.retentionDays }}" - "--storage.tsdb.retention.size={{ .Values.server.retentionSize }}" - "--log.level={{ .Values.server.logLevel }}" - "--log.format={{ .Values.server.logFormat }}" diff --git a/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml b/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml index fd0b368c..c538a98a 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml @@ -11,4 +11,4 @@ metadata: cluster-name: {{ template "prometheus.server.fullname" . }} type: Opaque data: - PASSWORD: {{ if .Values.password | default "" | ne "" }} {{ .Values.service.password | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }} + PASSWORD: {{ include "server.passwordValue" . | b64enc | quote }} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index f7f91f7e..a148e230 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -360,7 +360,7 @@ alertmanager: ingress: ## @param alertmanager.ingress.enabled Enable ingress record generation for Alertmanager ## - enabled: true + enabled: false ## @param alertmanager.ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -479,7 +479,7 @@ alertmanager: service: ## @param alertmanager.service.type Alertmanager service type ## - type: LoadBalancer + type: ClusterIP ## @param alertmanager.service.ports.http Alertmanager service HTTP port ## @param alertmanager.service.ports.cluster Alertmanager cluster HA port ## @@ -578,7 +578,7 @@ alertmanager: ## server: username: admin - password: admin + password: To6EJBHPUo image: registry: registry.drycc.cc repository: drycc-addons/prometheus @@ -626,6 +626,9 @@ server: {{- end }} scrape_configs: - job_name: prometheus + basic_auth: + username: {{ .Values.server.username }} + password: {{ .Values.server.password }} {{- include "prometheus.scrape_config" (dict "component" "server" "context" $) | nindent 4 }} {{- if .Values.alertmanager.enabled }} - job_name: alertmanager @@ -650,15 +653,29 @@ server: - scheme: HTTP static_configs: - targets: [ "{{ printf "%s.%s.svc.%s:%d" (include "prometheus.alertmanager.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain (int .Values.alertmanager.service.ports.http) }}" ] + {{- end }} rule_files: - rules.yaml - {{- end }} - - + ## @param server.alertingRules Prometheus alerting rules. This content will be stored in the the rules.yaml file and the content can be a template. ## ref: - ## - alertingRules: {} + ## + rules: | + {{` + groups: + - name: PG数据库-监控告警 + rules: + - alert: PostgresqlDown + expr: pg_up == 0 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql down (instance {{ $labels.instance }}) + description: "Postgresql instance is down\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + `}} + ## @param server.extraScrapeConfigs Promethus configuration, useful to declare new scrape_configs. This content will be merged with the 'server.configuration' value and stored in the the prometheus.yaml file. ## ref: ## @@ -932,7 +949,7 @@ server: logFormat: logfmt ## @param server.retention Metrics retention days ## - retention: 10d + retentionDays: 15d ## @param server.retentionSize Maximum size of metrics ## retentionSize: "0" @@ -1239,7 +1256,7 @@ server: ingress: ## @param server.ingress.enabled Enable ingress record generation for Prometheus ## - enabled: true + enabled: false ## @param server.ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -1357,7 +1374,7 @@ server: service: ## @param server.service.type Prometheus service type ## - type: LoadBalancer + type: ClusterIP ## @param server.service.ports.http Prometheus service HTTP port ## ports: @@ -1412,6 +1429,7 @@ server: ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## + persistence: ## @param server.persistence.enabled Enable persistence using Persistent Volume Claims. If you have multiple instances (server.repicacount > 1), please considere using an external storage service like Thanos or Grafana Mimir ## diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index 7ac5e2af..4f7d7ef2 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -13,12 +13,18 @@ tags: prometheus bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" -- name: "server.username" - description: "set username . default amdin" -- name: "server.username" - description: "set passsword . default amdin" +- name: "server.service.type" + description: "service type config for values.yaml" +- name: "alertmanager.enabled" + description: "alertmanager config for values.yaml" +- name: "server.retentionDays" + description: "retentionDays config for values.yaml default 15d" +- name: "server.retentionSize" + description: "retentionSize config for values.yaml default 0, unit MB, GB, TB" +- name: "server.rules" + description: "rules config for values.yaml" archive: false diff --git a/addons/prometheus/2/plans/standard-10/bind.yaml b/addons/prometheus/2/plans/standard-10/bind.yaml index e453fade..dd543b83 100644 --- a/addons/prometheus/2/plans/standard-10/bind.yaml +++ b/addons/prometheus/2/plans/standard-10/bind.yaml @@ -1,24 +1,23 @@ credential: {{- if (eq .Values.server.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: - serviceRef: - name: {{ include "common.names.fullname" . }} + serviceRef: + name: {{ template "prometheus.server.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' -{{- else if (eq .Values.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ template "prometheus.server.fullname" . }} jsonpath: '{ .spec.clusterIP }' -{{- end }} - name: PORT valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }} + name: {{ template "prometheus.server.fullname" . }} jsonpath: ' { .spec.ports[?(@.name=="http")].port }' - name: USER - valule: {{ .Values.server.username }} + value: {{ .Values.server.username }} - name: PASSWORD - valule: {{ .Values.server.password }} - {{- end }} + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-10/values.yaml b/addons/prometheus/2/plans/standard-10/values.yaml index 796ae97e..06e89f6a 100644 --- a/addons/prometheus/2/plans/standard-10/values.yaml +++ b/addons/prometheus/2/plans/standard-10/values.yaml @@ -5,4 +5,4 @@ fullnameOverride: hb-prometheus-standard-10 server: persistence: size: 10Gi - retentionSize: 8Gi \ No newline at end of file + # retentionSize: 8GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-100/bind.yaml b/addons/prometheus/2/plans/standard-100/bind.yaml new file mode 100644 index 00000000..668c5cdf --- /dev/null +++ b/addons/prometheus/2/plans/standard-100/bind.yaml @@ -0,0 +1,23 @@ +credential: +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.server.username }} + - name: PASSWORD + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-100/create-instance-schema.json b/addons/prometheus/2/plans/standard-100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-100/meta.yaml b/addons/prometheus/2/plans/standard-100/meta.yaml new file mode 100644 index 00000000..fdc3185e --- /dev/null +++ b/addons/prometheus/2/plans/standard-100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-100" +id: 118aada0-4826-4dba-83d8-989fbf47c55a +description: "Prometheus Cluster standard-100 plan persistence size 100Gi." +displayName: "100Gi" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-100/values.yaml b/addons/prometheus/2/plans/standard-100/values.yaml new file mode 100644 index 00000000..7e8b3d46 --- /dev/null +++ b/addons/prometheus/2/plans/standard-100/values.yaml @@ -0,0 +1,8 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-100 + +server: + persistence: + size: 100Gi + # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-200/bind.yaml b/addons/prometheus/2/plans/standard-200/bind.yaml new file mode 100644 index 00000000..668c5cdf --- /dev/null +++ b/addons/prometheus/2/plans/standard-200/bind.yaml @@ -0,0 +1,23 @@ +credential: +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.server.username }} + - name: PASSWORD + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-200/create-instance-schema.json b/addons/prometheus/2/plans/standard-200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-200/meta.yaml b/addons/prometheus/2/plans/standard-200/meta.yaml new file mode 100644 index 00000000..ddc6523c --- /dev/null +++ b/addons/prometheus/2/plans/standard-200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-200" +id: be99a35d-dbb4-4e17-8b27-1f00c5bca057 +description: "Prometheus Cluster standard-200 plan persistence size 200Gi." +displayName: "200Gi" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-200/values.yaml b/addons/prometheus/2/plans/standard-200/values.yaml new file mode 100644 index 00000000..c5f2a7e5 --- /dev/null +++ b/addons/prometheus/2/plans/standard-200/values.yaml @@ -0,0 +1,8 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-200 + +server: + persistence: + size: 200Gi + # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-50/bind.yaml index e453fade..668c5cdf 100644 --- a/addons/prometheus/2/plans/standard-50/bind.yaml +++ b/addons/prometheus/2/plans/standard-50/bind.yaml @@ -1,24 +1,23 @@ credential: {{- if (eq .Values.server.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: - serviceRef: - name: {{ include "common.names.fullname" . }} + serviceRef: + name: {{ template "prometheus.server.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' -{{- else if (eq .Values.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ template "prometheus.server.fullname" . }} jsonpath: '{ .spec.clusterIP }' -{{- end }} - name: PORT valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }} + name: {{ template "prometheus.server.fullname" . }} jsonpath: ' { .spec.ports[?(@.name=="http")].port }' - name: USER - valule: {{ .Values.server.username }} + value: {{ .Values.server.username }} - name: PASSWORD - valule: {{ .Values.server.password }} - {{- end }} + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-50/values.yaml b/addons/prometheus/2/plans/standard-50/values.yaml index 69caeefa..b59af0aa 100644 --- a/addons/prometheus/2/plans/standard-50/values.yaml +++ b/addons/prometheus/2/plans/standard-50/values.yaml @@ -5,4 +5,4 @@ fullnameOverride: hb-prometheus-standard-50 server: persistence: size: 50Gi - retentionSize: 48Gi \ No newline at end of file + # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-500/bind.yaml b/addons/prometheus/2/plans/standard-500/bind.yaml new file mode 100644 index 00000000..668c5cdf --- /dev/null +++ b/addons/prometheus/2/plans/standard-500/bind.yaml @@ -0,0 +1,23 @@ +credential: +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.server.username }} + - name: PASSWORD + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-500/create-instance-schema.json b/addons/prometheus/2/plans/standard-500/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-500/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-500/meta.yaml b/addons/prometheus/2/plans/standard-500/meta.yaml new file mode 100644 index 00000000..d58ee8e0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-500/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-500" +id: c28dc645-f17d-4304-a3f9-5dcaabad2a49 +description: "Prometheus Cluster standard-500 plan persistence size 500Gi." +displayName: "500Gi" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-500/values.yaml b/addons/prometheus/2/plans/standard-500/values.yaml new file mode 100644 index 00000000..2b8e6318 --- /dev/null +++ b/addons/prometheus/2/plans/standard-500/values.yaml @@ -0,0 +1,8 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-500 + +server: + persistence: + size: 500Gi + # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/rules.yaml b/addons/prometheus/rules.yaml new file mode 100644 index 00000000..fe3d5a18 --- /dev/null +++ b/addons/prometheus/rules.yaml @@ -0,0 +1,159 @@ +server: + rules: |- + {{` + groups: + - name: PG数据库-监控告警 + rules: + - alert: PostgresqlDown + expr: pg_up == 0 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql down (instance {{ $labels.instance }}) + description: "Postgresql instance is down\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlRestarted + expr: time() - pg_postmaster_start_time_seconds < 60 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql restarted (instance {{ $labels.instance }}) + description: "Postgresql restarted\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlExporterError + expr: pg_exporter_last_scrape_error > 0 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql exporter error (instance {{ $labels.instance }}) + description: "Postgresql exporter is showing errors. A query may be buggy in query.yaml\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlTableNotAutoVacuumed + expr: (pg_stat_user_tables_last_autovacuum > 0) and (time() - pg_stat_user_tables_last_autovacuum) > 60 * 60 * 24 * 10 + for: 0m + labels: + severity: warning + annotations: + summary: Postgresql table not auto vacuumed (instance {{ $labels.instance }}) + description: "Table {{ $labels.relname }} has not been auto vacuumed for 10 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlTableNotAutoAnalyzed + expr: (pg_stat_user_tables_last_autoanalyze > 0) and (time() - pg_stat_user_tables_last_autoanalyze) > 24 * 60 * 60 * 10 + for: 0m + labels: + severity: warning + annotations: + summary: Postgresql table not auto analyzed (instance {{ $labels.instance }}) + description: "Table {{ $labels.relname }} has not been auto analyzed for 10 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlTooManyConnections + expr: sum by (datname) (pg_stat_activity_count{datname!~"template.*|postgres"}) > pg_settings_max_connections * 0.8 + for: 2m + labels: + severity: warning + annotations: + summary: Postgresql too many connections (instance {{ $labels.instance }}) + description: "PostgreSQL instance has too many connections (> 80%).\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlNotEnoughConnections + expr: sum by (datname) (pg_stat_activity_count{datname!~"template.*|postgres"}) < 5 + for: 2m + labels: + severity: warning + annotations: + summary: Postgresql not enough connections (instance {{ $labels.instance }}) + description: "PostgreSQL instance should have more connections (> 5)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlDeadLocks + expr: increase(pg_stat_database_deadlocks{datname!~"template.*|postgres"}[1m]) > 5 + for: 0m + labels: + severity: warning + annotations: + summary: Postgresql dead locks (instance {{ $labels.instance }}) + description: "PostgreSQL has dead-locks\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlHighRollbackRate + expr: sum by (namespace,datname) ((rate(pg_stat_database_xact_rollback{datname!~"template.*|postgres",datid!="0"}[3m])) / ((rate(pg_stat_database_xact_rollback{datname!~"template.*|postgres",datid!="0"}[3m])) + (rate(pg_stat_database_xact_commit{datname!~"template.*|postgres",datid!="0"}[3m])))) > 0.02 + for: 0m + labels: + severity: warning + annotations: + summary: Postgresql high rollback rate (instance {{ $labels.instance }}) + description: "Ratio of transactions being aborted compared to committed is > 2 %\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlCommitRateLow + expr: rate(pg_stat_database_xact_commit[1m]) < 10 + for: 2m + labels: + severity: critical + annotations: + summary: Postgresql commit rate low (instance {{ $labels.instance }}) + description: "Postgresql seems to be processing very few transactions\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlLowXidConsumption + expr: rate(pg_txid_current[1m]) < 5 + for: 2m + labels: + severity: warning + annotations: + summary: Postgresql low XID consumption (instance {{ $labels.instance }}) + description: "Postgresql seems to be consuming transaction IDs very slowly\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlHighRateStatementTimeout + expr: rate(postgresql_errors_total{type="statement_timeout"}[1m]) > 3 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql high rate statement timeout (instance {{ $labels.instance }}) + description: "Postgres transactions showing high rate of statement timeouts\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlHighRateDeadlock + expr: increase(postgresql_errors_total{type="deadlock_detected"}[1m]) > 1 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql high rate deadlock (instance {{ $labels.instance }}) + description: "Postgres detected deadlocks\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlUnusedReplicationSlot + expr: pg_replication_slots_active == 0 + for: 1m + labels: + severity: warning + annotations: + summary: Postgresql unused replication slot (instance {{ $labels.instance }}) + description: "Unused Replication Slots\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlTooManyDeadTuples + expr: ((pg_stat_user_tables_n_dead_tup > 10000) / (pg_stat_user_tables_n_live_tup + pg_stat_user_tables_n_dead_tup)) >= 0.1 + for: 2m + labels: + severity: warning + annotations: + summary: Postgresql too many dead tuples (instance {{ $labels.instance }}) + description: "PostgreSQL dead tuples is too large\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlConfigurationChanged + expr: '{__name__=~"pg_settings_.*"} != ON(__name__) {__name__=~"pg_settings_([^t]|t[^r]|tr[^a]|tra[^n]|tran[^s]|trans[^a]|transa[^c]|transac[^t]|transact[^i]|transacti[^o]|transactio[^n]|transaction[^_]|transaction_[^r]|transaction_r[^e]|transaction_re[^a]|transaction_rea[^d]|transaction_read[^_]|transaction_read_[^o]|transaction_read_o[^n]|transaction_read_on[^l]|transaction_read_onl[^y]).* "} OFFSET 5m' + for: 0m + labels: + severity: info + annotations: + summary: Postgresql configuration changed (instance {{ $labels.instance }}) + description: "Postgres Database configuration change has occurred\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlSslCompressionActive + expr: sum(pg_stat_ssl_compression) > 0 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql SSL compression active (instance {{ $labels.instance }}) + description: "Database connections with SSL compression enabled. This may add significant jitter in replication delay. in recovery.conf.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + `}} \ No newline at end of file From 55d5e3307aafca4d86b0813310ab43973252bbc8 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 22 Dec 2023 14:00:13 +0800 Subject: [PATCH 041/122] megre(addons): megre from upstream --- .../15/chart/postgresql-cluster/README.md | 11 +---------- .../postgresql-cluster/templates/_helpers.tpl | 4 ---- .../postgresql-cluster/templates/cm-backup.yaml | 14 +------------- .../15/chart/postgresql-cluster/templates/sec.yaml | 7 +------ .../postgresql-cluster/templates/statefulset.yaml | 5 ----- .../15/chart/postgresql-cluster/values.yaml | 7 ++----- .../15/plans/standard-10/bind.yaml | 5 +---- .../15/plans/standard-50/meta.yaml | 4 ---- 8 files changed, 6 insertions(+), 51 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 59cf8250..4dd6522d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -71,7 +71,6 @@ backup: - Login database web with admin user & password -<<<<<<< HEAD - Change administrator initial password ``` ALTER USER administrator WITH ENCRYPTED PASSWORD 'newpassword'; @@ -88,15 +87,7 @@ GRANT `myuser` to administrator ; - CREATE APP DATABASE ``` CREATE DATABASE `mydb` OWNER `myuser`; -======= -- CREATE APP USER -``` -CREATE USER `my_user` WITH CONNECTION LIMIT `conn_limit` LOGIN ENCRYPTED PASSWORD 'password'; -``` -- CREATE APP DATABASE -``` -CREATE DATABASE `my_db` OWNER `my_user`; ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + ``` - CREATE EXTENSIONS ``` diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index ad84a3b0..bb67a496 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -189,11 +189,7 @@ Get the administrator password ; {{- if .Values.adminRole.password }} {{- .Values.adminRole.password -}} {{- else -}} -<<<<<<< HEAD {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "admin-password") -}} -======= - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd {{- end -}} {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml index 601a4f03..62cb7596 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml @@ -1,7 +1,3 @@ -<<<<<<< HEAD -======= -{{- if (include "backup.createConfigmap" .) }} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd apiVersion: v1 kind: ConfigMap metadata: @@ -17,13 +13,5 @@ metadata: {{- end }} data: backup.env: |- -<<<<<<< HEAD {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} -======= - {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} - # archive_command.sh: | - - # #/bin/bash - # source backup.env - # [ $USE_WALG ] ? sh /opt/drycc/postgresql/walbackup.sh %p : /bin/true -{{- end -}} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 9bd002e3..c2e13055 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -14,10 +14,5 @@ data: password-superuser: {{ include "credentials.superuserValue" . | b64enc | quote }} password-rewind: {{ include "credentials.rewindValue" . | b64enc | quote }} password-replication: {{ include "credentials.replicationValue" . | b64enc | quote }} -<<<<<<< HEAD admin-user: {{ .Values.adminRole.username | b64enc | quote }} - admin-password: {{ include "adminRole.passwordValue" . | b64enc | quote }} -======= - admin-user: {{ .Values.adminRole.username | b64enc }} - admin-password: {{ .Values.adminRole.password | b64enc }} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + admin-password: {{ include "adminRole.passwordValue" . | b64enc | quote }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 66c979cd..0dad1437 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -161,11 +161,6 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} -<<<<<<< HEAD - -======= - {{- if .Values.backup.enabled }} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd - name: {{ .Chart.Name }}-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index cd40d29a..d15aa52a 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -124,13 +124,10 @@ postInitScript: | psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor;create extension pg_stat_statements;create extension pg_buffercache ;" # Create admin user if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then -<<<<<<< HEAD + echo "Creating user ${ADMIN_USER}" psql -w -c "CREATE USER ${ADMIN_USER} WITH SUPERUSER CREATEDB CREATEROLE CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" -======= - echo "Creating user ${ADMIN_USER}" - # psql -w -c "CREATE USER ${ADMIN_USER} WITH NOSUPERUSER CREATEDB CREATEROLE REPLICATION CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + else echo "Skipping create admin user" fi diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index 11bbb4e1..e41b7b31 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -32,10 +32,7 @@ credential: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.admin-user }' - name: PORT -<<<<<<< HEAD value: 5432 - name: DADABASE value: postgres -======= - value: 5432 ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml index 7586884a..a194f7ef 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml @@ -1,10 +1,6 @@ name: "standard-50" id: 0542f411-4e7b-46af-966c-c9989e54873c -<<<<<<< HEAD description: "PostgreSQL Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" -======= -description: "PostgreSQL standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd displayName: "standard-50" bindable: true maximum_polling_duration: 1800 From 1965e9b4f4a5d27ea539445d1e17d3b1cb0464d2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 2 Jan 2024 14:33:56 +0800 Subject: [PATCH 042/122] chore(postgresql-cluster): reset wal retain size --- .../15/chart/postgresql-cluster/values.yaml | 1 - .../postgresql-cluster/15/plans/standard-10/values.yaml | 4 ++-- .../postgresql-cluster/15/plans/standard-100/values.yaml | 8 ++++---- .../postgresql-cluster/15/plans/standard-20/values.yaml | 4 ++-- .../postgresql-cluster/15/plans/standard-200/values.yaml | 8 ++++---- .../postgresql-cluster/15/plans/standard-400/values.yaml | 8 ++++---- .../postgresql-cluster/15/plans/standard-50/values.yaml | 4 ++-- .../postgresql-cluster/15/plans/standard-800/values.yaml | 8 ++++---- 8 files changed, 22 insertions(+), 23 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index d15aa52a..b32ab391 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -72,7 +72,6 @@ preInitScript: | hot_standby: "on" max_connections: 1005 max_worker_processes: 8 - wal_keep_segments: 1024 max_wal_senders: 10 max_replication_slots: 10 max_prepared_transactions: 0 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index fd8fd98f..adf735cd 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -28,7 +28,7 @@ postgresql: # Checkpointing: checkpoint_timeout = '15 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' + max_wal_size = '1 GB' min_wal_size = '512 MB' # WAL writing @@ -36,7 +36,7 @@ postgresql: wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '1 GB' # Background writer bgwriter_delay = 200ms diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index 90625a5d..97b6efe0 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -26,17 +26,17 @@ postgresql: synchronous_commit = on # Checkpointing: - checkpoint_timeout = '15 min' + checkpoint_timeout = '25 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' - min_wal_size = '512 MB' + max_wal_size = '4 GB' + min_wal_size = '2 GB' # WAL writing wal_compression = on wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '4 GB' # Background writer diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index fed1e2da..b0f465d2 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -28,7 +28,7 @@ postgresql: # Checkpointing: checkpoint_timeout = '15 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' + max_wal_size = '2 GB' min_wal_size = '512 MB' @@ -37,7 +37,7 @@ postgresql: wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '1 GB' # Background writer diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index a0427d92..24ca6659 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -26,17 +26,17 @@ postgresql: synchronous_commit = on # Checkpointing: - checkpoint_timeout = '15 min' + checkpoint_timeout = '25 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' - min_wal_size = '512 MB' + max_wal_size = '5 GB' + min_wal_size = '3 GB' # WAL writing wal_compression = on wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '5 GB' # Background writer bgwriter_delay = 200ms diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml index 062ee7cb..44d572d8 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -26,17 +26,17 @@ postgresql: synchronous_commit = on # Checkpointing: - checkpoint_timeout = '15 min' + checkpoint_timeout = '30 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' - min_wal_size = '512 MB' + max_wal_size = '6 GB' + min_wal_size = '2 GB' # WAL writing wal_compression = on wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '10 GB' # Background writer bgwriter_delay = 200ms diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml index 046e87ea..c911400d 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -28,7 +28,7 @@ postgresql: # Checkpointing: checkpoint_timeout = '15 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' + max_wal_size = '2 GB' min_wal_size = '512 MB' # WAL writing @@ -36,7 +36,7 @@ postgresql: wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '3 GB' # Background writer diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml index c6efbfa0..4c62936e 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -26,17 +26,17 @@ postgresql: synchronous_commit = on # Checkpointing: - checkpoint_timeout = '15 min' + checkpoint_timeout = '30 min' checkpoint_completion_target = 0.9 - max_wal_size = '10240 MB' - min_wal_size = '5120 MB' + max_wal_size = '8 GB' + min_wal_size = '4 GB' # WAL writing wal_compression = on wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '22080 MB' + wal_keep_size = '10 GB' # Background writer bgwriter_delay = 200ms From a3e38686bd3a356614065b1484e11c5dae06d064 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 11 Jan 2024 09:35:37 +0800 Subject: [PATCH 043/122] chore(postgresql-cluster):add hugepages-2Mi limit in plans --- addons/postgresql-cluster/15/plans/standard-100/values.yaml | 1 + addons/postgresql-cluster/15/plans/standard-200/values.yaml | 1 + addons/postgresql-cluster/15/plans/standard-400/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-50/values.yaml | 3 ++- addons/postgresql-cluster/15/plans/standard-800/values.yaml | 2 +- 5 files changed, 6 insertions(+), 3 deletions(-) diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index 97b6efe0..fff5cf6a 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -66,6 +66,7 @@ resources: limits: cpu: 4000m memory: 16Gi + hugepages-2Mi: 50Mi requests: cpu: 4000m memory: 16Gi diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index 24ca6659..097a65b6 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -65,6 +65,7 @@ resources: limits: cpu: 8000m memory: 32Gi + hugepages-2Mi: 60Mi requests: cpu: 8000m memory: 32Gi diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml index 44d572d8..3dd25a18 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -65,7 +65,7 @@ resources: limits: cpu: 16000m memory: 64Gi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 40Mi requests: cpu: 16000m memory: 64Gi diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml index c911400d..4712cacb 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -66,10 +66,11 @@ resources: limits: cpu: 2000m memory: 8Gi + hugepages-2Mi: 20Mi requests: cpu: 2000m memory: 8Gi persistentVolume: enabled: true - size: 50G + size: 50Gi diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml index 4c62936e..a91fe646 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -65,7 +65,7 @@ resources: limits: cpu: 32000m memory: 128Gi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 80Mi requests: cpu: 32000m memory: 128Gi From 6e6c35485120be392059b32f127dae01e7dc6313 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 18 Jan 2024 09:56:36 +0800 Subject: [PATCH 044/122] chore(addons): alter cloudbeaver plan to 10, prometheus add hotupdate param --- .../23/plans/{standard-5 => standard-10}/bind.yaml | 0 .../create-instance-schema.json | 0 .../23/plans/{standard-5 => standard-10}/meta.yaml | 0 .../23/plans/{standard-5 => standard-10}/values.yaml | 2 +- .../chart/postgresql-cluster/templates/statefulset.yaml | 5 +++++ .../15/chart/postgresql-cluster/values.yaml | 9 +++++++++ .../2/chart/prometheus/templates/server/deployment.yaml | 1 + 7 files changed, 16 insertions(+), 1 deletion(-) rename addons/cloudbeaver/23/plans/{standard-5 => standard-10}/bind.yaml (100%) rename addons/cloudbeaver/23/plans/{standard-5 => standard-10}/create-instance-schema.json (100%) rename addons/cloudbeaver/23/plans/{standard-5 => standard-10}/meta.yaml (100%) rename addons/cloudbeaver/23/plans/{standard-5 => standard-10}/values.yaml (99%) diff --git a/addons/cloudbeaver/23/plans/standard-5/bind.yaml b/addons/cloudbeaver/23/plans/standard-10/bind.yaml similarity index 100% rename from addons/cloudbeaver/23/plans/standard-5/bind.yaml rename to addons/cloudbeaver/23/plans/standard-10/bind.yaml diff --git a/addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json b/addons/cloudbeaver/23/plans/standard-10/create-instance-schema.json similarity index 100% rename from addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json rename to addons/cloudbeaver/23/plans/standard-10/create-instance-schema.json diff --git a/addons/cloudbeaver/23/plans/standard-5/meta.yaml b/addons/cloudbeaver/23/plans/standard-10/meta.yaml similarity index 100% rename from addons/cloudbeaver/23/plans/standard-5/meta.yaml rename to addons/cloudbeaver/23/plans/standard-10/meta.yaml diff --git a/addons/cloudbeaver/23/plans/standard-5/values.yaml b/addons/cloudbeaver/23/plans/standard-10/values.yaml similarity index 99% rename from addons/cloudbeaver/23/plans/standard-5/values.yaml rename to addons/cloudbeaver/23/plans/standard-10/values.yaml index 920f16ca..dee9c848 100644 --- a/addons/cloudbeaver/23/plans/standard-5/values.yaml +++ b/addons/cloudbeaver/23/plans/standard-10/values.yaml @@ -51,7 +51,7 @@ persistence: - ReadWriteOnce ## @param primary.persistence.size MySQL primary persistent volume size ## - size: 5Gi + size: 10Gi ## @param primary.persistence.selector Selector to match an existing Persistent Volume ## selector: ## matchLabels: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 0dad1437..61881313 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -229,6 +229,11 @@ spec: - name: storage-volume emptyDir: {} {{- end }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} {{- if .Values.persistentVolume.enabled }} volumeClaimTemplates: - metadata: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index b32ab391..857ee44d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -277,6 +277,15 @@ backup: awsS3ForcePathStyle: "true" awsRegion: dx-1 +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete persistentVolume: enabled: true size: 10G diff --git a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml index 12480ad1..d8ecaa9f 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml @@ -122,6 +122,7 @@ spec: - "--web.console.libraries=/opt/drycc/prometheus/conf/console_libraries" - "--web.console.templates=/opt/drycc/prometheus/conf/consoles" - "--web.config.file=/opt/drycc/prometheus/conf/web-config.yaml" + - "--web.enable-lifecycle" {{- if .Values.server.enableAdminAPI}} - "--web.enable-admin-api" {{- end }} From 739675b98b85952772d460b43b790b6841200319 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 23 Jan 2024 10:28:41 +0800 Subject: [PATCH 045/122] chore(mysql-cluster): adjust bind params --- .../8.0/chart/mysql-cluster/Chart.yaml | 4 +- .../templates/cluster/deployments.yaml | 41 +++++++++++++++++++ .../mysql-cluster/templates/cluster/job.yaml | 3 +- .../mysql-cluster/templates/secrets.yaml | 4 +- .../8.0/chart/mysql-cluster/values.yaml | 8 ++-- addons/mysql-cluster/8.0/meta.yaml | 4 +- .../8.0/plans/standard-10/bind.yaml | 17 +++----- .../8.0/plans/standard-10/values.yaml | 4 +- .../8.0/plans/standard-100/bind.yaml | 19 ++++----- .../8.0/plans/standard-20/bind.yaml | 17 +++----- .../8.0/plans/standard-200/bind.yaml | 17 +++----- .../8.0/plans/standard-400/bind.yaml | 17 +++----- .../8.0/plans/standard-50/bind.yaml | 17 +++----- .../8.0/plans/standard-800/bind.yaml | 17 +++----- 14 files changed, 99 insertions(+), 90 deletions(-) create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/Chart.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/Chart.yaml index 634f9453..8b3d99c5 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/Chart.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/Chart.yaml @@ -1,7 +1,7 @@ annotations: category: Database apiVersion: v2 -appVersion: 8.0.30 +appVersion: 8.0.35 dependencies: - name: common repository: oci://registry.drycc.cc/charts @@ -25,4 +25,4 @@ name: mysql sources: - https://github.com/drycc/containers/tree/main/drycc/mysql - https://mysql.com -version: 9.3.5 +version: 8.0.35 diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml new file mode 100644 index 00000000..ef626420 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml @@ -0,0 +1,41 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mysql.cluster.fullname" . }}-tools + namespace: {{ include "common.names.namespace" . | quote }} +spec: + replicas: 1 + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mysql-cluster-tools + + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mysql-cluster-tools + + spec: + containers: + - name: cluster-tools + image: {{ include "cluster.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + sleep infinity + env: + - name: MYSQL_MASTER_PORT_NUMBER + value: {{ .Values.primary.service.ports.mysql | quote }} + - name: MYSQL_MASTER_ROOT_USER + value: "root" + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-root-password diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml index a922a4c4..88365d71 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml @@ -67,7 +67,8 @@ spec: " > /tmp/slave.sql mysql -h${HOST_1} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/slave.sql mysql -h${HOST_2} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/slave.sql - + mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "GRANT ALL PRIVILEGES ON *.* TO administrator@'%' WITH GRANT OPTION;flush privileges;" + env: - name: DRYCC_DEBUG value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/secrets.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/secrets.yaml index c51cfb39..75c6bf5e 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/secrets.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/secrets.yaml @@ -46,7 +46,7 @@ metadata: {{- end }} type: servicebinding.io/mysql data: - provider: {{ print "bitnami" | b64enc | quote }} + provider: {{ print "drycc" | b64enc | quote }} type: {{ print "mysql" | b64enc | quote }} host: {{ print $host | b64enc | quote }} port: {{ print $port | b64enc | quote }} @@ -60,7 +60,7 @@ data: apiVersion: v1 kind: Secret metadata: - name: {{ include "common.names.fullname" . }}-svcbind-custom-user + name: {{ include "common.names.fullname" . }}-svcbind-administrator-user namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 2c70143b..031cbe43 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -113,11 +113,11 @@ auth: ## @param auth.database Name for a custom database to create ## ref: https://github.com/drycc/containers/tree/main/drycc/mysql#creating-a-database-on-first-run ## - database: "mx_database" + database: "mondb" ## @param auth.username Name for a custom user to create ## ref: https://github.com/drycc/containers/tree/main/drycc/mysql#creating-a-database-user-on-first-run ## - username: "mx111" + username: "administrator" ## @param auth.password Password for the new user. Ignored if existing secret is provided ## password: "" @@ -127,7 +127,7 @@ auth: replicationUser: replicator ## @param auth.replicationPassword MySQL replication user password. Ignored if existing secret is provided ## - replicationPassword: "user4_repUU" + replicationPassword: "" ## @param auth.existingSecret Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` ## NOTE: When it's set the auth.rootPassword, auth.password, auth.replicationPassword are ignored. ## @@ -244,6 +244,7 @@ primary: disabled_storage_engines="MyISAM,BLACKHOLE,FEDERATED,ARCHIVE,MEMORY" sql_require_primary_key=ON log_error_suppression_list='MY-013360' + binlog_transaction_dependency_tracking=WRITESET # Replication log_bin=mysql-bin @@ -603,6 +604,7 @@ cluster: digest: "" pullPolicy: IfNotPresent + router: ## @param router.name Name of the router ## diff --git a/addons/mysql-cluster/8.0/meta.yaml b/addons/mysql-cluster/8.0/meta.yaml index 5af39a4c..273e3a55 100644 --- a/addons/mysql-cluster/8.0/meta.yaml +++ b/addons/mysql-cluster/8.0/meta.yaml @@ -13,7 +13,7 @@ tags: mysql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: - name: "networkPolicy.allowNamespaces" required: false @@ -21,4 +21,4 @@ allow_parameters: - name: "router.service.type" required: false description: "service type config for values.yaml" -archive: false +archive: false \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml index f90075a8..5e2e6f5d 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml @@ -16,10 +16,10 @@ primary: resources: limits: cpu: 1000m - memory: 1024Mi + memory: 2048Mi requests: cpu: 1000m - memory: 1024Mi + memory: 2048Mi ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml index 3ec3ed37..1bb7d8b5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' + {{- end }} - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file From d120aa803377aeaa74a296d0e66009c69306bb1b Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 23 Jan 2024 15:45:30 +0800 Subject: [PATCH 046/122] chore(postgresql-cluster): add plan 4t --- .../15/plans/standard-4t/bind.yaml | 37 +++++++++ .../standard-4t/create-instance-schema.json | 12 +++ .../15/plans/standard-4t/meta.yaml | 6 ++ .../15/plans/standard-4t/values.yaml | 75 +++++++++++++++++++ 4 files changed, 130 insertions(+) create mode 100644 addons/postgresql-cluster/15/plans/standard-4t/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-4t/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-4t/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-4t/bind.yaml b/addons/postgresql-cluster/15/plans/standard-4t/bind.yaml new file mode 100644 index 00000000..0283dff3 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-4t/bind.yaml @@ -0,0 +1,37 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml b/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml new file mode 100644 index 00000000..208f253c --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4t" +id: 138f8059-a3f6-4efe-a210-09d9ff00f9a9 +description: "PostgreSQL Cluster standard-4t plan: Disk 4Ti ,vCPUs 32 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-4t" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml new file mode 100644 index 00000000..d4046150 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-800 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '16384 MB' + work_mem = '256 MB' + maintenance_work_mem = '2048 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '45 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '30 min' + checkpoint_completion_target = 0.9 + max_wal_size = '32 GB' + min_wal_size = '16 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '60 GB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 32 + max_parallel_workers_per_gather = 16 + max_parallel_maintenance_workers = 16 + max_parallel_workers = 32 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 32000m + memory: 64Gi + hugepages-2Mi: 80Mi + requests: + cpu: 32000m + memory: 64Gi + +persistentVolume: + enabled: true + size: 4Ti From b573f917c03baf7e1b56d398f4b3270e8235d06c Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 21 Feb 2024 11:56:51 +0800 Subject: [PATCH 047/122] chore(postgresql-cluster): adjust pg params & monitor user privilege --- .../15/chart/postgresql-cluster/values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 857ee44d..02f9bdfa 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -57,6 +57,7 @@ preInitScript: | loop_wait: 10 retry_timeout: 10 maximum_lag_on_failover: 1048576 + failsafe_mode: true postgresql: use_pg_rewind: true use_slots: true @@ -74,6 +75,7 @@ preInitScript: | max_worker_processes: 8 max_wal_senders: 10 max_replication_slots: 10 + hot_standby_feedback: on max_prepared_transactions: 0 max_locks_per_transaction: 64 wal_log_hints: "on" @@ -120,7 +122,7 @@ postInitScript: | #!/bin/bash set -Eeu # Create monitor user - psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor;create extension pg_stat_statements;create extension pg_buffercache ;" + psql -w -c "CREATE USER tea_mon ;GRANT pg_monitor TO tea_mon ;create extension pg_stat_statements;create extension pg_buffercache ;" # Create admin user if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then From d00010ff498085e5df4a5d5cd657b9f097423546 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 21 Feb 2024 14:44:26 +0800 Subject: [PATCH 048/122] chore(mysql-cluster): set persistentVolumeClaimRetentionPolicy deleted --- .../chart/mysql-cluster/templates/primary/statefulset.yaml | 5 +++++ addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 4 ++++ addons/mysql-cluster/8.0/plans/standard-10/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-10/values.yaml | 6 +++--- addons/mysql-cluster/8.0/plans/standard-100/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-20/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-200/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-400/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-50/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-800/bind.yaml | 5 ++--- 10 files changed, 26 insertions(+), 24 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 24302e10..a5ffa045 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -369,6 +369,11 @@ spec: - name: data emptyDir: {} {{- else if and .Values.primary.persistence.enabled (not .Values.primary.persistence.existingClaim) }} + {{- if .Values.primary.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.primary.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.primary.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: data diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 031cbe43..1f460ecf 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -474,6 +474,10 @@ primary: ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete persistence: ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir ## diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml index 5e2e6f5d..198b5253 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml @@ -16,11 +16,11 @@ primary: resources: limits: cpu: 1000m - memory: 2048Mi + memory: 4Gi requests: cpu: 1000m - memory: 2048Mi - + memory: 4Gi + ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml index 1bb7d8b5..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: From 104fec2249bdf7aa74e0d8747464c523d09c705f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 26 Feb 2024 17:17:23 +0800 Subject: [PATCH 049/122] chore(mysql-cluster): persistence group_replication_group_name after greate new cluster --- .../mysql-cluster/charts/common/.helmignore | 22 +++ .../mysql-cluster/charts/common/Chart.yaml | 9 + .../charts/common/templates/_affinities.tpl | 139 +++++++++++++ .../charts/common/templates/_capabilities.tpl | 185 ++++++++++++++++++ .../charts/common/templates/_errors.tpl | 28 +++ .../charts/common/templates/_images.tpl | 101 ++++++++++ .../charts/common/templates/_ingress.tpl | 73 +++++++ .../charts/common/templates/_labels.tpl | 39 ++++ .../charts/common/templates/_names.tpl | 71 +++++++ .../charts/common/templates/_secrets.tpl | 172 ++++++++++++++++ .../charts/common/templates/_storage.tpl | 28 +++ .../charts/common/templates/_tplvalues.tpl | 38 ++++ .../charts/common/templates/_utils.tpl | 67 +++++++ .../charts/common/templates/_warnings.tpl | 19 ++ .../templates/validations/_cassandra.tpl | 77 ++++++++ .../common/templates/validations/_mariadb.tpl | 108 ++++++++++ .../common/templates/validations/_mongodb.tpl | 113 +++++++++++ .../common/templates/validations/_mysql.tpl | 108 ++++++++++ .../templates/validations/_postgresql.tpl | 134 +++++++++++++ .../common/templates/validations/_redis.tpl | 81 ++++++++ .../templates/validations/_validations.tpl | 51 +++++ .../mysql-cluster/charts/common/values.yaml | 2 + .../mysql-cluster/templates/cluster/job.yaml | 7 +- .../templates/networkpolicy.yaml | 1 + .../templates/router/statefulset.yaml | 18 +- .../8.0/chart/mysql-cluster/values.yaml | 16 +- 26 files changed, 1683 insertions(+), 24 deletions(-) create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml new file mode 100644 index 00000000..424bb6ae --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +description: Drycc Common +home: https://github.com/drycc/common +maintainers: +- email: team@drycc.cc + name: Team Drycc +name: common +type: library +version: 1.1.3 diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl new file mode 100644 index 00000000..e85b1df4 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl @@ -0,0 +1,139 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a topologyKey definition +{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} +*/}} +{{- define "common.affinities.topologyKey" -}} +{{ .topologyKey | default "kubernetes.io/hostname" -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: 1 + {{- range $extraPodAffinityTerms }} + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: {{ .weight | default 1 -}} + {{- end -}} +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- range $extraPodAffinityTerms }} + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- end -}} +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl new file mode 100644 index 00000000..c6d115fe --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl @@ -0,0 +1,185 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "common.capabilities.hpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl new file mode 100644 index 00000000..07ded6f6 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl @@ -0,0 +1,28 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl new file mode 100644 index 00000000..e248d6d0 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl @@ -0,0 +1,101 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $separator := ":" -}} +{{- $termination := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if .imageRoot.digest }} + {{- $separator = "@" -}} + {{- $termination = .imageRoot.digest | toString -}} +{{- end -}} +{{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} +{{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) +{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} +*/}} +{{- define "common.images.version" -}} +{{- $imageTag := .imageRoot.tag | toString -}} +{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} +{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} + {{- $version := semver $imageTag -}} + {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} +{{- else -}} + {{- print .chart.AppVersion -}} +{{- end -}} +{{- end -}} + diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl new file mode 100644 index 00000000..efa5b85c --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl @@ -0,0 +1,73 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl new file mode 100644 index 00000000..a0534f7f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl @@ -0,0 +1,39 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Kubernetes standard labels +{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} +*/}} +{{- define "common.labels.standard" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) (dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service) | toYaml }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} +{{- end -}} + +{{/* +Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector +{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} + +We don't want to loop over custom labels appending them to the selector +since it's very likely that it will break deployments, services, etc. +However, it's important to overwrite the standard labels if the user +overwrote them on metadata.labels fields. +*/}} +{{- define "common.labels.matchLabels" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl new file mode 100644 index 00000000..a222924f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl @@ -0,0 +1,71 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified app name adding the installation's namespace. +*/}} +{{- define "common.names.fullname.namespace" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl new file mode 100644 index 00000000..a193c46b --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl @@ -0,0 +1,172 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $failOnNew := default true .failOnNew }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key | quote }} + {{- else if $failOnNew }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Reuses the value from an existing secret, otherwise sets its value to a default value. + +Usage: +{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - context - Context - Required - Parent context. + +*/}} +{{- define "common.secrets.lookup" -}} +{{- $value := "" -}} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} +{{- if and $secretData (hasKey $secretData .key) -}} + {{- $value = index $secretData .key -}} +{{- else if .defaultValue -}} + {{- $value = .defaultValue | toString | b64enc -}} +{{- end -}} +{{- if $value -}} +{{- printf "%s" $value -}} +{{- end -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl new file mode 100644 index 00000000..16405a0f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl @@ -0,0 +1,28 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl new file mode 100644 index 00000000..a8ed7637 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,38 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template perhaps with scope if the scope is present. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} +*/}} +{{- define "common.tplvalues.render" -}} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl $value .context }} + {{- end }} +{{- else }} + {{- $value }} +{{- end }} +{{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl new file mode 100644 index 00000000..c87040cd --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl @@ -0,0 +1,67 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl new file mode 100644 index 00000000..66dffc1f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl @@ -0,0 +1,19 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 00000000..eda9aada --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 00000000..17d83a2f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 00000000..bbb445b8 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,113 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl new file mode 100644 index 00000000..ca3953f8 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MySQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mysql.passwords" -}} + {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mysql.values.enabled" . -}} + {{- $architecture := include "common.mysql.values.architecture" . -}} + {{- $authPrefix := include "common.mysql.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mysql. + +Usage: +{{ include "common.mysql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mysql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mysql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.key.auth" -}} + {{- if .subchart -}} + mysql.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 00000000..8c9aa570 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,134 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl new file mode 100644 index 00000000..fc0d208d --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,81 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis® required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl new file mode 100644 index 00000000..31ceda87 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,51 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml new file mode 100644 index 00000000..79ba8424 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml @@ -0,0 +1,2 @@ +## drycc/common +## It is required by CI/CD tools and processes. \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml index 88365d71..d2efbfc6 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml @@ -103,8 +103,13 @@ spec: - -ec - | export HOST_0=${MYSQL_MASTER_HOST}-0.${MYSQL_MASTER_HOST} - echo 'Y' | mysqlsh --uri=${MYSQL_MASTER_ROOT_USER}@${HOST_0}:${MYSQL_MASTER_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} -e'var c=dba.createCluster("MXMGR");' + export HOST_1=${MYSQL_MASTER_HOST}-1.${MYSQL_MASTER_HOST} + export HOST_2=${MYSQL_MASTER_HOST}-2.${MYSQL_MASTER_HOST} + echo 'Y' | mysqlsh --uri=${MYSQL_MASTER_ROOT_USER}@${HOST_0}:${MYSQL_MASTER_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} -e'var c=dba.createCluster("MXMGR");' + mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; + mysql -h${HOST_1} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; + mysql -h${HOST_2} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; env: - name: MYSQL_MASTER_HOST value: {{ include "mysql.primary.fullname" . }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index 40a5c22d..b792b024 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -26,6 +26,7 @@ spec: - port: {{ .Values.router.service.portrw }} - port: {{ .Values.router.service.portro }} - port: 24901 + - port: 33061 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.service.port }} {{ end }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml index dd5365fa..28722c28 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml @@ -186,11 +186,7 @@ spec: - /bin/bash - -ec - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -h127.0.0.1 -P6446 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -P6446 -p"${MYSQL_ROOT_PASSWORD}" {{- end }} {{- if .Values.router.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.router.customReadinessProbe "context" $) | nindent 12 }} @@ -201,11 +197,7 @@ spec: - /bin/bash - -ec - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -h127.0.0.1 -P6446 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -P6446 -p"${MYSQL_ROOT_PASSWORD}" {{- end }} {{- if .Values.router.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.router.customStartupProbe "context" $) | nindent 12 }} @@ -216,11 +208,7 @@ spec: - /bin/bash - -ec - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -h127.0.0.1 -P6446 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -P6446 -p"${MYSQL_ROOT_PASSWORD}" {{- end }} {{- end }} {{- if .Values.router.resources }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 1f460ecf..6915cd65 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -408,7 +408,7 @@ primary: enabled: true initialDelaySeconds: 5 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 ## Configure extra options for readiness probe @@ -424,7 +424,7 @@ primary: enabled: true initialDelaySeconds: 5 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 ## Configure extra options for startupProbe probe @@ -440,7 +440,7 @@ primary: enabled: true initialDelaySeconds: 15 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 10 successThreshold: 1 ## @param primary.customLivenessProbe Override default liveness probe for MySQL primary containers @@ -743,7 +743,7 @@ router: enabled: true initialDelaySeconds: 5 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 ## Configure extra options for readiness probe @@ -759,7 +759,7 @@ router: enabled: true initialDelaySeconds: 5 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 ## Configure extra options for startupProbe probe @@ -775,7 +775,7 @@ router: enabled: true initialDelaySeconds: 15 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 15 successThreshold: 1 ## @param secondary.customLivenessProbe Override default liveness probe for MySQL secondary containers @@ -1154,7 +1154,7 @@ metrics: enabled: true initialDelaySeconds: 120 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 ## Mysqld Prometheus exporter readiness probe @@ -1170,7 +1170,7 @@ metrics: enabled: true initialDelaySeconds: 30 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 ## Prometheus Service Monitor From e48239d5e644030ca14e5b3e372787ef1bc2aa8b Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 26 Feb 2024 17:19:22 +0800 Subject: [PATCH 050/122] chore(mysql-cluster): delete charts common --- .../mysql-cluster/charts/common/.helmignore | 22 --- .../mysql-cluster/charts/common/Chart.yaml | 9 - .../charts/common/templates/_affinities.tpl | 139 ------------- .../charts/common/templates/_capabilities.tpl | 185 ------------------ .../charts/common/templates/_errors.tpl | 28 --- .../charts/common/templates/_images.tpl | 101 ---------- .../charts/common/templates/_ingress.tpl | 73 ------- .../charts/common/templates/_labels.tpl | 39 ---- .../charts/common/templates/_names.tpl | 71 ------- .../charts/common/templates/_secrets.tpl | 172 ---------------- .../charts/common/templates/_storage.tpl | 28 --- .../charts/common/templates/_tplvalues.tpl | 38 ---- .../charts/common/templates/_utils.tpl | 67 ------- .../charts/common/templates/_warnings.tpl | 19 -- .../templates/validations/_cassandra.tpl | 77 -------- .../common/templates/validations/_mariadb.tpl | 108 ---------- .../common/templates/validations/_mongodb.tpl | 113 ----------- .../common/templates/validations/_mysql.tpl | 108 ---------- .../templates/validations/_postgresql.tpl | 134 ------------- .../common/templates/validations/_redis.tpl | 81 -------- .../templates/validations/_validations.tpl | 51 ----- .../mysql-cluster/charts/common/values.yaml | 2 - 22 files changed, 1665 deletions(-) delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore deleted file mode 100644 index 50af0317..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml deleted file mode 100644 index 424bb6ae..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v2 -description: Drycc Common -home: https://github.com/drycc/common -maintainers: -- email: team@drycc.cc - name: Team Drycc -name: common -type: library -version: 1.1.3 diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl deleted file mode 100644 index e85b1df4..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,139 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a topologyKey definition -{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} -*/}} -{{- define "common.affinities.topologyKey" -}} -{{ .topologyKey | default "kubernetes.io/hostname" -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: 1 - {{- range $extraPodAffinityTerms }} - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: {{ .weight | default 1 -}} - {{- end -}} -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- range $extraPodAffinityTerms }} - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- end -}} -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl deleted file mode 100644 index c6d115fe..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,185 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "common.capabilities.daemonset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Vertical Pod Autoscaler. -*/}} -{{- define "common.capabilities.vpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl deleted file mode 100644 index 07ded6f6..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl deleted file mode 100644 index e248d6d0..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl +++ /dev/null @@ -1,101 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $separator := ":" -}} -{{- $termination := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if .imageRoot.digest }} - {{- $separator = "@" -}} - {{- $termination = .imageRoot.digest | toString -}} -{{- end -}} -{{- if $registryName }} - {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} -{{- else -}} - {{- printf "%s%s%s" $repositoryName $separator $termination -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) -{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} -*/}} -{{- define "common.images.version" -}} -{{- $imageTag := .imageRoot.tag | toString -}} -{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} -{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} - {{- $version := semver $imageTag -}} - {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} -{{- else -}} - {{- print .chart.AppVersion -}} -{{- end -}} -{{- end -}} - diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl deleted file mode 100644 index efa5b85c..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl deleted file mode 100644 index a0534f7f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Kubernetes standard labels -{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} -*/}} -{{- define "common.labels.standard" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) (dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service) | toYaml }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} -{{- end -}} - -{{/* -Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector -{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} - -We don't want to loop over custom labels appending them to the selector -since it's very likely that it will break deployments, services, etc. -However, it's important to overwrite the standard labels if the user -overwrote them on metadata.labels fields. -*/}} -{{- define "common.labels.matchLabels" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl deleted file mode 100644 index a222924f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl deleted file mode 100644 index a193c46b..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,172 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $failOnNew := default true .failOnNew }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key | quote }} - {{- else if $failOnNew }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString | b64enc | quote }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} - {{- else }} - {{- $password = randAlphaNum $passwordLength | b64enc | quote }} - {{- end }} -{{- end -}} -{{- printf "%s" $password -}} -{{- end -}} - -{{/* -Reuses the value from an existing secret, otherwise sets its value to a default value. - -Usage: -{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - context - Context - Required - Parent context. - -*/}} -{{- define "common.secrets.lookup" -}} -{{- $value := "" -}} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} -{{- if and $secretData (hasKey $secretData .key) -}} - {{- $value = index $secretData .key -}} -{{- else if .defaultValue -}} - {{- $value = .defaultValue | toString | b64enc -}} -{{- end -}} -{{- if $value -}} -{{- printf "%s" $value -}} -{{- end -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl deleted file mode 100644 index 16405a0f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index a8ed7637..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template perhaps with scope if the scope is present. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} -*/}} -{{- define "common.tplvalues.render" -}} -{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} -{{- if contains "{{" (toJson .value) }} - {{- if .scope }} - {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} - {{- else }} - {{- tpl $value .context }} - {{- end }} -{{- else }} - {{- $value }} -{{- end }} -{{- end -}} - -{{/* -Merge a list of values that contains template after rendering them. -Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge -Usage: -{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} -*/}} -{{- define "common.tplvalues.merge" -}} -{{- $dst := dict -}} -{{- range .values -}} -{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} -{{- end -}} -{{ $dst | toYaml }} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl deleted file mode 100644 index c87040cd..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,67 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl deleted file mode 100644 index 66dffc1f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index eda9aada..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index 17d83a2f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index bbb445b8..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,113 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index ca3953f8..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 8c9aa570..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,134 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index fc0d208d..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,81 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 31ceda87..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml deleted file mode 100644 index 79ba8424..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -## drycc/common -## It is required by CI/CD tools and processes. \ No newline at end of file From 3892256048f495b54dccd1e65e816a26c61227a0 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 26 Feb 2024 17:26:44 +0800 Subject: [PATCH 051/122] chore(postgresql-cluster): reset max_slot_wal_keep_size --- addons/postgresql-cluster/15/plans/standard-100/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-200/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-400/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-4t/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-50/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-800/values.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index fff5cf6a..29e30b2e 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -56,7 +56,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 10GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index 097a65b6..255f68a5 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -55,7 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 20GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml index 3dd25a18..0ead38b4 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -55,7 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 40GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml index d4046150..ff1aab00 100644 --- a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml @@ -55,7 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 100GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml index 4712cacb..5d12b83a 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -56,7 +56,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 5GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml index a91fe646..9ef5bde1 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -55,7 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 80GB track_wal_io_timing = on maintenance_io_concurrency = 100 From 6c7dec7f8b9c33f7e252a0965497308f292879ff Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Mar 2024 15:39:29 +0800 Subject: [PATCH 052/122] chore(mysql): Re-implementing the cluster implementation --- .../templates/cluster/deployments.yaml | 12 ++- .../mysql-cluster/templates/cluster/job.yaml | 100 ++++++------------ .../templates/primary/statefulset.yaml | 10 +- .../templates/router/statefulset.yaml | 4 + .../8.0/chart/mysql-cluster/values.yaml | 23 ++-- .../8.0/plans/standard-10/bind.yaml | 2 +- .../8.0/plans/standard-100/bind.yaml | 2 +- .../8.0/plans/standard-20/bind.yaml | 2 +- .../8.0/plans/standard-200/bind.yaml | 2 +- .../8.0/plans/standard-400/bind.yaml | 2 +- .../8.0/plans/standard-50/bind.yaml | 2 +- .../8.0/plans/standard-800/bind.yaml | 2 +- 12 files changed, 65 insertions(+), 98 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml index ef626420..3f0deb99 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml @@ -6,20 +6,22 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "mysql.cluster.fullname" . }}-tools + name: {{ include "mysql.cluster.fullname" . }}-manager namespace: {{ include "common.names.namespace" . | quote }} spec: replicas: 1 selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} app.kubernetes.io/component: mysql-cluster-tools - template: metadata: labels: {{- include "common.labels.standard" . | nindent 8 }} app.kubernetes.io/component: mysql-cluster-tools - spec: + subdomain: {{ include "mysql.primary.fullname" . }} + dnsConfig: + searches: + - {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.cluster.local containers: - name: cluster-tools image: {{ include "cluster.image" . }} @@ -30,9 +32,11 @@ spec: - | sleep infinity env: + - name: MYSQL_HOST + value: {{ include "mysql.primary.fullname" . }} - name: MYSQL_MASTER_PORT_NUMBER value: {{ .Values.primary.service.ports.mysql | quote }} - - name: MYSQL_MASTER_ROOT_USER + - name: MYSQL_ROOT_USER value: "root" - name: MYSQL_ROOT_PASSWORD valueFrom: diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml index d2efbfc6..aa9ecfed 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml @@ -6,7 +6,7 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} kind: Job metadata: - name: {{ include "mysql.cluster.fullname" . }} + name: {{ include "mysql.cluster.fullname" . }}-init namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: primary @@ -21,6 +21,10 @@ spec: template: spec: restartPolicy: Never + subdomain: {{ include "mysql.primary.fullname" . }} + dnsConfig: + searches: + - {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.cluster.local initContainers: - name: init-wait image: registry.uucin.com/drycc/python-dev:latest @@ -29,70 +33,16 @@ spec: - netcat - -v - -u - - mysql://$(MYSQL_MASTER_HOST)-0.$(MYSQL_MASTER_HOST):$(MYSQL_MASTER_PORT_NUMBER),mysql://$(MYSQL_MASTER_HOST)-1.$(MYSQL_MASTER_HOST):$(MYSQL_MASTER_PORT_NUMBER),mysql://$(MYSQL_MASTER_HOST)-2.$(MYSQL_MASTER_HOST):$(MYSQL_MASTER_PORT_NUMBER) + - mysql://$(MYSQL_HOST)-2:$(MYSQL_PORT_NUMBER) env: - - name: MYSQL_MASTER_HOST + - name: MYSQL_HOST value: {{ include "mysql.primary.fullname" . }} - - name: MYSQL_MASTER_PORT_NUMBER + - name: MYSQL_PORT_NUMBER value: {{ .Values.primary.service.ports.mysql | quote }} - - - name: mgr - image: {{ include "mysql.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.primary.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - command: - - /bin/bash - - -ec - - | - export HOST_0=${MYSQL_MASTER_HOST}-0.${MYSQL_MASTER_HOST} - export HOST_1=${MYSQL_MASTER_HOST}-1.${MYSQL_MASTER_HOST} - export HOST_2=${MYSQL_MASTER_HOST}-2.${MYSQL_MASTER_HOST} - - echo " - set global group_replication_bootstrap_group=on; - start group_replication; - select * from performance_schema.replication_group_members; - set global group_replication_bootstrap_group=off; - " > /tmp/master.sql - mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/master.sql - - echo " - reset master; - change master to master_user='$(MYSQL_REPLICATION_USER)',master_password='$(MYSQL_REPLICATION_PASSWORD)' for channel 'group_replication_recovery'; - start group_replication; - select * from performance_schema.replication_group_members; - " > /tmp/slave.sql - mysql -h${HOST_1} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/slave.sql - mysql -h${HOST_2} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/slave.sql - mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "GRANT ALL PRIVILEGES ON *.* TO administrator@'%' WITH GRANT OPTION;flush privileges;" - - env: - - name: DRYCC_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: MYSQL_MASTER_HOST - value: {{ include "mysql.primary.fullname" . }} - - name: MYSQL_MASTER_PORT_NUMBER - value: {{ .Values.primary.service.ports.mysql | quote }} - - name: MYSQL_MASTER_ROOT_USER - value: "root" - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-root-password - - name: MYSQL_REPLICATION_USER - value: {{ .Values.auth.replicationUser | quote }} - - name: MYSQL_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-replication-password containers: - - name: cluster + - name: init-cluster image: {{ include "cluster.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.primary.containerSecurityContext.enabled }} @@ -102,20 +52,32 @@ spec: - /bin/bash - -ec - | - export HOST_0=${MYSQL_MASTER_HOST}-0.${MYSQL_MASTER_HOST} - export HOST_1=${MYSQL_MASTER_HOST}-1.${MYSQL_MASTER_HOST} - export HOST_2=${MYSQL_MASTER_HOST}-2.${MYSQL_MASTER_HOST} - echo 'Y' | mysqlsh --uri=${MYSQL_MASTER_ROOT_USER}@${HOST_0}:${MYSQL_MASTER_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} -e'var c=dba.createCluster("MXMGR");' - mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; - mysql -h${HOST_1} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; - mysql -h${HOST_2} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; + export HOST_0=${MYSQL_HOST}-0 + export HOST_1=${MYSQL_HOST}-1 + export HOST_2=${MYSQL_HOST}-2 + + # create mysql cluster --file + echo " + shell.options['dba.restartWaitTimeout']=300; + dba.createCluster('MXMGR',{disableClone:false}); + dba.getCluster().addInstance('root@${HOST_1}',{recoveryMethod:'clone'}); + dba.getCluster().addInstance('root@${HOST_2}',{recoveryMethod:'clone'}); + dba.getCluster().status(); + " > /tmp/create_cluster.js + mysqlsh --uri=${MYSQL_ROOT_USER}@${HOST_0}:${MYSQL_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} -f /tmp/create_cluster.js + + # init sql --sql + echo " + GRANT ALL PRIVILEGES ON *.* TO administrator@'%' WITH GRANT OPTION;flush privileges; + " > /tmp/init.sql + mysqlsh --uri=${MYSQL_ROOT_USER}@${HOST_0}:${MYSQL_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} --sql -f /tmp/init.sql env: - - name: MYSQL_MASTER_HOST + - name: MYSQL_HOST value: {{ include "mysql.primary.fullname" . }} - - name: MYSQL_MASTER_PORT_NUMBER + - name: MYSQL_PORT_NUMBER value: {{ .Values.primary.service.ports.mysql | quote }} - - name: MYSQL_MASTER_ROOT_USER + - name: MYSQL_ROOT_USER value: "root" - name: MYSQL_ROOT_PASSWORD valueFrom: diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index a5ffa045..822a407b 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -46,6 +46,10 @@ spec: {{- if .Values.primary.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }} {{- end }} + subdomain: {{ include "mysql.primary.fullname" . }} + dnsConfig: + searches: + - {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.cluster.local {{- if .Values.primary.affinity }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} {{- else }} @@ -214,7 +218,7 @@ spec: if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi - mysqladmin status -uroot -h127.0.0.1 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -p"${password_aux}" {{- end }} {{- if .Values.primary.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }} @@ -229,7 +233,7 @@ spec: if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi - mysqladmin status -uroot -h127.0.0.1 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -p"${password_aux}" {{- end }} {{- if .Values.primary.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customStartupProbe "context" $) | nindent 12 }} @@ -244,7 +248,7 @@ spec: if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi - mysqladmin status -uroot -h127.0.0.1 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -p"${password_aux}" {{- end }} {{- end }} {{- if .Values.primary.resources }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml index 28722c28..9134cbfe 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml @@ -43,6 +43,10 @@ spec: {{- if .Values.router.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.router.hostAliases "context" $) | nindent 8 }} {{- end }} + subdomain: {{ include "mysql.primary.fullname" . }} + dnsConfig: + searches: + - {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.cluster.local {{- if .Values.router.affinity }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.router.affinity "context" $) | nindent 8 }} {{- else }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 6915cd65..ce87fd76 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -176,9 +176,9 @@ initdbScripts: # Add an offset to avoid reserved server-id=0 value. echo server-id=$((100 + $ordinal)) >> $base_conf_file # Copy appropriate conf.d files from config-map to emptyDir. - echo loose-group_replication_local_address=$mgr_host.$svc_mgr_host:24901 >> $base_conf_file - echo report_host=$mgr_host.$svc_mgr_host >> $base_conf_file - echo loose-group_replication_group_seeds="$svc_mgr_host-0.$svc_mgr_host:24901,$svc_mgr_host-1.$svc_mgr_host:24901,$svc_mgr_host-2.$svc_mgr_host:24901" >> $base_conf_file + echo loose-group_replication_local_address=$mgr_host:24901 >> $base_conf_file + echo report_host=$mgr_host >> $base_conf_file + echo loose-group_replication_group_seeds="$svc_mgr_host-0:24901,$svc_mgr_host-1:24901,$svc_mgr_host-2:24901" >> $base_conf_file echo plugin_load_add='group_replication.so' >> $base_conf_file @@ -204,7 +204,7 @@ primary: ## args: [] ## @param primary.lifecycleHooks for the MySQL Primary container(s) to automate configuration before or after startup - ## + ##configuration lifecycleHooks: {} ## @param primary.hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ @@ -259,18 +259,11 @@ primary: # Multi-threaded Replication replica_preserve_commit_order=ON - replica_parallel_workers=4 + replica_parallel_workers=8 + replica_parallel_type=LOGICAL_CLOCK # Group Replication Settings - #plugin_load_add="group_replication.so" - loose-group_replication_recovery_get_public_key=ON - loose-group_replication_recovery_use_ssl=on - loose-group_replication_group_name="{{uuidv4}}" - loose-group_replication_ip_allowlist="0.0.0.0/0" - - loose-group_replication_bootstrap_group=OFF - loose-group_replication_start_on_boot=OFF - + [client] port=3306 socket=/opt/drycc/mysql/tmp/mysql.sock @@ -689,7 +682,7 @@ router: ## @param secondary.podManagementPolicy podManagementPolicy to manage scaling operation of MySQL secondary pods ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies ## - podManagementPolicy: "" + podManagementPolicy: "Parallel" ## MySQL secondary Pod security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param secondary.podSecurityContext.enabled Enable security context for MySQL secondary pods diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST From 713ae7484eb6f733ecedf70706db1d66b72a7d99 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Mar 2024 16:04:37 +0800 Subject: [PATCH 053/122] chore(postgresql-cluster): fix 4t plan --- addons/pmm/2.41/chart/pmm /.helmignore | 23 -- addons/pmm/2.41/chart/pmm /Chart.yaml | 18 -- addons/pmm/2.41/chart/pmm /README.md | 205 ------------- .../pmm/2.41/chart/pmm /templates/NOTES.txt | 32 -- .../2.41/chart/pmm /templates/_helpers.tpl | 79 ----- .../chart/pmm /templates/clusterrole.yaml | 28 -- .../pmm /templates/clusterrolebinding.yaml | 29 -- .../2.41/chart/pmm /templates/configmap.yaml | 13 - .../2.41/chart/pmm /templates/ingress.yaml | 148 ---------- .../chart/pmm /templates/secret-certs.yaml | 18 -- .../pmm/2.41/chart/pmm /templates/secret.yaml | 24 -- .../2.41/chart/pmm /templates/service.yaml | 49 ---- .../chart/pmm /templates/serviceaccount.yaml | 22 -- .../chart/pmm /templates/statefulset.yaml | 149 ---------- addons/pmm/2.41/chart/pmm /values.yaml | 276 ------------------ .../15/plans/standard-4t/values.yaml | 4 - 16 files changed, 1117 deletions(-) delete mode 100644 addons/pmm/2.41/chart/pmm /.helmignore delete mode 100644 addons/pmm/2.41/chart/pmm /Chart.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /README.md delete mode 100644 addons/pmm/2.41/chart/pmm /templates/NOTES.txt delete mode 100644 addons/pmm/2.41/chart/pmm /templates/_helpers.tpl delete mode 100644 addons/pmm/2.41/chart/pmm /templates/clusterrole.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/clusterrolebinding.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/configmap.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/ingress.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/secret-certs.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/secret.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/service.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/serviceaccount.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/statefulset.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /values.yaml diff --git a/addons/pmm/2.41/chart/pmm /.helmignore b/addons/pmm/2.41/chart/pmm /.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/addons/pmm/2.41/chart/pmm /.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/pmm/2.41/chart/pmm /Chart.yaml b/addons/pmm/2.41/chart/pmm /Chart.yaml deleted file mode 100644 index 7353e99f..00000000 --- a/addons/pmm/2.41/chart/pmm /Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v2 -name: pmm -description: A Helm chart for Percona Monitoring and Management (PMM) -type: application -version: 1.3.11 -appVersion: "2.41.1" -home: https://github.com/percona/pmm -maintainers: - - name: tplavcic - email: tomislav.plavcic@percona.com - - name: bupychuk - email: nurlan.moldomurov@percona.com - - name: spron-in - email: sergey.pronin@percona.com -keywords: - - PMM - - Monitoring -icon: https://www.percona.com/sites/default/files/pmm-logo.png diff --git a/addons/pmm/2.41/chart/pmm /README.md b/addons/pmm/2.41/chart/pmm /README.md deleted file mode 100644 index 3f8a3a4b..00000000 --- a/addons/pmm/2.41/chart/pmm /README.md +++ /dev/null @@ -1,205 +0,0 @@ -# Percona Monitoring and Management (PMM) - -## Introduction - -PMM is an open source database monitoring, observability and management tool. - -Check more info here: https://docs.percona.com/percona-monitoring-and-management/index.html - -## Prerequisites - -- Kubernetes 1.22+ -- Helm 3.2.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `pmm`: - -```sh -helm repo add percona https://percona.github.io/percona-helm-charts/ -helm install pmm percona/pmm -``` - -The command deploys PMM on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall `pmm` deployment: - -```sh -helm uninstall pmm -``` - -This command takes a release name and uninstalls the release. - -It removes all of the resources associated with the last release of the chart as well as the release history. - -## Parameters - -### Percona Monitoring and Management (PMM) parameters - -| Name | Description | Value | -| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |----------------------| -| `image.repository` | PMM image repository | `percona/pmm-server` | -| `image.pullPolicy` | PMM image pull policy | `IfNotPresent` | -| `image.tag` | PMM image tag (immutable tags are recommended) | `2.41.1` | -| `image.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `pmmEnv.DISABLE_UPDATES` | Disables a periodic check for new PMM versions as well as ability to apply upgrades using the UI (need to be disabled in k8s environment as updates rolled with helm/container update) | `1` | -| `pmmResources` | optional [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) requested for [PMM container](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) | `{}` | -| `readyProbeConf.initialDelaySeconds` | Number of seconds after the container has started before readiness probes is initiated | `1` | -| `readyProbeConf.periodSeconds` | How often (in seconds) to perform the probe | `5` | -| `readyProbeConf.failureThreshold` | When a probe fails, Kubernetes will try failureThreshold times before giving up | `6` | - - -### PMM secrets - -| Name | Description | Value | -| --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -| `secret.name` | Defines the name of the k8s secret that holds passwords and other secrets | `pmm-secret` | -| `secret.annotations` | Defines the annotations of the k8s secret that holds passwords and other secrets | `{}` | -| `secret.create` | If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user. | `true` | -| `secret.pmm_password` | Initial PMM password - it changes only on the first deployment, ignored if PMM was already provisioned and just restarted. If PMM admin password is not set, it will be generated. | `""` | -| `certs` | Optional certificates, if not provided PMM would use generated self-signed certificates, | `{}` | - - -### PMM network configuration - -| Name | Description | Value | -| --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `service.name` | Service name that is dns name monitoring services would send data to. `monitoring-service` used by default by pmm-client in Percona operators. | `monitoring-service` | -| `service.type` | Kubernetes Service type | `NodePort` | -| `service.ports[0].port` | https port number | `443` | -| `service.ports[0].targetPort` | target port to map for statefulset and ingress | `https` | -| `service.ports[0].protocol` | protocol for https | `TCP` | -| `service.ports[0].name` | port name | `https` | -| `service.ports[1].port` | http port number | `80` | -| `service.ports[1].targetPort` | target port to map for statefulset and ingress | `http` | -| `service.ports[1].protocol` | protocol for http | `TCP` | -| `service.ports[1].name` | port name | `http` | -| `ingress.enabled` | -- Enable ingress controller resource | `false` | -| `ingress.nginxInc` | -- Using ingress controller from NGINX Inc | `false` | -| `ingress.annotations` | -- Ingress annotations configuration | `{}` | -| `ingress.community.annotations` | -- Ingress annotations configuration for community managed ingress (nginxInc = false) | `{}` | -| `ingress.ingressClassName` | -- Sets the ingress controller class name to use. | `""` | -| `ingress.hosts[0].host` | hostname | `chart-example.local` | -| `ingress.hosts[0].paths` | path mapping | `[]` | -| `ingress.pathType` | -- How ingress paths should be treated. | `Prefix` | -| `ingress.tls` | -- Ingress TLS configuration | `[]` | - - -### PMM storage configuration - -| Name | Description | Value | -| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| `storage.name` | name of PVC | `pmm-storage` | -| `storage.storageClassName` | optional PMM data Persistent Volume Storage Class | `""` | -| `storage.size` | size of storage [depends](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) on number of monitored services and data retention | `10Gi` | -| `storage.dataSource` | VolumeSnapshot to start from | `{}` | -| `storage.selector` | select existing PersistentVolume | `{}` | - - -### PMM kubernetes configurations - -| Name | Description | Value | -| ---------------------------- | ------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `""` | -| `extraLabels` | Labels to add to all deployed objects | `{}` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `pmm-service-account` | -| `podAnnotations` | Pod annotations | `{}` | -| `podSecurityContext` | Configure Pods Security Context | `{}` | -| `securityContext` | Configure Container Security Context | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | - - -Specify each parameter using the `--set key=value[,key=value]` or `--set-string key=value[,key=value]` arguments to `helm install`. For example, - -```sh -helm install pmm \ - --set service.type="NodePort" \ - --set storage.storageClassName="linode-block-storage-retain" \ - percona/pmm -``` - -The above command installs PMM with the Service network type set to `NodePort` and storage class to `linode-block-storage-retain` for persistence storage on LKE. - -> NOTE: Once this chart is deployed, it is impossible to change the application's access credentials, such as password, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example: - -```sh -helm install pmm -f values.yaml percona/pmm -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) or get them from chart definition: `helm show values percona/pmm > values.yaml` - -## Configuration and installation details - -### [Image tags](https://kubernetes.io/docs/concepts/containers/images/#updating-images) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Percona will release a new chart updating its containers if a new version of the main container is available, there are any significant changes, or critical vulnerabilities exist. - -### PMM admin password - -PMM admin password would be set only on the first deployment. That setting is ignored if PMM was already provisioned and just restarted and/or updated. In real-life situations it is recommended to create the `pmm-secret` secret manually before the release and set `secret.create` to false. The chart then won't overwrite secret during install or upgrade and values.yaml won't contain any secret. - -If PMM admin password is not set explicitly (default), it will be generated. - -To get admin password execute: - -```sh -kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode -``` - -### PMM SSL certificates - -PMM ships with self signed SSL certificates to provide secure connection between client and server ([check here](https://docs.percona.com/percona-monitoring-and-management/how-to/secure.html#ssl-encryption)). -You could see the warning when connecting to PMM. To further increase security, you could provide your certificates and add values of credentials to the fields of the `cert` section: - -```yaml -certs: - name: pmm-certs - files: - certificate.crt: - certificate.key: - ca-certs.pem: - dhparam.pem: -``` - -### PMM updates - -By default UI update feature is disabled and should not be enabled. Do not modify that parameter or add it while modifying the custom `values.yaml` file: - -```yaml -pmmEnv: - DISABLE_UPDATES: "1" -``` - -Before updating the helm chart, it is recommended to pre-pull the image on the node where PMM is running, as the PMM images could be large and could take time to download - -PMM updates should happen in a standard way: - -```sh -helm repo update percona -helm upgrade pmm -f values.yaml percona/pmm -``` - -This will check updates in the repo and upgrade deployment if the updates are available. - -### [PMM environment variables](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/docker.html#environment-variables) - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `pmmEnv` property. - -```yaml -pmmEnv: - DISABLE_UPDATES: "1" - DATA_RETENTION: "2160h" # 90 days -``` diff --git a/addons/pmm/2.41/chart/pmm /templates/NOTES.txt b/addons/pmm/2.41/chart/pmm /templates/NOTES.txt deleted file mode 100644 index 5901a351..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ - -Percona Monitoring and Management (PMM) - -An open source database monitoring, observability and management tool -Check more info here: https://docs.percona.com/percona-monitoring-and-management/index.html - -Get the application URL: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Values.service.name }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo https://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ .Values.service.name }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ .Values.service.name }} -o jsonpath="{.status.loadBalancer.ingress[0].ip}") - echo https://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pmm.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[1].containerPort}") - echo "Visit https://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} - -Get password for the "admin" user: - export ADMIN_PASS=$(kubectl get secret pmm-secret --namespace {{ .Release.Namespace }} -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode) - echo $ADMIN_PASS diff --git a/addons/pmm/2.41/chart/pmm /templates/_helpers.tpl b/addons/pmm/2.41/chart/pmm /templates/_helpers.tpl deleted file mode 100644 index 232b94b9..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/_helpers.tpl +++ /dev/null @@ -1,79 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "pmm.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pmm.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pmm.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "pmm.labels" -}} -helm.sh/chart: {{ include "pmm.chart" . }} -{{ include "pmm.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "pmm.selectorLabels" -}} -app.kubernetes.io/name: {{ include "pmm.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/component: pmm-server -app.kubernetes.io/part-of: percona-platform -{{- if .Values.extraLabels }} -{{ toYaml .Values.extraLabels }} -{{- end }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "pmm.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "pmm.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Pod annotation -*/}} -{{- define "pmm.podAnnotations" -}} -app.kubernetes.io/managed-by: {{ .Release.Service }} -helm.sh/chart: {{ include "pmm.chart" . }} -checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations }} -{{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/clusterrole.yaml b/addons/pmm/2.41/chart/pmm /templates/clusterrole.yaml deleted file mode 100644 index 0a0350b6..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/clusterrole.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "pmm.fullname" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} -rules: -# standard RBAC -- apiGroups: [""] # "" indicates the core API group - resources: - - namespaces - - endpoints - - services - - nodes - - pods - - secrets - - serviceaccounts - verbs: - - get - - watch - - list -- nonResourceURLs: - - /metrics - - /metrics/resources - verbs: - - get -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/clusterrolebinding.yaml b/addons/pmm/2.41/chart/pmm /templates/clusterrolebinding.yaml deleted file mode 100644 index dd3ee52d..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/clusterrolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -{{- if .Values.pmmEnv.ENABLE_CLUSTER_ROLE_ADMIN -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "pmm.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: {{ include "pmm.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "pmm.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "pmm.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "pmm.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/configmap.yaml b/addons/pmm/2.41/chart/pmm /templates/configmap.yaml deleted file mode 100644 index cda6b950..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.pmmEnv -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "pmm.fullname" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} -data: -# environment passed to the PMM - {{- with .Values.pmmEnv }} - {{- . | toYaml | nindent 6 }} - {{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/ingress.yaml b/addons/pmm/2.41/chart/pmm /templates/ingress.yaml deleted file mode 100644 index 5af7679f..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/ingress.yaml +++ /dev/null @@ -1,148 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := .Values.service.name -}} -{{- $grpcPort := (index $.Values.service.ports 0).port -}} -{{- $servicePort := (index $.Values.service.ports 1).port -}} -{{- $ingressPathType := .Values.ingress.pathType -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "pmm.fullname" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} -{{- if or .Values.ingress.annotations .Values.ingress.nginxInc }} - annotations: - {{- toYaml .Values.ingress.annotations | nindent 4 }} - {{- if .Values.ingress.nginxInc }} - nginx.org/ssl-services: {{ $serviceName }}-grpc - nginx.org/grpc-services: {{ $serviceName }}-grpc - {{- end }} -{{- end }} -spec: -{{- if .Values.ingress.ingressClassName }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} -{{- end }} -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- if $.Values.ingress.nginxInc }} - # gRPC paths - - path: {{ printf "%s/agent." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/inventory." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/management." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/server." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - {{- end }} - {{- end }} - {{- end }} -{{- if not .Values.ingress.nginxInc }} ---- -# Community version of ingress-nginx requires second Ingress for gRPC -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "pmm.fullname" . }}-grpc - labels: - {{- include "pmm.labels" . | nindent 4 }} - annotations: - {{- with .Values.ingress.community.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - nginx.ingress.kubernetes.io/backend-protocol: "GRPCS" - nginx.ingress.kubernetes.io/use-regex: "true" -spec: -{{- if .Values.ingress.ingressClassName }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} -{{- end }} -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - # gRPC paths - - path: {{ printf "%s/agent." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/inventory." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/management." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/server." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/secret-certs.yaml b/addons/pmm/2.41/chart/pmm /templates/secret-certs.yaml deleted file mode 100644 index f05117df..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/secret-certs.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.certs.name -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.certs.name }} - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -type: Opaque -data: -# ngnix ssl certificates - {{- with .Values.certs.files }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/secret.yaml b/addons/pmm/2.41/chart/pmm /templates/secret.yaml deleted file mode 100644 index 040235f4..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/secret.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.secret.create -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.secret.name }} - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.secret.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -type: Opaque -data: -# base64 encoded password -# encode some password: `echo -n "admin" | base64` -# to get the password on deployed cluster: `kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode` - PMM_ADMIN_PASSWORD: {{ .Values.secret.pmm_password | default (randAscii 16) | b64enc | quote }} - {{- if .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_ID -}} - GF_AUTH_GENERIC_OAUTH_CLIENT_ID: {{ .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_ID }} - {{- end }} - {{- if .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET -}} - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET }} - {{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/service.yaml b/addons/pmm/2.41/chart/pmm /templates/service.yaml deleted file mode 100644 index 655b06a7..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- $serviceType := .Values.service.type -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.service.finalizers }} - finalizers: - {{- toYaml . | nindent 8 }} - {{- end }} -spec: - type: {{ $serviceType | default "ClusterIP" }} - {{- with .Values.service.ports }} - ports: - {{- toYaml . | nindent 8 }} - {{- end }} - selector: - {{- include "pmm.selectorLabels" . | nindent 4 }} -{{- if .Values.ingress.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }}-grpc - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.service.finalizers }} - finalizers: - {{- toYaml . | nindent 8 }} - {{- end }} -spec: - type: {{ $serviceType | default "ClusterIP" }} - {{- with .Values.service.ports }} - ports: - {{- toYaml . | nindent 8 }} - {{- end }} - selector: - {{- include "pmm.selectorLabels" . | nindent 4 }} ---- -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/serviceaccount.yaml b/addons/pmm/2.41/chart/pmm /templates/serviceaccount.yaml deleted file mode 100644 index 655f844c..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/serviceaccount.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "pmm.serviceAccountName" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -secrets: - - name: {{ include "pmm.serviceAccountName" . }}-token ---- -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ include "pmm.serviceAccountName" . }}-token - annotations: - kubernetes.io/service-account.name: {{ include "pmm.serviceAccountName" . }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/statefulset.yaml b/addons/pmm/2.41/chart/pmm /templates/statefulset.yaml deleted file mode 100644 index a310cfee..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/statefulset.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "pmm.fullname" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} -spec: - serviceName: {{ .Values.service.name }} - replicas: 1 - selector: - matchLabels: - {{- include "pmm.selectorLabels" . | nindent 6 }} - updateStrategy: - type: RollingUpdate - template: - metadata: - annotations: - {{- include "pmm.podAnnotations" . | nindent 8 }} - labels: - {{- include "pmm.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.image.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.serviceAccount.create }} - serviceAccountName: {{ include "pmm.serviceAccountName" . }} - {{- end }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- if .Values.pmmResources }} - resources: - {{- toYaml .Values.pmmResources | nindent 12 }} - {{- end }} - - # environment passed to PMM, defined in configMap - envFrom: - - configMapRef: - name: {{ include "pmm.fullname" . }} - optional: true - - # additional secrets that could be used for Grafana iDP - env: - - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.secret.name }} - key: GF_AUTH_GENERIC_OAUTH_CLIENT_ID - optional: true - - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.secret.name }} - key: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET - optional: true - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.secret.name }} - key: PMM_ADMIN_PASSWORD - optional: true - - name: PMM_INSTALL_METHOD - valueFrom: - fieldRef: - fieldPath: metadata.annotations['app.kubernetes.io/managed-by'] - ports: - - name: http - containerPort: 80 - - name: https - containerPort: 443 - readinessProbe: - httpGet: - path: /v1/readyz - port: http - {{- if .Values.readyProbeConf }} - {{- toYaml .Values.readyProbeConf | nindent 12 }} - {{- end }} - volumeMounts: - - name: {{ .Values.storage.name }} - mountPath: /srv - - name: annotations - mountPath: "/var/run/pmm/annotations" - readOnly: true - {{- if .Values.certs.name }} - - name: {{ .Values.certs.name }} - mountPath: /srv/nginx - readOnly: true - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - volumes: - - name: annotations - projected: - sources: - - downwardAPI: - items: - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - {{- if .Values.certs.name }} - - name: {{ .Values.certs.name }} - secret: - secretName: {{ .Values.certs.name }} - optional: false - {{- end }} - {{- if .Values.extraVolumes }} - {{- toYaml .Values.extraVolumes | nindent 8 }} - {{- end }} - volumeClaimTemplates: - - metadata: - name: {{ .Values.storage.name }} - spec: - {{- if .Values.storage.selector }} - selector: - {{- toYaml .Values.storage.selector | nindent 10 }} - {{- end }} - {{ if .Values.storage.storageClassName }} - storageClassName: {{ .Values.storage.storageClassName }} - {{ end }} - {{- if .Values.storage.dataSource }} - dataSource: - {{- toYaml .Values.storage.dataSource | nindent 10 }} - {{- end }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.storage.size }} diff --git a/addons/pmm/2.41/chart/pmm /values.yaml b/addons/pmm/2.41/chart/pmm /values.yaml deleted file mode 100644 index 2c02d351..00000000 --- a/addons/pmm/2.41/chart/pmm /values.yaml +++ /dev/null @@ -1,276 +0,0 @@ -## @section Percona Monitoring and Management (PMM) parameters -## Default values for PMM. -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. - -## PMM image version -## ref: https://hub.docker.com/r/percona/pmm-server/tags -## @param image.repository PMM image repository -## @param image.pullPolicy PMM image pull policy -## @param image.tag PMM image tag (immutable tags are recommended) -## @param image.imagePullSecrets Global Docker registry secret names as an array -## -image: - repository: percona/pmm-server - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "2.41.1" - imagePullSecrets: [] - -## PMM environment variables -## ref: https://docs.percona.com/percona-monitoring-and-management/setting-up/server/docker.html#environment-variables -## -pmmEnv: - ## @param pmmEnv.DISABLE_UPDATES Disables a periodic check for new PMM versions as well as ability to apply upgrades using the UI (need to be disabled in k8s environment as updates rolled with helm/container update) - ## - DISABLE_UPDATES: "1" -# optional variables to integrate Grafana with internal iDP, see also secret part -# GF_AUTH_GENERIC_OAUTH_ENABLED: 'true' -# GF_AUTH_GENERIC_OAUTH_SCOPES: '' -# GF_AUTH_GENERIC_OAUTH_AUTH_URL: '' -# GF_AUTH_GENERIC_OAUTH_TOKEN_URL: '' -# GF_AUTH_GENERIC_OAUTH_API_URL: '' -# GF_AUTH_GENERIC_OAUTH_ALLOWED_DOMAINS: '' - -## @param pmmResources optional [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) requested for [PMM container](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) - ## pmmResources: - ## requests: - ## memory: "32Gi" - ## cpu: "8" - ## limits: - ## memory: "64Gi" - ## cpu: "32" -#pmmResources: {} -pmmResources: - requests: - memory: "4Gi" - cpu: "4" - hugepages-2Mi: 4Mi - limits: - memory: "4Gi" - cpu: "4" - - -## Readiness probe Config -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes -## @param readyProbeConf.initialDelaySeconds Number of seconds after the container has started before readiness probes is initiated -## @param readyProbeConf.periodSeconds How often (in seconds) to perform the probe -## @param readyProbeConf.failureThreshold When a probe fails, Kubernetes will try failureThreshold times before giving up -## -readyProbeConf: - initialDelaySeconds: 1 - periodSeconds: 5 - failureThreshold: 6 - -## @section PMM secrets -## -secret: - ## @param secret.name Defines the name of the k8s secret that holds passwords and other secrets - ## - name: pmm-secret - ## @param secret.annotations -- Secret annotations configuration - annotations: {} - ## @param secret.create If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user. - ## - create: true - ## @param secret.pmm_password Initial PMM password - it changes only on the first deployment, ignored if PMM was already provisioned and just restarted. If PMM admin password is not set, it will be generated. - ## E.g. - ## pmm_password: admin - ## - ## To get password execute `kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode` - ## - pmm_password: "" - ## - # GF_AUTH_GENERIC_OAUTH_CLIENT_ID optional client ID to integrate Grafana with internal iDP, requires other env defined as well under pmmEnv - # GF_AUTH_GENERIC_OAUTH_CLIENT_ID: - # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET optional secret to integrate Grafana with internal iDP, requires other env defined as well under pmmEnv - # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: - -## @param certs Optional certificates, if not provided PMM would use generated self-signed certificates, -## please provide your own signed ssl certificates like this in base 64 format: -## certs: - ## name: pmm-certs - ## files: - ## certificate.crt: - ## certificate.key: - ## ca-certs.pem: - ## dhparam.pem: - ## certificate.conf: -certs: {} - -## @section PMM network configuration -## Service configuration -## -service: - ## @param service.name Service name that is dns name monitoring services would send data to. `monitoring-service` used by default by pmm-client in Percona operators. - ## - name: monitoring-service - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - - ## Ports 443 and/or 80 - ## - ports: - ## @param service.ports[0].port https port number - - port: 443 - ## @param service.ports[0].targetPort target port to map for statefulset and ingress - targetPort: https - ## @param service.ports[0].protocol protocol for https - protocol: TCP - ## @param service.ports[0].name port name - name: https - ## @param service.ports[1].port http port number - - port: 80 - ## @param service.ports[1].targetPort target port to map for statefulset and ingress - targetPort: http - ## @param service.ports[1].protocol protocol for http - protocol: TCP - ## @param service.ports[1].name port name - name: http - -## Ingress controller configuration -## -ingress: - ## @param ingress.enabled -- Enable ingress controller resource - enabled: false - ## @param ingress.nginxInc -- Using ingress controller from NGINX Inc - nginxInc: false - ## @param ingress.annotations -- Ingress annotations configuration - annotations: {} - ## kubernetes.io/ingress.class: nginx - ## kubernetes.io/tls-acme: "true" - ### nginx proxy to https - ## nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - ## @param ingress.community.annotations -- Ingress annotations configuration for community managed ingress (nginxInc = false) - community: - annotations: {} - ## kubernetes.io/ingress.class: nginx - ## kubernetes.io/tls-acme: "true" - ## @param ingress.ingressClassName -- Sets the ingress controller class name to use. - ingressClassName: "" - - ## Ingress resource hostnames and path mappings - hosts: - ## @param ingress.hosts[0].host hostname - - host: chart-example.local - ## @param ingress.hosts[0].paths path mapping - paths: [] - - ## @param ingress.pathType -- How ingress paths should be treated. - pathType: Prefix - - ## @param ingress.tls -- Ingress TLS configuration - tls: [] - ## - secretName: chart-example-tls - ## hosts: - ## - chart-example.local - -## @section PMM storage configuration -## Claiming storage for PMM using Persistent Volume Claims (PVC) -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## -storage: - ## @param storage.name name of PVC - name: pmm-storage - ## @param storage.storageClassName optional PMM data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClassName: "" - ## - ## @param storage.size size of storage [depends](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) on number of monitored services and data retention - ## - size: 10Gi - ## - ## @param storage.dataSource VolumeSnapshot to start from - ## - dataSource: {} - ## name: before-vX.Y.Z-upgrade - ## kind: VolumeSnapshot - ## apiGroup: snapshot.storage.k8s.io - ## - ## @param storage.selector select existing PersistentVolume - ## - selector: {} - ## matchLabels: - ## release: "stable" - ## matchExpressions: - ## - key: environment - ## operator: In - ## values: - ## - dev - -## @section PMM kubernetes configurations -## @param nameOverride String to partially override common.names.fullname template with a string (will prepend the release name) -## -nameOverride: "" - -## @param extraLabels Labels to add to all deployed objects -## -extraLabels: {} - -## Pods Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## @param serviceAccount.create Specifies whether a ServiceAccount should be created -## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. -## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. -## -serviceAccount: - create: true - annotations: {} - name: "pmm-service-account" - -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## @param podSecurityContext Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## E.g -## podSecurityContext: - ## fsGroup: 2000 -## -podSecurityContext: {} - -## @param securityContext Configure Container Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## securityContext.capabilities The capabilities to add/drop when running containers -## securityContext.runAsUser Set pmm containers' Security Context runAsUser -## securityContext.runAsNonRoot Set pmm container's Security Context runAsNonRoot -## E.g. -## securityContext: - ## capabilities: - ## drop: - ## - ALL - ## readOnlyRootFilesystem: true - ## runAsNonRoot: true - ## runAsUser: 1000 -securityContext: {} - - -## @param nodeSelector Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts -## -extraVolumeMounts: [] -## @param extraVolumes Optionally specify extra list of additional volumes -## -extraVolumes: [] diff --git a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml index b305d3f2..ff1aab00 100644 --- a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml @@ -55,11 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on -<<<<<<< HEAD max_slot_wal_keep_size = 100GB -======= - max_slot_wal_keep_size = '1000 MB' ->>>>>>> 13b64985573dbeb3604907bf1fa5e72ce6e4c14c track_wal_io_timing = on maintenance_io_concurrency = 100 From 7db45b831f1a47dee1c959407d19af9a185603f9 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 5 Mar 2024 11:26:27 +0800 Subject: [PATCH 054/122] chore(addons): add pmm --- addons/index.yaml | 3 + addons/pmm/2.41/chart/pmm/.helmignore | 23 ++ addons/pmm/2.41/chart/pmm/Chart.yaml | 18 ++ addons/pmm/2.41/chart/pmm/README.md | 205 ++++++++++++++++ addons/pmm/2.41/chart/pmm/templates/NOTES.txt | 26 ++ .../pmm/2.41/chart/pmm/templates/_helpers.tpl | 68 ++++++ .../2.41/chart/pmm/templates/clusterrole.yaml | 28 +++ .../pmm/templates/clusterrolebinding.yaml | 29 +++ .../2.41/chart/pmm/templates/configmap.yaml | 13 + .../chart/pmm/templates/secret-certs.yaml | 18 ++ .../pmm/2.41/chart/pmm/templates/secret.yaml | 24 ++ .../pmm/2.41/chart/pmm/templates/service.yaml | 23 ++ .../chart/pmm/templates/serviceaccount.yaml | 22 ++ .../2.41/chart/pmm/templates/statefulset.yaml | 149 +++++++++++ addons/pmm/2.41/chart/pmm/values.yaml | 231 ++++++++++++++++++ addons/pmm/2.41/meta.yaml | 21 ++ addons/pmm/2.41/plans/standard-10/bind.yaml | 28 +++ .../standard-10/create-instance-schema.json | 12 + addons/pmm/2.41/plans/standard-10/meta.yaml | 6 + addons/pmm/2.41/plans/standard-10/values.yaml | 30 +++ 20 files changed, 977 insertions(+) create mode 100644 addons/pmm/2.41/chart/pmm/.helmignore create mode 100644 addons/pmm/2.41/chart/pmm/Chart.yaml create mode 100644 addons/pmm/2.41/chart/pmm/README.md create mode 100644 addons/pmm/2.41/chart/pmm/templates/NOTES.txt create mode 100644 addons/pmm/2.41/chart/pmm/templates/_helpers.tpl create mode 100644 addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml create mode 100644 addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml create mode 100644 addons/pmm/2.41/chart/pmm/templates/configmap.yaml create mode 100644 addons/pmm/2.41/chart/pmm/templates/secret-certs.yaml create mode 100644 addons/pmm/2.41/chart/pmm/templates/secret.yaml create mode 100644 addons/pmm/2.41/chart/pmm/templates/service.yaml create mode 100644 addons/pmm/2.41/chart/pmm/templates/serviceaccount.yaml create mode 100644 addons/pmm/2.41/chart/pmm/templates/statefulset.yaml create mode 100644 addons/pmm/2.41/chart/pmm/values.yaml create mode 100644 addons/pmm/2.41/meta.yaml create mode 100644 addons/pmm/2.41/plans/standard-10/bind.yaml create mode 100644 addons/pmm/2.41/plans/standard-10/create-instance-schema.json create mode 100644 addons/pmm/2.41/plans/standard-10/meta.yaml create mode 100644 addons/pmm/2.41/plans/standard-10/values.yaml diff --git a/addons/index.yaml b/addons/index.yaml index 3b8320d3..cd0ea8e0 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -51,3 +51,6 @@ entries: kafka: - version: 3.6 description: "Apache Kafka is an open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications." + pmm: + - version: 2.41 + description: "Percona Monitoring and Management: an open source database monitoring, observability and management tool ." diff --git a/addons/pmm/2.41/chart/pmm/.helmignore b/addons/pmm/2.41/chart/pmm/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/addons/pmm/2.41/chart/pmm/Chart.yaml b/addons/pmm/2.41/chart/pmm/Chart.yaml new file mode 100644 index 00000000..7353e99f --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: pmm +description: A Helm chart for Percona Monitoring and Management (PMM) +type: application +version: 1.3.11 +appVersion: "2.41.1" +home: https://github.com/percona/pmm +maintainers: + - name: tplavcic + email: tomislav.plavcic@percona.com + - name: bupychuk + email: nurlan.moldomurov@percona.com + - name: spron-in + email: sergey.pronin@percona.com +keywords: + - PMM + - Monitoring +icon: https://www.percona.com/sites/default/files/pmm-logo.png diff --git a/addons/pmm/2.41/chart/pmm/README.md b/addons/pmm/2.41/chart/pmm/README.md new file mode 100644 index 00000000..3f8a3a4b --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/README.md @@ -0,0 +1,205 @@ +# Percona Monitoring and Management (PMM) + +## Introduction + +PMM is an open source database monitoring, observability and management tool. + +Check more info here: https://docs.percona.com/percona-monitoring-and-management/index.html + +## Prerequisites + +- Kubernetes 1.22+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `pmm`: + +```sh +helm repo add percona https://percona.github.io/percona-helm-charts/ +helm install pmm percona/pmm +``` + +The command deploys PMM on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall `pmm` deployment: + +```sh +helm uninstall pmm +``` + +This command takes a release name and uninstalls the release. + +It removes all of the resources associated with the last release of the chart as well as the release history. + +## Parameters + +### Percona Monitoring and Management (PMM) parameters + +| Name | Description | Value | +| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |----------------------| +| `image.repository` | PMM image repository | `percona/pmm-server` | +| `image.pullPolicy` | PMM image pull policy | `IfNotPresent` | +| `image.tag` | PMM image tag (immutable tags are recommended) | `2.41.1` | +| `image.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `pmmEnv.DISABLE_UPDATES` | Disables a periodic check for new PMM versions as well as ability to apply upgrades using the UI (need to be disabled in k8s environment as updates rolled with helm/container update) | `1` | +| `pmmResources` | optional [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) requested for [PMM container](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) | `{}` | +| `readyProbeConf.initialDelaySeconds` | Number of seconds after the container has started before readiness probes is initiated | `1` | +| `readyProbeConf.periodSeconds` | How often (in seconds) to perform the probe | `5` | +| `readyProbeConf.failureThreshold` | When a probe fails, Kubernetes will try failureThreshold times before giving up | `6` | + + +### PMM secrets + +| Name | Description | Value | +| --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | +| `secret.name` | Defines the name of the k8s secret that holds passwords and other secrets | `pmm-secret` | +| `secret.annotations` | Defines the annotations of the k8s secret that holds passwords and other secrets | `{}` | +| `secret.create` | If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user. | `true` | +| `secret.pmm_password` | Initial PMM password - it changes only on the first deployment, ignored if PMM was already provisioned and just restarted. If PMM admin password is not set, it will be generated. | `""` | +| `certs` | Optional certificates, if not provided PMM would use generated self-signed certificates, | `{}` | + + +### PMM network configuration + +| Name | Description | Value | +| --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `service.name` | Service name that is dns name monitoring services would send data to. `monitoring-service` used by default by pmm-client in Percona operators. | `monitoring-service` | +| `service.type` | Kubernetes Service type | `NodePort` | +| `service.ports[0].port` | https port number | `443` | +| `service.ports[0].targetPort` | target port to map for statefulset and ingress | `https` | +| `service.ports[0].protocol` | protocol for https | `TCP` | +| `service.ports[0].name` | port name | `https` | +| `service.ports[1].port` | http port number | `80` | +| `service.ports[1].targetPort` | target port to map for statefulset and ingress | `http` | +| `service.ports[1].protocol` | protocol for http | `TCP` | +| `service.ports[1].name` | port name | `http` | +| `ingress.enabled` | -- Enable ingress controller resource | `false` | +| `ingress.nginxInc` | -- Using ingress controller from NGINX Inc | `false` | +| `ingress.annotations` | -- Ingress annotations configuration | `{}` | +| `ingress.community.annotations` | -- Ingress annotations configuration for community managed ingress (nginxInc = false) | `{}` | +| `ingress.ingressClassName` | -- Sets the ingress controller class name to use. | `""` | +| `ingress.hosts[0].host` | hostname | `chart-example.local` | +| `ingress.hosts[0].paths` | path mapping | `[]` | +| `ingress.pathType` | -- How ingress paths should be treated. | `Prefix` | +| `ingress.tls` | -- Ingress TLS configuration | `[]` | + + +### PMM storage configuration + +| Name | Description | Value | +| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | +| `storage.name` | name of PVC | `pmm-storage` | +| `storage.storageClassName` | optional PMM data Persistent Volume Storage Class | `""` | +| `storage.size` | size of storage [depends](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) on number of monitored services and data retention | `10Gi` | +| `storage.dataSource` | VolumeSnapshot to start from | `{}` | +| `storage.selector` | select existing PersistentVolume | `{}` | + + +### PMM kubernetes configurations + +| Name | Description | Value | +| ---------------------------- | ------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `""` | +| `extraLabels` | Labels to add to all deployed objects | `{}` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `pmm-service-account` | +| `podAnnotations` | Pod annotations | `{}` | +| `podSecurityContext` | Configure Pods Security Context | `{}` | +| `securityContext` | Configure Container Security Context | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | + + +Specify each parameter using the `--set key=value[,key=value]` or `--set-string key=value[,key=value]` arguments to `helm install`. For example, + +```sh +helm install pmm \ + --set service.type="NodePort" \ + --set storage.storageClassName="linode-block-storage-retain" \ + percona/pmm +``` + +The above command installs PMM with the Service network type set to `NodePort` and storage class to `linode-block-storage-retain` for persistence storage on LKE. + +> NOTE: Once this chart is deployed, it is impossible to change the application's access credentials, such as password, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example: + +```sh +helm install pmm -f values.yaml percona/pmm +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) or get them from chart definition: `helm show values percona/pmm > values.yaml` + +## Configuration and installation details + +### [Image tags](https://kubernetes.io/docs/concepts/containers/images/#updating-images) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Percona will release a new chart updating its containers if a new version of the main container is available, there are any significant changes, or critical vulnerabilities exist. + +### PMM admin password + +PMM admin password would be set only on the first deployment. That setting is ignored if PMM was already provisioned and just restarted and/or updated. In real-life situations it is recommended to create the `pmm-secret` secret manually before the release and set `secret.create` to false. The chart then won't overwrite secret during install or upgrade and values.yaml won't contain any secret. + +If PMM admin password is not set explicitly (default), it will be generated. + +To get admin password execute: + +```sh +kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode +``` + +### PMM SSL certificates + +PMM ships with self signed SSL certificates to provide secure connection between client and server ([check here](https://docs.percona.com/percona-monitoring-and-management/how-to/secure.html#ssl-encryption)). +You could see the warning when connecting to PMM. To further increase security, you could provide your certificates and add values of credentials to the fields of the `cert` section: + +```yaml +certs: + name: pmm-certs + files: + certificate.crt: + certificate.key: + ca-certs.pem: + dhparam.pem: +``` + +### PMM updates + +By default UI update feature is disabled and should not be enabled. Do not modify that parameter or add it while modifying the custom `values.yaml` file: + +```yaml +pmmEnv: + DISABLE_UPDATES: "1" +``` + +Before updating the helm chart, it is recommended to pre-pull the image on the node where PMM is running, as the PMM images could be large and could take time to download + +PMM updates should happen in a standard way: + +```sh +helm repo update percona +helm upgrade pmm -f values.yaml percona/pmm +``` + +This will check updates in the repo and upgrade deployment if the updates are available. + +### [PMM environment variables](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/docker.html#environment-variables) + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `pmmEnv` property. + +```yaml +pmmEnv: + DISABLE_UPDATES: "1" + DATA_RETENTION: "2160h" # 90 days +``` diff --git a/addons/pmm/2.41/chart/pmm/templates/NOTES.txt b/addons/pmm/2.41/chart/pmm/templates/NOTES.txt new file mode 100644 index 00000000..a517561e --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/NOTES.txt @@ -0,0 +1,26 @@ + +Percona Monitoring and Management (PMM) + +An open source database monitoring, observability and management tool +Check more info here: https://docs.percona.com/percona-monitoring-and-management/index.html + +Get the application URL: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Values.service.name }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo https://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ .Values.service.name }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ .Values.service.name }} -o jsonpath="{.status.loadBalancer.ingress[0].ip}") + echo https://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pmm.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[1].containerPort}") + echo "Visit https://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} + +Get password for the "admin" user: + export ADMIN_PASS=$(kubectl get secret pmm-secret --namespace {{ .Release.Namespace }} -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode) + echo $ADMIN_PASS diff --git a/addons/pmm/2.41/chart/pmm/templates/_helpers.tpl b/addons/pmm/2.41/chart/pmm/templates/_helpers.tpl new file mode 100644 index 00000000..5a31f77b --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "pmm.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pmm.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pmm.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "pmm.labels" -}} +helm.sh/chart: {{ include "pmm.chart" . }} +{{ include "pmm.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "pmm.selectorLabels" -}} +app.kubernetes.io/name: {{ include "pmm.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: pmm-server +app.kubernetes.io/part-of: percona-platform +{{- if .Values.extraLabels }} +{{ toYaml .Values.extraLabels }} +{{- end }} +{{- end }} + +{{/* +Pod annotation +*/}} +{{- define "pmm.podAnnotations" -}} +app.kubernetes.io/managed-by: {{ .Release.Service }} +helm.sh/chart: {{ include "pmm.chart" . }} +checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations }} +{{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml b/addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml new file mode 100644 index 00000000..a470d4de --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml @@ -0,0 +1,28 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} +rules: +# standard RBAC +- apiGroups: [""] # "" indicates the core API group + resources: + - namespaces + - endpoints + - services + - nodes + - pods + - secrets + - serviceaccounts + verbs: + - get + - watch + - list +- nonResourceURLs: + - /metrics + - /metrics/resources + verbs: + - get +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml b/addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..d82e4ccc --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml @@ -0,0 +1,29 @@ +{{- if .Values.serviceAccount.create -}} +{{- if .Values.pmmEnv.ENABLE_CLUSTER_ROLE_ADMIN -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "pmm.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: {{ include "pmm.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- else }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "pmm.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "pmm.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "pmm.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/configmap.yaml b/addons/pmm/2.41/chart/pmm/templates/configmap.yaml new file mode 100644 index 00000000..cda6b950 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/configmap.yaml @@ -0,0 +1,13 @@ +{{- if .Values.pmmEnv -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} +data: +# environment passed to the PMM + {{- with .Values.pmmEnv }} + {{- . | toYaml | nindent 6 }} + {{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/secret-certs.yaml b/addons/pmm/2.41/chart/pmm/templates/secret-certs.yaml new file mode 100644 index 00000000..f05117df --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/secret-certs.yaml @@ -0,0 +1,18 @@ +{{- if .Values.certs.name -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.certs.name }} + labels: + {{- include "pmm.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +type: Opaque +data: +# ngnix ssl certificates + {{- with .Values.certs.files }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/secret.yaml b/addons/pmm/2.41/chart/pmm/templates/secret.yaml new file mode 100644 index 00000000..a7602c88 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/secret.yaml @@ -0,0 +1,24 @@ +{{- if .Values.secret.create -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} + {{- with .Values.secret.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +type: Opaque +data: +# base64 encoded password +# encode some password: `echo -n "admin" | base64` +# to get the password on deployed cluster: `kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode` + PMM_ADMIN_PASSWORD: {{ .Values.secret.pmm_password | default (randAscii 16) | b64enc | quote }} + {{- if .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_ID -}} + GF_AUTH_GENERIC_OAUTH_CLIENT_ID: {{ .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_ID }} + {{- end }} + {{- if .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET -}} + GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET }} + {{- end }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/service.yaml b/addons/pmm/2.41/chart/pmm/templates/service.yaml new file mode 100644 index 00000000..6eef557a --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.service.finalizers }} + finalizers: + {{- toYaml . | nindent 8 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- with .Values.service.ports }} + ports: + {{- toYaml . | nindent 8 }} + {{- end }} + selector: + {{- include "pmm.selectorLabels" . | nindent 4 }} + diff --git a/addons/pmm/2.41/chart/pmm/templates/serviceaccount.yaml b/addons/pmm/2.41/chart/pmm/templates/serviceaccount.yaml new file mode 100644 index 00000000..094261b9 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/serviceaccount.yaml @@ -0,0 +1,22 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +secrets: + - name: {{ include "pmm.fullname" . }}-token +--- +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: {{ include "pmm.fullname" . }}-token + annotations: + kubernetes.io/service-account.name: {{ include "pmm.fullname" . }} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml b/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml new file mode 100644 index 00000000..752fb9ad --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml @@ -0,0 +1,149 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "pmm.fullname" . }} + labels: + {{- include "pmm.labels" . | nindent 4 }} +spec: + serviceName: {{ .Values.service.name }} + replicas: 1 + selector: + matchLabels: + {{- include "pmm.selectorLabels" . | nindent 6 }} + updateStrategy: + type: RollingUpdate + template: + metadata: + annotations: + {{- include "pmm.podAnnotations" . | nindent 8 }} + labels: + {{- include "pmm.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.image.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.serviceAccount.create }} + serviceAccountName: {{ include "pmm.fullname" . }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.pmmResources }} + resources: + {{- toYaml .Values.pmmResources | nindent 12 }} + {{- end }} + + # environment passed to PMM, defined in configMap + envFrom: + - configMapRef: + name: {{ include "pmm.fullname" . }} + optional: true + + # additional secrets that could be used for Grafana iDP + env: + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: GF_AUTH_GENERIC_OAUTH_CLIENT_ID + optional: true + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET + optional: true + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secret.name }} + key: PMM_ADMIN_PASSWORD + optional: true + - name: PMM_INSTALL_METHOD + valueFrom: + fieldRef: + fieldPath: metadata.annotations['app.kubernetes.io/managed-by'] + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + readinessProbe: + httpGet: + path: /v1/readyz + port: http + {{- if .Values.readyProbeConf }} + {{- toYaml .Values.readyProbeConf | nindent 12 }} + {{- end }} + volumeMounts: + - name: {{ include "pmm.fullname" . }} + mountPath: /srv + - name: annotations + mountPath: "/var/run/pmm/annotations" + readOnly: true + {{- if .Values.certs.name }} + - name: {{ .Values.certs.name }} + mountPath: /srv/nginx + readOnly: true + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + volumes: + - name: annotations + projected: + sources: + - downwardAPI: + items: + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + {{- if .Values.certs.name }} + - name: {{ .Values.certs.name }} + secret: + secretName: {{ .Values.certs.name }} + optional: false + {{- end }} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: {{ include "pmm.fullname" . }} + spec: + {{- if .Values.storage.selector }} + selector: + {{- toYaml .Values.storage.selector | nindent 10 }} + {{- end }} + {{ if .Values.storage.storageClassName }} + storageClassName: {{ .Values.storage.storageClassName }} + {{ end }} + {{- if .Values.storage.dataSource }} + dataSource: + {{- toYaml .Values.storage.dataSource | nindent 10 }} + {{- end }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.storage.size }} diff --git a/addons/pmm/2.41/chart/pmm/values.yaml b/addons/pmm/2.41/chart/pmm/values.yaml new file mode 100644 index 00000000..1647399a --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/values.yaml @@ -0,0 +1,231 @@ +## @section Percona Monitoring and Management (PMM) parameters +## Default values for PMM. +## This is a YAML-formatted file. +## Declare variables to be passed into your templates. + +## PMM image version +## ref: https://hub.docker.com/r/percona/pmm-server/tags +## @param image.repository PMM image repository +## @param image.pullPolicy PMM image pull policy +## @param image.tag PMM image tag (immutable tags are recommended) +## @param image.imagePullSecrets Global Docker registry secret names as an array +## +image: + repository: percona/pmm-server + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "2.41.1" + imagePullSecrets: [] + +## PMM environment variables +## ref: https://docs.percona.com/percona-monitoring-and-management/setting-up/server/docker.html#environment-variables +## +pmmEnv: + ## @param pmmEnv.DISABLE_UPDATES Disables a periodic check for new PMM versions as well as ability to apply upgrades using the UI (need to be disabled in k8s environment as updates rolled with helm/container update) + ## + DISABLE_UPDATES: "1" +# optional variables to integrate Grafana with internal iDP, see also secret part +# GF_AUTH_GENERIC_OAUTH_ENABLED: 'true' +# GF_AUTH_GENERIC_OAUTH_SCOPES: '' +# GF_AUTH_GENERIC_OAUTH_AUTH_URL: '' +# GF_AUTH_GENERIC_OAUTH_TOKEN_URL: '' +# GF_AUTH_GENERIC_OAUTH_API_URL: '' +# GF_AUTH_GENERIC_OAUTH_ALLOWED_DOMAINS: '' + +## @param pmmResources optional [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) requested for [PMM container](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) + ## pmmResources: + ## requests: + ## memory: "32Gi" + ## cpu: "8" + ## limits: + ## memory: "64Gi" + ## cpu: "32" +#pmmResources: {} +pmmResources: + requests: + memory: "4Gi" + cpu: "4" + hugepages-2Mi: 4Mi + limits: + memory: "4Gi" + cpu: "4" + hugepages-2Mi: 4Mi + + +## Readiness probe Config +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param readyProbeConf.initialDelaySeconds Number of seconds after the container has started before readiness probes is initiated +## @param readyProbeConf.periodSeconds How often (in seconds) to perform the probe +## @param readyProbeConf.failureThreshold When a probe fails, Kubernetes will try failureThreshold times before giving up +## +readyProbeConf: + initialDelaySeconds: 1 + periodSeconds: 5 + failureThreshold: 6 + +## @section PMM secrets +## +secret: + ## @param secret.name Defines the name of the k8s secret that holds passwords and other secrets + ## + name: "" + ## @param secret.annotations -- Secret annotations configuration + annotations: {} + ## @param secret.create If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user. + ## + create: true + ## @param secret.pmm_password Initial PMM password - it changes only on the first deployment, ignored if PMM was already provisioned and just restarted. If PMM admin password is not set, it will be generated. + ## E.g. + ## pmm_password: admin + ## + ## To get password execute `kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode` + ## + pmm_password: "admin" + ## + # GF_AUTH_GENERIC_OAUTH_CLIENT_ID optional client ID to integrate Grafana with internal iDP, requires other env defined as well under pmmEnv + # GF_AUTH_GENERIC_OAUTH_CLIENT_ID: + # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET optional secret to integrate Grafana with internal iDP, requires other env defined as well under pmmEnv + # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: + +## @param certs Optional certificates, if not provided PMM would use generated self-signed certificates, +## please provide your own signed ssl certificates like this in base 64 format: +## certs: + ## name: pmm-certs + ## files: + ## certificate.crt: + ## certificate.key: + ## ca-certs.pem: + ## dhparam.pem: + ## certificate.conf: +certs: {} + +## @section PMM network configuration +## Service configuration +## +service: + ## @param service.type Kubernetes Service type + ## + type: LoadBalancer + + ## Ports 443 and/or 80 + ## + ports: + ## @param service.ports[0].port https port number + - port: 443 + ## @param service.ports[0].targetPort target port to map for statefulset and ingress + targetPort: https + ## @param service.ports[0].protocol protocol for https + protocol: TCP + ## @param service.ports[0].name port name + name: https + ## @param service.ports[1].port http port number + - port: 80 + ## @param service.ports[1].targetPort target port to map for statefulset and ingress + targetPort: http + ## @param service.ports[1].protocol protocol for http + protocol: TCP + ## @param service.ports[1].name port name + name: http + +storage: + ## @param storage.storageClassName optional PMM data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClassName: "" + ## + ## @param storage.size size of storage [depends](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) on number of monitored services and data retention + ## + size: 10Gi + ## + ## @param storage.dataSource VolumeSnapshot to start from + ## + dataSource: {} + ## name: before-vX.Y.Z-upgrade + ## kind: VolumeSnapshot + ## apiGroup: snapshot.storage.k8s.io + ## + ## @param storage.selector select existing PersistentVolume + ## + selector: {} + ## matchLabels: + ## release: "stable" + ## matchExpressions: + ## - key: environment + ## operator: In + ## values: + ## - dev + +## @section PMM kubernetes configurations +## @param nameOverride String to partially override common.names.fullname template with a string (will prepend the release name) +## +nameOverride: "" + +## @param extraLabels Labels to add to all deployed objects +## +extraLabels: {} + +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## @param serviceAccount.create Specifies whether a ServiceAccount should be created +## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. +## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. +## +serviceAccount: + create: true + annotations: {} + name: "" + +## @param podAnnotations Pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} + +## @param podSecurityContext Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## E.g +## podSecurityContext: + ## fsGroup: 2000 +## +podSecurityContext: {} + +## @param securityContext Configure Container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## securityContext.capabilities The capabilities to add/drop when running containers +## securityContext.runAsUser Set pmm containers' Security Context runAsUser +## securityContext.runAsNonRoot Set pmm container's Security Context runAsNonRoot +## E.g. +## securityContext: + ## capabilities: + ## drop: + ## - ALL + ## readOnlyRootFilesystem: true + ## runAsNonRoot: true + ## runAsUser: 1000 +securityContext: {} + + +## @param nodeSelector Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## @param tolerations Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## @param affinity Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts +## +extraVolumeMounts: [] +## @param extraVolumes Optionally specify extra list of additional volumes +## +extraVolumes: [] diff --git a/addons/pmm/2.41/meta.yaml b/addons/pmm/2.41/meta.yaml new file mode 100644 index 00000000..25bf83f3 --- /dev/null +++ b/addons/pmm/2.41/meta.yaml @@ -0,0 +1,21 @@ +name: pmm +version: 2.41 +id: 1db95161-7193-4544-8c76-e5ad5f6c03f6 +description: "pmm" +displayName: "pmm" +metadata: + displayName: "pmm" + provider: + name: drycc + supportURL: https://www.percona.com/software/database-tools/percona-monitoring-and-management + documentationURL: https://www.percona.com/software/database-tools/percona-monitoring-and-management +tags: pmm +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "service.type" + required: false + description: "service type config for values.yaml" +archive: false \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-10/bind.yaml b/addons/pmm/2.41/plans/standard-10/bind.yaml new file mode 100644 index 00000000..eaaa1d36 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-10/bind.yaml @@ -0,0 +1,28 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .data.password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .data.username }' + - name: PORT + valueFrom: + secretKeyRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .data.portro }' \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-10/create-instance-schema.json b/addons/pmm/2.41/plans/standard-10/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-10/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-10/meta.yaml b/addons/pmm/2.41/plans/standard-10/meta.yaml new file mode 100644 index 00000000..aaa411c0 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-10" +id: d4d9338c-4958-4203-8e7d-bdfcb0d81945 +description: "pmm standard-10 plan: Disk 10Gi ,vCPUs 2 , RAM 2G" +displayName: "standard-10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/pmm/2.41/plans/standard-10/values.yaml b/addons/pmm/2.41/plans/standard-10/values.yaml new file mode 100644 index 00000000..676edb9d --- /dev/null +++ b/addons/pmm/2.41/plans/standard-10/values.yaml @@ -0,0 +1,30 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: pmm-standard-10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +pmmResources: + requests: + memory: "4Gi" + cpu: "4" + hugepages-2Mi: 4Mi + limits: + memory: "4Gi" + cpu: "4" + hugepages-2Mi: 4Mi + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +storage: + size: 10Gi From fe1679aeb612c1691024b575437f7163cd1630c4 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 5 Mar 2024 16:05:59 +0800 Subject: [PATCH 055/122] chore(pmm): set instance name --- .../pmm/2.41/chart/pmm/templates/statefulset.yaml | 6 +++--- addons/pmm/2.41/chart/pmm/values.yaml | 3 --- addons/pmm/2.41/plans/standard-10/bind.yaml | 15 +-------------- 3 files changed, 4 insertions(+), 20 deletions(-) diff --git a/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml b/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml index 752fb9ad..18fae7d6 100644 --- a/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml +++ b/addons/pmm/2.41/chart/pmm/templates/statefulset.yaml @@ -64,19 +64,19 @@ spec: - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID valueFrom: secretKeyRef: - name: {{ .Values.secret.name }} + name: {{ include "pmm.fullname" . }} key: GF_AUTH_GENERIC_OAUTH_CLIENT_ID optional: true - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: - name: {{ .Values.secret.name }} + name: {{ include "pmm.fullname" . }} key: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET optional: true - name: GF_SECURITY_ADMIN_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.secret.name }} + name: {{ include "pmm.fullname" . }} key: PMM_ADMIN_PASSWORD optional: true - name: PMM_INSTALL_METHOD diff --git a/addons/pmm/2.41/chart/pmm/values.yaml b/addons/pmm/2.41/chart/pmm/values.yaml index 1647399a..21e4f3c6 100644 --- a/addons/pmm/2.41/chart/pmm/values.yaml +++ b/addons/pmm/2.41/chart/pmm/values.yaml @@ -66,9 +66,6 @@ readyProbeConf: ## @section PMM secrets ## secret: - ## @param secret.name Defines the name of the k8s secret that holds passwords and other secrets - ## - name: "" ## @param secret.annotations -- Secret annotations configuration annotations: {} ## @param secret.create If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user. diff --git a/addons/pmm/2.41/plans/standard-10/bind.yaml b/addons/pmm/2.41/plans/standard-10/bind.yaml index eaaa1d36..973abc94 100644 --- a/addons/pmm/2.41/plans/standard-10/bind.yaml +++ b/addons/pmm/2.41/plans/standard-10/bind.yaml @@ -11,18 +11,5 @@ credential: serviceRef: name: {{ include "pmm.fullname" . }} jsonpath: '{ .spec.clusterIP }' - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "pmm.fullname" . }} - jsonpath: '{ .data.password }' - - name: USERNAME - valueFrom: - secretKeyRef: - name: {{ include "pmm.fullname" . }} - jsonpath: '{ .data.username }' - name: PORT - valueFrom: - secretKeyRef: - name: {{ include "pmm.fullname" . }} - jsonpath: '{ .data.portro }' \ No newline at end of file + value: 80 \ No newline at end of file From b798fecfe5ccf526c4d564055e913b1e01e211f6 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 6 Mar 2024 17:34:20 +0800 Subject: [PATCH 056/122] chore(prometheus): add scrape namespace --- .../prometheus/templates/_scrape_config.tpl | 6 ++- .../templates/server/deployment.yaml | 35 +++++++++++++ .../prometheus/2/chart/prometheus/values.yaml | 52 ++++++++++++++++++- addons/prometheus/2/meta.yaml | 2 + 4 files changed, 92 insertions(+), 3 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index c6753fa3..14f45299 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -92,8 +92,12 @@ kubernetes_sd_configs: - role: endpoints namespaces: own_namespace: true - names: + names: - {{ include "common.names.namespace" .context }} + {{- range .value }} + - {{ include "common.tplvalues.render" (dict "value" . "context" $) }} + {{- end }} + relabel_configs: - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] action: keep diff --git a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml index d8ecaa9f..83711fde 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml @@ -95,6 +95,41 @@ spec: {{- include "common.tplvalues.render" (dict "value" .Values.server.initContainers "context" $) | nindent 8 }} {{- end }} containers: + {{- if .Values.configmapReload.prometheus.enabled }} + - name: prometheus-reload + image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" + imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" + {{- with .Values.configmapReload.prometheus.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + args: + - --volume-dir=/opt/drycc/prometheus/conf/ + - --webhook-url=http://{{ .Values.server.username }}:{{ .Values.server.password}}@127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload + {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- range .Values.configmapReload.prometheus.extraVolumeDirs }} + - --volume-dir={{ . }} + {{- end }} + {{- if .Values.configmapReload.prometheus.containerPort }} + ports: + - containerPort: {{ .Values.configmapReload.prometheus.containerPort }} + {{- end }} + resources: + {{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }} + volumeMounts: + - name: config + mountPath: /opt/drycc/prometheus/conf/ + readOnly: true + {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- end }} + - name: prometheus image: {{ template "prometheus.server.image" . }} imagePullPolicy: {{ .Values.server.image.pullPolicy }} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 807a45d1..55262846 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -578,7 +578,7 @@ alertmanager: ## server: username: admin - password: To6EJBHPUo + password: Sx3EIELCA image: registry: registry.drycc.cc repository: drycc-addons/prometheus @@ -636,7 +636,7 @@ server: {{- end }} {{- if .Values.scrapeAddons.enabled }} - job_name: addons - {{- include "addons.ds_scrape_config" (dict "context" $) | nindent 4 }} + {{- include "addons.ds_scrape_config" (dict "value" .Values.scrapeNamespaces "context" $) | nindent 4 }} {{- end }} {{- if .Values.server.extraScrapeConfigs}} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraScrapeConfigs "context" $) | nindent 2 }} @@ -1558,3 +1558,51 @@ volumePermissions: scrapeAddons: enabled: true + +scrapeNamespaces: + - xx1 + - xx2 + +configmapReload: + prometheus: + ## If false, the configmap-reload container will not be deployed + ## + enabled: true + + ## configmap-reload container name + ## + name: configmap-reload + + ## configmap-reload container image + ## + image: + repository: jimmidyson/configmap-reload + tag: v0.5.0 + pullPolicy: IfNotPresent + + # containerPort: 9533 + + ## Additional configmap-reload container arguments + ## + extraArgs: {} + ## Additional configmap-reload volume directories + ## + extraVolumeDirs: [] + + + ## Additional configmap-reload mounts + ## + extraConfigmapMounts: [] + # - name: prometheus-alerts + # mountPath: /etc/alerts.d + # subPath: "" + # configMap: prometheus-alerts + # readOnly: true + + ## Security context to be added to configmap-reload container + containerSecurityContext: {} + + ## configmap-reload resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} \ No newline at end of file diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index 0b0a15dc..a95995b0 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -33,4 +33,6 @@ allow_parameters: - name: "server.rules" required: false description: "rules config for values.yaml" +- name: "scrapeNamespaces" + required: false archive: false From 4d6a9988c9100595c275be2721f70251d2fb560c Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 7 Mar 2024 17:10:37 +0800 Subject: [PATCH 057/122] chore(postgres): set service type to ClusterIP --- .../15/chart/postgresql-cluster/templates/svc.yaml | 2 +- .../15/chart/postgresql-cluster/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index 3644db78..ac0c2c44 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -11,7 +11,7 @@ metadata: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: - type: {{ .Values.service.type }} + type: ClusterIP ports: - port: 5432 targetPort: 5432 diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 02f9bdfa..039ba9f6 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -204,7 +204,7 @@ patroni: ## Postgresql Prometheus exporter parameters ## metrics: - enabled: true + enabled: false image: repository: registry.drycc.cc/drycc-addons/postgres-exporter tag: "0" @@ -213,7 +213,7 @@ metrics: ## @param metrics.customMetrics Define additional custom metrics ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file ## customMetrics: - ## pg_database: + ## pg_database:.... ## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" ## metrics: ## - name: From a7a2a9fd12a9cb43c439b900dc8a7d178cf7a240 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 7 Mar 2024 17:19:30 +0800 Subject: [PATCH 058/122] chore(postgres): update metrics default values --- .../postgresql-cluster/15/chart/postgresql-cluster/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 039ba9f6..d1e7d72f 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -204,7 +204,7 @@ patroni: ## Postgresql Prometheus exporter parameters ## metrics: - enabled: false + enabled: true image: repository: registry.drycc.cc/drycc-addons/postgres-exporter tag: "0" From 0d90c1f242ff16606cd5bee9d4a80e80c5adb04d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 12 Mar 2024 17:38:41 +0800 Subject: [PATCH 059/122] chore(mysql-cluster): add router configmap , add resources limits to router and metrics --- .../mysql-cluster/templates/_helpers.tpl | 21 +++++++++++++++ .../templates/router/configmap.yaml | 23 ++++++++++++++++ .../templates/router/statefulset.yaml | 8 ++++-- .../8.0/chart/mysql-cluster/values.yaml | 26 ++++++++++++------- addons/mysql-cluster/8.0/meta.yaml | 3 +++ 5 files changed, 70 insertions(+), 11 deletions(-) create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/configmap.yaml diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/_helpers.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/_helpers.tpl index bb2ba662..b350f2de 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/_helpers.tpl +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/_helpers.tpl @@ -99,6 +99,17 @@ Return the configmap with the MySQL Primary configuration {{- end -}} {{- end -}} +{{/* +Return the configmap with the MySQL Router configuration +*/}} +{{- define "mysql.router.configmapName" -}} +{{- if .Values.router.existingConfigmap -}} + {{- printf "%s" (tpl .Values.router.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-router" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + {{/* Return true if a configmap object should be created for MySQL Secondary */}} @@ -109,6 +120,16 @@ Return true if a configmap object should be created for MySQL Secondary {{- end -}} {{- end -}} +{{/* +Return true if a configmap object should be created for MySQL router +*/}} +{{- define "mysql.router.createConfigmap" -}} +{{- if and .Values.router.configuration (not .Values.router.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + {{/* Return the configmap with the MySQL Primary configuration */}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/configmap.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/configmap.yaml new file mode 100644 index 00000000..3e5b02b5 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/configmap.yaml @@ -0,0 +1,23 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "mysql.router.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mysql.router.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: router + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + extra-router.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.router.configuration "context" $ ) | nindent 4 }} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml index 9134cbfe..9ef9e93e 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml @@ -157,7 +157,7 @@ spec: - -ec - | ln -sf /dev/stdout /opt/drycc/mysql/conf/router/log/mysqlrouter.log - mysqlrouter -c /opt/drycc/mysql/conf/router/mysqlrouter.conf + mysqlrouter -c /opt/drycc/mysql/conf/router/mysqlrouter.conf -a /opt/drycc/mysql/conf/router/extra/extra-router.conf env: - name: MYSQL_HOST value: {{ include "mysql.primary.fullname" . }} @@ -174,7 +174,8 @@ spec: volumeMounts: - name: router-volume mountPath: /opt/drycc/mysql/conf - + - name: extra-config + mountPath: /opt/drycc/mysql/conf/router/extra ports: - name: routerrw containerPort: 6446 @@ -222,3 +223,6 @@ spec: volumes: - name: router-volume emptyDir: {} + - name: extra-config + configMap: + name: {{ include "mysql.router.configmapName" . }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index ce87fd76..79c58704 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -179,9 +179,7 @@ initdbScripts: echo loose-group_replication_local_address=$mgr_host:24901 >> $base_conf_file echo report_host=$mgr_host >> $base_conf_file echo loose-group_replication_group_seeds="$svc_mgr_host-0:24901,$svc_mgr_host-1:24901,$svc_mgr_host-2:24901" >> $base_conf_file - - echo plugin_load_add='group_replication.so' >> $base_conf_file - + echo loose-group_replication_start_on_boot='OFF' >> $base_conf_file echo max_connections=$MAX_CONNECTION_LIMIT >> $base_conf_file ## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) @@ -218,7 +216,6 @@ primary: configuration: |- [mysqld] # server - max_connections=10000 default_authentication_plugin=caching_sha2_password skip-name-resolve relay-log=relay-log @@ -260,7 +257,6 @@ primary: # Multi-threaded Replication replica_preserve_commit_order=ON replica_parallel_workers=8 - replica_parallel_type=LOGICAL_CLOCK # Group Replication Settings @@ -610,6 +606,10 @@ router: ## replicaCount: 2 + configuration: |- + [routing:bootstrap_rw] + max_connections=1000 + ## @param primary.existingConfigmap Name of existing ConfigMap with MySQL Primary configuration. ## NOTE: When it's set the 'configuration' parameter is ignored ## @@ -716,13 +716,17 @@ router: ## cpu: 250m ## memory: 256Mi ## - limits: {} + limits: + cpu: 250m + memory: 256Mi ## Examples: ## requests: ## cpu: 250m ## memory: 256Mi ## - requests: {} + requests: + cpu: 250m + memory: 256Mi ## Configure extra options for liveness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param secondary.livenessProbe.enabled Enable livenessProbe @@ -1117,12 +1121,16 @@ metrics: ## limits: ## cpu: 100m ## memory: 256Mi - limits: {} + limits: + cpu: 100m + memory: 256Mi ## Examples: ## requests: ## cpu: 100m ## memory: 256Mi - requests: {} + requests: + cpu: 100m + memory: 256Mi containerSecurityContext: enabled: true runAsUser: 1001 diff --git a/addons/mysql-cluster/8.0/meta.yaml b/addons/mysql-cluster/8.0/meta.yaml index 273e3a55..5c748c3b 100644 --- a/addons/mysql-cluster/8.0/meta.yaml +++ b/addons/mysql-cluster/8.0/meta.yaml @@ -21,4 +21,7 @@ allow_parameters: - name: "router.service.type" required: false description: "service type config for values.yaml" +- name: "router.configuration" + required: false + description: "router config for values.yaml" archive: false \ No newline at end of file From b190f6c83406019a213f288ff84a262c62736806 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 13 Mar 2024 09:53:02 +0800 Subject: [PATCH 060/122] chore(mysql-cluster): modify networkpolicy rules. empty ingress when router service type is loadbalancer --- .../mysql-cluster/templates/networkpolicy.yaml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index b792b024..7571e48b 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -20,6 +20,7 @@ spec: podSelector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.router.service.type "ClusterIP" }} ingress: # Allow inbound connections - ports: @@ -27,10 +28,10 @@ spec: - port: {{ .Values.router.service.portro }} - port: 24901 - port: 33061 - {{- if and .Values.metrics.enabled }} + {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.service.port }} - {{ end }} - {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + {{- end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} - namespaceSelector: @@ -38,11 +39,16 @@ spec: kubernetes.io/metadata.name: {{ .Release.Namespace }} {{- end }} {{- range $namespace := .Values.networkPolicy.allowNamespaces }} - {{- if $namespace }} + {{- if $namespace }} - namespaceSelector: matchLabels: kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} {{- end }} - {{- end }} + {{- end }} {{- end }} + {{- if eq .Values.router.service.type "LoadBalancer" }} + ingress: + - {} + {{- end}} {{- end }} From 82bc0c31f46436e5b324219646c9f73e2a29f372 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 13 Mar 2024 11:56:16 +0800 Subject: [PATCH 061/122] chore(postgresql-cluster): Allow all ip when service type is Loadbalancer --- .../templates/networkpolicy.yaml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index 92fdc9a7..cf6bfb01 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -17,15 +17,16 @@ spec: podSelector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.service.type "ClusterIP" }} ingress: # Allow inbound connections - ports: - port: 5432 - port: 9000 - {{- if and .Values.metrics.enabled }} + {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.containerPort }} - {{ end }} - {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + {{ end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} - namespaceSelector: @@ -33,11 +34,16 @@ spec: kubernetes.io/metadata.name: {{ .Release.Namespace }} {{- end }} {{- range $namespace := .Values.networkPolicy.allowNamespaces }} - {{- if $namespace }} + {{- if $namespace }} - namespaceSelector: matchLabels: kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} {{- end }} - {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + ingress: + - {} {{- end }} {{- end }} From 5c786db90a6b43a8906042e1ee789ce23e74e1b6 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 13 Mar 2024 15:45:03 +0800 Subject: [PATCH 062/122] chore(cloudbeaver): add networkpolicy ,Allow all ip when service type is Loadbalancer --- .../cloudbeaver/templates/networkpolicy.yaml | 48 +++++++++++++++++++ .../23/chart/cloudbeaver/values.yaml | 17 +++++++ addons/cloudbeaver/23/meta.yaml | 5 +- .../23/plans/standard-10/bind.yaml | 5 +- .../23/plans/standard-10/meta.yaml | 6 +-- 5 files changed, 74 insertions(+), 7 deletions(-) create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/networkpolicy.yaml diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/networkpolicy.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/networkpolicy.yaml new file mode 100644 index 00000000..bc795be6 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/networkpolicy.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.service.type "ClusterIP" }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.service.ports.http }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + ingress: + - {} + {{- end}} +{{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml index 149c69d3..6ecd5d54 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml @@ -514,3 +514,20 @@ ingress: ## name: http ## extraRules: [] + ## @section Network Policy + +## MySQL Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port MySQL is listening + ## on. When true, MySQL will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] + diff --git a/addons/cloudbeaver/23/meta.yaml b/addons/cloudbeaver/23/meta.yaml index ad833d26..099b9e53 100644 --- a/addons/cloudbeaver/23/meta.yaml +++ b/addons/cloudbeaver/23/meta.yaml @@ -13,8 +13,11 @@ tags: cloudbeaver bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: +- name: "networkPolicy.allowNamespaces" + required: false + description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" required: false description: "service type config for values.yaml" diff --git a/addons/cloudbeaver/23/plans/standard-10/bind.yaml b/addons/cloudbeaver/23/plans/standard-10/bind.yaml index 5ee51e2a..cb335964 100644 --- a/addons/cloudbeaver/23/plans/standard-10/bind.yaml +++ b/addons/cloudbeaver/23/plans/standard-10/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PORT valueFrom: serviceRef: diff --git a/addons/cloudbeaver/23/plans/standard-10/meta.yaml b/addons/cloudbeaver/23/plans/standard-10/meta.yaml index 3c070e39..8c43a1e4 100644 --- a/addons/cloudbeaver/23/plans/standard-10/meta.yaml +++ b/addons/cloudbeaver/23/plans/standard-10/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-5" +name: "standard-10" id: 9d92b94d-c63e-47a8-ac91-352f511ef0a9 -description: "Cloudbeaver standard-5 plan: Disk 5Gi ,vCPUs 1 , RAM 2G" -displayName: "standard-5" +description: "Cloudbeaver standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G" +displayName: "standard-10" bindable: true maximum_polling_duration: 1800 From 9e65f72391c4c8ac34017e27034387bcf3431aec Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 13 Mar 2024 16:02:32 +0800 Subject: [PATCH 063/122] chore(cloudbeaver): fix typo --- addons/cloudbeaver/23/chart/cloudbeaver/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml index 6ecd5d54..3da722b3 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml @@ -516,7 +516,7 @@ ingress: extraRules: [] ## @section Network Policy -## MySQL Nework Policy configuration +## Nework Policy configuration ## networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources From f5bd56fb8b52e9d9810ae47cd5827dd616cc0b47 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 14 Mar 2024 16:40:17 +0800 Subject: [PATCH 064/122] chore(pmm): pmm network support --- .../chart/pmm/templates/networkpolicy.yaml | 50 +++++++++++++++++++ addons/pmm/2.41/chart/pmm/values.yaml | 15 ++++++ 2 files changed, 65 insertions(+) create mode 100644 addons/pmm/2.41/chart/pmm/templates/networkpolicy.yaml diff --git a/addons/pmm/2.41/chart/pmm/templates/networkpolicy.yaml b/addons/pmm/2.41/chart/pmm/templates/networkpolicy.yaml new file mode 100644 index 00000000..7bf5bed7 --- /dev/null +++ b/addons/pmm/2.41/chart/pmm/templates/networkpolicy.yaml @@ -0,0 +1,50 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.service.type "ClusterIP" }} + ingress: + # Allow inbound connections + {{- with .Values.service.ports }} + - ports: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + ingress: + - {} + {{- end}} +{{- end }} diff --git a/addons/pmm/2.41/chart/pmm/values.yaml b/addons/pmm/2.41/chart/pmm/values.yaml index 21e4f3c6..ccda0b1a 100644 --- a/addons/pmm/2.41/chart/pmm/values.yaml +++ b/addons/pmm/2.41/chart/pmm/values.yaml @@ -226,3 +226,18 @@ extraVolumeMounts: [] ## @param extraVolumes Optionally specify extra list of additional volumes ## extraVolumes: [] + +## Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port MySQL is listening + ## on. When true, MySQL will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] From 20bb4605fcca3badd4323a639bccbca69731fa67 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 14 Mar 2024 17:07:46 +0800 Subject: [PATCH 065/122] chore(pmm): fix pmm chart.yaml --- addons/pmm/2.41/chart/pmm/Chart.yaml | 41 +++++++++++++++++----------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/addons/pmm/2.41/chart/pmm/Chart.yaml b/addons/pmm/2.41/chart/pmm/Chart.yaml index 7353e99f..a80e91fc 100644 --- a/addons/pmm/2.41/chart/pmm/Chart.yaml +++ b/addons/pmm/2.41/chart/pmm/Chart.yaml @@ -1,18 +1,27 @@ +annotations: + category: monitor apiVersion: v2 -name: pmm -description: A Helm chart for Percona Monitoring and Management (PMM) -type: application -version: 1.3.11 -appVersion: "2.41.1" -home: https://github.com/percona/pmm -maintainers: - - name: tplavcic - email: tomislav.plavcic@percona.com - - name: bupychuk - email: nurlan.moldomurov@percona.com - - name: spron-in - email: sergey.pronin@percona.com +appVersion: 2.41 +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + tags: + - drycc-common + version: ~1.1.2 +description: Percona Monitoring and Management an open source database monitoring, observability and management tool +engine: gotpl +home: https://github.com/drycc/charts/tree/master/drycc/pmm +icon: https://drycc.com/assets/stacks/pmm/img/pmm-stack-220x234.png keywords: - - PMM - - Monitoring -icon: https://www.percona.com/sites/default/files/pmm-logo.png + - mysql + - postgres + - mongodb + - monitor +maintainers: + - name: Drycc + url: https://github.com/drycc/charts +name: pmm +sources: + - https://github.com/drycc/containers/tree/main/drycc/mysql + - https://github.com/percona/pmm +version: 2.41 From f641e92fd2dc6236e7b80c743e867e1407952104 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 14 Mar 2024 17:16:22 +0800 Subject: [PATCH 066/122] chore(pmm): fix pmm chart.yaml --- addons/pmm/2.41/chart/pmm/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/addons/pmm/2.41/chart/pmm/Chart.yaml b/addons/pmm/2.41/chart/pmm/Chart.yaml index a80e91fc..55497a7d 100644 --- a/addons/pmm/2.41/chart/pmm/Chart.yaml +++ b/addons/pmm/2.41/chart/pmm/Chart.yaml @@ -1,7 +1,7 @@ annotations: category: monitor apiVersion: v2 -appVersion: 2.41 +appVersion: 2.41.0 dependencies: - name: common repository: oci://registry.drycc.cc/charts @@ -24,4 +24,4 @@ name: pmm sources: - https://github.com/drycc/containers/tree/main/drycc/mysql - https://github.com/percona/pmm -version: 2.41 +version: 2.41.0 From 31f839fb516a114c1fd0040e832851e13ee26929 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 12 Apr 2024 11:48:39 +0800 Subject: [PATCH 067/122] chore(addons): against plans to standard specifications --- addons/cloudbeaver/23/plans/standard-10/meta.yaml | 6 +++--- addons/grafana/10/plans/standard-5/meta.yaml | 6 +++--- addons/mysql-cluster/8.0/plans/standard-10/meta.yaml | 6 ------ addons/mysql-cluster/8.0/plans/standard-100/meta.yaml | 6 ------ .../8.0/plans/{standard-10 => standard-16c64g400}/bind.yaml | 0 .../create-instance-schema.json | 0 addons/mysql-cluster/8.0/plans/standard-16c64g400/meta.yaml | 6 ++++++ .../plans/{standard-400 => standard-16c64g400}/values.yaml | 0 .../8.0/plans/{standard-100 => standard-1c2g10}/bind.yaml | 0 .../create-instance-schema.json | 0 addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml | 6 ++++++ .../8.0/plans/{standard-10 => standard-1c2g10}/values.yaml | 0 addons/mysql-cluster/8.0/plans/standard-20/meta.yaml | 6 ------ addons/mysql-cluster/8.0/plans/standard-200/meta.yaml | 6 ------ .../8.0/plans/{standard-20 => standard-2c4g20}/bind.yaml | 0 .../create-instance-schema.json | 0 addons/mysql-cluster/8.0/plans/standard-2c4g20/meta.yaml | 6 ++++++ .../8.0/plans/{standard-20 => standard-2c4g20}/values.yaml | 0 .../8.0/plans/{standard-200 => standard-2c8g50}/bind.yaml | 0 .../create-instance-schema.json | 0 addons/mysql-cluster/8.0/plans/standard-2c8g50/meta.yaml | 6 ++++++ .../8.0/plans/{standard-50 => standard-2c8g50}/values.yaml | 0 .../plans/{standard-400 => standard-32c128g800}/bind.yaml | 0 .../create-instance-schema.json | 0 .../mysql-cluster/8.0/plans/standard-32c128g800/meta.yaml | 6 ++++++ .../plans/{standard-800 => standard-32c128g800}/values.yaml | 0 addons/mysql-cluster/8.0/plans/standard-400/meta.yaml | 6 ------ .../8.0/plans/{standard-50 => standard-4c16g100}/bind.yaml | 0 .../create-instance-schema.json | 0 addons/mysql-cluster/8.0/plans/standard-4c16g100/meta.yaml | 6 ++++++ .../plans/{standard-100 => standard-4c16g100}/values.yaml | 0 addons/mysql-cluster/8.0/plans/standard-50/meta.yaml | 6 ------ addons/mysql-cluster/8.0/plans/standard-800/meta.yaml | 6 ------ .../8.0/plans/{standard-800 => standard-8c32g200}/bind.yaml | 0 .../create-instance-schema.json | 0 addons/mysql-cluster/8.0/plans/standard-8c32g200/meta.yaml | 6 ++++++ .../plans/{standard-200 => standard-8c32g200}/values.yaml | 0 addons/pmm/2.41/plans/standard-10/meta.yaml | 6 ------ .../2.41/plans/{standard-10 => standard-2c2g10}/bind.yaml | 0 .../create-instance-schema.json | 0 addons/pmm/2.41/plans/standard-2c2g10/meta.yaml | 6 ++++++ .../2.41/plans/{standard-10 => standard-2c2g10}/values.yaml | 0 addons/postgresql-cluster/15/plans/standard-100/meta.yaml | 6 ------ .../15/plans/{standard-100 => standard-16c64g400}/bind.yaml | 0 .../create-instance-schema.json | 0 .../15/plans/standard-16c64g400/meta.yaml | 6 ++++++ .../plans/{standard-400 => standard-16c64g400}/values.yaml | 0 .../15/plans/{standard-10 => standard-1c2g10}/bind.yaml | 0 .../create-instance-schema.json | 0 .../15/plans/{standard-10 => standard-1c2g10}/meta.yaml | 4 ++-- .../15/plans/{standard-10 => standard-1c2g10}/values.yaml | 0 addons/postgresql-cluster/15/plans/standard-20/meta.yaml | 6 ------ addons/postgresql-cluster/15/plans/standard-200/meta.yaml | 6 ------ .../15/plans/{standard-20 => standard-2c4g20}/bind.yaml | 0 .../create-instance-schema.json | 0 .../postgresql-cluster/15/plans/standard-2c4g20/meta.yaml | 6 ++++++ .../15/plans/{standard-20 => standard-2c4g20}/values.yaml | 0 .../15/plans/{standard-200 => standard-2c8g50}/bind.yaml | 0 .../create-instance-schema.json | 0 .../postgresql-cluster/15/plans/standard-2c8g50/meta.yaml | 6 ++++++ .../15/plans/{standard-50 => standard-2c8g50}/values.yaml | 0 .../plans/{standard-400 => standard-32c128g800}/bind.yaml | 0 .../create-instance-schema.json | 0 .../15/plans/standard-32c128g800/meta.yaml | 6 ++++++ .../plans/{standard-800 => standard-32c128g800}/values.yaml | 0 .../15/plans/{standard-4t => standard-32c64g4000}/bind.yaml | 0 .../create-instance-schema.json | 0 .../15/plans/standard-32c64g4000/meta.yaml | 6 ++++++ .../plans/{standard-4t => standard-32c64g4000}/values.yaml | 0 addons/postgresql-cluster/15/plans/standard-400/meta.yaml | 6 ------ .../15/plans/{standard-50 => standard-4c16g100}/bind.yaml | 0 .../create-instance-schema.json | 0 .../postgresql-cluster/15/plans/standard-4c16g100/meta.yaml | 6 ++++++ .../plans/{standard-100 => standard-4c16g100}/values.yaml | 0 addons/postgresql-cluster/15/plans/standard-4t/meta.yaml | 6 ------ addons/postgresql-cluster/15/plans/standard-50/meta.yaml | 6 ------ addons/postgresql-cluster/15/plans/standard-800/meta.yaml | 6 ------ .../15/plans/{standard-800 => standard-8c32g200}/bind.yaml | 0 .../create-instance-schema.json | 0 .../postgresql-cluster/15/plans/standard-8c32g200/meta.yaml | 6 ++++++ .../plans/{standard-200 => standard-8c32g200}/values.yaml | 0 81 files changed, 98 insertions(+), 98 deletions(-) delete mode 100644 addons/mysql-cluster/8.0/plans/standard-10/meta.yaml delete mode 100644 addons/mysql-cluster/8.0/plans/standard-100/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-10 => standard-16c64g400}/bind.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-10 => standard-16c64g400}/create-instance-schema.json (100%) create mode 100644 addons/mysql-cluster/8.0/plans/standard-16c64g400/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-400 => standard-16c64g400}/values.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-100 => standard-1c2g10}/bind.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-100 => standard-1c2g10}/create-instance-schema.json (100%) create mode 100644 addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-10 => standard-1c2g10}/values.yaml (100%) delete mode 100644 addons/mysql-cluster/8.0/plans/standard-20/meta.yaml delete mode 100644 addons/mysql-cluster/8.0/plans/standard-200/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-20 => standard-2c4g20}/bind.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-20 => standard-2c4g20}/create-instance-schema.json (100%) create mode 100644 addons/mysql-cluster/8.0/plans/standard-2c4g20/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-20 => standard-2c4g20}/values.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-200 => standard-2c8g50}/bind.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-200 => standard-2c8g50}/create-instance-schema.json (100%) create mode 100644 addons/mysql-cluster/8.0/plans/standard-2c8g50/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-50 => standard-2c8g50}/values.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-400 => standard-32c128g800}/bind.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-400 => standard-32c128g800}/create-instance-schema.json (100%) create mode 100644 addons/mysql-cluster/8.0/plans/standard-32c128g800/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-800 => standard-32c128g800}/values.yaml (100%) delete mode 100644 addons/mysql-cluster/8.0/plans/standard-400/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-50 => standard-4c16g100}/bind.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-50 => standard-4c16g100}/create-instance-schema.json (100%) create mode 100644 addons/mysql-cluster/8.0/plans/standard-4c16g100/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-100 => standard-4c16g100}/values.yaml (100%) delete mode 100644 addons/mysql-cluster/8.0/plans/standard-50/meta.yaml delete mode 100644 addons/mysql-cluster/8.0/plans/standard-800/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-800 => standard-8c32g200}/bind.yaml (100%) rename addons/mysql-cluster/8.0/plans/{standard-800 => standard-8c32g200}/create-instance-schema.json (100%) create mode 100644 addons/mysql-cluster/8.0/plans/standard-8c32g200/meta.yaml rename addons/mysql-cluster/8.0/plans/{standard-200 => standard-8c32g200}/values.yaml (100%) delete mode 100644 addons/pmm/2.41/plans/standard-10/meta.yaml rename addons/pmm/2.41/plans/{standard-10 => standard-2c2g10}/bind.yaml (100%) rename addons/pmm/2.41/plans/{standard-10 => standard-2c2g10}/create-instance-schema.json (100%) create mode 100644 addons/pmm/2.41/plans/standard-2c2g10/meta.yaml rename addons/pmm/2.41/plans/{standard-10 => standard-2c2g10}/values.yaml (100%) delete mode 100644 addons/postgresql-cluster/15/plans/standard-100/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-100 => standard-16c64g400}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-10 => standard-16c64g400}/create-instance-schema.json (100%) create mode 100644 addons/postgresql-cluster/15/plans/standard-16c64g400/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-400 => standard-16c64g400}/values.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-10 => standard-1c2g10}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-100 => standard-1c2g10}/create-instance-schema.json (100%) rename addons/postgresql-cluster/15/plans/{standard-10 => standard-1c2g10}/meta.yaml (77%) rename addons/postgresql-cluster/15/plans/{standard-10 => standard-1c2g10}/values.yaml (100%) delete mode 100644 addons/postgresql-cluster/15/plans/standard-20/meta.yaml delete mode 100644 addons/postgresql-cluster/15/plans/standard-200/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-20 => standard-2c4g20}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-20 => standard-2c4g20}/create-instance-schema.json (100%) create mode 100644 addons/postgresql-cluster/15/plans/standard-2c4g20/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-20 => standard-2c4g20}/values.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-200 => standard-2c8g50}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-200 => standard-2c8g50}/create-instance-schema.json (100%) create mode 100644 addons/postgresql-cluster/15/plans/standard-2c8g50/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-50 => standard-2c8g50}/values.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-400 => standard-32c128g800}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-400 => standard-32c128g800}/create-instance-schema.json (100%) create mode 100644 addons/postgresql-cluster/15/plans/standard-32c128g800/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-800 => standard-32c128g800}/values.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-4t => standard-32c64g4000}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-4t => standard-32c64g4000}/create-instance-schema.json (100%) create mode 100644 addons/postgresql-cluster/15/plans/standard-32c64g4000/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-4t => standard-32c64g4000}/values.yaml (100%) delete mode 100644 addons/postgresql-cluster/15/plans/standard-400/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-50 => standard-4c16g100}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-50 => standard-4c16g100}/create-instance-schema.json (100%) create mode 100644 addons/postgresql-cluster/15/plans/standard-4c16g100/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-100 => standard-4c16g100}/values.yaml (100%) delete mode 100644 addons/postgresql-cluster/15/plans/standard-4t/meta.yaml delete mode 100644 addons/postgresql-cluster/15/plans/standard-50/meta.yaml delete mode 100644 addons/postgresql-cluster/15/plans/standard-800/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-800 => standard-8c32g200}/bind.yaml (100%) rename addons/postgresql-cluster/15/plans/{standard-800 => standard-8c32g200}/create-instance-schema.json (100%) create mode 100644 addons/postgresql-cluster/15/plans/standard-8c32g200/meta.yaml rename addons/postgresql-cluster/15/plans/{standard-200 => standard-8c32g200}/values.yaml (100%) diff --git a/addons/cloudbeaver/23/plans/standard-10/meta.yaml b/addons/cloudbeaver/23/plans/standard-10/meta.yaml index 8c43a1e4..fb12258c 100644 --- a/addons/cloudbeaver/23/plans/standard-10/meta.yaml +++ b/addons/cloudbeaver/23/plans/standard-10/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-10" +name: "standard-1c2g10" id: 9d92b94d-c63e-47a8-ac91-352f511ef0a9 -description: "Cloudbeaver standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G" -displayName: "standard-10" +description: "Cloudbeaver standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G" +displayName: "standard-1c2g10" bindable: true maximum_polling_duration: 1800 diff --git a/addons/grafana/10/plans/standard-5/meta.yaml b/addons/grafana/10/plans/standard-5/meta.yaml index 9940bdc8..455ec32f 100644 --- a/addons/grafana/10/plans/standard-5/meta.yaml +++ b/addons/grafana/10/plans/standard-5/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-5" +name: "standard-1c1g5" id: 1694a049-0f1d-40c6-8c56-59b8285f1654 -description: "grafana plan which limit 1c1g ,default persistence size 5Gi." -displayName: "1C2G" +description: "grafana plan standard-1c1g5 which limit 1c1g ,default persistence size 5Gi." +displayName: "1c1g5" bindable: true maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml deleted file mode 100644 index 6c738828..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-10" -id: 2b455154-8725-482a-95b2-a193c180d9b5 -description: "Mysql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" -displayName: "standard-10" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml deleted file mode 100644 index 3cb9c0d4..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-100" -id: 20cf5c53-699f-46e8-b541-d95c9fcccb86 -description: "Mysql Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 4000" -displayName: "standard-100" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/bind.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-10/bind.yaml rename to addons/mysql-cluster/8.0/plans/standard-16c64g400/bind.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-10/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-16c64g400/create-instance-schema.json similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-10/create-instance-schema.json rename to addons/mysql-cluster/8.0/plans/standard-16c64g400/create-instance-schema.json diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/meta.yaml new file mode 100644 index 00000000..5b3b5c02 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-16c64g400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-16c64g400" +id: f96fb7d8-3012-4175-931e-902e26697441 +description: "Mysql Cluster standard-16c64g400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 1600" +displayName: "standard-16c64g400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-400/values.yaml rename to addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-100/bind.yaml rename to addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json rename to addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml new file mode 100644 index 00000000..c8f45468 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1g2g10" +id: 2b455154-8725-482a-95b2-a193c180d9b5 +description: "Mysql Cluster standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" +displayName: "standard-1c2g10" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-10/values.yaml rename to addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml deleted file mode 100644 index e749a7db..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-20" -id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc -description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" -displayName: "standard-20" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml deleted file mode 100644 index b857ef1e..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-200" -id: 8205e5d3-a954-4c68-a570-efa8c607c1d7 -description: "Mysql Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 8000" -displayName: "standard-200" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-2c4g20/bind.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-20/bind.yaml rename to addons/mysql-cluster/8.0/plans/standard-2c4g20/bind.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-2c4g20/create-instance-schema.json similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json rename to addons/mysql-cluster/8.0/plans/standard-2c4g20/create-instance-schema.json diff --git a/addons/mysql-cluster/8.0/plans/standard-2c4g20/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-2c4g20/meta.yaml new file mode 100644 index 00000000..9df7017f --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-2c4g20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g20" +id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc +description: "Mysql Cluster standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-2c4g20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-20/values.yaml b/addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-20/values.yaml rename to addons/mysql-cluster/8.0/plans/standard-2c4g20/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-2c8g50/bind.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-200/bind.yaml rename to addons/mysql-cluster/8.0/plans/standard-2c8g50/bind.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-2c8g50/create-instance-schema.json similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json rename to addons/mysql-cluster/8.0/plans/standard-2c8g50/create-instance-schema.json diff --git a/addons/mysql-cluster/8.0/plans/standard-2c8g50/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-2c8g50/meta.yaml new file mode 100644 index 00000000..cc17b298 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-2c8g50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c8g50" +id: 6f69bee2-6de2-4baf-bbe1-27844a2998b2 +description: "Mysql Cluster standard-2c8g50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-2c8g50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-50/values.yaml b/addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-50/values.yaml rename to addons/mysql-cluster/8.0/plans/standard-2c8g50/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/bind.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-400/bind.yaml rename to addons/mysql-cluster/8.0/plans/standard-32c128g800/bind.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-32c128g800/create-instance-schema.json similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json rename to addons/mysql-cluster/8.0/plans/standard-32c128g800/create-instance-schema.json diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/meta.yaml new file mode 100644 index 00000000..57d19b9b --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-32c128g800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c128g800" +id: 829768aa-f287-42ee-b98c-db40ec670d38 +description: "Mysql Cluster standard-32c128g800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 32000" +displayName: "standard-32c128g800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-800/values.yaml rename to addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml deleted file mode 100644 index c802ccc6..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-400" -id: f96fb7d8-3012-4175-931e-902e26697441 -description: "Mysql Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 1600" -displayName: "standard-400" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-4c16g100/bind.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-50/bind.yaml rename to addons/mysql-cluster/8.0/plans/standard-4c16g100/bind.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-4c16g100/create-instance-schema.json similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json rename to addons/mysql-cluster/8.0/plans/standard-4c16g100/create-instance-schema.json diff --git a/addons/mysql-cluster/8.0/plans/standard-4c16g100/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-4c16g100/meta.yaml new file mode 100644 index 00000000..720efb35 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-4c16g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c16g100" +id: 20cf5c53-699f-46e8-b541-d95c9fcccb86 +description: "Mysql Cluster standard-4c16g100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 4000" +displayName: "standard-4c16g100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-100/values.yaml b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-100/values.yaml rename to addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml deleted file mode 100644 index a6d4e5bd..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-50" -id: 6f69bee2-6de2-4baf-bbe1-27844a2998b2 -description: "Mysql Cluster standard-10 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" -displayName: "standard-50" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml deleted file mode 100644 index 72806d97..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-800" -id: 829768aa-f287-42ee-b98c-db40ec670d38 -description: "Mysql Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 32000" -displayName: "standard-800" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/bind.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-800/bind.yaml rename to addons/mysql-cluster/8.0/plans/standard-8c32g200/bind.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-8c32g200/create-instance-schema.json similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json rename to addons/mysql-cluster/8.0/plans/standard-8c32g200/create-instance-schema.json diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/meta.yaml new file mode 100644 index 00000000..4b70945d --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-8c32g200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c32g200" +id: 8205e5d3-a954-4c68-a570-efa8c607c1d7 +description: "Mysql Cluster standard-8c32g200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 8000" +displayName: "standard-8c32g200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml similarity index 100% rename from addons/mysql-cluster/8.0/plans/standard-200/values.yaml rename to addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml diff --git a/addons/pmm/2.41/plans/standard-10/meta.yaml b/addons/pmm/2.41/plans/standard-10/meta.yaml deleted file mode 100644 index aaa411c0..00000000 --- a/addons/pmm/2.41/plans/standard-10/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-10" -id: d4d9338c-4958-4203-8e7d-bdfcb0d81945 -description: "pmm standard-10 plan: Disk 10Gi ,vCPUs 2 , RAM 2G" -displayName: "standard-10" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/pmm/2.41/plans/standard-10/bind.yaml b/addons/pmm/2.41/plans/standard-2c2g10/bind.yaml similarity index 100% rename from addons/pmm/2.41/plans/standard-10/bind.yaml rename to addons/pmm/2.41/plans/standard-2c2g10/bind.yaml diff --git a/addons/pmm/2.41/plans/standard-10/create-instance-schema.json b/addons/pmm/2.41/plans/standard-2c2g10/create-instance-schema.json similarity index 100% rename from addons/pmm/2.41/plans/standard-10/create-instance-schema.json rename to addons/pmm/2.41/plans/standard-2c2g10/create-instance-schema.json diff --git a/addons/pmm/2.41/plans/standard-2c2g10/meta.yaml b/addons/pmm/2.41/plans/standard-2c2g10/meta.yaml new file mode 100644 index 00000000..bf17a90c --- /dev/null +++ b/addons/pmm/2.41/plans/standard-2c2g10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c2g10" +id: d4d9338c-4958-4203-8e7d-bdfcb0d81945 +description: "pmm standard-2c2g10 plan: Disk 10Gi ,vCPUs 2 , RAM 2G" +displayName: "standard-2c2g10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/pmm/2.41/plans/standard-10/values.yaml b/addons/pmm/2.41/plans/standard-2c2g10/values.yaml similarity index 100% rename from addons/pmm/2.41/plans/standard-10/values.yaml rename to addons/pmm/2.41/plans/standard-2c2g10/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml deleted file mode 100644 index 699f4aaa..00000000 --- a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-100" -id: c44160a6-5ec4-49e5-af1e-a1c1676871cf -description: "PostgreSQL Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" -displayName: "standard-100" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-100/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-16c64g400/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-16c64g400/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-16c64g400/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-16c64g400/meta.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/meta.yaml new file mode 100644 index 00000000..0e82a8d2 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-16c64g400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-16c64g400" +id: 16bfd3a8-1080-4731-93d0-bd90e6ba6dad +description: "PostgreSQL Cluster standard-16c64g400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-16c64g400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-400/values.yaml rename to addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-1c2g10/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-10/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-1c2g10/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml b/addons/postgresql-cluster/15/plans/standard-1c2g10/meta.yaml similarity index 77% rename from addons/postgresql-cluster/15/plans/standard-10/meta.yaml rename to addons/postgresql-cluster/15/plans/standard-1c2g10/meta.yaml index f5c2257b..ecec7095 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-1c2g10/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-10" +name: "standard-1c2g10" id: 83c3b52e-2685-4362-9ea1-42e170060c78 description: "Postgresql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" -displayName: "standard-10" +displayName: "standard-1c2g10" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-10/values.yaml rename to addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml deleted file mode 100644 index 0f67097a..00000000 --- a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-20" -id: edf8bdfe-b1dc-4f41-b042-801153794df7 -description: "PostgreSQL Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" -displayName: "standard-20" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml deleted file mode 100644 index cbfb48ce..00000000 --- a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-200" -id: a2160ac2-6c35-4162-b8a2-8dfb2e01816f -description: "PostgreSQL Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" -displayName: "standard-200" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-2c4g20/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-20/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-2c4g20/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-2c4g20/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-2c4g20/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-2c4g20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-2c4g20/meta.yaml new file mode 100644 index 00000000..e6fc9417 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-2c4g20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g20" +id: edf8bdfe-b1dc-4f41-b042-801153794df7 +description: "PostgreSQL Cluster standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-2c4g20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-20/values.yaml rename to addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-2c8g50/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-200/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-2c8g50/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-2c8g50/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-2c8g50/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-2c8g50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-2c8g50/meta.yaml new file mode 100644 index 00000000..f559091d --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-2c8g50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c8g50" +id: 0542f411-4e7b-46af-966c-c9989e54873c +description: "PostgreSQL Cluster standard-2c8g50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-2c8g50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-50/values.yaml rename to addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-400/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-32c128g800/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-32c128g800/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-32c128g800/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-32c128g800/meta.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/meta.yaml new file mode 100644 index 00000000..90f0ee80 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-32c128g800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c128g800" +id: 60f37e20-e69e-4f6f-9cce-e43caec34963 +description: "PostgreSQL Cluster standard-32c128g800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" +displayName: "standard-32c128g800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-800/values.yaml rename to addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-4t/bind.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-4t/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-32c64g4000/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-32c64g4000/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-32c64g4000/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-32c64g4000/meta.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/meta.yaml new file mode 100644 index 00000000..37d28b85 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-32c64g4000/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c64g4000" +id: 138f8059-a3f6-4efe-a210-09d9ff00f9a9 +description: "PostgreSQL Cluster standard-32c64g4000 plan: Disk 4Ti ,vCPUs 32 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-32c64g4000" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-4t/values.yaml rename to addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml deleted file mode 100644 index 8ec2aacb..00000000 --- a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-400" -id: 16bfd3a8-1080-4731-93d0-bd90e6ba6dad -description: "PostgreSQL Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" -displayName: "standard-400" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-4c16g100/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-50/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-4c16g100/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-4c16g100/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-4c16g100/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-4c16g100/meta.yaml b/addons/postgresql-cluster/15/plans/standard-4c16g100/meta.yaml new file mode 100644 index 00000000..7e6943c1 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-4c16g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c16g100" +id: c44160a6-5ec4-49e5-af1e-a1c1676871cf +description: "PostgreSQL Cluster standard-4c16g100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" +displayName: "standard-4c16g100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-100/values.yaml rename to addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml b/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml deleted file mode 100644 index 208f253c..00000000 --- a/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-4t" -id: 138f8059-a3f6-4efe-a210-09d9ff00f9a9 -description: "PostgreSQL Cluster standard-4t plan: Disk 4Ti ,vCPUs 32 , RAM 64G , DB MAX Connection 2000" -displayName: "standard-4t" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml deleted file mode 100644 index a194f7ef..00000000 --- a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-50" -id: 0542f411-4e7b-46af-966c-c9989e54873c -description: "PostgreSQL Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" -displayName: "standard-50" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml deleted file mode 100644 index 72ab5126..00000000 --- a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-800" -id: 60f37e20-e69e-4f6f-9cce-e43caec34963 -description: "PostgreSQL Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" -displayName: "standard-800" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/bind.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-800/bind.yaml rename to addons/postgresql-cluster/15/plans/standard-8c32g200/bind.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-8c32g200/create-instance-schema.json similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json rename to addons/postgresql-cluster/15/plans/standard-8c32g200/create-instance-schema.json diff --git a/addons/postgresql-cluster/15/plans/standard-8c32g200/meta.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/meta.yaml new file mode 100644 index 00000000..e71fc4d6 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-8c32g200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c32g200" +id: a2160ac2-6c35-4162-b8a2-8dfb2e01816f +description: "PostgreSQL Cluster standard-8c32g200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" +displayName: "standard-8c32g200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/plans/standard-200/values.yaml rename to addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml From 24161d3d0335b7d2b6c7bbaff183e7b77a7f7419 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 12 Apr 2024 16:08:26 +0800 Subject: [PATCH 068/122] chore(mysql-cluster): fix standard-1c2g10 --- addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml index 198b5253..437127a4 100644 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-1c2g10/values.yaml @@ -16,10 +16,10 @@ primary: resources: limits: cpu: 1000m - memory: 4Gi + memory: 2Gi requests: cpu: 1000m - memory: 4Gi + memory: 2Gi ## @section Persistence parameters From 6c2cb1bcdbb446ea2c31482a9a5b4fd50dbc54e8 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 18 Apr 2024 17:35:12 +0800 Subject: [PATCH 069/122] chore(addons) add mongodb --- addons/index.yaml | 3 + addons/mongodb/7.0/chart/mongodb/.helmignore | 21 + addons/mongodb/7.0/chart/mongodb/Chart.yaml | 29 + addons/mongodb/7.0/chart/mongodb/README.md | 787 +++++++ .../7.0/chart/mongodb/templates/NOTES.txt | 202 ++ .../7.0/chart/mongodb/templates/_helpers.tpl | 432 ++++ .../mongodb/templates/arbiter/configmap.yaml | 18 + .../templates/arbiter/headless-svc.yaml | 33 + .../chart/mongodb/templates/arbiter/pdb.yaml | 25 + .../templates/arbiter/statefulset.yaml | 279 +++ .../mongodb/templates/common-scripts-cm.yaml | 104 + .../chart/mongodb/templates/configmap.yaml | 18 + .../chart/mongodb/templates/extra-list.yaml | 4 + .../mongodb/templates/hidden/configmap.yaml | 15 + .../templates/hidden/external-access-svc.yaml | 67 + .../templates/hidden/headless-svc.yaml | 34 + .../chart/mongodb/templates/hidden/pdb.yaml | 22 + .../mongodb/templates/hidden/statefulset.yaml | 533 +++++ .../templates/initialization-configmap.yaml | 17 + .../chart/mongodb/templates/metrics-svc.yaml | 33 + .../mongodb/templates/networkpolicy.yaml | 44 + .../mongodb/templates/prometheusrule.yaml | 18 + .../7.0/chart/mongodb/templates/psp.yaml | 50 + .../templates/replicaset/access-svc.yaml | 32 + .../replicaset/external-access-svc.yaml | 67 + .../templates/replicaset/headless-svc.yaml | 34 + .../mongodb/templates/replicaset/pdb.yaml | 25 + .../replicaset/scripts-configmap.yaml | 301 +++ .../templates/replicaset/statefulset.yaml | 543 +++++ .../mongodb/templates/replicaset/svc.yaml | 43 + .../7.0/chart/mongodb/templates/role.yaml | 30 + .../chart/mongodb/templates/rolebinding.yaml | 19 + .../chart/mongodb/templates/secrets-ca.yaml | 37 + .../7.0/chart/mongodb/templates/secrets.yaml | 41 + .../mongodb/templates/serviceaccount.yaml | 23 + .../mongodb/templates/servicemonitor.yaml | 48 + .../mongodb/templates/standalone/dep-sts.yaml | 474 ++++ .../mongodb/templates/standalone/pvc.yaml | 33 + .../mongodb/templates/standalone/svc.yaml | 58 + .../7.0/chart/mongodb/values.schema.json | 173 ++ addons/mongodb/7.0/chart/mongodb/values.yaml | 2053 +++++++++++++++++ addons/mongodb/7.0/meta.yaml | 21 + .../7.0/plans/standard-1c2g10/bind.yaml | 28 + .../create-instance-schema.json | 12 + .../7.0/plans/standard-1c2g10/meta.yaml | 6 + .../7.0/plans/standard-1c2g10/values.yaml | 23 + .../8.0/plans/standard-1c2g10/bind.yaml | 2 +- .../15/chart/postgresql-cluster/README.md | 4 +- 48 files changed, 6916 insertions(+), 2 deletions(-) create mode 100644 addons/mongodb/7.0/chart/mongodb/.helmignore create mode 100644 addons/mongodb/7.0/chart/mongodb/Chart.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/README.md create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/psp.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/role.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/values.schema.json create mode 100644 addons/mongodb/7.0/chart/mongodb/values.yaml create mode 100644 addons/mongodb/7.0/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/values.yaml diff --git a/addons/index.yaml b/addons/index.yaml index cd0ea8e0..0ec08fc0 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -54,3 +54,6 @@ entries: pmm: - version: 2.41 description: "Percona Monitoring and Management: an open source database monitoring, observability and management tool ." + mongodb: + - version: 7.0 + description: "MongoDB is a document database designed for ease of application development and scaling." \ No newline at end of file diff --git a/addons/mongodb/7.0/chart/mongodb/.helmignore b/addons/mongodb/7.0/chart/mongodb/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/addons/mongodb/7.0/chart/mongodb/Chart.yaml b/addons/mongodb/7.0/chart/mongodb/Chart.yaml new file mode 100644 index 00000000..4d7cf00d --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/Chart.yaml @@ -0,0 +1,29 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 7.0.8 +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + tags: + - drycc-common + version: ~1.1.2 +description: MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. +engine: gotpl +home: https://github.com/drycc/charts/tree/master/drycc/mongodb +icon: https://drycc.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png +keywords: + - mongodb + - database + - nosql + - cluster + - replicaset + - replication +maintainers: + - name: Drycc + url: https://github.com/drycc/charts +name: mongodb +sources: + - https://github.com/drycc/containers/tree/main/drycc/mongodb + - https://mongodb.org +version: 13.1.7 diff --git a/addons/mongodb/7.0/chart/mongodb/README.md b/addons/mongodb/7.0/chart/mongodb/README.md new file mode 100644 index 00000000..5a83118a --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/README.md @@ -0,0 +1,787 @@ + + +# MongoDB(R) packaged by Drycc + +MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. + +[Overview of MongoDB®](http://www.mongodb.org) + +Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from Drycc. + +## TL;DR + +```bash +$ helm repo add my-repo https://charts.drycc.com/drycc +$ helm install my-release my-repo/mongodb +``` + +## Introduction + +This chart bootstraps a [MongoDB(®)](https://github.com/drycc/containers/tree/main/drycc/mongodb) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Drycc charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install my-release my-repo/mongodb +``` + +The command deploys MongoDB(®) on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Architecture + +This chart allows installing MongoDB(®) using two different architecture setups: `standalone` or `replicaset`. Use the `architecture` parameter to choose the one to use: + +```console +architecture="standalone" +architecture="replicaset" +``` + +Refer to the [chart documentation for more information on each of these architectures](https://docs.drycc.com/kubernetes/infrastructure/mongodb/get-started/understand-architecture/). + +## Parameters + +### Global parameters + +| Name | Description | Value | +| -------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.namespaceOverride` | Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------------------------- | --------------- | +| `nameOverride` | String to partially override mongodb.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override mongodb.fullname template | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `commonLabels` | Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template | `{}` | +| `commonAnnotations` | Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template | `{}` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + + +### MongoDB(®) parameters + +| Name | Description | Value | +| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------- | +| `image.registry` | MongoDB(®) image registry | `docker.io` | +| `image.repository` | MongoDB(®) image registry | `drycc/mongodb` | +| `image.tag` | MongoDB(®) image tag (immutable tags are recommended) | `6.0.2-debian-11-r1` | +| `image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | MongoDB(®) image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Set to true if you would like to see extra information on logs | `false` | +| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `architecture` | MongoDB(®) architecture (`standalone` or `replicaset`) | `standalone` | +| `useStatefulSet` | Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) | `false` | +| `auth.enabled` | Enable authentication | `true` | +| `auth.rootUser` | MongoDB(®) root user | `root` | +| `auth.rootPassword` | MongoDB(®) root password | `""` | +| `auth.usernames` | List of custom users to be created during the initialization | `[]` | +| `auth.passwords` | List of passwords for the custom users set at `auth.usernames` | `[]` | +| `auth.databases` | List of custom databases to be created during the initialization | `[]` | +| `auth.username` | DEPRECATED: use `auth.usernames` instead | `""` | +| `auth.password` | DEPRECATED: use `auth.passwords` instead | `""` | +| `auth.database` | DEPRECATED: use `auth.databases` instead | `""` | +| `auth.replicaSetKey` | Key used for authentication in the replicaset (only when `architecture=replicaset`) | `""` | +| `auth.existingSecret` | Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) | `""` | +| `tls.enabled` | Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes | `false` | +| `tls.autoGenerated` | Generate a custom CA and self-signed certificates | `true` | +| `tls.existingSecret` | Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) | `""` | +| `tls.caCert` | Custom CA certificated (base64 encoded) | `""` | +| `tls.caKey` | CA certificate private key (base64 encoded) | `""` | +| `tls.image.registry` | Init container TLS certs setup image registry | `docker.io` | +| `tls.image.repository` | Init container TLS certs setup image repository | `drycc/nginx` | +| `tls.image.tag` | Init container TLS certs setup image tag (immutable tags are recommended) | `1.23.1-debian-11-r26` | +| `tls.image.digest` | Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `tls.image.pullPolicy` | Init container TLS certs setup image pull policy | `IfNotPresent` | +| `tls.image.pullSecrets` | Init container TLS certs specify docker-registry secret names as an array | `[]` | +| `tls.extraDnsNames` | Add extra dns names to the CA, can solve x509 auth issue for pod clients | `[]` | +| `tls.mode` | Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) | `requireTLS` | +| `tls.resources.limits` | Init container generate-tls-certs resource limits | `{}` | +| `tls.resources.requests` | Init container generate-tls-certs resource requests | `{}` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `replicaSetName` | Name of the replica set (only when `architecture=replicaset`) | `rs0` | +| `replicaSetHostnames` | Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) | `true` | +| `enableIPv6` | Switch to enable/disable IPv6 on MongoDB(®) | `false` | +| `directoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB(®) | `false` | +| `systemLogVerbosity` | MongoDB(®) system log verbosity level | `0` | +| `disableSystemLog` | Switch to enable/disable MongoDB(®) system log | `false` | +| `disableJavascript` | Switch to enable/disable MongoDB(®) server-side JavaScript execution | `false` | +| `enableJournal` | Switch to enable/disable MongoDB(®) Journaling | `true` | +| `configuration` | MongoDB(®) configuration file to be used for Primary and Secondary nodes | `""` | + + +### replicaSetConfigurationSettings settings applied during runtime (not via configuration file) + +| Name | Description | Value | +| ----------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------- | +| `replicaSetConfigurationSettings.enabled` | Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings | `false` | +| `replicaSetConfigurationSettings.configuration` | run-time rs.conf settings | `{}` | +| `existingConfigmap` | Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes | `""` | +| `initdbScripts` | Dictionary of initdb scripts | `{}` | +| `initdbScriptsConfigMap` | Existing ConfigMap with custom initdb scripts | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `extraFlags` | MongoDB(®) additional command line flags | `[]` | +| `extraEnvVars` | Extra environment variables to add to MongoDB(®) pods | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | + + +### MongoDB(®) statefulset parameters + +| Name | Description | Value | +| --------------------------------------- | --------------------------------------------------------------------------------------------------------------- | --------------- | +| `annotations` | Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | +| `labels` | Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | +| `replicaCount` | Number of MongoDB(®) nodes (only when `architecture=replicaset`) | `2` | +| `updateStrategy.type` | Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, | `RollingUpdate` | +| `podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | +| `podAffinityPreset` | MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | MongoDB(®) Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | MongoDB(®) Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | MongoDB(®) Affinity for pod assignment | `{}` | +| `nodeSelector` | MongoDB(®) Node labels for pod assignment | `{}` | +| `tolerations` | MongoDB(®) Tolerations for pod assignment | `[]` | +| `topologySpreadConstraints` | MongoDB(®) Spread Constraints for Pods | `[]` | +| `lifecycleHooks` | LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup | `{}` | +| `terminationGracePeriodSeconds` | MongoDB(®) Termination Grace Period | `""` | +| `podLabels` | MongoDB(®) pod labels | `{}` | +| `podAnnotations` | MongoDB(®) Pod annotations | `{}` | +| `priorityClassName` | Name of the existing priority class to be used by MongoDB(®) pod(s) | `""` | +| `runtimeClassName` | Name of the runtime class to be used by MongoDB(®) pod(s) | `""` | +| `podSecurityContext.enabled` | Enable MongoDB(®) pod(s)' Security Context | `true` | +| `podSecurityContext.fsGroup` | Group ID for the volumes of the MongoDB(®) pod(s) | `1001` | +| `podSecurityContext.sysctls` | sysctl settings of the MongoDB(®) pod(s)' | `[]` | +| `containerSecurityContext.enabled` | Enable MongoDB(®) container(s)' Security Context | `true` | +| `containerSecurityContext.runAsUser` | User ID for the MongoDB(®) container | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set MongoDB(®) container's Security Context runAsNonRoot | `true` | +| `resources.limits` | The resources limits for MongoDB(®) containers | `{}` | +| `resources.requests` | The requested resources for MongoDB(®) containers | `{}` | +| `containerPorts.mongodb` | MongoDB(®) container port | `27017` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `20` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `10` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | +| `customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | +| `customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `initContainers` | Add additional init containers for the hidden node pod(s) | `[]` | +| `sidecars` | Add additional sidecar containers for the MongoDB(®) pod(s) | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) | `[]` | +| `extraVolumes` | Optionally specify extra list of additional volumes to the MongoDB(®) statefulset | `[]` | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) | `false` | +| `pdb.minAvailable` | Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction | `1` | +| `pdb.maxUnavailable` | Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction | `""` | + + +### Traffic exposure parameters + +| Name | Description | Value | +| -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `service.nameOverride` | MongoDB(®) service name | `""` | +| `service.type` | Kubernetes Service type (only for standalone architecture) | `ClusterIP` | +| `service.portName` | MongoDB(®) service port name (only for standalone architecture) | `mongodb` | +| `service.ports.mongodb` | MongoDB(®) service port. | `27017` | +| `service.nodePorts.mongodb` | Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) | `""` | +| `service.clusterIP` | MongoDB(®) service cluster IP (only for standalone architecture) | `""` | +| `service.externalIPs` | Specify the externalIP value ClusterIP service type (only for standalone architecture) | `[]` | +| `service.loadBalancerIP` | loadBalancerIP for MongoDB(®) Service (only for standalone architecture) | `""` | +| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) | `[]` | +| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `service.annotations` | Provide any additional annotations that may be required | `{}` | +| `service.externalTrafficPolicy` | service external traffic policy (only for standalone architecture) | `Local` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `externalAccess.enabled` | Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) | `false` | +| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs by querying the K8s API | `false` | +| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | +| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `drycc/kubectl` | +| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.2-debian-11-r2` | +| `externalAccess.autoDiscovery.image.digest` | Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | +| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | +| `externalAccess.autoDiscovery.resources.limits` | Init container auto-discovery resource limits | `{}` | +| `externalAccess.autoDiscovery.resources.requests` | Init container auto-discovery resource requests | `{}` | +| `externalAccess.service.type` | Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | +| `externalAccess.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | +| `externalAccess.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | +| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | +| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | +| `externalAccess.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort | `[]` | +| `externalAccess.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | +| `externalAccess.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `externalAccess.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `externalAccess.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `externalAccess.hidden.enabled` | Enable Kubernetes external cluster access to MongoDB(®) hidden nodes | `false` | +| `externalAccess.hidden.service.type` | Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer | `LoadBalancer` | +| `externalAccess.hidden.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | +| `externalAccess.hidden.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | +| `externalAccess.hidden.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | +| `externalAccess.hidden.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.hidden.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | +| `externalAccess.hidden.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount | `[]` | +| `externalAccess.hidden.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | +| `externalAccess.hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `externalAccess.hidden.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.hidden.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `externalAccess.hidden.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | + + +### Persistence parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `persistence.enabled` | Enable MongoDB(®) data persistence using PVC | `true` | +| `persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` | +| `persistence.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` | +| `persistence.storageClass` | PVC Storage Class for MongoDB(®) data volume | `""` | +| `persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | +| `persistence.size` | PVC Storage Request for MongoDB(®) data volume | `8Gi` | +| `persistence.annotations` | PVC annotations | `{}` | +| `persistence.mountPath` | Path to mount the volume at | `/drycc/mongodb` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | +| `persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | +| `persistence.volumeClaimTemplates.dataSource` | Add dataSource to the VolumeClaimTemplate | `{}` | + + +### RBAC parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable creation of ServiceAccount for MongoDB(®) pods | `true` | +| `serviceAccount.name` | Name of the created serviceAccount | `""` | +| `serviceAccount.annotations` | Additional Service Account annotations | `{}` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | +| `rbac.create` | Whether to create & use RBAC resources or not | `false` | +| `rbac.rules` | Custom rules to create following the role specification | `[]` | +| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | +| `podSecurityPolicy.allowPrivilegeEscalation` | Enable privilege escalation | `false` | +| `podSecurityPolicy.privileged` | Allow privileged | `false` | +| `podSecurityPolicy.spec` | Specify the full spec to use for Pod Security Policy | `{}` | + + +### Volume Permissions parameters + +| Name | Description | Value | +| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `drycc/drycc-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r37` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | +| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | +| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions container | `0` | + + +### Arbiter parameters + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------------------- | --------------- | +| `arbiter.enabled` | Enable deploying the arbiter | `true` | +| `arbiter.hostAliases` | Add deployment host aliases | `[]` | +| `arbiter.configuration` | Arbiter configuration file to be used | `""` | +| `arbiter.existingConfigmap` | Name of existing ConfigMap with Arbiter configuration | `""` | +| `arbiter.command` | Override default container command (useful when using custom images) | `[]` | +| `arbiter.args` | Override default container args (useful when using custom images) | `[]` | +| `arbiter.extraFlags` | Arbiter additional command line flags | `[]` | +| `arbiter.extraEnvVars` | Extra environment variables to add to Arbiter pods | `[]` | +| `arbiter.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `arbiter.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | +| `arbiter.annotations` | Additional labels to be added to the Arbiter statefulset | `{}` | +| `arbiter.labels` | Annotations to be added to the Arbiter statefulset | `{}` | +| `arbiter.topologySpreadConstraints` | MongoDB(®) Spread Constraints for arbiter Pods | `[]` | +| `arbiter.lifecycleHooks` | LifecycleHook for the Arbiter container to automate configuration before or after startup | `{}` | +| `arbiter.terminationGracePeriodSeconds` | Arbiter Termination Grace Period | `""` | +| `arbiter.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | +| `arbiter.podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | +| `arbiter.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `arbiter.podAffinityPreset` | Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `arbiter.podAntiAffinityPreset` | Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `arbiter.nodeAffinityPreset.type` | Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `arbiter.nodeAffinityPreset.key` | Arbiter Node label key to match Ignored if `affinity` is set. | `""` | +| `arbiter.nodeAffinityPreset.values` | Arbiter Node label values to match. Ignored if `affinity` is set. | `[]` | +| `arbiter.affinity` | Arbiter Affinity for pod assignment | `{}` | +| `arbiter.nodeSelector` | Arbiter Node labels for pod assignment | `{}` | +| `arbiter.tolerations` | Arbiter Tolerations for pod assignment | `[]` | +| `arbiter.podLabels` | Arbiter pod labels | `{}` | +| `arbiter.podAnnotations` | Arbiter Pod annotations | `{}` | +| `arbiter.priorityClassName` | Name of the existing priority class to be used by Arbiter pod(s) | `""` | +| `arbiter.runtimeClassName` | Name of the runtime class to be used by Arbiter pod(s) | `""` | +| `arbiter.podSecurityContext.enabled` | Enable Arbiter pod(s)' Security Context | `true` | +| `arbiter.podSecurityContext.fsGroup` | Group ID for the volumes of the Arbiter pod(s) | `1001` | +| `arbiter.podSecurityContext.sysctls` | sysctl settings of the Arbiter pod(s)' | `[]` | +| `arbiter.containerSecurityContext.enabled` | Enable Arbiter container(s)' Security Context | `true` | +| `arbiter.containerSecurityContext.runAsUser` | User ID for the Arbiter container | `1001` | +| `arbiter.containerSecurityContext.runAsNonRoot` | Set Arbiter containers' Security Context runAsNonRoot | `true` | +| `arbiter.resources.limits` | The resources limits for Arbiter containers | `{}` | +| `arbiter.resources.requests` | The requested resources for Arbiter containers | `{}` | +| `arbiter.containerPorts.mongodb` | MongoDB(®) arbiter container port | `27017` | +| `arbiter.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `arbiter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `arbiter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `arbiter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `arbiter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `arbiter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `arbiter.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `arbiter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `arbiter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | +| `arbiter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | +| `arbiter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `arbiter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `arbiter.startupProbe.enabled` | Enable startupProbe | `false` | +| `arbiter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `arbiter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `arbiter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `arbiter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `arbiter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `arbiter.customLivenessProbe` | Override default liveness probe for Arbiter containers | `{}` | +| `arbiter.customReadinessProbe` | Override default readiness probe for Arbiter containers | `{}` | +| `arbiter.customStartupProbe` | Override default startup probe for Arbiter containers | `{}` | +| `arbiter.initContainers` | Add additional init containers for the Arbiter pod(s) | `[]` | +| `arbiter.sidecars` | Add additional sidecar containers for the Arbiter pod(s) | `[]` | +| `arbiter.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Arbiter container(s) | `[]` | +| `arbiter.extraVolumes` | Optionally specify extra list of additional volumes to the Arbiter statefulset | `[]` | +| `arbiter.pdb.create` | Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) | `false` | +| `arbiter.pdb.minAvailable` | Minimum number/percentage of Arbiter pods that should remain scheduled | `1` | +| `arbiter.pdb.maxUnavailable` | Maximum number/percentage of Arbiter pods that may be made unavailable | `""` | +| `arbiter.service.nameOverride` | The arbiter service name | `""` | +| `arbiter.service.ports.mongodb` | MongoDB(®) service port | `27017` | +| `arbiter.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `arbiter.service.annotations` | Provide any additional annotations that may be required | `{}` | + + +### Hidden Node parameters + +| Name | Description | Value | +| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------- | +| `hidden.enabled` | Enable deploying the hidden nodes | `false` | +| `hidden.hostAliases` | Add deployment host aliases | `[]` | +| `hidden.configuration` | Hidden node configuration file to be used | `""` | +| `hidden.existingConfigmap` | Name of existing ConfigMap with Hidden node configuration | `""` | +| `hidden.command` | Override default container command (useful when using custom images) | `[]` | +| `hidden.args` | Override default container args (useful when using custom images) | `[]` | +| `hidden.extraFlags` | Hidden node additional command line flags | `[]` | +| `hidden.extraEnvVars` | Extra environment variables to add to Hidden node pods | `[]` | +| `hidden.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `hidden.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | +| `hidden.annotations` | Additional labels to be added to thehidden node statefulset | `{}` | +| `hidden.labels` | Annotations to be added to the hidden node statefulset | `{}` | +| `hidden.topologySpreadConstraints` | MongoDB(®) Spread Constraints for hidden Pods | `[]` | +| `hidden.lifecycleHooks` | LifecycleHook for the Hidden container to automate configuration before or after startup | `{}` | +| `hidden.replicaCount` | Number of hidden nodes (only when `architecture=replicaset`) | `1` | +| `hidden.terminationGracePeriodSeconds` | Hidden Termination Grace Period | `""` | +| `hidden.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | +| `hidden.podManagementPolicy` | Pod management policy for hidden node | `OrderedReady` | +| `hidden.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `hidden.podAffinityPreset` | Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `hidden.podAntiAffinityPreset` | Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `hidden.nodeAffinityPreset.type` | Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `hidden.nodeAffinityPreset.key` | Hidden Node label key to match Ignored if `affinity` is set. | `""` | +| `hidden.nodeAffinityPreset.values` | Hidden Node label values to match. Ignored if `affinity` is set. | `[]` | +| `hidden.affinity` | Hidden node Affinity for pod assignment | `{}` | +| `hidden.nodeSelector` | Hidden node Node labels for pod assignment | `{}` | +| `hidden.tolerations` | Hidden node Tolerations for pod assignment | `[]` | +| `hidden.podLabels` | Hidden node pod labels | `{}` | +| `hidden.podAnnotations` | Hidden node Pod annotations | `{}` | +| `hidden.priorityClassName` | Name of the existing priority class to be used by hidden node pod(s) | `""` | +| `hidden.runtimeClassName` | Name of the runtime class to be used by hidden node pod(s) | `""` | +| `hidden.podSecurityContext.enabled` | Enable Hidden pod(s)' Security Context | `true` | +| `hidden.podSecurityContext.fsGroup` | Group ID for the volumes of the Hidden pod(s) | `1001` | +| `hidden.podSecurityContext.sysctls` | sysctl settings of the Hidden pod(s)' | `[]` | +| `hidden.containerSecurityContext.enabled` | Enable Hidden container(s)' Security Context | `true` | +| `hidden.containerSecurityContext.runAsUser` | User ID for the Hidden container | `1001` | +| `hidden.containerSecurityContext.runAsNonRoot` | Set Hidden containers' Security Context runAsNonRoot | `true` | +| `hidden.resources.limits` | The resources limits for hidden node containers | `{}` | +| `hidden.resources.requests` | The requested resources for hidden node containers | `{}` | +| `hidden.containerPorts.mongodb` | MongoDB(®) hidden container port | `27017` | +| `hidden.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `hidden.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `hidden.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `hidden.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `hidden.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `hidden.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `hidden.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `hidden.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `hidden.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | +| `hidden.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | +| `hidden.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `hidden.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `hidden.startupProbe.enabled` | Enable startupProbe | `false` | +| `hidden.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `hidden.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `hidden.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `hidden.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `hidden.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `hidden.customLivenessProbe` | Override default liveness probe for hidden node containers | `{}` | +| `hidden.customReadinessProbe` | Override default readiness probe for hidden node containers | `{}` | +| `hidden.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `hidden.initContainers` | Add init containers to the MongoDB(®) Hidden pods. | `[]` | +| `hidden.sidecars` | Add additional sidecar containers for the hidden node pod(s) | `[]` | +| `hidden.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the hidden node container(s) | `[]` | +| `hidden.extraVolumes` | Optionally specify extra list of additional volumes to the hidden node statefulset | `[]` | +| `hidden.pdb.create` | Enable/disable a Pod Disruption Budget creation for hidden node pod(s) | `false` | +| `hidden.pdb.minAvailable` | Minimum number/percentage of hidden node pods that should remain scheduled | `1` | +| `hidden.pdb.maxUnavailable` | Maximum number/percentage of hidden node pods that may be made unavailable | `""` | +| `hidden.persistence.enabled` | Enable hidden node data persistence using PVC | `true` | +| `hidden.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `hidden.persistence.storageClass` | PVC Storage Class for hidden node data volume | `""` | +| `hidden.persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | +| `hidden.persistence.size` | PVC Storage Request for hidden node data volume | `8Gi` | +| `hidden.persistence.annotations` | PVC annotations | `{}` | +| `hidden.persistence.mountPath` | The path the volume will be mounted at, useful when using different MongoDB(®) images. | `/drycc/mongodb` | +| `hidden.persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments | `""` | +| `hidden.persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | +| `hidden.persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | +| `hidden.persistence.volumeClaimTemplates.dataSource` | Set volumeClaimTemplate dataSource | `{}` | +| `hidden.service.portName` | MongoDB(®) service port name | `mongodb` | +| `hidden.service.ports.mongodb` | MongoDB(®) service port | `27017` | +| `hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `hidden.service.annotations` | Provide any additional annotations that may be required | `{}` | + + +### Metrics parameters + +| Name | Description | Value | +| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `metrics.enabled` | Enable using a sidecar Prometheus exporter | `false` | +| `metrics.image.registry` | MongoDB(®) Prometheus exporter image registry | `docker.io` | +| `metrics.image.repository` | MongoDB(®) Prometheus exporter image repository | `drycc/mongodb-exporter` | +| `metrics.image.tag` | MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) | `0.34.0-debian-11-r19` | +| `metrics.image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | MongoDB(®) Prometheus exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.username` | String with username for the metrics exporter | `""` | +| `metrics.password` | String with password for the metrics exporter | `""` | +| `metrics.extraFlags` | String with extra flags to the metrics exporter | `""` | +| `metrics.command` | Override default container command (useful when using custom images) | `[]` | +| `metrics.args` | Override default container args (useful when using custom images) | `[]` | +| `metrics.resources.limits` | The resources limits for Prometheus exporter containers | `{}` | +| `metrics.resources.requests` | The requested resources for Prometheus exporter containers | `{}` | +| `metrics.containerPort` | Port of the Prometheus metrics container | `9216` | +| `metrics.service.annotations` | Annotations for Prometheus Exporter pods. Evaluated as a template. | `{}` | +| `metrics.service.type` | Type of the Prometheus metrics service | `ClusterIP` | +| `metrics.service.ports.metrics` | Port of the Prometheus metrics service | `9216` | +| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.startupProbe.enabled` | Enable startupProbe | `false` | +| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `metrics.customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | +| `metrics.customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | +| `metrics.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricsRelabelConfigs to apply to samples before ingestion. | `[]` | +| `metrics.serviceMonitor.labels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | Namespace where prometheusRules resource should be created | `""` | +| `metrics.prometheusRule.rules` | Rules to be created, check values for an example | `[]` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set auth.rootPassword=secretpassword,auth.username=my-user,auth.password=my-password,auth.database=my-database \ + my-repo/mongodb +``` + +The above command sets the MongoDB(®) `root` account password to `secretpassword`. Additionally, it creates a standard database user named `my-user`, with the password `my-password`, who has access to a database named `my-database`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install my-release -f values.yaml my-repo/mongodb +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling vs Immutable tags](https://docs.drycc.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Drycc will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Customize a new MongoDB instance + +The [Drycc MongoDB(®) image](https://github.com/drycc/containers/tree/main/drycc/mongodb) supports the use of custom scripts to initialize a fresh instance. In order to execute the scripts, two options are available: + +* Specify them using the `initdbScripts` parameter as dict. +* Define an external Kubernetes ConfigMap with all the initialization scripts by setting the `initdbScriptsConfigMap` parameter. Note that this will override the previous option. + +The allowed script extensions are `.sh` and `.js`. + +### Replicaset: Access MongoDB(®) nodes from outside the cluster + +In order to access MongoDB(®) nodes from outside the cluster when using a replicaset architecture, a specific service per MongoDB(®) pod will be created. There are two ways of configuring external access: + +- Using LoadBalancer services +- Using NodePort services. + +Refer to the [chart documentation for more details and configuration examples](https://docs.drycc.com/kubernetes/infrastructure/mongodb/configuration/configure-external-access-replicaset/). + +### Add extra environment variables + +To add extra environment variables (useful for advanced operations like custom init scripts), use the `extraEnvVars` property. + +```yaml +extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` properties. + +### Use Sidecars and Init Containers + +If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. + +Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.drycc.com/kubernetes/infrastructure/mongodb/configuration/configure-sidecar-init-containers/). + +## Persistence + +The [Drycc MongoDB(®)](https://github.com/drycc/containers/tree/main/drycc/mongodb) image stores the MongoDB(®) data and configurations at the `/drycc/mongodb` path of the container. + +The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. + +If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.drycc.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). + +## Use custom Prometheus rules + +Custom Prometheus rules can be defined for the Prometheus Operator by using the `prometheusRule` parameter. + +Refer to the [chart documentation for an example of a custom rule](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/use-prometheus-rules/). + +## Enable SSL/TLS + +This chart supports enabling SSL/TLS between nodes in the cluster, as well as between MongoDB(®) clients and nodes, by setting the `MONGODB_EXTRA_FLAGS` and `MONGODB_CLIENT_EXTRA_FLAGS` container environment variables, together with the correct `MONGODB_ADVERTISED_HOSTNAME`. To enable full TLS encryption, set the `tls.enabled` parameter to `true`. + +Refer to the [chart documentation for more information on enabling TLS](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/enable-tls/). + +### Set Pod affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [drycc/common](https://github.com/drycc/charts/tree/master/drycc/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Drycc's Helm charts in [this troubleshooting guide](https://docs.drycc.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +If authentication is enabled, it's necessary to set the `auth.rootPassword` (also `auth.replicaSetKey` when using a replicaset architecture) when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Credentials' section. Please note down the password, and run the command below to upgrade your chart: + +```bash +$ helm upgrade my-release my-repo/mongodb --set auth.rootPassword=[PASSWORD] (--set auth.replicaSetKey=[REPLICASETKEY]) +``` + +> Note: you need to substitute the placeholders [PASSWORD] and [REPLICASETKEY] with the values obtained in the installation notes. + +### To 12.0.0 + +This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Drycc charts repository. + +Affected values: + +- `strategyType` is replaced by `updateStrategy` +- `service.port` is renamed to `service.ports.mongodb` +- `service.nodePort` is renamed to `service.nodePorts.mongodb` +- `externalAccess.service.port` is renamed to `externalAccess.hidden.service.ports.mongodb` +- `rbac.role.rules` is renamed to `rbac.rules` +- `externalAccess.hidden.service.port` is renamed ot `externalAccess.hidden.service.ports.mongodb` +- `hidden.strategyType` is replaced by `hidden.updateStrategy` +- `metrics.serviceMonitor.relabellings` is renamed to `metrics.serviceMonitor.relabelings`(typo fixed) +- `metrics.serviceMonitor.additionalLabels` is renamed to `metrics.serviceMonitor.labels` + +Additionally also updates the MongoDB image dependency to it newest major, 5.0 + +### To 11.0.0 + +In this version, the mongodb-exporter bundled as part of this Helm chart was updated to a new version which, even it is not a major change, can contain breaking changes (from `0.11.X` to `0.30.X`). +Please visit the release notes from the upstream project at https://github.com/percona/mongodb_exporter/releases + +### To 10.0.0 + +[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +[Learn more about this change and related upgrade considerations](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/upgrade-helm3/). + +### To 9.0.0 + +MongoDB(®) container images were updated to `4.4.x` and it can affect compatibility with older versions of MongoDB(®). Refer to the following guides to upgrade your applications: + +- [Standalone](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-standalone/) +- [Replica Set](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-replica-set/) + +### To 8.0.0 + +- Architecture used to configure MongoDB(®) as a replicaset was completely refactored. Now, both primary and secondary nodes are part of the same statefulset. +- Chart labels were adapted to follow the Helm charts best practices. +- This version introduces `drycc/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/drycc/charts/tree/master/drycc/common#drycc-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. +- Several parameters were renamed or disappeared in favor of new ones on this major version. These are the most important ones: + - `replicas` is renamed to `replicaCount`. + - Authentication parameters are reorganized under the `auth.*` parameter: + - `usePassword` is renamed to `auth.enabled`. + - `mongodbRootPassword`, `mongodbUsername`, `mongodbPassword`, `mongodbDatabase`, and `replicaSet.key` are now `auth.rootPassword`, `auth.username`, `auth.password`, `auth.database`, and `auth.replicaSetKey` respectively. + - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. + - Parameters prefixed with `mongodb` are renamed removing the prefix. E.g. `mongodbEnableIPv6` is renamed to `enableIPv6`. + - Parameters affecting Arbiter nodes are reorganized under the `arbiter.*` parameter. + +Consequences: + +- Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MongoDB(®) chart, and migrate your data by creating a backup of the database, and restoring it on the new release. + +### To 7.0.0 + +From this version, the way of setting the ingress rules has changed. Instead of using `ingress.paths` and `ingress.hosts` as separate objects, you should now define the rules as objects inside the `ingress.hosts` value, for example: + +```yaml +ingress: + hosts: + - name: mongodb.local + path: / +``` + +### To 6.0.0 + +From this version, `mongodbEnableIPv6` is set to `false` by default in order to work properly in most k8s clusters, if you want to use IPv6 support, you need to set this variable to `true` by adding `--set mongodbEnableIPv6=true` to your `helm` command. +You can find more information in the [`drycc/mongodb` image README](https://github.com/drycc/containers/tree/main/drycc/mongodb#readme). + +### To 5.0.0 + +When enabling replicaset configuration, backwards compatibility is not guaranteed unless you modify the labels used on the chart's statefulsets. +Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is `my-release`: + +```console +$ kubectl delete statefulset my-release-mongodb-arbiter my-release-mongodb-primary my-release-mongodb-secondary --cascade=false +``` + +### Add extra deployment options + +To add extra deployments (useful for advanced features like sidecars), use the `extraDeploy` property. + +In the example below, you can find how to use a example here for a [MongoDB replica set pod labeler sidecar](https://github.com/combor/k8s-mongo-labeler-sidecar) to identify the primary pod and dynamically label it as the primary node: + +```yaml +extraDeploy: + - apiVersion: v1 + kind: Service + metadata: + name: mongodb-primary + namespace: default + labels: + app.kubernetes.io/component: mongodb + app.kubernetes.io/instance: mongodb + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: mongodb + spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - name: mongodb-primary + port: 30001 + nodePort: 30001 + protocol: TCP + targetPort: mongodb + selector: + app.kubernetes.io/component: mongodb + app.kubernetes.io/instance: mongodb + app.kubernetes.io/name: mongodb + primary: "true" +``` + +## License + +Copyright © 2022 Drycc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt b/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt new file mode 100644 index 00000000..2bb79222 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt @@ -0,0 +1,202 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + +{{- else }} + +{{- $replicaCount := int .Values.replicaCount }} +{{- $portNumber := int .Values.service.ports.mongodb }} +{{- $fullname := include "mongodb.fullname" . }} +{{- $releaseNamespace := include "mongodb.namespace" . }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- $mongoList := list }} +{{- range $e, $i := until $replicaCount }} +{{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} +{{- end }} + +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer") }} + +#################################################################################### +### ERROR: You enabled external access to MongoDB® nodes without specifying ### +### the array of load balancer IPs for MongoDB® nodes. ### +#################################################################################### + +This deployment will be incomplete until you configure the array of load balancer +IPs for MongoDB® nodes. To complete your deployment follow the steps below: + +1. Wait for the load balancer IPs (it may take a few minutes for them to be available): + + kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb" -w + +2. Obtain the load balancer IPs and upgrade your chart: + + {{- range $e, $i := until $replicaCount }} + LOAD_BALANCER_IP_{{ add $i 1 }}="$(kubectl get svc --namespace {{ $releaseNamespace }} {{ $fullname }}-{{ $i }}-external -o jsonpath='{.status.loadBalancer.ingress[0].ip}')" + {{- end }} + +3. Upgrade you chart: + + helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} my-repo/{{ .Chart.Name }} \ + --set mongodb.replicaCount={{ $replicaCount }} \ + --set mongodb.externalAccess.enabled=true \ + {{- range $i, $e := until $replicaCount }} + --set mongodb.externalAccess.service.loadBalancerIPs[{{ $i }}]=$LOAD_BALANCER_IP_{{ add $i 1 }} \ + {{- end }} + --set mongodb.externalAccess.service.type=LoadBalancer + +{{- else }} + +{{- if and (or (and (eq .Values.architecture "standalone") (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort"))) (and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled)) (not .Values.auth.enabled) }} +------------------------------------------------------------------------------- + WARNING + + By not enabling "mongodb.auth.enabled" you have most likely exposed the + MongoDB® service externally without any authentication mechanism. + + For security reasons, we strongly suggest that you enable authentiation + setting the "mongodb.auth.enabled" parameter to "true". + +------------------------------------------------------------------------------- +{{- end }} + +** Please be patient while the chart is being deployed ** + +MongoDB® can be accessed on the following DNS name(s) and ports from within your cluster: + +{{- if eq .Values.architecture "replicaset" }} +{{ join "\n" $mongoList | nindent 4 }} +{{- else }} + + {{ $fullname }}.{{ $releaseNamespace }}.svc.{{ .Values.clusterDomain }} + +{{- end }} + +{{- if .Values.auth.enabled }} + +To get the root password run: + + export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.secretName" . }} -o jsonpath="{.data.mongodb-root-password}" | base64 -d) + +{{- end }} +{{- $customUsers := include "mongodb.customUsers" . -}} +{{- $customDatabases := include "mongodb.customDatabases" . -}} +{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} +{{- $customUsersList := splitList "," $customUsers }} +{{- range $index, $user := $customUsersList }} + +To get the password for "{{ $user }}" run: + + export MONGODB_PASSWORD=$(kubectl get secret --namespace {{ include "mongodb.namespace" $ }} {{ include "mongodb.secretName" $ }} -o jsonpath="{.data.mongodb-passwords}" | base64 -d | awk -F',' '{print ${{ add 1 $index }}}') + +{{- end }} +{{- end }} + +To connect to your database, create a MongoDB® client container: + + kubectl run --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }}-client --rm --tty -i --restart='Never' --env="MONGODB_ROOT_PASSWORD=$MONGODB_ROOT_PASSWORD" --image {{ template "mongodb.image" . }} --command -- bash + +Then, run the following command: + + {{- if eq .Values.architecture "replicaset" }} + mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} + {{- else }} + mongosh admin --host "{{ template "mongodb.fullname" . }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} + {{- end }} + +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }} + +To connect to your database nodes from outside, you need to add both primary and secondary nodes hostnames/IPs to your Mongo client. To obtain them, follow the instructions below: + +{{- if eq "NodePort" .Values.externalAccess.service.type }} +{{- if .Values.externalAccess.service.domain }} + + MongoDB® nodes domain: Use your provided hostname to reach MongoDB® nodes, {{ .Values.externalAccess.service.domain }} + +{{- else }} + + MongoDB® nodes domain: you can reach MongoDB® nodes on any of the K8s nodes external IPs. + + kubectl get nodes -o wide + +{{- end }} + + MongoDB® nodes port: You will have a different node port for each MongoDB® node. You can get the list of configured node ports using the command below: + + echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].spec.ports[0].nodePort}' | tr ' ' '\n')" + +{{- else if contains "LoadBalancer" .Values.externalAccess.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IPs to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -w' + + MongoDB® nodes domain: You will have a different external IP for each MongoDB® node. You can get the list of external IPs using the command below: + + echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}' | tr ' ' '\n')" + + MongoDB® nodes port: {{ .Values.externalAccess.service.ports.mongodb }} + +{{- end }} + +{{- else if eq .Values.architecture "standalone" }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "mongodb.fullname" . }}) + mongo --host $NODE_IP --port $NODE_PORT {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ template "mongodb.namespace" . }} -w {{ template "mongodb.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + mongosh --host $SERVICE_IP --port {{ $portNumber }} {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ template "mongodb.namespace" . }} svc/{{ template "mongodb.fullname" . }} {{ $portNumber }}:{{ $portNumber }} & + mongosh --host 127.0.0.1 {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- end }} +{{- end }} +{{- end }} + +{{- if .Values.metrics.enabled }} + +To access the MongoDB® Prometheus metrics, get the MongoDB® Prometheus URL by running: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "mongodb.fullname" . }}-metrics {{ .Values.metrics.service.ports.metrics }}:{{ .Values.metrics.service.ports.metrics }} & + echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.metrics.service.ports.metrics }}/metrics" + +Then, open the obtained URL in a browser. + +{{- end }} +{{- end }} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "common.warnings.rollingTag" .Values.externalAccess.autoDiscovery.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "common.warnings.rollingTag" .Values.tls.image }} + diff --git a/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl b/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl new file mode 100644 index 00000000..81f6889c --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl @@ -0,0 +1,432 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mongodb.name" -}} +{{- include "common.names.name" . -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mongodb.fullname" -}} +{{- include "common.names.fullname" . -}} +{{- end -}} + +{{/* +Create a default mongo service name which can be overridden. +*/}} +{{- define "mongodb.service.nameOverride" -}} + {{- if and .Values.service .Values.service.nameOverride -}} + {{- print .Values.service.nameOverride -}} + {{- else -}} + {{- printf "%s-headless" (include "mongodb.fullname" .) -}} + {{- end }} +{{- end }} + +{{/* +Create a default mongo arbiter service name which can be overridden. +*/}} +{{- define "mongodb.arbiter.service.nameOverride" -}} + {{- if and .Values.arbiter.service .Values.arbiter.service.nameOverride -}} + {{- print .Values.arbiter.service.nameOverride -}} + {{- else -}} + {{- printf "%s-arbiter-headless" (include "mongodb.fullname" .) -}} + {{- end }} +{{- end }} + +{{/* +Return the proper MongoDB® image name +*/}} +{{- define "mongodb.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the metrics image) +*/}} +{{- define "mongodb.metrics.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "mongodb.volumePermissions.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container auto-discovery image) +*/}} +{{- define "mongodb.externalAccess.autoDiscovery.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the TLS Certs image) +*/}} +{{- define "mongodb.tls.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.tls.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "mongodb.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "mongodb.namespace" -}} + {{- if and .Values.global .Values.global.namespaceOverride -}} + {{- print .Values.global.namespaceOverride -}} + {{- else -}} + {{- print .Release.Namespace -}} + {{- end }} +{{- end -}} +{{- define "mongodb.serviceMonitor.namespace" -}} + {{- if .Values.metrics.serviceMonitor.namespace -}} + {{- print .Values.metrics.serviceMonitor.namespace -}} + {{- else -}} + {{- include "mongodb.namespace" . -}} + {{- end }} +{{- end -}} +{{- define "mongodb.prometheusRule.namespace" -}} + {{- if .Values.metrics.prometheusRule.namespace -}} + {{- print .Values.metrics.prometheusRule.namespace -}} + {{- else -}} + {{- include "mongodb.namespace" . -}} + {{- end }} +{{- end -}} + +{{/* +Returns the proper service account name depending if an explicit service account name is set +in the values file. If the name is not set it will default to either mongodb.fullname if serviceAccount.create +is true or default otherwise. +*/}} +{{- define "mongodb.serviceAccountName" -}} + {{- if .Values.serviceAccount.create -}} + {{- default (include "mongodb.fullname" .) (print .Values.serviceAccount.name) -}} + {{- else -}} + {{- default "default" (print .Values.serviceAccount.name) -}} + {{- end -}} +{{- end -}} + +{{/* +Return the list of custom users to create during the initialization (string format) +*/}} +{{- define "mongodb.customUsers" -}} + {{- $customUsers := list -}} + {{- if .Values.auth.username -}} + {{- $customUsers = append $customUsers .Values.auth.username }} + {{- end }} + {{- range .Values.auth.usernames }} + {{- $customUsers = append $customUsers . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customUsers)) -}} +{{- end -}} + +{{/* +Return the list of passwords for the custom users (string format) +*/}} +{{- define "mongodb.customPasswords" -}} + {{- $customPasswords := list -}} + {{- if .Values.auth.password -}} + {{- $customPasswords = append $customPasswords .Values.auth.password }} + {{- end }} + {{- range .Values.auth.passwords }} + {{- $customPasswords = append $customPasswords . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customPasswords)) -}} +{{- end -}} + +{{/* +Return the list of custom databases to create during the initialization (string format) +*/}} +{{- define "mongodb.customDatabases" -}} + {{- $customDatabases := list -}} + {{- if .Values.auth.database -}} + {{- $customDatabases = append $customDatabases .Values.auth.database }} + {{- end }} + {{- range .Values.auth.databases }} + {{- $customDatabases = append $customDatabases . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customDatabases)) -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration +*/}} +{{- define "mongodb.configmapName" -}} +{{- if .Values.existingConfigmap -}} + {{- printf "%s" (tpl .Values.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® +*/}} +{{- define "mongodb.createConfigmap" -}} +{{- if and .Values.configuration (not .Values.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret with MongoDB® credentials +*/}} +{{- define "mongodb.secretName" -}} + {{- if .Values.auth.existingSecret -}} + {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} + {{- else -}} + {{- printf "%s" (include "mongodb.fullname" .) -}} + {{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for MongoDB® +*/}} +{{- define "mongodb.createSecret" -}} +{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "mongodb.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if the Arbiter should be deployed +*/}} +{{- define "mongodb.arbiter.enabled" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration for the Arbiter +*/}} +{{- define "mongodb.arbiter.configmapName" -}} +{{- if .Values.arbiter.existingConfigmap -}} + {{- printf "%s" (tpl .Values.arbiter.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-arbiter" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® Arbiter +*/}} +{{- define "mongodb.arbiter.createConfigmap" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled .Values.arbiter.configuration (not .Values.arbiter.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if the Hidden should be deployed +*/}} +{{- define "mongodb.hidden.enabled" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.hidden.enabled }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration for the Hidden +*/}} +{{- define "mongodb.hidden.configmapName" -}} +{{- if .Values.hidden.existingConfigmap -}} + {{- printf "%s" (tpl .Values.hidden.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-hidden" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® Hidden +*/}} +{{- define "mongodb.hidden.createConfigmap" -}} +{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.enabled .Values.hidden.configuration (not .Values.hidden.existingConfigmap) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "mongodb.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "mongodb.validateValues.pspAndRBAC" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.architecture" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBs" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBsLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.externalAccessServiceType" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.loadBalancerIPsListLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.nodePortListLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate RBAC is created when using PSP */}} +{{- define "mongodb.validateValues.pspAndRBAC" -}} +{{- if and (.Values.podSecurityPolicy.create) (not .Values.rbac.create) -}} +mongodb: podSecurityPolicy.create, rbac.create + Both podSecurityPolicy.create and rbac.create must be true, if you want + to create podSecurityPolicy +{{- end -}} +{{- end -}} + +{{/* Validate values of MongoDB® - must provide a valid architecture */}} +{{- define "mongodb.validateValues.architecture" -}} +{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replicaset") -}} +mongodb: architecture + Invalid architecture selected. Valid values are "standalone" and + "replicaset". Please set a valid architecture (--set mongodb.architecture="xxxx") +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - both auth.usernames and auth.databases are necessary +to create a custom user and database during 1st initialization +*/}} +{{- define "mongodb.validateValues.customUsersDBs" -}} +{{- $customUsers := include "mongodb.customUsers" . -}} +{{- $customDatabases := include "mongodb.customDatabases" . -}} +{{- if or (and (empty $customUsers) (not (empty $customDatabases))) (and (not (empty $customUsers)) (empty $customDatabases)) }} +mongodb: auth.usernames, auth.databases + Both auth.usernames and auth.databases must be provided to create + custom users and databases during 1st initialization. + Please set both of them (--set auth.usernames[0]="xxxx",auth.databases[0]="yyyy") +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - both auth.usernames and auth.databases arrays should have the same length +to create a custom user and database during 1st initialization +*/}} +{{- define "mongodb.validateValues.customUsersDBsLength" -}} +{{- if ne (len .Values.auth.usernames) (len .Values.auth.databases) }} +mongodb: auth.usernames, auth.databases + Both auth.usernames and auth.databases arrays should have the same length +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - service type for external access +*/}} +{{- define "mongodb.validateValues.externalAccessServiceType" -}} +{{- if and (eq .Values.architecture "replicaset") (not (eq .Values.externalAccess.service.type "NodePort")) (not (eq .Values.externalAccess.service.type "LoadBalancer")) (not (eq .Values.externalAccess.service.type "ClusterIP")) -}} +mongodb: externalAccess.service.type + Available service type for external access are NodePort, LoadBalancer or ClusterIP. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - number of replicas must be the same than LoadBalancer IPs list +*/}} +{{- define "mongodb.validateValues.loadBalancerIPsListLength" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- $loadBalancerListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled ) (eq .Values.externalAccess.service.type "LoadBalancer") (not (eq $replicaCount $loadBalancerListLength )) -}} +mongodb: .Values.externalAccess.service.loadBalancerIPs + Number of replicas and loadBalancerIPs array length must be the same. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - number of replicas must be the same than NodePort list +*/}} +{{- define "mongodb.validateValues.nodePortListLength" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- $nodePortListLength := len .Values.externalAccess.service.nodePorts }} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "NodePort") (not (eq $replicaCount $nodePortListLength )) -}} +mongodb: .Values.externalAccess.service.nodePorts + Number of replicas and nodePorts array length must be the same. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - RBAC should be enabled when autoDiscovery is enabled +*/}} +{{- define "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (not .Values.rbac.create ) }} +mongodb: rbac.create + By specifying "externalAccess.enabled=true" and "externalAccess.autoDiscovery.enabled=true" + an initContainer will be used to autodetect the external IPs/ports by querying the + K8s API. Please note this initContainer requires specific RBAC resources. You can create them + by specifying "--set rbac.create=true". +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® exporter URI string - auth.enabled and/or tls.enabled must be enabled or it defaults +*/}} +{{- define "mongodb.mongodb_exporter.uri" -}} + {{- $uriTlsArgs := ternary "tls=true&tlsCertificateKeyFile=/certs/mongodb.pem&tlsCAFile=/certs/mongodb-ca-cert" "" .Values.tls.enabled -}} + {{- if .Values.metrics.username }} + {{- $uriAuth := ternary "$(echo $MONGODB_METRICS_USERNAME | sed -r \"s/@/%40/g;s/:/%3A/g\"):$(echo $MONGODB_METRICS_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} + {{- printf "mongodb://%slocalhost:27017/admin?%s" $uriAuth $uriTlsArgs -}} + {{- else -}} + {{- $uriAuth := ternary "$MONGODB_ROOT_USER:$(echo $MONGODB_ROOT_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} + {{- printf "mongodb://%slocalhost:27017/admin?%s" $uriAuth $uriTlsArgs -}} + {{- end -}} +{{- end -}} + + +{{/* +Return the appropriate apiGroup for PodSecurityPolicy. +*/}} +{{- define "podSecurityPolicy.apiGroup" -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "policy" -}} +{{- else -}} +{{- print "extensions" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS secret object should be created +*/}} +{{- define "mongodb.createTlsSecret" -}} +{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret containing MongoDB® TLS certificates +*/}} +{{- define "mongodb.tlsSecretName" -}} +{{- $secretName := .Values.tls.existingSecret -}} +{{- if $secretName -}} + {{- printf "%s" (tpl $secretName $) -}} +{{- else -}} + {{- printf "%s-ca" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml new file mode 100644 index 00000000..1aacbd79 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "mongodb.arbiter.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ print "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml new file mode 100644 index 00000000..2bc3658c --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml @@ -0,0 +1,33 @@ +{{- if (include "mongodb.arbiter.enabled" .) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.arbiter.service.nameOverride" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.arbiter.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.arbiter.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-mongodb + port: {{ .Values.arbiter.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.arbiter.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: arbiter +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml new file mode 100644 index 00000000..6402f682 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml @@ -0,0 +1,25 @@ +{{- if and (include "mongodb.arbiter.enabled" .) .Values.arbiter.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.arbiter.pdb.minAvailable }} + minAvailable: {{ .Values.arbiter.pdb.minAvailable }} + {{- end }} + {{- if .Values.arbiter.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.arbiter.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: arbiter +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml new file mode 100644 index 00000000..a54b3575 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml @@ -0,0 +1,279 @@ +{{- if (include "mongodb.arbiter.enabled" .) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.arbiter.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.arbiter.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.arbiter.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + serviceName: {{ include "mongodb.arbiter.service.nameOverride" . }} + podManagementPolicy: {{ .Values.arbiter.podManagementPolicy }} + {{- if .Values.arbiter.updateStrategy }} + updateStrategy: {{- toYaml .Values.arbiter.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: arbiter + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: arbiter + {{- if .Values.arbiter.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.arbiter.createConfigmap" .) .Values.arbiter.podAnnotations }} + annotations: + {{- if (include "mongodb.arbiter.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/arbiter/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.arbiter.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.arbiter.schedulerName }} + schedulerName: {{ .Values.arbiter.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.arbiter.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAffinityPreset "component" "arbiter" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAntiAffinityPreset "component" "arbiter" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.arbiter.nodeAffinityPreset.type "key" .Values.arbiter.nodeAffinityPreset.key "values" .Values.arbiter.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.arbiter.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.priorityClassName }} + priorityClassName: {{ .Values.arbiter.priorityClassName }} + {{- end }} + {{- if .Values.arbiter.runtimeClassName }} + runtimeClassName: {{ .Values.arbiter.runtimeClassName }} + {{- end }} + {{- if .Values.arbiter.podSecurityContext.enabled }} + securityContext: {{- omit .Values.arbiter.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.arbiter.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.arbiter.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if .Values.arbiter.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: generate-client + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.arbiter.service.nameOverride" . }} + {{- end }} + containers: + - name: mongodb-arbiter + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.arbiter.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.arbiter.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.arbiter.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.arbiter.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.arbiter.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.arbiter.service.nameOverride" . }}" + - name: MONGODB_REPLICA_SET_MODE + value: "arbiter" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.%s.$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) (include "mongodb.service.nameOverride" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + - name: MONGODB_PORT_NUMBER + value: {{ .Values.arbiter.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_INITIAL_PRIMARY_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + {{- $extraFlags := .Values.arbiter.extraFlags | join " " -}} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.arbiter.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.arbiter.extraEnvVarsCM .Values.arbiter.extraEnvVarsSecret }} + envFrom: + {{- if .Values.arbiter.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.arbiter.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.arbiter.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.arbiter.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.arbiter.containerPorts.mongodb }} + name: mongodb + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.arbiter.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- if .Values.arbiter.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.readinessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- if .Values.arbiter.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- end }} + {{- if .Values.arbiter.resources }} + resources: {{- toYaml .Values.arbiter.resources | nindent 12 }} + {{- end }} + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumeMounts .Values.tls.enabled }} + volumeMounts: + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.arbiter.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.arbiter.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0555 + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.arbiter.configmapName" . }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if .Values.arbiter.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml b/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml new file mode 100644 index 00000000..cb70b52f --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml @@ -0,0 +1,104 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + startup-probe.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true$' + readiness-probe.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + # Run the proper check depending on the version + [[ $(mongod -version | grep "db version") =~ ([0-9]+\.[0-9]+\.[0-9]+) ]] && VERSION=${BASH_REMATCH[1]} + . /opt/drycc/scripts/libversion.sh + VERSION_MAJOR="$(get_sematic_version "$VERSION" 1)" + VERSION_MINOR="$(get_sematic_version "$VERSION" 2)" + VERSION_PATCH="$(get_sematic_version "$VERSION" 3)" + if [[ ( "$VERSION_MAJOR" -ge 5 ) || ( "$VERSION_MAJOR" -ge 4 && "$VERSION_MINOR" -ge 4 && "$VERSION_PATCH" -ge 2 ) ]]; then + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true$' + else + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.isMaster().ismaster || db.isMaster().secondary' | grep -q 'true$' + fi + ping-mongodb.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval "db.adminCommand('ping')" + {{- if .Values.tls.enabled }} + generate-certs.sh: | + #!/bin/bash + additional_ips=() + additional_names=() + while getopts "i:n:s:" flag + do + case "${flag}" in + i) read -a additional_ips <<< ${OPTARG//,/ } ;; + n) read -a additional_names <<< ${OPTARG//,/ } ;; + s) svc=${OPTARG// /} ;; + \?) exit 1 ;; + esac + done + + my_hostname=$(hostname) + cp /certs/CAs/* /certs/ + cat >/certs/openssl.cnf <>/certs/openssl.cnf <>/certs/openssl.cnf < /certs/mongodb.pem + cd /certs/ + shopt -s extglob + rm -rf !(mongodb-ca-cert|mongodb.pem|CAs|openssl.cnf) + chmod 0600 mongodb-ca-cert mongodb.pem + {{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml new file mode 100644 index 00000000..76608c4e --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "mongodb.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml b/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml new file mode 100644 index 00000000..9ac65f9e --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml new file mode 100644 index 00000000..d7271f05 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml @@ -0,0 +1,15 @@ +{{- if (include "mongodb.hidden.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml new file mode 100644 index 00000000..d9bbdc8e --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml @@ -0,0 +1,67 @@ +{{- if and (include "mongodb.hidden.enabled" .) .Values.externalAccess.hidden.enabled }} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.hidden.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-hidden-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-hidden-%d-external" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} + {{- if or $root.Values.externalAccess.hidden.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.externalAccess.hidden.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.hidden.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.hidden.service.type }} + {{- if eq $root.Values.externalAccess.hidden.service.type "LoadBalancer" }} + {{- if not (empty $root.Values.externalAccess.hidden.service.loadBalancerIPs) }} + loadBalancerIP: {{ index $root.Values.externalAccess.hidden.service.loadBalancerIPs $i }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + {{- if (or (eq $root.Values.externalAccess.hidden.service.type "LoadBalancer") (eq $root.Values.externalAccess.hidden.service.type "NodePort")) }} + externalTrafficPolicy: {{ $root.Values.externalAccess.hidden.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.sessionAffinity }} + sessionAffinity: {{ $root.Values.externalAccess.hidden.service.sessionAffinity }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.externalAccess.hidden.service.portName | quote }} + port: {{ $root.Values.externalAccess.hidden.service.ports.mongodb }} + {{- if not (empty $root.Values.externalAccess.hidden.service.nodePorts) }} + {{- $nodePort := index $root.Values.externalAccess.hidden.service.nodePorts $i }} + nodePort: {{ $nodePort }} + {{- else }} + nodePort: null + {{- end }} + targetPort: mongodb + {{- if $root.Values.externalAccess.hidden.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: hidden + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml new file mode 100644 index 00000000..725e0256 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml @@ -0,0 +1,34 @@ +{{- if (include "mongodb.hidden.enabled" .) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.hidden.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.hidden.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: {{ .Values.hidden.service.portName | quote }} + port: {{ .Values.hidden.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.hidden.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: hidden +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml new file mode 100644 index 00000000..ce233db3 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml @@ -0,0 +1,22 @@ +{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" . )}} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.hidden.pdb.minAvailable }} + minAvailable: {{ .Values.hidden.pdb.minAvailable }} + {{- end }} + {{- if .Values.hidden.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.hidden.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: hidden +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml new file mode 100644 index 00000000..56ce237b --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml @@ -0,0 +1,533 @@ +{{- if (include "mongodb.hidden.enabled" .) }} +{{- $replicaCount := int .Values.hidden.replicaCount }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.hidden.service.loadBalancerIPs }} +{{- if not (and .Values.externalAccess.hidden.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.hidden.service.type "LoadBalancer")) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.hidden.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.hidden.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + serviceName: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + podManagementPolicy: {{ .Values.hidden.podManagementPolicy }} + replicas: {{ .Values.hidden.replicaCount }} + {{- if .Values.hidden.updateStrategy }} + updateStrategy: {{- toYaml .Values.hidden.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: hidden + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: hidden + {{- if .Values.hidden.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.hidden.createConfigmap" .) .Values.hidden.podAnnotations }} + annotations: + {{- if (include "mongodb.hidden.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/hidden/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.hidden.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hidden.schedulerName }} + schedulerName: {{ .Values.hidden.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.hidden.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAffinityPreset "component" "" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAntiAffinityPreset "component" "" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.hidden.nodeAffinityPreset.type "key" .Values.hidden.nodeAffinityPreset.key "values" .Values.hidden.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.hidden.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.priorityClassName }} + priorityClassName: {{ .Values.hidden.priorityClassName }} + {{- end }} + {{- if .Values.hidden.runtimeClassName }} + runtimeClassName: {{ .Values.hidden.runtimeClassName }} + {{- end }} + {{- if .Values.hidden.podSecurityContext.enabled }} + securityContext: {{- omit .Values.hidden.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.hidden.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.hidden.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.hidden.initContainers (and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled) (and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.hidden.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} + find {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.hidden.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + {{- if .Values.externalAccess.hidden.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.hidden.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: auto-discovery + image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} + imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} + command: + - /scripts/auto-discovery.sh + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SHARED_FILE + value: "/shared/info.txt" + {{- if .Values.externalAccess.autoDiscovery.resources }} + resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: shared + mountPath: /shared + - name: scripts + mountPath: /scripts/auto-discovery.sh + subPath: auto-discovery.sh + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.hidden.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.hidden.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.hidden.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.command "context" $) | nindent 12 }} + {{- else }} + command: + - /scripts/setup-hidden.sh + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.hidden.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.hidden.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: SHARED_FILE + value: "/shared/info.txt" + {{- end }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.service.nameOverride" . }}" + - name: K8S_HIDDEN_NODE_SERVICE_NAME + value: "{{ include "mongodb.fullname" . }}-hidden-headless" + - name: MONGODB_REPLICA_SET_MODE + value: "hidden" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.hidden.enabled) }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_HIDDEN_NODE_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + {{- end }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.hidden.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.hidden.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.hidden.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.hidden.extraEnvVarsCM .Values.hidden.extraEnvVarsSecret }} + envFrom: + {{- if .Values.hidden.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.hidden.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.hidden.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.hidden.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.hidden.containerPorts.mongodb }} + name: mongodb + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.hidden.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.hidden.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.hidden.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.hidden.resources }} + resources: {{- toYaml .Values.hidden.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.hidden.persistence.mountPath }} + subPath: {{ .Values.hidden.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + - name: scripts + mountPath: /scripts/setup-hidden.sh + subPath: setup-hidden.sh + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: shared + mountPath: /shared + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.hidden.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + /bin/mongodb_exporter --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: 9216 + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.hidden.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0555 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.hidden.configmapName" . }} + {{- end }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: shared + emptyDir: {} + {{- end }} + - name: scripts + configMap: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0755 + {{- if .Values.hidden.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.hidden.persistence.enabled }} + - name: datadir + {{- if .Values.hidden.persistence.medium }} + emptyDir: + medium: {{ .Values.hidden.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.hidden.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.hidden.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.hidden.persistence.size | quote }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.requests }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.hidden.persistence "global" .Values.global) }} + {{- end }} +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml new file mode 100644 index 00000000..f3d023ab --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-init-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml new file mode 100644 index 00000000..2a36dfc8 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml @@ -0,0 +1,33 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.metrics.service.type }} + ports: + - port: {{ .Values.metrics.service.ports.metrics }} + targetPort: metrics + protocol: TCP + name: http-metrics + {{- if .Values.metrics.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml new file mode 100644 index 00000000..26149ccb --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml @@ -0,0 +1,44 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.service.type "ClusterIP" }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.service.ports.mongodb }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + ingress: + - {} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml b/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml new file mode 100644 index 00000000..29d2ea46 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.prometheusRule.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "mongodb.fullname" . }} + rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml b/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml new file mode 100644 index 00000000..e9ef023b --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml @@ -0,0 +1,50 @@ +{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- if and $pspAvailable .Values.podSecurityPolicy.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: +{{- if .Values.podSecurityPolicy.spec }} +{{ include "common.tplvalues.render" ( dict "value" .Values.podSecurityPolicy.spec "context" $ ) | nindent 2 }} +{{- else }} + allowPrivilegeEscalation: {{ .Values.podSecurityPolicy.allowPrivilegeEscalation }} + fsGroup: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.podSecurityContext.fsGroup }} + max: {{ .Values.podSecurityContext.fsGroup }} + hostIPC: false + hostNetwork: false + hostPID: false + privileged: {{ .Values.podSecurityPolicy.privileged }} + readOnlyRootFilesystem: false + requiredDropCapabilities: + - ALL + runAsUser: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.containerSecurityContext.runAsUser }} + max: {{ .Values.containerSecurityContext.runAsUser }} + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.containerSecurityContext.runAsUser }} + max: {{ .Values.containerSecurityContext.runAsUser }} + volumes: + - 'configMap' + - 'secret' + - 'emptyDir' + - 'persistentVolumeClaim' +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml new file mode 100644 index 00000000..caa15f36 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml @@ -0,0 +1,32 @@ +{{- if (eq .Values.architecture "replicaset") }} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} +spec: + type: {{ $root.Values.service.type }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.service.portName | quote }} + port: {{ $root.Values.service.ports.mongodb }} + targetPort: mongodb + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml new file mode 100644 index 00000000..f1acd6bf --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml @@ -0,0 +1,67 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not (eq .Values.externalAccess.service.type "ClusterIP")) false}} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d-external" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} + {{- if or $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.externalAccess.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.service.type }} + {{- if eq $root.Values.externalAccess.service.type "LoadBalancer" }} + {{- if not (empty $root.Values.externalAccess.service.loadBalancerIPs) }} + loadBalancerIP: {{ index $root.Values.externalAccess.service.loadBalancerIPs $i }} + {{- end }} + {{- if $root.Values.externalAccess.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + {{- if (or (eq $root.Values.externalAccess.service.type "LoadBalancer") (eq $root.Values.externalAccess.service.type "NodePort")) }} + externalTrafficPolicy: {{ $root.Values.externalAccess.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if $root.Values.externalAccess.service.sessionAffinity }} + sessionAffinity: {{ $root.Values.externalAccess.service.sessionAffinity }} + {{- end }} + {{- if $root.Values.externalAccess.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.externalAccess.service.portName | quote }} + port: {{ $root.Values.externalAccess.service.ports.mongodb }} + {{- if not (empty $root.Values.externalAccess.service.nodePorts) }} + {{- $nodePort := index $root.Values.externalAccess.service.nodePorts $i }} + nodePort: {{ $nodePort }} + {{- else }} + nodePort: null + {{- end }} + targetPort: mongodb + {{- if $root.Values.externalAccess.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml new file mode 100644 index 00000000..78f26ab9 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml @@ -0,0 +1,34 @@ +{{- if eq .Values.architecture "replicaset" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.service.nameOverride" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: {{ .Values.service.portName | quote }} + port: {{ .Values.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml new file mode 100644 index 00000000..a2b6492f --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml @@ -0,0 +1,25 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml new file mode 100644 index 00000000..ed5a8627 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml @@ -0,0 +1,301 @@ +{{- if eq .Values.architecture "replicaset" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- $fullname := include "mongodb.fullname" . }} + {{- $releaseNamespace := include "mongodb.namespace" . }} + {{- if and .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + auto-discovery.sh: |- + #!/bin/bash + + SVC_NAME="${MY_POD_NAME}-external" + + # Auxiliary functions + retry_while() { + local -r cmd="${1:?cmd is missing}" + local -r retries="${2:-12}" + local -r sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<< "$cmd" + for ((i = 1 ; i <= retries ; i+=1 )); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value + } + k8s_svc_lb_ip() { + local namespace=${1:?namespace is missing} + local service=${2:?service is missing} + local service_ip=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].ip}") + local service_hostname=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].hostname}") + + if [[ -n ${service_ip} ]]; then + echo "${service_ip}" + else + echo "${service_hostname}" + fi + } + k8s_svc_lb_ip_ready() { + local namespace=${1:?namespace is missing} + local service=${2:?service is missing} + [[ -n "$(k8s_svc_lb_ip "$namespace" "$service")" ]] + } + # Wait until LoadBalancer IP is ready + retry_while "k8s_svc_lb_ip_ready {{ $releaseNamespace }} $SVC_NAME" || exit 1 + # Obtain LoadBalancer external IP + k8s_svc_lb_ip "{{ $releaseNamespace }}" "$SVC_NAME" | tee "$SHARED_FILE" + {{- end }} + setup.sh: |- + #!/bin/bash + + . /opt/drycc/scripts/mongodb-env.sh + . /opt/drycc/scripts/libfs.sh + . /opt/drycc/scripts/liblog.sh + . /opt/drycc/scripts/libvalidations.sh + + {{- if .Values.externalAccess.enabled }} + {{- if eq .Values.externalAccess.service.type "LoadBalancer" }} + {{- if .Values.externalAccess.autoDiscovery.enabled }} + export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" + {{- else }} + ID="${MY_POD_NAME#"{{ $fullname }}-"}" + export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- end }} + {{- else if eq .Values.externalAccess.service.type "NodePort" }} + ID="${MY_POD_NAME#"{{ $fullname }}-"}" + export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- if .Values.externalAccess.service.domain }} + export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.service.domain }} + {{- else }} + export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP + {{- end }} + {{- end }} + {{- end }} + + {{- if .Values.replicaSetConfigurationSettings.enabled }} + # placed here before root password env is overwritten + # makes no assumption about starting state + # ensures that any stepDown or non-default starting state is handled + /scripts/replicaSetConfigurationSettings.sh & + {{- end }} + + if is_empty_value "$MONGODB_ADVERTISED_PORT_NUMBER"; then + export MONGODB_ADVERTISED_PORT_NUMBER="$MONGODB_PORT_NUMBER" + fi + + info "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME" + info "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER" + + # Check for existing replica set in case there is no data in the PVC + # This is for cases where the PVC is lost or for MongoDB caches without + # persistence + current_primary="" + if is_dir_empty "${MONGODB_DATA_DIR}/db"; then + info "Data dir empty, checking if the replica set already exists" + {{- $replicaCount := int .Values.replicaCount }} + {{- $portNumber := int .Values.service.ports.mongodb }} + {{- $fullname := include "mongodb.fullname" . }} + {{- $releaseNamespace := include "mongodb.namespace" . }} + {{- $clusterDomain := .Values.clusterDomain }} + {{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} + {{- $mongoList := list }} + {{- range $e, $i := until $replicaCount }} + {{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} + {{- end }} + current_primary=$(mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }}{{- if .Values.tls.enabled}} --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert{{- end }} --eval 'db.runCommand("ismaster")' | awk -F\' '/primary/ {print $2}') + + if ! is_empty_value "$current_primary"; then + info "Detected existing primary: ${current_primary}" + fi + fi + + if ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" == "$current_primary" ]]; then + info "Advertised name matches current primary, configuring node as a primary" + export MONGODB_REPLICA_SET_MODE="primary" + elif ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" != "$current_primary" ]]; then + info "Current primary is different from this node. Configuring the node as replica of ${current_primary}" + export MONGODB_REPLICA_SET_MODE="secondary" + export MONGODB_INITIAL_PRIMARY_HOST="${current_primary%:*}" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="${current_primary#*:}" + export MONGODB_SET_SECONDARY_OK="yes" + elif [[ "$MY_POD_NAME" = "{{ $fullname }}-0" ]]; then + info "Pod name matches initial primary pod name, configuring node as a primary" + export MONGODB_REPLICA_SET_MODE="primary" + else + info "Pod name doesn't match initial primary pod name, configuring node as a secondary" + export MONGODB_REPLICA_SET_MODE="secondary" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER" + fi + + if [[ "$MONGODB_REPLICA_SET_MODE" == "secondary" ]]; then + export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER" + export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" + export MONGODB_ROOT_PASSWORD="" + export MONGODB_EXTRA_USERNAMES="" + export MONGODB_EXTRA_DATABASES="" + export MONGODB_EXTRA_PASSWORDS="" + export MONGODB_ROOT_PASSWORD_FILE="" + export MONGODB_EXTRA_USERNAMES_FILE="" + export MONGODB_EXTRA_DATABASES_FILE="" + export MONGODB_EXTRA_PASSWORDS_FILE="" + fi + + exec /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + setup-hidden.sh: |- + #!/bin/bash + + . /opt/drycc/scripts/mongodb-env.sh + + {{- if .Values.externalAccess.hidden.enabled }} + {{- if eq .Values.externalAccess.hidden.service.type "LoadBalancer" }} + {{- if .Values.externalAccess.autoDiscovery.enabled }} + export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" + {{- else }} + ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}" + export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.hidden.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- end }} + {{- else if eq .Values.externalAccess.hidden.service.type "NodePort" }} + ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}" + export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.hidden.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- if .Values.externalAccess.hidden.service.domain }} + export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.hidden.service.domain }} + {{- else }} + export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP + {{- end }} + {{- end }} + {{- end }} + + {{- if .Values.replicaSetConfigurationSettings.enabled }} + # placed here before root password env is overwritten + # makes no assumption about starting state + # ensures that any stepDown or non-default starting state is handled + /scripts/replicaSetConfigurationSettings.sh & + {{- end }} + + echo "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME" + echo "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER" + echo "Configuring node as a hidden node" + export MONGODB_REPLICA_SET_MODE="hidden" + export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER" + export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER" + export MONGODB_ROOT_PASSWORD="" + export MONGODB_EXTRA_USERNAMES="" + export MONGODB_EXTRA_DATABASES="" + export MONGODB_EXTRA_PASSWORDS="" + export MONGODB_ROOT_PASSWORD_FILE="" + export MONGODB_EXTRA_USERNAMES_FILE="" + export MONGODB_EXTRA_DATABASES_FILE="" + export MONGODB_EXTRA_PASSWORDS_FILE="" + exec /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + {{- if .Values.replicaSetConfigurationSettings.enabled }} + replicaSetConfigurationSettings.sh: |- + #!/bin/bash + # This script to be called when pod starts. + # This script sets rs settings which can not be applied via conf file + + function logger () + #$1 is the line to be logged + { + echo "replicaSetConfigurationSettings.sh -- ${1}" >&1 + } + + SLEEP_PERIOD=10 + + {{- if and .Values.auth.enabled .Values.auth.rootPassword }} + usernameAndPassword="-u root -p ${MONGODB_ROOT_PASSWORD}" + {{- else }} + usernameAndPassword="" + {{- end }} + + # load Values.replicaSetConfigurationSettings.configuration into associtive array which makes iterating and string manipulation easy + declare -A desiredRsConf + {{ range $setting, $value := .Values.replicaSetConfigurationSettings.configuration -}} + {{ printf "desiredRsConf[%s]='%v'" $setting $value }} + {{ end }} + + rsConfWriteAttempts=0 + rs_conf_configured_ok=unknown + + while [[ "${rs_conf_configured_ok}" != "true" ]]; do + + # give the rs setup a chance to succeed before attempting to read or configure + sleep ${SLEEP_PERIOD} + + counter=0 + while ! mongosh ${usernameAndPassword} --eval 'rs.conf()'; do + counter=$((${counter} +1)) + logger "not yet able to read rs.conf settings from the currently running rs (after ${counter} attempts)" + sleep ${SLEEP_PERIOD} + done + counter=$((${counter} +1)) + logger "rs.conf settings have been read from the currently running rs (after ${counter} attempts)" + + # read rs.conf again and store it. settings format is '"" : ,' + currentRsConf=$(mongosh ${usernameAndPassword} --eval 'rs.conf()') + + desiredEqualsactual=unknown + settingsToConfigure="" + for key in ${!desiredRsConf[@]}; do + value=${desiredRsConf[$key]} + if ! $(echo "\"${currentRsConf}"\" | grep -q -e "${key}: ${value},"); then + logger "rs conf setting: ${key} value will be set to: ${value}" + settingsToConfigure="${settingsToConfigure}cfg.settings.${key} = ${value}; " + desiredEqualsactual=false + else + logger "rs conf: ${key} is already at desired value: ${value}" + fi + done + + if [[ "${desiredEqualsactual}" != "false" ]]; then + logger "replicaSetConfigurationSettings match the settings of the currently running rs" + desiredEqualsactual=true + rs_conf_configured_ok=true + logger "Current settings match desired settings (There have been ${rsConfWriteAttempts} attempts to write to mongoDB rs configuration)" + exit + fi + + # apply the settings only if this member is currently the mongo replicaset PRIMARY + # it might take a little time before any pod is PRIMARY + isMaster=unknown + if ! mongosh ${usernameAndPassword} --eval 'rs.isMaster()' | grep -q "ismaster: true"; then + isMaster=false + logger "This node is not yet PRIMARY - replicaSetConfigurationSettings will only be set on the member that is currently PRIMARY" + else + isMaster=true + logger "This node is PRIMARY" + fi + + if [[ "${isMaster}" == "true" ]]; then + logger "This node is currently PRIMARY - will apply rs.conf settings" + + # avoiding tricky string substitution with single quotes by making the eval string a set of vars + rsconf="cfg = rs.conf();" + rsreconf="rs.reconfig(cfg);" + rsCommand="${rsconf} ${settingsToConfigure} ${rsreconf}" + + mongosh ${usernameAndPassword} --eval "${rsCommand}" + if [ $? -ne 0 ]; then + logger "Failed to apply mongodb cfg.settings configuration" + else + logger "mongodb replicaset cfg.settings configuration applied" + logger "Will check rs conf" + # don't exit just yet - the settings will be checked in the next loop + fi + rsConfWriteAttempts=$((${rsConfWriteAttempts} + 1 )) + fi + done + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml new file mode 100644 index 00000000..e7c0ff1c --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml @@ -0,0 +1,543 @@ +{{- if eq .Values.architecture "replicaset" }} +{{- $replicaCount := int .Values.replicaCount }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- if not (and .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer")) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.labels "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + serviceName: {{ include "mongodb.service.nameOverride" . }} + podManagementPolicy: {{ .Values.podManagementPolicy }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: Delete + whenScaled: Delete + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mongodb + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} + annotations: + {{- if (include "mongodb.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: {{ .Values.runtimeClassName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.service.nameOverride" . }} + {{- if .Values.externalAccess.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: auto-discovery + image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} + imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} + command: + - /scripts/auto-discovery.sh + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SHARED_FILE + value: "/shared/info.txt" + {{- if .Values.externalAccess.autoDiscovery.resources }} + resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: shared + mountPath: /shared + - name: scripts + mountPath: /scripts/auto-discovery.sh + subPath: auto-discovery.sh + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- else }} + command: + - /scripts/setup.sh + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: DRYCC_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: SHARED_FILE + value: "/shared/info.txt" + {{- end }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.service.nameOverride" . }}" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.enabled) }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + {{- end }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - name: mongodb + containerPort: {{ .Values.containerPorts.mongodb }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/readiness-probe.sh + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + - name: scripts + mountPath: /scripts/setup.sh + subPath: setup.sh + {{ if .Values.replicaSetConfigurationSettings.enabled }} + - name: scripts + mountPath: /scripts/replicaSetConfigurationSettings.sh + subPath: replicaSetConfigurationSettings.sh + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: shared + mountPath: /shared + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPort }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0550 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.configmapName" . }} + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: shared + emptyDir: {} + {{- end }} + - name: scripts + configMap: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0755 + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: datadir + {{- if .Values.persistence.medium }} + emptyDir: + medium: {{ .Values.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.volumeClaimTemplates.requests }} + {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.persistence.volumeClaimTemplates.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- end }} +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml new file mode 100644 index 00000000..55c56b87 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml @@ -0,0 +1,43 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }} + +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or $root.Values.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.service.type }} + ports: + - name: {{ $root.Values.service.portName | quote }} + port: {{ $root.Values.service.ports.mongodb }} + targetPort: mongodb + {{- if $root.Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/role.yaml b/addons/mongodb/7.0/chart/mongodb/templates/role.yaml new file mode 100644 index 00000000..56300431 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +{{- if .Values.rbac.rules }} +{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} +{{- end -}} +{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- if and $pspAvailable .Values.podSecurityPolicy.create }} + - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ include "mongodb.fullname" . }}] +{{- end -}} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml b/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml new file mode 100644 index 00000000..8950f8bb --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: Role + name: {{ include "mongodb.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "mongodb.serviceAccountName" . }} + namespace: {{ include "mongodb.namespace" . | quote }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml b/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml new file mode 100644 index 00000000..1c4e76ff --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml @@ -0,0 +1,37 @@ +{{- if (include "mongodb.createTlsSecret" .) }} +{{- $fullname := include "mongodb.fullname" . }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $cn := printf "%s.%s.svc.%s" $fullname .Release.Namespace $clusterDomain }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "mongodb.tlsSecretName" . }} + namespace: {{ template "mongodb.namespace" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if or .Values.tls.caCert .Values.tls.caKey (not .Values.tls.autoGenerated) }} + {{- $ca := buildCustomCert (required "A valid .Values.tls.caCert is required!" .Values.tls.caCert) (required "A valid .Values.tls.caKey is required!" .Values.tls.caKey) }} + {{- $cert := genSignedCert $cn nil nil 3650 $ca }} + {{- $pem := printf "%s%s" $cert.Cert $cert.Key }} + mongodb-ca-cert: {{ b64enc $ca.Cert }} + mongodb-ca-key: {{ b64enc $ca.Key }} + client-pem: {{ b64enc $pem }} + {{- else }} + {{- $ca:= genCA "myMongo-ca" 3650 }} + {{- $cert := genSignedCert $cn nil nil 3650 $ca }} + {{- $pem := printf "%s%s" $cert.Cert $cert.Key }} + mongodb-ca-cert: {{ b64enc $ca.Cert }} + mongodb-ca-key: {{ b64enc $ca.Key }} + client-pem: {{ b64enc $pem }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml b/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml new file mode 100644 index 00000000..acf8c483 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml @@ -0,0 +1,41 @@ +{{- if (include "mongodb.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ template "mongodb.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + mongodb-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-root-password" "providedValues" (list "auth.rootPassword" ) "context" $) }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- $customPasswords := include "mongodb.customPasswords" . -}} + {{- $passwordList := list -}} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) -}} + {{- if not (empty $customPasswords) -}} + {{- $passwordList = $customPasswords -}} + {{- else -}} + {{- $customUsersList := splitList "," $customUsers -}} + {{- $customPasswordsList := list -}} + {{- range $customUsersList -}} + {{- $customPasswordsList = append $customPasswordsList (randAlphaNum 10) -}} + {{- end -}} + {{- $passwordList = (join "," $customPasswordsList) -}} + {{- end }} + mongodb-passwords: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-passwords" "providedValues" (list "mongodbPasswords") "context" (set (deepCopy $) "Values" (dict "mongodbPasswords" $passwordList))) }} + {{- end }} + {{- if .Values.metrics.username }} + mongodb-metrics-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-metrics-password" "providedValues" (list "metrics.password" ) "context" $) }} + {{- end }} + {{- if eq .Values.architecture "replicaset" }} + mongodb-replica-set-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-replica-set-key" "providedValues" (list "auth.replicaSetKey" ) "context" $) }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml b/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml new file mode 100644 index 00000000..f4aa81a5 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml @@ -0,0 +1,23 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mongodb.serviceAccountName" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.serviceAccount.annotations }} + {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +secrets: + - name: {{ template "mongodb.fullname" . }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml b/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml new file mode 100644 index 00000000..0a00f719 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.serviceMonitor.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: metrics + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: metrics + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - "{{ include "mongodb.namespace" . }}" +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml new file mode 100644 index 00000000..ba3b74d2 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml @@ -0,0 +1,474 @@ +{{- if not (eq .Values.architecture "replicaset") }} +apiVersion: {{ if .Values.useStatefulSet }}{{ include "common.capabilities.statefulset.apiVersion" . }}{{- else }}{{ include "common.capabilities.deployment.apiVersion" . }}{{- end }} +kind: {{ if .Values.useStatefulSet }}StatefulSet{{- else }}Deployment{{- end }} +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.useStatefulSet }} + serviceName: {{ include "mongodb.fullname" . }} + {{- end }} + {{- if .Values.updateStrategy}} + {{- if .Values.useStatefulSet }} + updateStrategy: + {{- else }} + strategy: + {{- end }} + {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end}} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mongodb + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} + annotations: + {{- if (include "mongodb.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: {{ .Values.runtimeClassName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.service.nameOverride" . }} + {{- if .Values.externalAccess.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - name: mongodb + containerPort: {{ .Values.containerPorts.mongodb }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/readiness-probe.sh + {{- end }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPort }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0550 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.configmapName" . }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: datadir + {{- if .Values.persistence.medium }} + emptyDir: + medium: {{ .Values.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else if .Values.persistence.existingClaim }} + - name: datadir + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.persistence.existingClaim .) }} + {{- else if not .Values.useStatefulSet }} + - name: datadir + persistentVolumeClaim: + claimName: {{ template "mongodb.fullname" . }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml new file mode 100644 index 00000000..7786de63 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (not (eq .Values.architecture "replicaset")) (not .Values.useStatefulSet) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations .Values.persistence.resourcePolicy }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.resourcePolicy }} + helm.sh/resource-policy: {{ .Values.persistence.resourcePolicy | quote }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml new file mode 100644 index 00000000..44255798 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml @@ -0,0 +1,58 @@ +{{- if not (eq .Values.architecture "replicaset") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.externalIPs }} + externalIPs: {{ toYaml .Values.service.externalIPs | nindent 4 }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + ports: + - name: {{ .Values.service.portName | quote }} + port: {{ .Values.service.ports.mongodb }} + targetPort: mongodb + {{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) .Values.service.nodePorts.mongodb }} + nodePort: {{ .Values.service.nodePorts.mongodb }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/values.schema.json b/addons/mongodb/7.0/chart/mongodb/values.schema.json new file mode 100644 index 00000000..be8e54b4 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/values.schema.json @@ -0,0 +1,173 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "architecture": { + "type": "string", + "title": "MongoDB® architecture", + "form": true, + "description": "Allowed values: `standalone` or `replicaset`" + }, + "auth": { + "type": "object", + "title": "Authentication configuration", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Authentication", + "form": true + }, + "rootUser": { + "type": "string", + "title": "MongoDB® admin user", + "form": true, + "description": "Name of the admin user. Default is root" + }, + "rootPassword": { + "type": "string", + "title": "MongoDB® admin password", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": false, + "path": "auth/enabled" + } + }, + "database": { + "type": "string", + "title": "MongoDB® custom database", + "description": "Name of the custom database to be created during the 1st initialization of MongoDB®", + "form": true + }, + "username": { + "type": "string", + "title": "MongoDB® custom user", + "description": "Name of the custom user to be created during the 1st initialization of MongoDB®. This user only has permissions on the MongoDB® custom database", + "form": true + }, + "password": { + "type": "string", + "title": "Password for MongoDB® custom user", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": false, + "path": "auth/enabled" + } + }, + "replicaSetKey": { + "type": "string", + "title": "Key used for replica set authentication", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "replicaCount": { + "type": "integer", + "form": true, + "title": "Number of MongoDB® replicas", + "hidden": { + "value": "standalone", + "path": "architecture" + } + }, + "configuration": { + "type": "string", + "title": "MongoDB® Custom Configuration", + "form": true, + "render": "textArea" + }, + "arbiter": { + "type": "object", + "title": "Arbiter configuration", + "form": true, + "properties": { + "configuration": { + "type": "string", + "title": "Arbiter Custom Configuration", + "form": true, + "render": "textArea", + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "persistence": { + "type": "object", + "title": "Persistence configuration", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable persistence", + "description": "Enable persistence using Persistent Volume Claims" + }, + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi", + "hidden": { + "value": false, + "path": "persistence/enabled" + } + } + } + }, + "volumePermissions": { + "type": "object", + "hidden": { + "value": false, + "path": "persistence/enabled" + }, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" + } + } + }, + "metrics": { + "type": "object", + "form": true, + "title": "Prometheus metrics details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus metrics exporter", + "description": "Create a side-car container to expose Prometheus metrics", + "form": true + }, + "serviceMonitor": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus Operator ServiceMonitor", + "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", + "form": true, + "hidden": { + "value": false, + "path": "metrics/enabled" + } + } + } + } + } + } + } +} diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml new file mode 100644 index 00000000..7731f190 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -0,0 +1,2053 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## @param global.namespaceOverride Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + namespaceOverride: "" + +## @section Common parameters +## + +## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override mongodb.fullname template +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## extraDeploy: +## This needs to be uncommented and added to 'extraDeploy' in order to use the replicaset 'mongo-labeler' sidecar +## for dynamically discovering the mongodb primary pod +## suggestion is to use a hard-coded and predictable TCP port for the primary mongodb pod (here is 30001, choose your own) +## - apiVersion: v1 +## kind: Service +## metadata: +## name: mongodb-primary +## namespace: the-mongodb-namespace +## labels: +## app.kubernetes.io/component: mongodb +## app.kubernetes.io/instance: mongodb +## app.kubernetes.io/managed-by: Helm +## app.kubernetes.io/name: mongodb +## spec: +## type: NodePort +## externalTrafficPolicy: Cluster +## ports: +## - name: mongodb +## port: 30001 +## nodePort: 30001 +## protocol: TCP +## targetPort: mongodb +## selector: +## app.kubernetes.io/component: mongodb +## app.kubernetes.io/instance: mongodb +## app.kubernetes.io/name: mongodb +## primary: "true" +## +extraDeploy: [] +## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template +## +commonLabels: {} +## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template +## +commonAnnotations: {} + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section MongoDB(®) parameters +## + +## Drycc MongoDB(®) image +## ref: https://hub.docker.com/r/drycc/mongodb/tags/ +## @param image.registry MongoDB(®) image registry +## @param image.repository MongoDB(®) image registry +## @param image.tag MongoDB(®) image tag (immutable tags are recommended) +## @param image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy MongoDB(®) image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Set to true if you would like to see extra information on logs +## +image: + registry: registry.drycc.cc + repository: drycc-addons/mongodb + tag: "7.0" + digest: "" + ## Specify a imagePullPolicy + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false + +## @param schedulerName Name of the scheduler (other than default) to dispatch pods +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`) +## +architecture: replicaset +## @param useStatefulSet Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) +## +useStatefulSet: false +## MongoDB(®) Authentication parameters +## +auth: + ## @param auth.enabled Enable authentication + ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ + ## + enabled: true + ## @param auth.rootUser MongoDB(®) root user + ## + rootUser: root + ## @param auth.rootPassword MongoDB(®) root password + ## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#setting-the-root-user-and-password-on-first-run + ## + rootPassword: "" + ## MongoDB(®) custom users and databases + ## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#creating-a-user-and-database-on-first-run + ## @param auth.usernames List of custom users to be created during the initialization + ## @param auth.passwords List of passwords for the custom users set at `auth.usernames` + ## @param auth.databases List of custom databases to be created during the initialization + ## + usernames: [] + passwords: [] + databases: [] + ## @param auth.username DEPRECATED: use `auth.usernames` instead + ## @param auth.password DEPRECATED: use `auth.passwords` instead + ## @param auth.database DEPRECATED: use `auth.databases` instead + username: "" + password: "" + database: "" + ## @param auth.replicaSetKey Key used for authentication in the replicaset (only when `architecture=replicaset`) + ## + replicaSetKey: "" + ## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) + ## NOTE: When it's set the previous parameters are ignored. + ## + existingSecret: "" +tls: + ## @param tls.enabled Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes + ## + enabled: false + ## @param tls.autoGenerated Generate a custom CA and self-signed certificates + ## + autoGenerated: true + ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) + ## NOTE: When it's set it will disable certificate creation + ## + existingSecret: "" + ## Add Custom CA certificate + ## @param tls.caCert Custom CA certificated (base64 encoded) + ## @param tls.caKey CA certificate private key (base64 encoded) + ## + caCert: "" + caKey: "" + ## Drycc Nginx image + ## @param tls.image.registry Init container TLS certs setup image registry + ## @param tls.image.repository Init container TLS certs setup image repository + ## @param tls.image.tag Init container TLS certs setup image tag (immutable tags are recommended) + ## @param tls.image.digest Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param tls.image.pullPolicy Init container TLS certs setup image pull policy + ## @param tls.image.pullSecrets Init container TLS certs specify docker-registry secret names as an array + ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients + ## + image: + registry: docker.io + repository: drycc/nginx + tag: 1.23.1-debian-11-r26 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + ## e.g: + ## extraDnsNames + ## "DNS.6": "$my_host" + ## "DNS.7": "$test" + ## + extraDnsNames: [] + ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) + ## + mode: requireTLS + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param tls.resources.limits Init container generate-tls-certs resource limits + ## @param tls.resources.requests Init container generate-tls-certs resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} +## @param hostAliases Add deployment host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param replicaSetName Name of the replica set (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## +replicaSetName: rs0 +## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## Ignored when externalAccess.enabled=true +## +replicaSetHostnames: true +## @param enableIPv6 Switch to enable/disable IPv6 on MongoDB(®) +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#enablingdisabling-ipv6 +## +enableIPv6: false +## @param directoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB(®) +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#enablingdisabling-directoryperdb +## +directoryPerDB: false +## MongoDB(®) System Log configuration +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#configuring-system-log-verbosity-level +## @param systemLogVerbosity MongoDB(®) system log verbosity level +## @param disableSystemLog Switch to enable/disable MongoDB(®) system log +## +systemLogVerbosity: 0 +disableSystemLog: false +## @param disableJavascript Switch to enable/disable MongoDB(®) server-side JavaScript execution +## ref: https://docs.mongodb.com/manual/core/server-side-javascript/ +## +disableJavascript: false +## @param enableJournal Switch to enable/disable MongoDB(®) Journaling +## ref: https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-storage.journal.enabled +## +enableJournal: true +## @param configuration MongoDB(®) configuration file to be used for Primary and Secondary nodes +## For documentation of all options, see: http://docs.mongodb.org/manual/reference/configuration-options/ +## Example: +## configuration: |- +## # where and how to store data. +## storage: +## dbPath: /drycc/mongodb/data/db +## journal: +## enabled: true +## directoryPerDB: false +## # where to write logging data +## systemLog: +## destination: file +## quiet: false +## logAppend: true +## logRotate: reopen +## path: /opt/drycc/mongodb/logs/mongodb.log +## verbosity: 0 +## # network interfaces +## net: +## port: 27017 +## unixDomainSocket: +## enabled: true +## pathPrefix: /opt/drycc/mongodb/tmp +## ipv6: false +## bindIpAll: true +## # replica set options +## #replication: +## #replSetName: replicaset +## #enableMajorityReadConcern: true +## # process management options +## processManagement: +## fork: false +## pidFilePath: /opt/drycc/mongodb/tmp/mongodb.pid +## # set parameter options +## setParameter: +## enableLocalhostAuthBypass: true +## # security options +## security: +## authorization: disabled +## #keyFile: /opt/drycc/mongodb/conf/keyfile +## +configuration: "" +## @section replicaSetConfigurationSettings settings applied during runtime (not via configuration file) +## If enabled, these are applied by a script which is called within setup.sh +## for documentation see https://docs.mongodb.com/manual/reference/replica-configuration/#replica-set-configuration-fields +## @param replicaSetConfigurationSettings.enabled Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings +## @param replicaSetConfigurationSettings.configuration run-time rs.conf settings +## +replicaSetConfigurationSettings: + enabled: false + configuration: {} +## chainingAllowed : false +## heartbeatTimeoutSecs : 10 +## heartbeatIntervalMillis : 2000 +## electionTimeoutMillis : 10000 +## catchUpTimeoutMillis : 30000 +## @param existingConfigmap Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes +## NOTE: When it's set the arbiter.configuration parameter is ignored +## +existingConfigmap: "" +## @param initdbScripts Dictionary of initdb scripts +## Specify dictionary of scripts to be run at first boot +## Example: +## initdbScripts: +## my_init_script.sh: | +## #!/bin/bash +## echo "Do something." +## +initdbScripts: {} +## @param initdbScriptsConfigMap Existing ConfigMap with custom initdb scripts +## +initdbScriptsConfigMap: "" +## Command and args for running the container (set to default if not set). Use array form +## @param command Override default container command (useful when using custom images) +## @param args Override default container args (useful when using custom images) +## +command: [] +args: [] +## @param extraFlags MongoDB(®) additional command line flags +## Example: +## extraFlags: +## - "--wiredTigerCacheSizeGB=2" +## +extraFlags: [] +## @param extraEnvVars Extra environment variables to add to MongoDB(®) pods +## E.g: +## extraEnvVars: +## - name: FOO +## value: BAR +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) +## +extraEnvVarsSecret: "" + +## @section MongoDB(®) statefulset parameters +## + +## @param annotations Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template +## +annotations: {} +## @param labels Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template +## +labels: {} +## @param replicaCount Number of MongoDB(®) nodes (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## +replicaCount: 3 +## @param updateStrategy.type Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, +## this parameter will be applied on a deployment object. In other case it will be applied on a statefulset object +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## Example: +## updateStrategy: +## type: RollingUpdate +## rollingUpdate: +## maxSurge: 25% +## maxUnavailable: 25% +## +updateStrategy: + type: RollingUpdate +## @param podManagementPolicy Pod management policy for MongoDB(®) +## Should be initialized one by one when building the replicaset for the first time +## +podManagementPolicy: OrderedReady +## @param podAffinityPreset MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key MongoDB(®) Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values MongoDB(®) Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity MongoDB(®) Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector MongoDB(®) Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations MongoDB(®) Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param topologySpreadConstraints MongoDB(®) Spread Constraints for Pods +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## +topologySpreadConstraints: [] +## @param lifecycleHooks LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @param terminationGracePeriodSeconds MongoDB(®) Termination Grace Period +## +terminationGracePeriodSeconds: "" +## @param podLabels MongoDB(®) pod labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations MongoDB(®) Pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param priorityClassName Name of the existing priority class to be used by MongoDB(®) pod(s) +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param runtimeClassName Name of the runtime class to be used by MongoDB(®) pod(s) +## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ +## +runtimeClassName: "" +## MongoDB(®) pods' Security Context. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable MongoDB(®) pod(s)' Security Context +## @param podSecurityContext.fsGroup Group ID for the volumes of the MongoDB(®) pod(s) +## @param podSecurityContext.sysctls sysctl settings of the MongoDB(®) pod(s)' +## +podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] +## MongoDB(®) containers' Security Context (main and metrics container). +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enable MongoDB(®) container(s)' Security Context +## @param containerSecurityContext.runAsUser User ID for the MongoDB(®) container +## @param containerSecurityContext.runAsNonRoot Set MongoDB(®) container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true +## MongoDB(®) containers' resource requests and limits. +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for MongoDB(®) containers +## @param resources.requests The requested resources for MongoDB(®) containers +## +resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} +## @param containerPorts.mongodb MongoDB(®) container port +containerPorts: + mongodb: 27017 +## MongoDB(®) pods' liveness probe. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 +## MongoDB(®) pods' readiness probe. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## Slow starting containers can be protected through startup probes +## Startup probes are available in Kubernetes version 1.16 and above +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 30 +## @param customLivenessProbe Override default liveness probe for MongoDB(®) containers +## Ignored when livenessProbe.enabled=true +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe for MongoDB(®) containers +## Ignored when readinessProbe.enabled=true +## +customReadinessProbe: {} +## @param customStartupProbe Override default startup probe for MongoDB(®) containers +## Ignored when startupProbe.enabled=true +## +customStartupProbe: {} +## @param initContainers Add additional init containers for the hidden node pod(s) +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] +## @param sidecars Add additional sidecar containers for the MongoDB(®) pod(s) +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## This is an optional 'mongo-labeler' sidecar container that tracks replica-set for the primary mongodb pod +## and labels it dynamically with ' primary: "true" ' in order for an extra-deployed service to always expose +## and attach to the primary pod, this needs to be uncommented along with the suggested 'extraDeploy' example +## and the suggested rbac example for the pod to be allowed adding labels to mongo replica pods +## search 'mongo-labeler' through this file to find the sections that needs to be uncommented to make it work +## +## - name: mongo-labeler +## image: korenlev/k8s-mongo-labeler-sidecar +## imagePullPolicy: Always +## env: +## - name: LABEL_SELECTOR +## value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb" +## - name: NAMESPACE +## value: "the-mongodb-namespace" +## - name: DEBUG +## value: "true" +## +sidecars: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) +## Examples: +## extraVolumeMounts: +## - name: extras +## mountPath: /usr/share/extras +## readOnly: true +## +extraVolumeMounts: [] +## @param extraVolumes Optionally specify extra list of additional volumes to the MongoDB(®) statefulset +## extraVolumes: +## - name: extras +## emptyDir: {} +## +extraVolumes: [] +## MongoDB(®) Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) + ## + create: false + ## @param pdb.minAvailable Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction + ## + maxUnavailable: "" + +## @section Traffic exposure parameters +## + +## Service parameters +## +service: + ## @param service.nameOverride MongoDB(®) service name + ## + nameOverride: "" + ## @param service.type Kubernetes Service type (only for standalone architecture) + ## + type: ClusterIP + ## @param service.portName MongoDB(®) service port name (only for standalone architecture) + ## + portName: mongodb + ## @param service.ports.mongodb MongoDB(®) service port. + ## + ports: + mongodb: 27017 + ## @param service.nodePorts.mongodb Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + mongodb: "" + ## @param service.clusterIP MongoDB(®) service cluster IP (only for standalone architecture) + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## + externalIPs: [] + ## @param service.loadBalancerIP loadBalancerIP for MongoDB(®) Service (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + loadBalancerSourceRanges: [] + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations Provide any additional annotations that may be required + ## + annotations: {} + ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture) + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## External Access to MongoDB(®) nodes configuration +## +externalAccess: + ## @param externalAccess.enabled Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) + ## + enabled: false + ## External IPs auto-discovery configuration + ## An init container is used to auto-detect LB IPs or node ports by querying the K8s API + ## Note: RBAC might be required + ## + autoDiscovery: + ## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs by querying the K8s API + ## + enabled: false + ## Drycc Kubectl image + ## ref: https://hub.docker.com/r/drycc/kubectl/tags/ + ## @param externalAccess.autoDiscovery.image.registry Init container auto-discovery image registry + ## @param externalAccess.autoDiscovery.image.repository Init container auto-discovery image repository + ## @param externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended) + ## @param externalAccess.autoDiscovery.image.digest Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy + ## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets + ## + image: + registry: docker.io + repository: drycc/kubectl + tag: 1.25.2-debian-11-r2 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param externalAccess.autoDiscovery.resources.limits Init container auto-discovery resource limits + ## @param externalAccess.autoDiscovery.resources.requests Init container auto-discovery resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## Parameters to configure K8s service(s) used to externally access MongoDB(®) + ## A new service per broker will be created + ## + service: + ## @param externalAccess.service.type Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP + ## + type: LoadBalancer + ## @param externalAccess.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer + ## + portName: "mongodb" + ## @param externalAccess.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer + ## + ports: + mongodb: 27017 + ## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes + ## Example: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + loadBalancerIPs: [] + ## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param externalAccess.service.externalTrafficPolicy MongoDB(®) service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param externalAccess.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort + ## Example: + ## nodePorts: + ## - 30001 + ## - 30002 + ## + nodePorts: [] + ## @param externalAccess.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort + ## If not specified, the container will try to get the kubernetes node external IP + ## e.g: + ## domain: mydomain.com + ## + domain: "" + ## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param externalAccess.service.annotations Service annotations for external access + ## + annotations: {} + ## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param externalAccess.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## External Access to MongoDB(®) Hidden nodes configuration + ## + hidden: + ## @param externalAccess.hidden.enabled Enable Kubernetes external cluster access to MongoDB(®) hidden nodes + ## + enabled: false + ## Parameters to configure K8s service(s) used to externally access MongoDB(®) + ## A new service per broker will be created + ## + service: + ## @param externalAccess.hidden.service.type Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer + ## + type: LoadBalancer + ## @param externalAccess.hidden.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer + ## + portName: "mongodb" + ## @param externalAccess.hidden.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer + ## + ports: + mongodb: 27017 + ## @param externalAccess.hidden.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes + ## Example: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + loadBalancerIPs: [] + ## @param externalAccess.hidden.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param externalAccess.hidden.service.externalTrafficPolicy MongoDB(®) service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param externalAccess.hidden.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount + ## Example: + ## nodePorts: + ## - 30001 + ## - 30002 + ## + nodePorts: [] + ## @param externalAccess.hidden.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort + ## If not specified, the container will try to get the kubernetes node external IP + ## e.g: + ## domain: mydomain.com + ## + domain: "" + ## @param externalAccess.hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param externalAccess.hidden.service.annotations Service annotations for external access + ## + annotations: {} + ## @param externalAccess.hidden.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param externalAccess.hidden.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## @section Persistence parameters +## + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable MongoDB(®) data persistence using PVC + ## + enabled: true + ## @param persistence.medium Provide a medium for `emptyDir` volumes. + ## Requires persistence.enabled: false + ## + medium: "" + ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + ## Ignored when mongodb.architecture=replicaset + ## + existingClaim: "" + ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted + resourcePolicy: "" + ## @param persistence.storageClass PVC Storage Class for MongoDB(®) data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param persistence.accessModes PV Access Mode + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for MongoDB(®) data volume + ## + size: 8Gi + ## @param persistence.annotations PVC annotations + ## + annotations: {} + ## @param persistence.mountPath Path to mount the volume at + ## MongoDB(®) images. + ## + mountPath: /drycc/mongodb + ## @param persistence.subPath Subdirectory of the volume to mount at + ## and one PV for multiple services. + ## + subPath: "" + ## Fine tuning for volumeClaimTemplates + ## + volumeClaimTemplates: + ## @param persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) + ## A label query over volumes to consider for binding (e.g. when using local volumes) + ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details + ## + selector: {} + ## @param persistence.volumeClaimTemplates.requests Custom PVC requests attributes + ## Sometime cloud providers use additional requests attributes to provision custom storage instance + ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset + ## + requests: {} + ## @param persistence.volumeClaimTemplates.dataSource Add dataSource to the VolumeClaimTemplate + ## + dataSource: {} + +## @section RBAC parameters +## + +## ServiceAccount +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for MongoDB(®) pods + ## + create: true + ## @param serviceAccount.name Name of the created serviceAccount + ## If not set and create is true, a name is generated using the mongodb.fullname template + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: true +## Role Based Access +## ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## +rbac: + ## @param rbac.create Whether to create & use RBAC resources or not + ## binding MongoDB(®) ServiceAccount to a role + ## that allows MongoDB(®) pods querying the K8s API + ## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery + ## + create: false + ## @param rbac.rules Custom rules to create following the role specification + ## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## - watch + ## - update + ## + rules: [] +## PodSecurityPolicy configuration +## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created. +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later + ## + create: false + ## @param podSecurityPolicy.allowPrivilegeEscalation Enable privilege escalation + ## Either use predefined policy with some adjustments or use `podSecurityPolicy.spec` + ## + allowPrivilegeEscalation: false + ## @param podSecurityPolicy.privileged Allow privileged + ## + privileged: false + ## @param podSecurityPolicy.spec Specify the full spec to use for Pod Security Policy + ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + ## Defining a spec ignores the above values. + ## + spec: {} + ## Example: + ## allowPrivilegeEscalation: false + ## fsGroup: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## hostIPC: false + ## hostNetwork: false + ## hostPID: false + ## privileged: false + ## readOnlyRootFilesystem: false + ## requiredDropCapabilities: + ## - ALL + ## runAsUser: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## seLinux: + ## rule: 'RunAsAny' + ## supplementalGroups: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## volumes: + ## - 'configMap' + ## - 'secret' + ## - 'emptyDir' + ## - 'persistentVolumeClaim' + ## + +## @section Volume Permissions parameters +## +## Init Container parameters +## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component +## values from the securityContext section of the component +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` + ## + enabled: false + ## @param volumePermissions.image.registry Init container volume-permissions image registry + ## @param volumePermissions.image.repository Init container volume-permissions image repository + ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: drycc/drycc-shell + tag: 11-debian-11-r37 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param volumePermissions.resources.limits Init container volume-permissions resource limits + ## @param volumePermissions.resources.requests Init container volume-permissions resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## Init container Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false and shmVolume.chmod.enabled=false + ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container + ## + securityContext: + runAsUser: 0 + +## @section Arbiter parameters +## + +arbiter: + ## @param arbiter.enabled Enable deploying the arbiter + ## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/ + ## + enabled: false + ## @param arbiter.hostAliases Add deployment host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param arbiter.configuration Arbiter configuration file to be used + ## http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configuration: "" + ## @param arbiter.existingConfigmap Name of existing ConfigMap with Arbiter configuration + ## NOTE: When it's set the arbiter.configuration parameter is ignored + ## + existingConfigmap: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param arbiter.command Override default container command (useful when using custom images) + ## @param arbiter.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## @param arbiter.extraFlags Arbiter additional command line flags + ## Example: + ## extraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + extraFlags: [] + ## @param arbiter.extraEnvVars Extra environment variables to add to Arbiter pods + ## E.g: + ## extraEnvVars: + ## - name: FOO + ## value: BAR + ## + extraEnvVars: [] + ## @param arbiter.extraEnvVarsCM Name of existing ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param arbiter.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) + ## + extraEnvVarsSecret: "" + ## @param arbiter.annotations Additional labels to be added to the Arbiter statefulset + ## + annotations: {} + ## @param arbiter.labels Annotations to be added to the Arbiter statefulset + ## + labels: {} + ## @param arbiter.topologySpreadConstraints MongoDB(®) Spread Constraints for arbiter Pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + ## @param arbiter.lifecycleHooks LifecycleHook for the Arbiter container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param arbiter.terminationGracePeriodSeconds Arbiter Termination Grace Period + ## + terminationGracePeriodSeconds: "" + ## @param arbiter.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: RollingUpdate + ## @param arbiter.podManagementPolicy Pod management policy for MongoDB(®) + ## Should be initialized one by one when building the replicaset for the first time + ## + podManagementPolicy: OrderedReady + ## @param arbiter.schedulerName Name of the scheduler (other than default) to dispatch pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param arbiter.podAffinityPreset Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param arbiter.podAntiAffinityPreset Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param arbiter.nodeAffinityPreset.type Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param arbiter.nodeAffinityPreset.key Arbiter Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param arbiter.nodeAffinityPreset.values Arbiter Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param arbiter.affinity Arbiter Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: arbiter.podAffinityPreset, arbiter.podAntiAffinityPreset, and arbiter.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param arbiter.nodeSelector Arbiter Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param arbiter.tolerations Arbiter Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param arbiter.podLabels Arbiter pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param arbiter.podAnnotations Arbiter Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param arbiter.priorityClassName Name of the existing priority class to be used by Arbiter pod(s) + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param arbiter.runtimeClassName Name of the runtime class to be used by Arbiter pod(s) + ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ + ## + runtimeClassName: "" + ## MongoDB(®) Arbiter pods' Security Context. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param arbiter.podSecurityContext.enabled Enable Arbiter pod(s)' Security Context + ## @param arbiter.podSecurityContext.fsGroup Group ID for the volumes of the Arbiter pod(s) + ## @param arbiter.podSecurityContext.sysctls sysctl settings of the Arbiter pod(s)' + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] + ## MongoDB(®) Arbiter containers' Security Context (only main container). + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param arbiter.containerSecurityContext.enabled Enable Arbiter container(s)' Security Context + ## @param arbiter.containerSecurityContext.runAsUser User ID for the Arbiter container + ## @param arbiter.containerSecurityContext.runAsNonRoot Set Arbiter containers' Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## MongoDB(®) Arbiter containers' resource requests and limits. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param arbiter.resources.limits The resources limits for Arbiter containers + ## @param arbiter.resources.requests The requested resources for Arbiter containers + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port + ## + containerPorts: + mongodb: 27017 + ## MongoDB(®) Arbiter pods' liveness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.livenessProbe.enabled Enable livenessProbe + ## @param arbiter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param arbiter.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param arbiter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param arbiter.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param arbiter.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Arbiter pods' readiness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.readinessProbe.enabled Enable readinessProbe + ## @param arbiter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param arbiter.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param arbiter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param arbiter.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param arbiter.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Arbiter pods' startup probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.startupProbe.enabled Enable startupProbe + ## @param arbiter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param arbiter.startupProbe.periodSeconds Period seconds for startupProbe + ## @param arbiter.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param arbiter.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param arbiter.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param arbiter.customLivenessProbe Override default liveness probe for Arbiter containers + ## Ignored when arbiter.livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param arbiter.customReadinessProbe Override default readiness probe for Arbiter containers + ## Ignored when arbiter.readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param arbiter.customStartupProbe Override default startup probe for Arbiter containers + ## Ignored when arbiter.startupProbe.enabled=true + ## + customStartupProbe: {} + ## @param arbiter.initContainers Add additional init containers for the Arbiter pod(s) + ## Example: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + initContainers: [] + ## @param arbiter.sidecars Add additional sidecar containers for the Arbiter pod(s) + ## Example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param arbiter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Arbiter container(s) + ## Examples: + ## extraVolumeMounts: + ## - name: extras + ## mountPath: /usr/share/extras + ## readOnly: true + ## + extraVolumeMounts: [] + ## @param arbiter.extraVolumes Optionally specify extra list of additional volumes to the Arbiter statefulset + ## extraVolumes: + ## - name: extras + ## emptyDir: {} + ## + extraVolumes: [] + ## MongoDB(®) Arbiter Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + ## @param arbiter.pdb.create Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) + ## + create: false + ## @param arbiter.pdb.minAvailable Minimum number/percentage of Arbiter pods that should remain scheduled + ## + minAvailable: 1 + ## @param arbiter.pdb.maxUnavailable Maximum number/percentage of Arbiter pods that may be made unavailable + ## + maxUnavailable: "" + ## MongoDB(®) Arbiter service parameters + ## + service: + ## @param arbiter.service.nameOverride The arbiter service name + ## + nameOverride: "" + ## @param arbiter.service.ports.mongodb MongoDB(®) service port + ## + ports: + mongodb: 27017 + ## @param arbiter.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param arbiter.service.annotations Provide any additional annotations that may be required + ## + annotations: {} + +## @section Hidden Node parameters +## + +hidden: + ## @param hidden.enabled Enable deploying the hidden nodes + ## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/ + ## + enabled: false + ## @param hidden.hostAliases Add deployment host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param hidden.configuration Hidden node configuration file to be used + ## http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configuration: "" + ## @param hidden.existingConfigmap Name of existing ConfigMap with Hidden node configuration + ## NOTE: When it's set the hidden.configuration parameter is ignored + ## + existingConfigmap: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param hidden.command Override default container command (useful when using custom images) + ## @param hidden.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## @param hidden.extraFlags Hidden node additional command line flags + ## Example: + ## extraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + extraFlags: [] + ## @param hidden.extraEnvVars Extra environment variables to add to Hidden node pods + ## E.g: + ## extraEnvVars: + ## - name: FOO + ## value: BAR + ## + extraEnvVars: [] + ## @param hidden.extraEnvVarsCM Name of existing ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param hidden.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) + ## + extraEnvVarsSecret: "" + ## @param hidden.annotations Additional labels to be added to thehidden node statefulset + ## + annotations: {} + ## @param hidden.labels Annotations to be added to the hidden node statefulset + ## + labels: {} + ## @param hidden.topologySpreadConstraints MongoDB(®) Spread Constraints for hidden Pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + ## @param hidden.lifecycleHooks LifecycleHook for the Hidden container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param hidden.replicaCount Number of hidden nodes (only when `architecture=replicaset`) + ## Ignored when mongodb.architecture=standalone + ## + replicaCount: 1 + ## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period + ## + terminationGracePeriodSeconds: "" + ## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: RollingUpdate + ## @param hidden.podManagementPolicy Pod management policy for hidden node + ## + podManagementPolicy: OrderedReady + ## @param hidden.schedulerName Name of the scheduler (other than default) to dispatch pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param hidden.podAffinityPreset Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param hidden.podAntiAffinityPreset Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## Allowed values: soft, hard + ## + nodeAffinityPreset: + ## @param hidden.nodeAffinityPreset.type Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param hidden.nodeAffinityPreset.key Hidden Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param hidden.nodeAffinityPreset.values Hidden Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param hidden.affinity Hidden node Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param hidden.nodeSelector Hidden node Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param hidden.tolerations Hidden node Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param hidden.podLabels Hidden node pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param hidden.podAnnotations Hidden node Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param hidden.priorityClassName Name of the existing priority class to be used by hidden node pod(s) + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param hidden.runtimeClassName Name of the runtime class to be used by hidden node pod(s) + ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ + ## + runtimeClassName: "" + ## MongoDB(®) Hidden pods' Security Context. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param hidden.podSecurityContext.enabled Enable Hidden pod(s)' Security Context + ## @param hidden.podSecurityContext.fsGroup Group ID for the volumes of the Hidden pod(s) + ## @param hidden.podSecurityContext.sysctls sysctl settings of the Hidden pod(s)' + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] + ## MongoDB(®) Hidden containers' Security Context (only main container). + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param hidden.containerSecurityContext.enabled Enable Hidden container(s)' Security Context + ## @param hidden.containerSecurityContext.runAsUser User ID for the Hidden container + ## @param hidden.containerSecurityContext.runAsNonRoot Set Hidden containers' Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## MongoDB(®) Hidden containers' resource requests and limits. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param hidden.resources.limits The resources limits for hidden node containers + ## @param hidden.resources.requests The requested resources for hidden node containers + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param hidden.containerPorts.mongodb MongoDB(®) hidden container port + containerPorts: + mongodb: 27017 + ## MongoDB(®) Hidden pods' liveness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param hidden.livenessProbe.enabled Enable livenessProbe + ## @param hidden.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param hidden.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param hidden.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param hidden.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param hidden.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Hidden pods' readiness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param hidden.readinessProbe.enabled Enable readinessProbe + ## @param hidden.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param hidden.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param hidden.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param hidden.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param hidden.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## Slow starting containers can be protected through startup probes + ## Startup probes are available in Kubernetes version 1.16 and above + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes + ## @param hidden.startupProbe.enabled Enable startupProbe + ## @param hidden.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param hidden.startupProbe.periodSeconds Period seconds for startupProbe + ## @param hidden.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param hidden.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param hidden.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param hidden.customLivenessProbe Override default liveness probe for hidden node containers + ## Ignored when hidden.livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param hidden.customReadinessProbe Override default readiness probe for hidden node containers + ## Ignored when hidden.readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param hidden.customStartupProbe Override default startup probe for MongoDB(®) containers + ## Ignored when hidden.startupProbe.enabled=true + ## + customStartupProbe: {} + ## @param hidden.initContainers Add init containers to the MongoDB(®) Hidden pods. + ## Example: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + initContainers: [] + ## @param hidden.sidecars Add additional sidecar containers for the hidden node pod(s) + ## Example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param hidden.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the hidden node container(s) + ## Examples: + ## extraVolumeMounts: + ## - name: extras + ## mountPath: /usr/share/extras + ## readOnly: true + ## + extraVolumeMounts: [] + ## @param hidden.extraVolumes Optionally specify extra list of additional volumes to the hidden node statefulset + ## extraVolumes: + ## - name: extras + ## emptyDir: {} + ## + extraVolumes: [] + ## MongoDB(®) Hidden Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + ## @param hidden.pdb.create Enable/disable a Pod Disruption Budget creation for hidden node pod(s) + ## + create: false + ## @param hidden.pdb.minAvailable Minimum number/percentage of hidden node pods that should remain scheduled + ## + minAvailable: 1 + ## @param hidden.pdb.maxUnavailable Maximum number/percentage of hidden node pods that may be made unavailable + ## + maxUnavailable: "" + ## Enable persistence using Persistent Volume Claims + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param hidden.persistence.enabled Enable hidden node data persistence using PVC + ## + enabled: true + ## @param hidden.persistence.medium Provide a medium for `emptyDir` volumes. + ## Requires hidden.persistence.enabled: false + ## + medium: "" + ## @param hidden.persistence.storageClass PVC Storage Class for hidden node data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param hidden.persistence.accessModes PV Access Mode + ## + accessModes: + - ReadWriteOnce + ## @param hidden.persistence.size PVC Storage Request for hidden node data volume + ## + size: 8Gi + ## @param hidden.persistence.annotations PVC annotations + ## + annotations: {} + ## @param hidden.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB(®) images. + ## + mountPath: /drycc/mongodb + ## @param hidden.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: "" + ## Fine tuning for volumeClaimTemplates + ## + volumeClaimTemplates: + ## @param hidden.persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) + ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details + ## + selector: {} + ## @param hidden.persistence.volumeClaimTemplates.requests Custom PVC requests attributes + ## Sometime cloud providers use additional requests attributes to provision custom storage instance + ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset + ## + requests: {} + ## @param hidden.persistence.volumeClaimTemplates.dataSource Set volumeClaimTemplate dataSource + ## + dataSource: {} + service: + ## @param hidden.service.portName MongoDB(®) service port name + ## + portName: "mongodb" + ## @param hidden.service.ports.mongodb MongoDB(®) service port + ## + ports: + mongodb: 27017 + ## @param hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param hidden.service.annotations Provide any additional annotations that may be required + ## + annotations: {} + +## @section Metrics parameters +## + +metrics: + ## @param metrics.enabled Enable using a sidecar Prometheus exporter + ## + enabled: false + ## Drycc MongoDB(®) Promtheus Exporter image + ## ref: https://hub.docker.com/r/drycc/mongodb-exporter/tags/ + ## @param metrics.image.registry MongoDB(®) Prometheus exporter image registry + ## @param metrics.image.repository MongoDB(®) Prometheus exporter image repository + ## @param metrics.image.tag MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) + ## @param metrics.image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param metrics.image.pullPolicy MongoDB(®) Prometheus exporter image pull policy + ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: drycc/mongodb-exporter + tag: 0.34.0-debian-11-r19 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + ## @param metrics.username String with username for the metrics exporter + ## If undefined the root user will be used for the metrics exporter + username: "" + ## @param metrics.password String with password for the metrics exporter + ## If undefined but metrics.username is defined, a random password will be generated + password: "" + ## @param metrics.extraFlags String with extra flags to the metrics exporter + ## ref: https://github.com/percona/mongodb_exporter/blob/master/mongodb_exporter.go + ## + extraFlags: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param metrics.command Override default container command (useful when using custom images) + ## @param metrics.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## Metrics exporter container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param metrics.resources.limits The resources limits for Prometheus exporter containers + ## @param metrics.resources.requests The requested resources for Prometheus exporter containers + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param metrics.containerPort Port of the Prometheus metrics container + ## + containerPort: 9216 + ## Prometheus Exporter service configuration + ## + service: + ## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + prometheus.io/path: "/metrics" + ## @param metrics.service.type Type of the Prometheus metrics service + ## + type: ClusterIP + ## @param metrics.service.ports.metrics Port of the Prometheus metrics service + ## + ports: + metrics: 9216 + ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## Metrics exporter liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param metrics.livenessProbe.enabled Enable livenessProbe + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 5 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + ## Metrics exporter readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param metrics.readinessProbe.enabled Enable readinessProbe + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + ## Slow starting containers can be protected through startup probes + ## Startup probes are available in Kubernetes version 1.16 and above + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes + ## @param metrics.startupProbe.enabled Enable startupProbe + ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe + ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param metrics.customLivenessProbe Override default liveness probe for MongoDB(®) containers + ## Ignored when livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param metrics.customReadinessProbe Override default readiness probe for MongoDB(®) containers + ## Ignored when readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param metrics.customStartupProbe Override default startup probe for MongoDB(®) containers + ## Ignored when startupProbe.enabled=true + ## + customStartupProbe: {} + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion. + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + labels: {} + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/drycc/charts/tree/master/drycc/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## Custom PrometheusRule to be defined + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator + ## + enabled: false + ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.prometheusRule.namespace Namespace where prometheusRules resource should be created + ## + namespace: "" + ## @param metrics.prometheusRule.rules Rules to be created, check values for an example + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup + ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ + ## + ## This is an example of a rule, you should add the below code block under the "rules" param, removing the brackets + ## rules: + ## - alert: HighRequestLatency + ## expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5 + ## for: 10m + ## labels: + ## severity: page + ## annotations: + ## summary: High request latency + ## + rules: [] + +## Mongodb Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port Mongodb is listening + ## on. When true, Mongodb will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: diff --git a/addons/mongodb/7.0/meta.yaml b/addons/mongodb/7.0/meta.yaml new file mode 100644 index 00000000..99fea6d5 --- /dev/null +++ b/addons/mongodb/7.0/meta.yaml @@ -0,0 +1,21 @@ +name: mongodb +version: 7.0 +id: 383f7316-84f3-4955-8491-1d4b02b749c8 +description: "mongodb" +displayName: "mongodb" +metadata: + displayName: "mongodb" + provider: + name: drycc + supportURL: https://www.mongodb.com/docs/manual/ + documentationURL: https://www.mongodb.com/docs/manual/ +tags: mongodb +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "service.type" + required: false + description: "service type config for values.yaml" +archive: false \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml new file mode 100644 index 00000000..b70bcfb0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1c2g10" +id: 8e0ff3e6-f633-4c25-8ff1-6d25cdc2ed98 +description: "mongodb standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G " +displayName: "standard-1c2g10" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml new file mode 100644 index 00000000..2f543d11 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-1c2g10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 1000m + memory: 2Gi + requests: + cpu: 1000m + memory: 2Gi + +persistence: + size: 10Gi diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml index 6a7147c9..8c0770c7 100644 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml @@ -1,5 +1,5 @@ credential: -{{- if (eq .Values.router.service.type "LoadBalancer") }} +type - name: EXTRANET_HOST valueFrom: serviceRef: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 4dd6522d..c407603f 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -161,4 +161,6 @@ You can modify multiple content at once, there is no need to modify part of it e - Destroy service ``` # drycc resources:destroy `my_pg_001` -``` \ No newline at end of file +``` +# 修改pg在容器中分配的动态共享内存不足的问题 +https://www.cnblogs.com/daniel-hutao/p/17903993.html \ No newline at end of file From 7991bdde07850b5f1dae191673aba7170a9a3904 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 18 Apr 2024 17:52:48 +0800 Subject: [PATCH 070/122] chore(mongodb) add networkpolicy allownamespaces --- addons/mongodb/7.0/chart/mongodb/values.yaml | 4 ++-- addons/mongodb/7.0/meta.yaml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index 7731f190..3ffc0b04 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -308,7 +308,7 @@ enableJournal: true ## #replication: ## #replSetName: replicaset ## #enableMajorityReadConcern: true -## # process management options +## # process management optionsT ## processManagement: ## fork: false ## pidFilePath: /opt/drycc/mongodb/tmp/mongodb.pid @@ -2050,4 +2050,4 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: + allowNamespaces: [] diff --git a/addons/mongodb/7.0/meta.yaml b/addons/mongodb/7.0/meta.yaml index 99fea6d5..9bfe6bb4 100644 --- a/addons/mongodb/7.0/meta.yaml +++ b/addons/mongodb/7.0/meta.yaml @@ -18,4 +18,7 @@ allow_parameters: - name: "service.type" required: false description: "service type config for values.yaml" +- name: "networkPolicy.allowNamespaces" + required: false + description: "networkPolicy allowNamespaces config for values.yaml" archive: false \ No newline at end of file From d5c8be97976a0bd6c275f24953a9d09d5e79e24f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 29 Apr 2024 08:53:53 +0800 Subject: [PATCH 071/122] chore(addons):changes cluster role to role and clusterrolebinding to rolebinding --- .../templates/{clusterrole.yaml => role.yaml} | 17 +++++++++-------- ...clusterrolebinding.yaml => rolebinding.yaml} | 9 +++++---- .../prometheus/templates/_scrape_config.tpl | 3 --- .../server/{clusterrole.yaml => role.yaml} | 11 +++-------- ...clusterrolebinding.yaml => rolebinding.yaml} | 5 +++-- .../prometheus/2/chart/prometheus/values.yaml | 4 +--- ...clusterrolebinding.yaml => rolebinding.yaml} | 4 ++-- 7 files changed, 23 insertions(+), 30 deletions(-) rename addons/pmm/2.41/chart/pmm/templates/{clusterrole.yaml => role.yaml} (68%) rename addons/pmm/2.41/chart/pmm/templates/{clusterrolebinding.yaml => rolebinding.yaml} (84%) rename addons/prometheus/2/chart/prometheus/templates/server/{clusterrole.yaml => role.yaml} (89%) rename addons/prometheus/2/chart/prometheus/templates/server/{clusterrolebinding.yaml => rolebinding.yaml} (90%) rename template/CHART_NAME/templates/{clusterrolebinding.yaml => rolebinding.yaml} (94%) diff --git a/addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml b/addons/pmm/2.41/chart/pmm/templates/role.yaml similarity index 68% rename from addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml rename to addons/pmm/2.41/chart/pmm/templates/role.yaml index a470d4de..cbb6607c 100644 --- a/addons/pmm/2.41/chart/pmm/templates/clusterrole.yaml +++ b/addons/pmm/2.41/chart/pmm/templates/role.yaml @@ -1,7 +1,8 @@ {{- if .Values.serviceAccount.create -}} apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: + namespace: {{ include "common.names.namespace" . | quote }} name: {{ include "pmm.fullname" . }} labels: {{- include "pmm.labels" . | nindent 4 }} @@ -9,10 +10,10 @@ rules: # standard RBAC - apiGroups: [""] # "" indicates the core API group resources: - - namespaces + # - namespaces - endpoints - services - - nodes + # - nodes - pods - secrets - serviceaccounts @@ -20,9 +21,9 @@ rules: - get - watch - list -- nonResourceURLs: - - /metrics - - /metrics/resources - verbs: - - get +# - nonResourceURLs: +# - /metrics +# - /metrics/resources +# verbs: +# - get {{- end }} diff --git a/addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml b/addons/pmm/2.41/chart/pmm/templates/rolebinding.yaml similarity index 84% rename from addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml rename to addons/pmm/2.41/chart/pmm/templates/rolebinding.yaml index d82e4ccc..697e601b 100644 --- a/addons/pmm/2.41/chart/pmm/templates/clusterrolebinding.yaml +++ b/addons/pmm/2.41/chart/pmm/templates/rolebinding.yaml @@ -1,12 +1,13 @@ {{- if .Values.serviceAccount.create -}} {{- if .Values.pmmEnv.ENABLE_CLUSTER_ROLE_ADMIN -}} apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: + namespace: {{ include "common.names.namespace" . | quote }} name: {{ include "pmm.fullname" . }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: cluster-admin subjects: - kind: ServiceAccount @@ -14,12 +15,12 @@ subjects: namespace: {{ .Release.Namespace }} {{- else }} apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: name: {{ include "pmm.fullname" . }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: {{ include "pmm.fullname" . }} subjects: - kind: ServiceAccount diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index 14f45299..4e078fe8 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -94,9 +94,6 @@ kubernetes_sd_configs: own_namespace: true names: - {{ include "common.names.namespace" .context }} - {{- range .value }} - - {{ include "common.tplvalues.render" (dict "value" . "context" $) }} - {{- end }} relabel_configs: - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] diff --git a/addons/prometheus/2/chart/prometheus/templates/server/clusterrole.yaml b/addons/prometheus/2/chart/prometheus/templates/server/role.yaml similarity index 89% rename from addons/prometheus/2/chart/prometheus/templates/server/clusterrole.yaml rename to addons/prometheus/2/chart/prometheus/templates/server/role.yaml index 1793a0f6..ad20ad04 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/clusterrole.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/role.yaml @@ -4,9 +4,10 @@ SPDX-License-Identifier: APACHE-2.0 */}} {{- if .Values.server.rbac.create }} -kind: ClusterRole +kind: Role apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} metadata: + namespace: {{ include "common.names.namespace" . | quote }} name: {{ include "prometheus.server.fullname.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/part-of: prometheus @@ -19,14 +20,9 @@ rules: - apiGroups: - "" resources: - - nodes - - nodes/proxy - - nodes/metrics - services - endpoints - pods - - ingresses - - configmaps verbs: - get - list @@ -41,8 +37,7 @@ rules: - get - list - watch - - nonResourceURLs: - - "/metrics" + verbs: - get {{- if .Values.server.rbac.rules }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/clusterrolebinding.yaml b/addons/prometheus/2/chart/prometheus/templates/server/rolebinding.yaml similarity index 90% rename from addons/prometheus/2/chart/prometheus/templates/server/clusterrolebinding.yaml rename to addons/prometheus/2/chart/prometheus/templates/server/rolebinding.yaml index 3f767443..68bbee4c 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/clusterrolebinding.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/rolebinding.yaml @@ -3,9 +3,10 @@ Copyright Drycc Community. SPDX-License-Identifier: APACHE-2.0 */}} -kind: ClusterRoleBinding +kind: RoleBinding apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} metadata: + namespace: {{ include "common.names.namespace" . | quote }} name: {{ template "prometheus.server.fullname.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/part-of: prometheus @@ -15,7 +16,7 @@ metadata: {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: {{ template "prometheus.server.fullname.namespace" . }} subjects: - kind: ServiceAccount diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 55262846..0f497da7 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -636,7 +636,7 @@ server: {{- end }} {{- if .Values.scrapeAddons.enabled }} - job_name: addons - {{- include "addons.ds_scrape_config" (dict "value" .Values.scrapeNamespaces "context" $) | nindent 4 }} + {{- include "addons.ds_scrape_config" (dict "context" $) | nindent 4 }} {{- end }} {{- if .Values.server.extraScrapeConfigs}} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraScrapeConfigs "context" $) | nindent 2 }} @@ -654,8 +654,6 @@ server: static_configs: - targets: [ "{{ printf "%s.%s.svc.%s:%d" (include "prometheus.alertmanager.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain (int .Values.alertmanager.service.ports.http) }}" ] {{- end }} - rule_files: - - rules.yaml ## @param server.alertingRules Prometheus alerting rules. This content will be stored in the the rules.yaml file and the content can be a template. ## ref: diff --git a/template/CHART_NAME/templates/clusterrolebinding.yaml b/template/CHART_NAME/templates/rolebinding.yaml similarity index 94% rename from template/CHART_NAME/templates/clusterrolebinding.yaml rename to template/CHART_NAME/templates/rolebinding.yaml index 13245a56..ffb92c9e 100644 --- a/template/CHART_NAME/templates/clusterrolebinding.yaml +++ b/template/CHART_NAME/templates/rolebinding.yaml @@ -3,7 +3,7 @@ Copyright Drycc Community. SPDX-License-Identifier: APACHE-2.0 */}} -kind: ClusterRoleBinding +kind: RoleBinding apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} metadata: name: {{ template "common.names.fullname" . }} @@ -14,7 +14,7 @@ metadata: {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: {{ template "common.names.fullname" . }} subjects: - kind: ServiceAccount From 1bf6308220e6d74942189cda793a22a0e1ccc1bb Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 29 Apr 2024 10:40:13 +0800 Subject: [PATCH 072/122] megre(addons): megre upstream --- .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ 13 files changed, 156 deletions(-) delete mode 100644 addons/mysql-cluster/8.0/plans/standard-16c64g400/create-instance-schema.json~merged delete mode 100644 addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json~merged delete mode 100644 addons/mysql-cluster/8.0/plans/standard-2c4g20/create-instance-schema.json~merged delete mode 100644 addons/mysql-cluster/8.0/plans/standard-32c128g800/create-instance-schema.json~merged delete mode 100644 addons/mysql-cluster/8.0/plans/standard-4c16g100/create-instance-schema.json~merged delete mode 100644 addons/mysql-cluster/8.0/plans/standard-8c32g200/create-instance-schema.json~merged delete mode 100644 addons/postgresql-cluster/15/plans/standard-16c64g400/create-instance-schema.json~merged delete mode 100644 addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json~merged delete mode 100644 addons/postgresql-cluster/15/plans/standard-2c4g20/create-instance-schema.json~merged delete mode 100644 addons/postgresql-cluster/15/plans/standard-2c8g50/create-instance-schema.json~merged delete mode 100644 addons/postgresql-cluster/15/plans/standard-32c128g800/create-instance-schema.json~merged delete mode 100644 addons/postgresql-cluster/15/plans/standard-32c64g4000/create-instance-schema.json~merged delete mode 100644 addons/postgresql-cluster/15/plans/standard-4c16g100/create-instance-schema.json~merged diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/create-instance-schema.json~merged b/addons/mysql-cluster/8.0/plans/standard-16c64g400/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-16c64g400/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json~merged b/addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-2c4g20/create-instance-schema.json~merged b/addons/mysql-cluster/8.0/plans/standard-2c4g20/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-2c4g20/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/create-instance-schema.json~merged b/addons/mysql-cluster/8.0/plans/standard-32c128g800/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-32c128g800/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-4c16g100/create-instance-schema.json~merged b/addons/mysql-cluster/8.0/plans/standard-4c16g100/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-4c16g100/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/create-instance-schema.json~merged b/addons/mysql-cluster/8.0/plans/standard-8c32g200/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mysql-cluster/8.0/plans/standard-8c32g200/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-16c64g400/create-instance-schema.json~merged b/addons/postgresql-cluster/15/plans/standard-16c64g400/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-16c64g400/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json~merged b/addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-1c2g10/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-2c4g20/create-instance-schema.json~merged b/addons/postgresql-cluster/15/plans/standard-2c4g20/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-2c4g20/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-2c8g50/create-instance-schema.json~merged b/addons/postgresql-cluster/15/plans/standard-2c8g50/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-2c8g50/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-32c128g800/create-instance-schema.json~merged b/addons/postgresql-cluster/15/plans/standard-32c128g800/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-32c128g800/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-32c64g4000/create-instance-schema.json~merged b/addons/postgresql-cluster/15/plans/standard-32c64g4000/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-32c64g4000/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-4c16g100/create-instance-schema.json~merged b/addons/postgresql-cluster/15/plans/standard-4c16g100/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/postgresql-cluster/15/plans/standard-4c16g100/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file From f2312915b0e5e3b7d447283bb1099b4a4290f520 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 29 Apr 2024 10:44:09 +0800 Subject: [PATCH 073/122] chore(mysql-cluster) fix 1c3g10 bind typo --- addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml index 8c0770c7..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-1c2g10/bind.yaml @@ -1,5 +1,5 @@ credential: -type +{{- if (eq .Values.router.service.type "LoadBalancer") }} - name: EXTRANET_HOST valueFrom: serviceRef: From e04068618ef2cd5f33490de471e158be7e118446 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 29 Apr 2024 10:54:18 +0800 Subject: [PATCH 074/122] chore(addons):delete mongodb --- addons/mongodb/7.0/chart/mongodb/.helmignore | 21 - addons/mongodb/7.0/chart/mongodb/Chart.yaml | 29 - addons/mongodb/7.0/chart/mongodb/README.md | 787 ------- .../7.0/chart/mongodb/templates/NOTES.txt | 202 -- .../7.0/chart/mongodb/templates/_helpers.tpl | 432 ---- .../mongodb/templates/arbiter/configmap.yaml | 18 - .../templates/arbiter/headless-svc.yaml | 33 - .../chart/mongodb/templates/arbiter/pdb.yaml | 25 - .../templates/arbiter/statefulset.yaml | 279 --- .../mongodb/templates/common-scripts-cm.yaml | 104 - .../chart/mongodb/templates/configmap.yaml | 18 - .../chart/mongodb/templates/extra-list.yaml | 4 - .../mongodb/templates/hidden/configmap.yaml | 15 - .../templates/hidden/external-access-svc.yaml | 67 - .../templates/hidden/headless-svc.yaml | 34 - .../chart/mongodb/templates/hidden/pdb.yaml | 22 - .../mongodb/templates/hidden/statefulset.yaml | 533 ----- .../templates/initialization-configmap.yaml | 17 - .../chart/mongodb/templates/metrics-svc.yaml | 33 - .../mongodb/templates/networkpolicy.yaml | 44 - .../mongodb/templates/prometheusrule.yaml | 18 - .../7.0/chart/mongodb/templates/psp.yaml | 50 - .../templates/replicaset/access-svc.yaml | 32 - .../replicaset/external-access-svc.yaml | 67 - .../templates/replicaset/headless-svc.yaml | 34 - .../mongodb/templates/replicaset/pdb.yaml | 25 - .../replicaset/scripts-configmap.yaml | 301 --- .../templates/replicaset/statefulset.yaml | 543 ----- .../mongodb/templates/replicaset/svc.yaml | 43 - .../7.0/chart/mongodb/templates/role.yaml | 30 - .../chart/mongodb/templates/rolebinding.yaml | 19 - .../chart/mongodb/templates/secrets-ca.yaml | 37 - .../7.0/chart/mongodb/templates/secrets.yaml | 41 - .../mongodb/templates/serviceaccount.yaml | 23 - .../mongodb/templates/servicemonitor.yaml | 48 - .../mongodb/templates/standalone/dep-sts.yaml | 474 ---- .../mongodb/templates/standalone/pvc.yaml | 33 - .../mongodb/templates/standalone/svc.yaml | 58 - .../7.0/chart/mongodb/values.schema.json | 173 -- addons/mongodb/7.0/chart/mongodb/values.yaml | 2053 ----------------- addons/mongodb/7.0/meta.yaml | 24 - .../7.0/plans/standard-1c2g10/bind.yaml | 28 - .../create-instance-schema.json | 12 - .../7.0/plans/standard-1c2g10/meta.yaml | 6 - .../7.0/plans/standard-1c2g10/values.yaml | 23 - 45 files changed, 6912 deletions(-) delete mode 100644 addons/mongodb/7.0/chart/mongodb/.helmignore delete mode 100644 addons/mongodb/7.0/chart/mongodb/Chart.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/README.md delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/psp.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/role.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml delete mode 100644 addons/mongodb/7.0/chart/mongodb/values.schema.json delete mode 100644 addons/mongodb/7.0/chart/mongodb/values.yaml delete mode 100644 addons/mongodb/7.0/meta.yaml delete mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml delete mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json delete mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml delete mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/values.yaml diff --git a/addons/mongodb/7.0/chart/mongodb/.helmignore b/addons/mongodb/7.0/chart/mongodb/.helmignore deleted file mode 100644 index f0c13194..00000000 --- a/addons/mongodb/7.0/chart/mongodb/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/addons/mongodb/7.0/chart/mongodb/Chart.yaml b/addons/mongodb/7.0/chart/mongodb/Chart.yaml deleted file mode 100644 index 4d7cf00d..00000000 --- a/addons/mongodb/7.0/chart/mongodb/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - category: Database -apiVersion: v2 -appVersion: 7.0.8 -dependencies: - - name: common - repository: oci://registry.drycc.cc/charts - tags: - - drycc-common - version: ~1.1.2 -description: MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. -engine: gotpl -home: https://github.com/drycc/charts/tree/master/drycc/mongodb -icon: https://drycc.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png -keywords: - - mongodb - - database - - nosql - - cluster - - replicaset - - replication -maintainers: - - name: Drycc - url: https://github.com/drycc/charts -name: mongodb -sources: - - https://github.com/drycc/containers/tree/main/drycc/mongodb - - https://mongodb.org -version: 13.1.7 diff --git a/addons/mongodb/7.0/chart/mongodb/README.md b/addons/mongodb/7.0/chart/mongodb/README.md deleted file mode 100644 index 5a83118a..00000000 --- a/addons/mongodb/7.0/chart/mongodb/README.md +++ /dev/null @@ -1,787 +0,0 @@ - - -# MongoDB(R) packaged by Drycc - -MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. - -[Overview of MongoDB®](http://www.mongodb.org) - -Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from Drycc. - -## TL;DR - -```bash -$ helm repo add my-repo https://charts.drycc.com/drycc -$ helm install my-release my-repo/mongodb -``` - -## Introduction - -This chart bootstraps a [MongoDB(®)](https://github.com/drycc/containers/tree/main/drycc/mongodb) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Drycc charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install my-release my-repo/mongodb -``` - -The command deploys MongoDB(®) on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Architecture - -This chart allows installing MongoDB(®) using two different architecture setups: `standalone` or `replicaset`. Use the `architecture` parameter to choose the one to use: - -```console -architecture="standalone" -architecture="replicaset" -``` - -Refer to the [chart documentation for more information on each of these architectures](https://docs.drycc.com/kubernetes/infrastructure/mongodb/get-started/understand-architecture/). - -## Parameters - -### Global parameters - -| Name | Description | Value | -| -------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | -| `global.namespaceOverride` | Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------------------------- | --------------- | -| `nameOverride` | String to partially override mongodb.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override mongodb.fullname template | `""` | -| `namespaceOverride` | String to fully override common.names.namespace | `""` | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `commonLabels` | Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonAnnotations` | Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - - -### MongoDB(®) parameters - -| Name | Description | Value | -| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------- | -| `image.registry` | MongoDB(®) image registry | `docker.io` | -| `image.repository` | MongoDB(®) image registry | `drycc/mongodb` | -| `image.tag` | MongoDB(®) image tag (immutable tags are recommended) | `6.0.2-debian-11-r1` | -| `image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | MongoDB(®) image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Set to true if you would like to see extra information on logs | `false` | -| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | -| `architecture` | MongoDB(®) architecture (`standalone` or `replicaset`) | `standalone` | -| `useStatefulSet` | Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) | `false` | -| `auth.enabled` | Enable authentication | `true` | -| `auth.rootUser` | MongoDB(®) root user | `root` | -| `auth.rootPassword` | MongoDB(®) root password | `""` | -| `auth.usernames` | List of custom users to be created during the initialization | `[]` | -| `auth.passwords` | List of passwords for the custom users set at `auth.usernames` | `[]` | -| `auth.databases` | List of custom databases to be created during the initialization | `[]` | -| `auth.username` | DEPRECATED: use `auth.usernames` instead | `""` | -| `auth.password` | DEPRECATED: use `auth.passwords` instead | `""` | -| `auth.database` | DEPRECATED: use `auth.databases` instead | `""` | -| `auth.replicaSetKey` | Key used for authentication in the replicaset (only when `architecture=replicaset`) | `""` | -| `auth.existingSecret` | Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) | `""` | -| `tls.enabled` | Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes | `false` | -| `tls.autoGenerated` | Generate a custom CA and self-signed certificates | `true` | -| `tls.existingSecret` | Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) | `""` | -| `tls.caCert` | Custom CA certificated (base64 encoded) | `""` | -| `tls.caKey` | CA certificate private key (base64 encoded) | `""` | -| `tls.image.registry` | Init container TLS certs setup image registry | `docker.io` | -| `tls.image.repository` | Init container TLS certs setup image repository | `drycc/nginx` | -| `tls.image.tag` | Init container TLS certs setup image tag (immutable tags are recommended) | `1.23.1-debian-11-r26` | -| `tls.image.digest` | Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `tls.image.pullPolicy` | Init container TLS certs setup image pull policy | `IfNotPresent` | -| `tls.image.pullSecrets` | Init container TLS certs specify docker-registry secret names as an array | `[]` | -| `tls.extraDnsNames` | Add extra dns names to the CA, can solve x509 auth issue for pod clients | `[]` | -| `tls.mode` | Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) | `requireTLS` | -| `tls.resources.limits` | Init container generate-tls-certs resource limits | `{}` | -| `tls.resources.requests` | Init container generate-tls-certs resource requests | `{}` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `replicaSetName` | Name of the replica set (only when `architecture=replicaset`) | `rs0` | -| `replicaSetHostnames` | Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) | `true` | -| `enableIPv6` | Switch to enable/disable IPv6 on MongoDB(®) | `false` | -| `directoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB(®) | `false` | -| `systemLogVerbosity` | MongoDB(®) system log verbosity level | `0` | -| `disableSystemLog` | Switch to enable/disable MongoDB(®) system log | `false` | -| `disableJavascript` | Switch to enable/disable MongoDB(®) server-side JavaScript execution | `false` | -| `enableJournal` | Switch to enable/disable MongoDB(®) Journaling | `true` | -| `configuration` | MongoDB(®) configuration file to be used for Primary and Secondary nodes | `""` | - - -### replicaSetConfigurationSettings settings applied during runtime (not via configuration file) - -| Name | Description | Value | -| ----------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------- | -| `replicaSetConfigurationSettings.enabled` | Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings | `false` | -| `replicaSetConfigurationSettings.configuration` | run-time rs.conf settings | `{}` | -| `existingConfigmap` | Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes | `""` | -| `initdbScripts` | Dictionary of initdb scripts | `{}` | -| `initdbScriptsConfigMap` | Existing ConfigMap with custom initdb scripts | `""` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraFlags` | MongoDB(®) additional command line flags | `[]` | -| `extraEnvVars` | Extra environment variables to add to MongoDB(®) pods | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | - - -### MongoDB(®) statefulset parameters - -| Name | Description | Value | -| --------------------------------------- | --------------------------------------------------------------------------------------------------------------- | --------------- | -| `annotations` | Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | -| `labels` | Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | -| `replicaCount` | Number of MongoDB(®) nodes (only when `architecture=replicaset`) | `2` | -| `updateStrategy.type` | Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, | `RollingUpdate` | -| `podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | -| `podAffinityPreset` | MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | MongoDB(®) Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | MongoDB(®) Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | MongoDB(®) Affinity for pod assignment | `{}` | -| `nodeSelector` | MongoDB(®) Node labels for pod assignment | `{}` | -| `tolerations` | MongoDB(®) Tolerations for pod assignment | `[]` | -| `topologySpreadConstraints` | MongoDB(®) Spread Constraints for Pods | `[]` | -| `lifecycleHooks` | LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup | `{}` | -| `terminationGracePeriodSeconds` | MongoDB(®) Termination Grace Period | `""` | -| `podLabels` | MongoDB(®) pod labels | `{}` | -| `podAnnotations` | MongoDB(®) Pod annotations | `{}` | -| `priorityClassName` | Name of the existing priority class to be used by MongoDB(®) pod(s) | `""` | -| `runtimeClassName` | Name of the runtime class to be used by MongoDB(®) pod(s) | `""` | -| `podSecurityContext.enabled` | Enable MongoDB(®) pod(s)' Security Context | `true` | -| `podSecurityContext.fsGroup` | Group ID for the volumes of the MongoDB(®) pod(s) | `1001` | -| `podSecurityContext.sysctls` | sysctl settings of the MongoDB(®) pod(s)' | `[]` | -| `containerSecurityContext.enabled` | Enable MongoDB(®) container(s)' Security Context | `true` | -| `containerSecurityContext.runAsUser` | User ID for the MongoDB(®) container | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set MongoDB(®) container's Security Context runAsNonRoot | `true` | -| `resources.limits` | The resources limits for MongoDB(®) containers | `{}` | -| `resources.requests` | The requested resources for MongoDB(®) containers | `{}` | -| `containerPorts.mongodb` | MongoDB(®) container port | `27017` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `20` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `10` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | -| `customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | -| `customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | -| `initContainers` | Add additional init containers for the hidden node pod(s) | `[]` | -| `sidecars` | Add additional sidecar containers for the MongoDB(®) pod(s) | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) | `[]` | -| `extraVolumes` | Optionally specify extra list of additional volumes to the MongoDB(®) statefulset | `[]` | -| `pdb.create` | Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) | `false` | -| `pdb.minAvailable` | Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction | `1` | -| `pdb.maxUnavailable` | Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction | `""` | - - -### Traffic exposure parameters - -| Name | Description | Value | -| -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `service.nameOverride` | MongoDB(®) service name | `""` | -| `service.type` | Kubernetes Service type (only for standalone architecture) | `ClusterIP` | -| `service.portName` | MongoDB(®) service port name (only for standalone architecture) | `mongodb` | -| `service.ports.mongodb` | MongoDB(®) service port. | `27017` | -| `service.nodePorts.mongodb` | Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) | `""` | -| `service.clusterIP` | MongoDB(®) service cluster IP (only for standalone architecture) | `""` | -| `service.externalIPs` | Specify the externalIP value ClusterIP service type (only for standalone architecture) | `[]` | -| `service.loadBalancerIP` | loadBalancerIP for MongoDB(®) Service (only for standalone architecture) | `""` | -| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) | `[]` | -| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `service.annotations` | Provide any additional annotations that may be required | `{}` | -| `service.externalTrafficPolicy` | service external traffic policy (only for standalone architecture) | `Local` | -| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `externalAccess.enabled` | Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) | `false` | -| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs by querying the K8s API | `false` | -| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | -| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `drycc/kubectl` | -| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.2-debian-11-r2` | -| `externalAccess.autoDiscovery.image.digest` | Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | -| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | -| `externalAccess.autoDiscovery.resources.limits` | Init container auto-discovery resource limits | `{}` | -| `externalAccess.autoDiscovery.resources.requests` | Init container auto-discovery resource requests | `{}` | -| `externalAccess.service.type` | Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | -| `externalAccess.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | -| `externalAccess.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | -| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | -| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | -| `externalAccess.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | -| `externalAccess.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort | `[]` | -| `externalAccess.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | -| `externalAccess.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `externalAccess.service.annotations` | Service annotations for external access | `{}` | -| `externalAccess.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `externalAccess.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `externalAccess.hidden.enabled` | Enable Kubernetes external cluster access to MongoDB(®) hidden nodes | `false` | -| `externalAccess.hidden.service.type` | Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer | `LoadBalancer` | -| `externalAccess.hidden.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | -| `externalAccess.hidden.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | -| `externalAccess.hidden.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | -| `externalAccess.hidden.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | -| `externalAccess.hidden.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | -| `externalAccess.hidden.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount | `[]` | -| `externalAccess.hidden.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | -| `externalAccess.hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `externalAccess.hidden.service.annotations` | Service annotations for external access | `{}` | -| `externalAccess.hidden.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `externalAccess.hidden.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | - - -### Persistence parameters - -| Name | Description | Value | -| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `persistence.enabled` | Enable MongoDB(®) data persistence using PVC | `true` | -| `persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` | -| `persistence.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` | -| `persistence.storageClass` | PVC Storage Class for MongoDB(®) data volume | `""` | -| `persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | -| `persistence.size` | PVC Storage Request for MongoDB(®) data volume | `8Gi` | -| `persistence.annotations` | PVC annotations | `{}` | -| `persistence.mountPath` | Path to mount the volume at | `/drycc/mongodb` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | -| `persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | -| `persistence.volumeClaimTemplates.dataSource` | Add dataSource to the VolumeClaimTemplate | `{}` | - - -### RBAC parameters - -| Name | Description | Value | -| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `serviceAccount.create` | Enable creation of ServiceAccount for MongoDB(®) pods | `true` | -| `serviceAccount.name` | Name of the created serviceAccount | `""` | -| `serviceAccount.annotations` | Additional Service Account annotations | `{}` | -| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | -| `rbac.create` | Whether to create & use RBAC resources or not | `false` | -| `rbac.rules` | Custom rules to create following the role specification | `[]` | -| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | -| `podSecurityPolicy.allowPrivilegeEscalation` | Enable privilege escalation | `false` | -| `podSecurityPolicy.privileged` | Allow privileged | `false` | -| `podSecurityPolicy.spec` | Specify the full spec to use for Pod Security Policy | `{}` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `drycc/drycc-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r37` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | -| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | -| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions container | `0` | - - -### Arbiter parameters - -| Name | Description | Value | -| ----------------------------------------------- | ------------------------------------------------------------------------------------------------- | --------------- | -| `arbiter.enabled` | Enable deploying the arbiter | `true` | -| `arbiter.hostAliases` | Add deployment host aliases | `[]` | -| `arbiter.configuration` | Arbiter configuration file to be used | `""` | -| `arbiter.existingConfigmap` | Name of existing ConfigMap with Arbiter configuration | `""` | -| `arbiter.command` | Override default container command (useful when using custom images) | `[]` | -| `arbiter.args` | Override default container args (useful when using custom images) | `[]` | -| `arbiter.extraFlags` | Arbiter additional command line flags | `[]` | -| `arbiter.extraEnvVars` | Extra environment variables to add to Arbiter pods | `[]` | -| `arbiter.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `arbiter.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | -| `arbiter.annotations` | Additional labels to be added to the Arbiter statefulset | `{}` | -| `arbiter.labels` | Annotations to be added to the Arbiter statefulset | `{}` | -| `arbiter.topologySpreadConstraints` | MongoDB(®) Spread Constraints for arbiter Pods | `[]` | -| `arbiter.lifecycleHooks` | LifecycleHook for the Arbiter container to automate configuration before or after startup | `{}` | -| `arbiter.terminationGracePeriodSeconds` | Arbiter Termination Grace Period | `""` | -| `arbiter.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | -| `arbiter.podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | -| `arbiter.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | -| `arbiter.podAffinityPreset` | Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `arbiter.podAntiAffinityPreset` | Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `arbiter.nodeAffinityPreset.type` | Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `arbiter.nodeAffinityPreset.key` | Arbiter Node label key to match Ignored if `affinity` is set. | `""` | -| `arbiter.nodeAffinityPreset.values` | Arbiter Node label values to match. Ignored if `affinity` is set. | `[]` | -| `arbiter.affinity` | Arbiter Affinity for pod assignment | `{}` | -| `arbiter.nodeSelector` | Arbiter Node labels for pod assignment | `{}` | -| `arbiter.tolerations` | Arbiter Tolerations for pod assignment | `[]` | -| `arbiter.podLabels` | Arbiter pod labels | `{}` | -| `arbiter.podAnnotations` | Arbiter Pod annotations | `{}` | -| `arbiter.priorityClassName` | Name of the existing priority class to be used by Arbiter pod(s) | `""` | -| `arbiter.runtimeClassName` | Name of the runtime class to be used by Arbiter pod(s) | `""` | -| `arbiter.podSecurityContext.enabled` | Enable Arbiter pod(s)' Security Context | `true` | -| `arbiter.podSecurityContext.fsGroup` | Group ID for the volumes of the Arbiter pod(s) | `1001` | -| `arbiter.podSecurityContext.sysctls` | sysctl settings of the Arbiter pod(s)' | `[]` | -| `arbiter.containerSecurityContext.enabled` | Enable Arbiter container(s)' Security Context | `true` | -| `arbiter.containerSecurityContext.runAsUser` | User ID for the Arbiter container | `1001` | -| `arbiter.containerSecurityContext.runAsNonRoot` | Set Arbiter containers' Security Context runAsNonRoot | `true` | -| `arbiter.resources.limits` | The resources limits for Arbiter containers | `{}` | -| `arbiter.resources.requests` | The requested resources for Arbiter containers | `{}` | -| `arbiter.containerPorts.mongodb` | MongoDB(®) arbiter container port | `27017` | -| `arbiter.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `arbiter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `arbiter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `arbiter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | -| `arbiter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `arbiter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `arbiter.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `arbiter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `arbiter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | -| `arbiter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | -| `arbiter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `arbiter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `arbiter.startupProbe.enabled` | Enable startupProbe | `false` | -| `arbiter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `arbiter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `arbiter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `arbiter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | -| `arbiter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `arbiter.customLivenessProbe` | Override default liveness probe for Arbiter containers | `{}` | -| `arbiter.customReadinessProbe` | Override default readiness probe for Arbiter containers | `{}` | -| `arbiter.customStartupProbe` | Override default startup probe for Arbiter containers | `{}` | -| `arbiter.initContainers` | Add additional init containers for the Arbiter pod(s) | `[]` | -| `arbiter.sidecars` | Add additional sidecar containers for the Arbiter pod(s) | `[]` | -| `arbiter.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Arbiter container(s) | `[]` | -| `arbiter.extraVolumes` | Optionally specify extra list of additional volumes to the Arbiter statefulset | `[]` | -| `arbiter.pdb.create` | Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) | `false` | -| `arbiter.pdb.minAvailable` | Minimum number/percentage of Arbiter pods that should remain scheduled | `1` | -| `arbiter.pdb.maxUnavailable` | Maximum number/percentage of Arbiter pods that may be made unavailable | `""` | -| `arbiter.service.nameOverride` | The arbiter service name | `""` | -| `arbiter.service.ports.mongodb` | MongoDB(®) service port | `27017` | -| `arbiter.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `arbiter.service.annotations` | Provide any additional annotations that may be required | `{}` | - - -### Hidden Node parameters - -| Name | Description | Value | -| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------- | -| `hidden.enabled` | Enable deploying the hidden nodes | `false` | -| `hidden.hostAliases` | Add deployment host aliases | `[]` | -| `hidden.configuration` | Hidden node configuration file to be used | `""` | -| `hidden.existingConfigmap` | Name of existing ConfigMap with Hidden node configuration | `""` | -| `hidden.command` | Override default container command (useful when using custom images) | `[]` | -| `hidden.args` | Override default container args (useful when using custom images) | `[]` | -| `hidden.extraFlags` | Hidden node additional command line flags | `[]` | -| `hidden.extraEnvVars` | Extra environment variables to add to Hidden node pods | `[]` | -| `hidden.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `hidden.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | -| `hidden.annotations` | Additional labels to be added to thehidden node statefulset | `{}` | -| `hidden.labels` | Annotations to be added to the hidden node statefulset | `{}` | -| `hidden.topologySpreadConstraints` | MongoDB(®) Spread Constraints for hidden Pods | `[]` | -| `hidden.lifecycleHooks` | LifecycleHook for the Hidden container to automate configuration before or after startup | `{}` | -| `hidden.replicaCount` | Number of hidden nodes (only when `architecture=replicaset`) | `1` | -| `hidden.terminationGracePeriodSeconds` | Hidden Termination Grace Period | `""` | -| `hidden.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | -| `hidden.podManagementPolicy` | Pod management policy for hidden node | `OrderedReady` | -| `hidden.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | -| `hidden.podAffinityPreset` | Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `hidden.podAntiAffinityPreset` | Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `hidden.nodeAffinityPreset.type` | Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `hidden.nodeAffinityPreset.key` | Hidden Node label key to match Ignored if `affinity` is set. | `""` | -| `hidden.nodeAffinityPreset.values` | Hidden Node label values to match. Ignored if `affinity` is set. | `[]` | -| `hidden.affinity` | Hidden node Affinity for pod assignment | `{}` | -| `hidden.nodeSelector` | Hidden node Node labels for pod assignment | `{}` | -| `hidden.tolerations` | Hidden node Tolerations for pod assignment | `[]` | -| `hidden.podLabels` | Hidden node pod labels | `{}` | -| `hidden.podAnnotations` | Hidden node Pod annotations | `{}` | -| `hidden.priorityClassName` | Name of the existing priority class to be used by hidden node pod(s) | `""` | -| `hidden.runtimeClassName` | Name of the runtime class to be used by hidden node pod(s) | `""` | -| `hidden.podSecurityContext.enabled` | Enable Hidden pod(s)' Security Context | `true` | -| `hidden.podSecurityContext.fsGroup` | Group ID for the volumes of the Hidden pod(s) | `1001` | -| `hidden.podSecurityContext.sysctls` | sysctl settings of the Hidden pod(s)' | `[]` | -| `hidden.containerSecurityContext.enabled` | Enable Hidden container(s)' Security Context | `true` | -| `hidden.containerSecurityContext.runAsUser` | User ID for the Hidden container | `1001` | -| `hidden.containerSecurityContext.runAsNonRoot` | Set Hidden containers' Security Context runAsNonRoot | `true` | -| `hidden.resources.limits` | The resources limits for hidden node containers | `{}` | -| `hidden.resources.requests` | The requested resources for hidden node containers | `{}` | -| `hidden.containerPorts.mongodb` | MongoDB(®) hidden container port | `27017` | -| `hidden.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `hidden.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `hidden.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `hidden.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | -| `hidden.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `hidden.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `hidden.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `hidden.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `hidden.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | -| `hidden.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | -| `hidden.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `hidden.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `hidden.startupProbe.enabled` | Enable startupProbe | `false` | -| `hidden.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `hidden.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `hidden.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `hidden.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | -| `hidden.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `hidden.customLivenessProbe` | Override default liveness probe for hidden node containers | `{}` | -| `hidden.customReadinessProbe` | Override default readiness probe for hidden node containers | `{}` | -| `hidden.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | -| `hidden.initContainers` | Add init containers to the MongoDB(®) Hidden pods. | `[]` | -| `hidden.sidecars` | Add additional sidecar containers for the hidden node pod(s) | `[]` | -| `hidden.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the hidden node container(s) | `[]` | -| `hidden.extraVolumes` | Optionally specify extra list of additional volumes to the hidden node statefulset | `[]` | -| `hidden.pdb.create` | Enable/disable a Pod Disruption Budget creation for hidden node pod(s) | `false` | -| `hidden.pdb.minAvailable` | Minimum number/percentage of hidden node pods that should remain scheduled | `1` | -| `hidden.pdb.maxUnavailable` | Maximum number/percentage of hidden node pods that may be made unavailable | `""` | -| `hidden.persistence.enabled` | Enable hidden node data persistence using PVC | `true` | -| `hidden.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `hidden.persistence.storageClass` | PVC Storage Class for hidden node data volume | `""` | -| `hidden.persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | -| `hidden.persistence.size` | PVC Storage Request for hidden node data volume | `8Gi` | -| `hidden.persistence.annotations` | PVC annotations | `{}` | -| `hidden.persistence.mountPath` | The path the volume will be mounted at, useful when using different MongoDB(®) images. | `/drycc/mongodb` | -| `hidden.persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments | `""` | -| `hidden.persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | -| `hidden.persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | -| `hidden.persistence.volumeClaimTemplates.dataSource` | Set volumeClaimTemplate dataSource | `{}` | -| `hidden.service.portName` | MongoDB(®) service port name | `mongodb` | -| `hidden.service.ports.mongodb` | MongoDB(®) service port | `27017` | -| `hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `hidden.service.annotations` | Provide any additional annotations that may be required | `{}` | - - -### Metrics parameters - -| Name | Description | Value | -| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `metrics.enabled` | Enable using a sidecar Prometheus exporter | `false` | -| `metrics.image.registry` | MongoDB(®) Prometheus exporter image registry | `docker.io` | -| `metrics.image.repository` | MongoDB(®) Prometheus exporter image repository | `drycc/mongodb-exporter` | -| `metrics.image.tag` | MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) | `0.34.0-debian-11-r19` | -| `metrics.image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | MongoDB(®) Prometheus exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.username` | String with username for the metrics exporter | `""` | -| `metrics.password` | String with password for the metrics exporter | `""` | -| `metrics.extraFlags` | String with extra flags to the metrics exporter | `""` | -| `metrics.command` | Override default container command (useful when using custom images) | `[]` | -| `metrics.args` | Override default container args (useful when using custom images) | `[]` | -| `metrics.resources.limits` | The resources limits for Prometheus exporter containers | `{}` | -| `metrics.resources.requests` | The requested resources for Prometheus exporter containers | `{}` | -| `metrics.containerPort` | Port of the Prometheus metrics container | `9216` | -| `metrics.service.annotations` | Annotations for Prometheus Exporter pods. Evaluated as a template. | `{}` | -| `metrics.service.type` | Type of the Prometheus metrics service | `ClusterIP` | -| `metrics.service.ports.metrics` | Port of the Prometheus metrics service | `9216` | -| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.startupProbe.enabled` | Enable startupProbe | `false` | -| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | -| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `metrics.customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | -| `metrics.customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | -| `metrics.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | -| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricsRelabelConfigs to apply to samples before ingestion. | `[]` | -| `metrics.serviceMonitor.labels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | Namespace where prometheusRules resource should be created | `""` | -| `metrics.prometheusRule.rules` | Rules to be created, check values for an example | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install my-release \ - --set auth.rootPassword=secretpassword,auth.username=my-user,auth.password=my-password,auth.database=my-database \ - my-repo/mongodb -``` - -The above command sets the MongoDB(®) `root` account password to `secretpassword`. Additionally, it creates a standard database user named `my-user`, with the password `my-password`, who has access to a database named `my-database`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml my-repo/mongodb -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.drycc.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Drycc will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Customize a new MongoDB instance - -The [Drycc MongoDB(®) image](https://github.com/drycc/containers/tree/main/drycc/mongodb) supports the use of custom scripts to initialize a fresh instance. In order to execute the scripts, two options are available: - -* Specify them using the `initdbScripts` parameter as dict. -* Define an external Kubernetes ConfigMap with all the initialization scripts by setting the `initdbScriptsConfigMap` parameter. Note that this will override the previous option. - -The allowed script extensions are `.sh` and `.js`. - -### Replicaset: Access MongoDB(®) nodes from outside the cluster - -In order to access MongoDB(®) nodes from outside the cluster when using a replicaset architecture, a specific service per MongoDB(®) pod will be created. There are two ways of configuring external access: - -- Using LoadBalancer services -- Using NodePort services. - -Refer to the [chart documentation for more details and configuration examples](https://docs.drycc.com/kubernetes/infrastructure/mongodb/configuration/configure-external-access-replicaset/). - -### Add extra environment variables - -To add extra environment variables (useful for advanced operations like custom init scripts), use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: LOG_LEVEL - value: error -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` properties. - -### Use Sidecars and Init Containers - -If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. - -Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.drycc.com/kubernetes/infrastructure/mongodb/configuration/configure-sidecar-init-containers/). - -## Persistence - -The [Drycc MongoDB(®)](https://github.com/drycc/containers/tree/main/drycc/mongodb) image stores the MongoDB(®) data and configurations at the `/drycc/mongodb` path of the container. - -The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. - -If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.drycc.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). - -## Use custom Prometheus rules - -Custom Prometheus rules can be defined for the Prometheus Operator by using the `prometheusRule` parameter. - -Refer to the [chart documentation for an example of a custom rule](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/use-prometheus-rules/). - -## Enable SSL/TLS - -This chart supports enabling SSL/TLS between nodes in the cluster, as well as between MongoDB(®) clients and nodes, by setting the `MONGODB_EXTRA_FLAGS` and `MONGODB_CLIENT_EXTRA_FLAGS` container environment variables, together with the correct `MONGODB_ADVERTISED_HOSTNAME`. To enable full TLS encryption, set the `tls.enabled` parameter to `true`. - -Refer to the [chart documentation for more information on enabling TLS](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/enable-tls/). - -### Set Pod affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [drycc/common](https://github.com/drycc/charts/tree/master/drycc/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Drycc's Helm charts in [this troubleshooting guide](https://docs.drycc.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -If authentication is enabled, it's necessary to set the `auth.rootPassword` (also `auth.replicaSetKey` when using a replicaset architecture) when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Credentials' section. Please note down the password, and run the command below to upgrade your chart: - -```bash -$ helm upgrade my-release my-repo/mongodb --set auth.rootPassword=[PASSWORD] (--set auth.replicaSetKey=[REPLICASETKEY]) -``` - -> Note: you need to substitute the placeholders [PASSWORD] and [REPLICASETKEY] with the values obtained in the installation notes. - -### To 12.0.0 - -This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Drycc charts repository. - -Affected values: - -- `strategyType` is replaced by `updateStrategy` -- `service.port` is renamed to `service.ports.mongodb` -- `service.nodePort` is renamed to `service.nodePorts.mongodb` -- `externalAccess.service.port` is renamed to `externalAccess.hidden.service.ports.mongodb` -- `rbac.role.rules` is renamed to `rbac.rules` -- `externalAccess.hidden.service.port` is renamed ot `externalAccess.hidden.service.ports.mongodb` -- `hidden.strategyType` is replaced by `hidden.updateStrategy` -- `metrics.serviceMonitor.relabellings` is renamed to `metrics.serviceMonitor.relabelings`(typo fixed) -- `metrics.serviceMonitor.additionalLabels` is renamed to `metrics.serviceMonitor.labels` - -Additionally also updates the MongoDB image dependency to it newest major, 5.0 - -### To 11.0.0 - -In this version, the mongodb-exporter bundled as part of this Helm chart was updated to a new version which, even it is not a major change, can contain breaking changes (from `0.11.X` to `0.30.X`). -Please visit the release notes from the upstream project at https://github.com/percona/mongodb_exporter/releases - -### To 10.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/upgrade-helm3/). - -### To 9.0.0 - -MongoDB(®) container images were updated to `4.4.x` and it can affect compatibility with older versions of MongoDB(®). Refer to the following guides to upgrade your applications: - -- [Standalone](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-standalone/) -- [Replica Set](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-replica-set/) - -### To 8.0.0 - -- Architecture used to configure MongoDB(®) as a replicaset was completely refactored. Now, both primary and secondary nodes are part of the same statefulset. -- Chart labels were adapted to follow the Helm charts best practices. -- This version introduces `drycc/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/drycc/charts/tree/master/drycc/common#drycc-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. -- Several parameters were renamed or disappeared in favor of new ones on this major version. These are the most important ones: - - `replicas` is renamed to `replicaCount`. - - Authentication parameters are reorganized under the `auth.*` parameter: - - `usePassword` is renamed to `auth.enabled`. - - `mongodbRootPassword`, `mongodbUsername`, `mongodbPassword`, `mongodbDatabase`, and `replicaSet.key` are now `auth.rootPassword`, `auth.username`, `auth.password`, `auth.database`, and `auth.replicaSetKey` respectively. - - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. - - Parameters prefixed with `mongodb` are renamed removing the prefix. E.g. `mongodbEnableIPv6` is renamed to `enableIPv6`. - - Parameters affecting Arbiter nodes are reorganized under the `arbiter.*` parameter. - -Consequences: - -- Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MongoDB(®) chart, and migrate your data by creating a backup of the database, and restoring it on the new release. - -### To 7.0.0 - -From this version, the way of setting the ingress rules has changed. Instead of using `ingress.paths` and `ingress.hosts` as separate objects, you should now define the rules as objects inside the `ingress.hosts` value, for example: - -```yaml -ingress: - hosts: - - name: mongodb.local - path: / -``` - -### To 6.0.0 - -From this version, `mongodbEnableIPv6` is set to `false` by default in order to work properly in most k8s clusters, if you want to use IPv6 support, you need to set this variable to `true` by adding `--set mongodbEnableIPv6=true` to your `helm` command. -You can find more information in the [`drycc/mongodb` image README](https://github.com/drycc/containers/tree/main/drycc/mongodb#readme). - -### To 5.0.0 - -When enabling replicaset configuration, backwards compatibility is not guaranteed unless you modify the labels used on the chart's statefulsets. -Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is `my-release`: - -```console -$ kubectl delete statefulset my-release-mongodb-arbiter my-release-mongodb-primary my-release-mongodb-secondary --cascade=false -``` - -### Add extra deployment options - -To add extra deployments (useful for advanced features like sidecars), use the `extraDeploy` property. - -In the example below, you can find how to use a example here for a [MongoDB replica set pod labeler sidecar](https://github.com/combor/k8s-mongo-labeler-sidecar) to identify the primary pod and dynamically label it as the primary node: - -```yaml -extraDeploy: - - apiVersion: v1 - kind: Service - metadata: - name: mongodb-primary - namespace: default - labels: - app.kubernetes.io/component: mongodb - app.kubernetes.io/instance: mongodb - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: mongodb - spec: - type: NodePort - externalTrafficPolicy: Cluster - ports: - - name: mongodb-primary - port: 30001 - nodePort: 30001 - protocol: TCP - targetPort: mongodb - selector: - app.kubernetes.io/component: mongodb - app.kubernetes.io/instance: mongodb - app.kubernetes.io/name: mongodb - primary: "true" -``` - -## License - -Copyright © 2022 Drycc - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file diff --git a/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt b/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt deleted file mode 100644 index 2bb79222..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt +++ /dev/null @@ -1,202 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - - /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh - -{{- else }} - -{{- $replicaCount := int .Values.replicaCount }} -{{- $portNumber := int .Values.service.ports.mongodb }} -{{- $fullname := include "mongodb.fullname" . }} -{{- $releaseNamespace := include "mongodb.namespace" . }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} -{{- $mongoList := list }} -{{- range $e, $i := until $replicaCount }} -{{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} -{{- end }} - -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer") }} - -#################################################################################### -### ERROR: You enabled external access to MongoDB® nodes without specifying ### -### the array of load balancer IPs for MongoDB® nodes. ### -#################################################################################### - -This deployment will be incomplete until you configure the array of load balancer -IPs for MongoDB® nodes. To complete your deployment follow the steps below: - -1. Wait for the load balancer IPs (it may take a few minutes for them to be available): - - kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb" -w - -2. Obtain the load balancer IPs and upgrade your chart: - - {{- range $e, $i := until $replicaCount }} - LOAD_BALANCER_IP_{{ add $i 1 }}="$(kubectl get svc --namespace {{ $releaseNamespace }} {{ $fullname }}-{{ $i }}-external -o jsonpath='{.status.loadBalancer.ingress[0].ip}')" - {{- end }} - -3. Upgrade you chart: - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} my-repo/{{ .Chart.Name }} \ - --set mongodb.replicaCount={{ $replicaCount }} \ - --set mongodb.externalAccess.enabled=true \ - {{- range $i, $e := until $replicaCount }} - --set mongodb.externalAccess.service.loadBalancerIPs[{{ $i }}]=$LOAD_BALANCER_IP_{{ add $i 1 }} \ - {{- end }} - --set mongodb.externalAccess.service.type=LoadBalancer - -{{- else }} - -{{- if and (or (and (eq .Values.architecture "standalone") (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort"))) (and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled)) (not .Values.auth.enabled) }} -------------------------------------------------------------------------------- - WARNING - - By not enabling "mongodb.auth.enabled" you have most likely exposed the - MongoDB® service externally without any authentication mechanism. - - For security reasons, we strongly suggest that you enable authentiation - setting the "mongodb.auth.enabled" parameter to "true". - -------------------------------------------------------------------------------- -{{- end }} - -** Please be patient while the chart is being deployed ** - -MongoDB® can be accessed on the following DNS name(s) and ports from within your cluster: - -{{- if eq .Values.architecture "replicaset" }} -{{ join "\n" $mongoList | nindent 4 }} -{{- else }} - - {{ $fullname }}.{{ $releaseNamespace }}.svc.{{ .Values.clusterDomain }} - -{{- end }} - -{{- if .Values.auth.enabled }} - -To get the root password run: - - export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.secretName" . }} -o jsonpath="{.data.mongodb-root-password}" | base64 -d) - -{{- end }} -{{- $customUsers := include "mongodb.customUsers" . -}} -{{- $customDatabases := include "mongodb.customDatabases" . -}} -{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} -{{- $customUsersList := splitList "," $customUsers }} -{{- range $index, $user := $customUsersList }} - -To get the password for "{{ $user }}" run: - - export MONGODB_PASSWORD=$(kubectl get secret --namespace {{ include "mongodb.namespace" $ }} {{ include "mongodb.secretName" $ }} -o jsonpath="{.data.mongodb-passwords}" | base64 -d | awk -F',' '{print ${{ add 1 $index }}}') - -{{- end }} -{{- end }} - -To connect to your database, create a MongoDB® client container: - - kubectl run --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }}-client --rm --tty -i --restart='Never' --env="MONGODB_ROOT_PASSWORD=$MONGODB_ROOT_PASSWORD" --image {{ template "mongodb.image" . }} --command -- bash - -Then, run the following command: - - {{- if eq .Values.architecture "replicaset" }} - mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} - {{- else }} - mongosh admin --host "{{ template "mongodb.fullname" . }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} - {{- end }} - -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }} - -To connect to your database nodes from outside, you need to add both primary and secondary nodes hostnames/IPs to your Mongo client. To obtain them, follow the instructions below: - -{{- if eq "NodePort" .Values.externalAccess.service.type }} -{{- if .Values.externalAccess.service.domain }} - - MongoDB® nodes domain: Use your provided hostname to reach MongoDB® nodes, {{ .Values.externalAccess.service.domain }} - -{{- else }} - - MongoDB® nodes domain: you can reach MongoDB® nodes on any of the K8s nodes external IPs. - - kubectl get nodes -o wide - -{{- end }} - - MongoDB® nodes port: You will have a different node port for each MongoDB® node. You can get the list of configured node ports using the command below: - - echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].spec.ports[0].nodePort}' | tr ' ' '\n')" - -{{- else if contains "LoadBalancer" .Values.externalAccess.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IPs to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -w' - - MongoDB® nodes domain: You will have a different external IP for each MongoDB® node. You can get the list of external IPs using the command below: - - echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}' | tr ' ' '\n')" - - MongoDB® nodes port: {{ .Values.externalAccess.service.ports.mongodb }} - -{{- end }} - -{{- else if eq .Values.architecture "standalone" }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "mongodb.fullname" . }}) - mongo --host $NODE_IP --port $NODE_PORT {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ template "mongodb.namespace" . }} -w {{ template "mongodb.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - mongosh --host $SERVICE_IP --port {{ $portNumber }} {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ template "mongodb.namespace" . }} svc/{{ template "mongodb.fullname" . }} {{ $portNumber }}:{{ $portNumber }} & - mongosh --host 127.0.0.1 {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} - -{{- end }} -{{- end }} -{{- end }} - -{{- if .Values.metrics.enabled }} - -To access the MongoDB® Prometheus metrics, get the MongoDB® Prometheus URL by running: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "mongodb.fullname" . }}-metrics {{ .Values.metrics.service.ports.metrics }}:{{ .Values.metrics.service.ports.metrics }} & - echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.metrics.service.ports.metrics }}/metrics" - -Then, open the obtained URL in a browser. - -{{- end }} -{{- end }} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- include "common.warnings.rollingTag" .Values.externalAccess.autoDiscovery.image }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- include "common.warnings.rollingTag" .Values.tls.image }} - diff --git a/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl b/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl deleted file mode 100644 index 81f6889c..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl +++ /dev/null @@ -1,432 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mongodb.name" -}} -{{- include "common.names.name" . -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mongodb.fullname" -}} -{{- include "common.names.fullname" . -}} -{{- end -}} - -{{/* -Create a default mongo service name which can be overridden. -*/}} -{{- define "mongodb.service.nameOverride" -}} - {{- if and .Values.service .Values.service.nameOverride -}} - {{- print .Values.service.nameOverride -}} - {{- else -}} - {{- printf "%s-headless" (include "mongodb.fullname" .) -}} - {{- end }} -{{- end }} - -{{/* -Create a default mongo arbiter service name which can be overridden. -*/}} -{{- define "mongodb.arbiter.service.nameOverride" -}} - {{- if and .Values.arbiter.service .Values.arbiter.service.nameOverride -}} - {{- print .Values.arbiter.service.nameOverride -}} - {{- else -}} - {{- printf "%s-arbiter-headless" (include "mongodb.fullname" .) -}} - {{- end }} -{{- end }} - -{{/* -Return the proper MongoDB® image name -*/}} -{{- define "mongodb.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "mongodb.metrics.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "mongodb.volumePermissions.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container auto-discovery image) -*/}} -{{- define "mongodb.externalAccess.autoDiscovery.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the TLS Certs image) -*/}} -{{- define "mongodb.tls.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.tls.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "mongodb.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "mongodb.namespace" -}} - {{- if and .Values.global .Values.global.namespaceOverride -}} - {{- print .Values.global.namespaceOverride -}} - {{- else -}} - {{- print .Release.Namespace -}} - {{- end }} -{{- end -}} -{{- define "mongodb.serviceMonitor.namespace" -}} - {{- if .Values.metrics.serviceMonitor.namespace -}} - {{- print .Values.metrics.serviceMonitor.namespace -}} - {{- else -}} - {{- include "mongodb.namespace" . -}} - {{- end }} -{{- end -}} -{{- define "mongodb.prometheusRule.namespace" -}} - {{- if .Values.metrics.prometheusRule.namespace -}} - {{- print .Values.metrics.prometheusRule.namespace -}} - {{- else -}} - {{- include "mongodb.namespace" . -}} - {{- end }} -{{- end -}} - -{{/* -Returns the proper service account name depending if an explicit service account name is set -in the values file. If the name is not set it will default to either mongodb.fullname if serviceAccount.create -is true or default otherwise. -*/}} -{{- define "mongodb.serviceAccountName" -}} - {{- if .Values.serviceAccount.create -}} - {{- default (include "mongodb.fullname" .) (print .Values.serviceAccount.name) -}} - {{- else -}} - {{- default "default" (print .Values.serviceAccount.name) -}} - {{- end -}} -{{- end -}} - -{{/* -Return the list of custom users to create during the initialization (string format) -*/}} -{{- define "mongodb.customUsers" -}} - {{- $customUsers := list -}} - {{- if .Values.auth.username -}} - {{- $customUsers = append $customUsers .Values.auth.username }} - {{- end }} - {{- range .Values.auth.usernames }} - {{- $customUsers = append $customUsers . }} - {{- end }} - {{- printf "%s" (default "" (join "," $customUsers)) -}} -{{- end -}} - -{{/* -Return the list of passwords for the custom users (string format) -*/}} -{{- define "mongodb.customPasswords" -}} - {{- $customPasswords := list -}} - {{- if .Values.auth.password -}} - {{- $customPasswords = append $customPasswords .Values.auth.password }} - {{- end }} - {{- range .Values.auth.passwords }} - {{- $customPasswords = append $customPasswords . }} - {{- end }} - {{- printf "%s" (default "" (join "," $customPasswords)) -}} -{{- end -}} - -{{/* -Return the list of custom databases to create during the initialization (string format) -*/}} -{{- define "mongodb.customDatabases" -}} - {{- $customDatabases := list -}} - {{- if .Values.auth.database -}} - {{- $customDatabases = append $customDatabases .Values.auth.database }} - {{- end }} - {{- range .Values.auth.databases }} - {{- $customDatabases = append $customDatabases . }} - {{- end }} - {{- printf "%s" (default "" (join "," $customDatabases)) -}} -{{- end -}} - -{{/* -Return the configmap with the MongoDB® configuration -*/}} -{{- define "mongodb.configmapName" -}} -{{- if .Values.existingConfigmap -}} - {{- printf "%s" (tpl .Values.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MongoDB® -*/}} -{{- define "mongodb.createConfigmap" -}} -{{- if and .Values.configuration (not .Values.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret with MongoDB® credentials -*/}} -{{- define "mongodb.secretName" -}} - {{- if .Values.auth.existingSecret -}} - {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} - {{- else -}} - {{- printf "%s" (include "mongodb.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created for MongoDB® -*/}} -{{- define "mongodb.createSecret" -}} -{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "mongodb.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} -{{- printf "%s" .Values.initdbScriptsConfigMap -}} -{{- else -}} -{{- printf "%s-init-scripts" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if the Arbiter should be deployed -*/}} -{{- define "mongodb.arbiter.enabled" -}} -{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the configmap with the MongoDB® configuration for the Arbiter -*/}} -{{- define "mongodb.arbiter.configmapName" -}} -{{- if .Values.arbiter.existingConfigmap -}} - {{- printf "%s" (tpl .Values.arbiter.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-arbiter" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MongoDB® Arbiter -*/}} -{{- define "mongodb.arbiter.createConfigmap" -}} -{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled .Values.arbiter.configuration (not .Values.arbiter.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if the Hidden should be deployed -*/}} -{{- define "mongodb.hidden.enabled" -}} -{{- if and (eq .Values.architecture "replicaset") .Values.hidden.enabled }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the configmap with the MongoDB® configuration for the Hidden -*/}} -{{- define "mongodb.hidden.configmapName" -}} -{{- if .Values.hidden.existingConfigmap -}} - {{- printf "%s" (tpl .Values.hidden.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-hidden" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MongoDB® Hidden -*/}} -{{- define "mongodb.hidden.createConfigmap" -}} -{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.enabled .Values.hidden.configuration (not .Values.hidden.existingConfigmap) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "mongodb.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "mongodb.validateValues.pspAndRBAC" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.architecture" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBs" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBsLength" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.externalAccessServiceType" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.loadBalancerIPsListLength" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.nodePortListLength" .) -}} -{{- $messages := append $messages (include "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate RBAC is created when using PSP */}} -{{- define "mongodb.validateValues.pspAndRBAC" -}} -{{- if and (.Values.podSecurityPolicy.create) (not .Values.rbac.create) -}} -mongodb: podSecurityPolicy.create, rbac.create - Both podSecurityPolicy.create and rbac.create must be true, if you want - to create podSecurityPolicy -{{- end -}} -{{- end -}} - -{{/* Validate values of MongoDB® - must provide a valid architecture */}} -{{- define "mongodb.validateValues.architecture" -}} -{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replicaset") -}} -mongodb: architecture - Invalid architecture selected. Valid values are "standalone" and - "replicaset". Please set a valid architecture (--set mongodb.architecture="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - both auth.usernames and auth.databases are necessary -to create a custom user and database during 1st initialization -*/}} -{{- define "mongodb.validateValues.customUsersDBs" -}} -{{- $customUsers := include "mongodb.customUsers" . -}} -{{- $customDatabases := include "mongodb.customDatabases" . -}} -{{- if or (and (empty $customUsers) (not (empty $customDatabases))) (and (not (empty $customUsers)) (empty $customDatabases)) }} -mongodb: auth.usernames, auth.databases - Both auth.usernames and auth.databases must be provided to create - custom users and databases during 1st initialization. - Please set both of them (--set auth.usernames[0]="xxxx",auth.databases[0]="yyyy") -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - both auth.usernames and auth.databases arrays should have the same length -to create a custom user and database during 1st initialization -*/}} -{{- define "mongodb.validateValues.customUsersDBsLength" -}} -{{- if ne (len .Values.auth.usernames) (len .Values.auth.databases) }} -mongodb: auth.usernames, auth.databases - Both auth.usernames and auth.databases arrays should have the same length -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - service type for external access -*/}} -{{- define "mongodb.validateValues.externalAccessServiceType" -}} -{{- if and (eq .Values.architecture "replicaset") (not (eq .Values.externalAccess.service.type "NodePort")) (not (eq .Values.externalAccess.service.type "LoadBalancer")) (not (eq .Values.externalAccess.service.type "ClusterIP")) -}} -mongodb: externalAccess.service.type - Available service type for external access are NodePort, LoadBalancer or ClusterIP. -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - number of replicas must be the same than LoadBalancer IPs list -*/}} -{{- define "mongodb.validateValues.loadBalancerIPsListLength" -}} -{{- $replicaCount := int .Values.replicaCount }} -{{- $loadBalancerListLength := len .Values.externalAccess.service.loadBalancerIPs }} -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled ) (eq .Values.externalAccess.service.type "LoadBalancer") (not (eq $replicaCount $loadBalancerListLength )) -}} -mongodb: .Values.externalAccess.service.loadBalancerIPs - Number of replicas and loadBalancerIPs array length must be the same. -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - number of replicas must be the same than NodePort list -*/}} -{{- define "mongodb.validateValues.nodePortListLength" -}} -{{- $replicaCount := int .Values.replicaCount }} -{{- $nodePortListLength := len .Values.externalAccess.service.nodePorts }} -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "NodePort") (not (eq $replicaCount $nodePortListLength )) -}} -mongodb: .Values.externalAccess.service.nodePorts - Number of replicas and nodePorts array length must be the same. -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® - RBAC should be enabled when autoDiscovery is enabled -*/}} -{{- define "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" -}} -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (not .Values.rbac.create ) }} -mongodb: rbac.create - By specifying "externalAccess.enabled=true" and "externalAccess.autoDiscovery.enabled=true" - an initContainer will be used to autodetect the external IPs/ports by querying the - K8s API. Please note this initContainer requires specific RBAC resources. You can create them - by specifying "--set rbac.create=true". -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB® exporter URI string - auth.enabled and/or tls.enabled must be enabled or it defaults -*/}} -{{- define "mongodb.mongodb_exporter.uri" -}} - {{- $uriTlsArgs := ternary "tls=true&tlsCertificateKeyFile=/certs/mongodb.pem&tlsCAFile=/certs/mongodb-ca-cert" "" .Values.tls.enabled -}} - {{- if .Values.metrics.username }} - {{- $uriAuth := ternary "$(echo $MONGODB_METRICS_USERNAME | sed -r \"s/@/%40/g;s/:/%3A/g\"):$(echo $MONGODB_METRICS_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} - {{- printf "mongodb://%slocalhost:27017/admin?%s" $uriAuth $uriTlsArgs -}} - {{- else -}} - {{- $uriAuth := ternary "$MONGODB_ROOT_USER:$(echo $MONGODB_ROOT_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} - {{- printf "mongodb://%slocalhost:27017/admin?%s" $uriAuth $uriTlsArgs -}} - {{- end -}} -{{- end -}} - - -{{/* -Return the appropriate apiGroup for PodSecurityPolicy. -*/}} -{{- define "podSecurityPolicy.apiGroup" -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy" -}} -{{- else -}} -{{- print "extensions" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS secret object should be created -*/}} -{{- define "mongodb.createTlsSecret" -}} -{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret containing MongoDB® TLS certificates -*/}} -{{- define "mongodb.tlsSecretName" -}} -{{- $secretName := .Values.tls.existingSecret -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} -{{- else -}} - {{- printf "%s-ca" (include "mongodb.fullname" .) -}} -{{- end -}} -{{- end -}} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml deleted file mode 100644 index 1aacbd79..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if (include "mongodb.arbiter.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ print "%s-arbiter" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: arbiter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - mongodb.conf: |- - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.configuration "context" $) | nindent 4 }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml deleted file mode 100644 index 2bc3658c..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if (include "mongodb.arbiter.enabled" .) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mongodb.arbiter.service.nameOverride" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: arbiter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.arbiter.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.arbiter.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: tcp-mongodb - port: {{ .Values.arbiter.service.ports.mongodb }} - targetPort: mongodb - {{- if .Values.arbiter.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: arbiter -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml deleted file mode 100644 index 6402f682..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (include "mongodb.arbiter.enabled" .) .Values.arbiter.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: arbiter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.arbiter.pdb.minAvailable }} - minAvailable: {{ .Values.arbiter.pdb.minAvailable }} - {{- end }} - {{- if .Values.arbiter.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.arbiter.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: arbiter -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml deleted file mode 100644 index a54b3575..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml +++ /dev/null @@ -1,279 +0,0 @@ -{{- if (include "mongodb.arbiter.enabled" .) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: arbiter - {{- if .Values.arbiter.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.labels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.arbiter.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.arbiter.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - serviceName: {{ include "mongodb.arbiter.service.nameOverride" . }} - podManagementPolicy: {{ .Values.arbiter.podManagementPolicy }} - {{- if .Values.arbiter.updateStrategy }} - updateStrategy: {{- toYaml .Values.arbiter.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: arbiter - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: arbiter - {{- if .Values.arbiter.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if or (include "mongodb.arbiter.createConfigmap" .) .Values.arbiter.podAnnotations }} - annotations: - {{- if (include "mongodb.arbiter.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/arbiter/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.arbiter.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "mongodb.imagePullSecrets" . | nindent 6 }} - {{- if .Values.arbiter.schedulerName }} - schedulerName: {{ .Values.arbiter.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "mongodb.serviceAccountName" . }} - {{- if .Values.arbiter.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAffinityPreset "component" "arbiter" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAntiAffinityPreset "component" "arbiter" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.arbiter.nodeAffinityPreset.type "key" .Values.arbiter.nodeAffinityPreset.key "values" .Values.arbiter.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.arbiter.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.arbiter.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.arbiter.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.arbiter.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.arbiter.priorityClassName }} - priorityClassName: {{ .Values.arbiter.priorityClassName }} - {{- end }} - {{- if .Values.arbiter.runtimeClassName }} - runtimeClassName: {{ .Values.arbiter.runtimeClassName }} - {{- end }} - {{- if .Values.arbiter.podSecurityContext.enabled }} - securityContext: {{- omit .Values.arbiter.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{ if .Values.arbiter.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.arbiter.terminationGracePeriodSeconds }} - {{- end }} - initContainers: - {{- if .Values.arbiter.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.tls.enabled .Values.arbiter.enabled }} - - name: generate-client - image: {{ include "mongodb.tls.image" . }} - imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - volumeMounts: - - name: certs-volume - mountPath: /certs/CAs - - name: certs - mountPath: /certs - - name: common-scripts - mountPath: /drycc/scripts - command: - - /drycc/scripts/generate-certs.sh - args: - - -s {{ include "mongodb.arbiter.service.nameOverride" . }} - {{- end }} - containers: - - name: mongodb-arbiter - image: {{ include "mongodb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.arbiter.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.arbiter.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.arbiter.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.arbiter.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.arbiter.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: K8S_SERVICE_NAME - value: "{{ include "mongodb.arbiter.service.nameOverride" . }}" - - name: MONGODB_REPLICA_SET_MODE - value: "arbiter" - - name: MONGODB_INITIAL_PRIMARY_HOST - value: {{ printf "%s-0.%s.$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) (include "mongodb.service.nameOverride" .) .Values.clusterDomain }} - - name: MONGODB_REPLICA_SET_NAME - value: {{ .Values.replicaSetName | quote }} - - name: MONGODB_ADVERTISED_HOSTNAME - value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" - - name: MONGODB_PORT_NUMBER - value: {{ .Values.arbiter.containerPorts.mongodb | quote }} - - name: MONGODB_ENABLE_IPV6 - value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} - {{- if .Values.auth.enabled }} - - name: MONGODB_INITIAL_PRIMARY_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - - name: MONGODB_REPLICA_SET_KEY - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-replica-set-key - {{- end }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - {{- $extraFlags := .Values.arbiter.extraFlags | join " " -}} - {{- if and .Values.tls.enabled .Values.arbiter.enabled }} - {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} - {{- end }} - {{- if ne $extraFlags "" }} - - name: MONGODB_EXTRA_FLAGS - value: {{ $extraFlags | quote }} - {{- end }} - {{- if and .Values.tls.enabled .Values.arbiter.enabled }} - - name: MONGODB_CLIENT_EXTRA_FLAGS - value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert - {{- end }} - {{- if .Values.arbiter.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.arbiter.extraEnvVarsCM .Values.arbiter.extraEnvVarsSecret }} - envFrom: - {{- if .Values.arbiter.extraEnvVarsCM }} - - configMapRef: - name: {{ tpl .Values.arbiter.extraEnvVarsCM . | quote }} - {{- end }} - {{- if .Values.arbiter.extraEnvVarsSecret }} - - secretRef: - name: {{ tpl .Values.arbiter.extraEnvVarsSecret . | quote }} - {{- end }} - {{- end }} - ports: - - containerPort: {{ .Values.arbiter.containerPorts.mongodb }} - name: mongodb - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.arbiter.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.arbiter.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: mongodb - {{- end }} - {{- if .Values.arbiter.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.arbiter.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.readinessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: mongodb - {{- end }} - {{- if .Values.arbiter.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.arbiter.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: mongodb - {{- end }} - {{- end }} - {{- if .Values.arbiter.resources }} - resources: {{- toYaml .Values.arbiter.resources | nindent 12 }} - {{- end }} - {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumeMounts .Values.tls.enabled }} - volumeMounts: - {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} - - name: config - mountPath: /opt/drycc/mongodb/conf/mongodb.conf - subPath: mongodb.conf - {{- end }} - {{- if and .Values.tls.enabled .Values.arbiter.enabled }} - - name: certs - mountPath: /certs - {{- end }} - {{- if .Values.arbiter.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.arbiter.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }} - volumes: - - name: common-scripts - configMap: - name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} - defaultMode: 0555 - {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} - - name: config - configMap: - name: {{ include "mongodb.arbiter.configmapName" . }} - {{- end }} - {{- if and .Values.tls.enabled .Values.arbiter.enabled }} - - name: certs - emptyDir: {} - - name: certs-volume - secret: - secretName: {{ template "mongodb.tlsSecretName" . }} - items: - - key: mongodb-ca-cert - path: mongodb-ca-cert - mode: 0600 - - key: mongodb-ca-key - path: mongodb-ca-key - mode: 0600 - {{- end }} - {{- if .Values.arbiter.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml b/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml deleted file mode 100644 index cb70b52f..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml +++ /dev/null @@ -1,104 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - startup-probe.sh: | - #!/bin/bash - {{- if .Values.tls.enabled }} - TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' - {{- end }} - mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true$' - readiness-probe.sh: | - #!/bin/bash - {{- if .Values.tls.enabled }} - TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' - {{- end }} - # Run the proper check depending on the version - [[ $(mongod -version | grep "db version") =~ ([0-9]+\.[0-9]+\.[0-9]+) ]] && VERSION=${BASH_REMATCH[1]} - . /opt/drycc/scripts/libversion.sh - VERSION_MAJOR="$(get_sematic_version "$VERSION" 1)" - VERSION_MINOR="$(get_sematic_version "$VERSION" 2)" - VERSION_PATCH="$(get_sematic_version "$VERSION" 3)" - if [[ ( "$VERSION_MAJOR" -ge 5 ) || ( "$VERSION_MAJOR" -ge 4 && "$VERSION_MINOR" -ge 4 && "$VERSION_PATCH" -ge 2 ) ]]; then - mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true$' - else - mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.isMaster().ismaster || db.isMaster().secondary' | grep -q 'true$' - fi - ping-mongodb.sh: | - #!/bin/bash - {{- if .Values.tls.enabled }} - TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' - {{- end }} - mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval "db.adminCommand('ping')" - {{- if .Values.tls.enabled }} - generate-certs.sh: | - #!/bin/bash - additional_ips=() - additional_names=() - while getopts "i:n:s:" flag - do - case "${flag}" in - i) read -a additional_ips <<< ${OPTARG//,/ } ;; - n) read -a additional_names <<< ${OPTARG//,/ } ;; - s) svc=${OPTARG// /} ;; - \?) exit 1 ;; - esac - done - - my_hostname=$(hostname) - cp /certs/CAs/* /certs/ - cat >/certs/openssl.cnf <>/certs/openssl.cnf <>/certs/openssl.cnf < /certs/mongodb.pem - cd /certs/ - shopt -s extglob - rm -rf !(mongodb-ca-cert|mongodb.pem|CAs|openssl.cnf) - chmod 0600 mongodb-ca-cert mongodb.pem - {{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml deleted file mode 100644 index 76608c4e..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if (include "mongodb.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - mongodb.conf: |- - {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 4 }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml b/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9e..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml deleted file mode 100644 index d7271f05..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if (include "mongodb.hidden.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: hidden - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -data: - mongodb.conf: |- - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.configuration "context" $) | nindent 4 }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml deleted file mode 100644 index d9bbdc8e..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- if and (include "mongodb.hidden.enabled" .) .Values.externalAccess.hidden.enabled }} -{{- $fullName := include "mongodb.fullname" . }} -{{- $replicaCount := .Values.hidden.replicaCount | int }} -{{- $root := . }} - -{{- range $i, $e := until $replicaCount }} -{{- $targetPod := printf "%s-hidden-%d" (printf "%s" $fullName) $i }} -{{- $_ := set $ "targetPod" $targetPod }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-hidden-%d-external" $fullName $i }} - namespace: {{ include "mongodb.namespace" $ }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: hidden - {{- if $root.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - pod: {{ $targetPod }} - {{- if or $root.Values.externalAccess.hidden.service.annotations $root.Values.commonAnnotations }} - annotations: - {{- if $root.Values.externalAccess.hidden.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.hidden.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if $root.Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ $root.Values.externalAccess.hidden.service.type }} - {{- if eq $root.Values.externalAccess.hidden.service.type "LoadBalancer" }} - {{- if not (empty $root.Values.externalAccess.hidden.service.loadBalancerIPs) }} - loadBalancerIP: {{ index $root.Values.externalAccess.hidden.service.loadBalancerIPs $i }} - {{- end }} - {{- if $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- end }} - {{- if (or (eq $root.Values.externalAccess.hidden.service.type "LoadBalancer") (eq $root.Values.externalAccess.hidden.service.type "NodePort")) }} - externalTrafficPolicy: {{ $root.Values.externalAccess.hidden.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if $root.Values.externalAccess.hidden.service.sessionAffinity }} - sessionAffinity: {{ $root.Values.externalAccess.hidden.service.sessionAffinity }} - {{- end }} - {{- if $root.Values.externalAccess.hidden.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ $root.Values.externalAccess.hidden.service.portName | quote }} - port: {{ $root.Values.externalAccess.hidden.service.ports.mongodb }} - {{- if not (empty $root.Values.externalAccess.hidden.service.nodePorts) }} - {{- $nodePort := index $root.Values.externalAccess.hidden.service.nodePorts $i }} - nodePort: {{ $nodePort }} - {{- else }} - nodePort: null - {{- end }} - targetPort: mongodb - {{- if $root.Values.externalAccess.hidden.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} - app.kubernetes.io/component: hidden - statefulset.kubernetes.io/pod-name: {{ $targetPod }} ---- -{{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml deleted file mode 100644 index 725e0256..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if (include "mongodb.hidden.enabled" .) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: hidden - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.hidden.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.hidden.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: {{ .Values.hidden.service.portName | quote }} - port: {{ .Values.hidden.service.ports.mongodb }} - targetPort: mongodb - {{- if .Values.hidden.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: hidden -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml deleted file mode 100644 index ce233db3..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ printf "%s-hidden" (include "mongodb.fullname" . )}} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: hidden - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.hidden.pdb.minAvailable }} - minAvailable: {{ .Values.hidden.pdb.minAvailable }} - {{- end }} - {{- if .Values.hidden.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.hidden.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: hidden -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml deleted file mode 100644 index 56ce237b..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml +++ /dev/null @@ -1,533 +0,0 @@ -{{- if (include "mongodb.hidden.enabled" .) }} -{{- $replicaCount := int .Values.hidden.replicaCount }} -{{- $loadBalancerIPListLength := len .Values.externalAccess.hidden.service.loadBalancerIPs }} -{{- if not (and .Values.externalAccess.hidden.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.hidden.service.type "LoadBalancer")) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: hidden - {{- if .Values.hidden.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.labels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.hidden.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - serviceName: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} - podManagementPolicy: {{ .Values.hidden.podManagementPolicy }} - replicas: {{ .Values.hidden.replicaCount }} - {{- if .Values.hidden.updateStrategy }} - updateStrategy: {{- toYaml .Values.hidden.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: hidden - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: hidden - {{- if .Values.hidden.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if or (include "mongodb.hidden.createConfigmap" .) .Values.hidden.podAnnotations }} - annotations: - {{- if (include "mongodb.hidden.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/hidden/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.hidden.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "mongodb.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hidden.schedulerName }} - schedulerName: {{ .Values.hidden.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "mongodb.serviceAccountName" . }} - {{- if .Values.hidden.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hidden.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAffinityPreset "component" "" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAntiAffinityPreset "component" "" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.hidden.nodeAffinityPreset.type "key" .Values.hidden.nodeAffinityPreset.key "values" .Values.hidden.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.hidden.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hidden.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hidden.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hidden.priorityClassName }} - priorityClassName: {{ .Values.hidden.priorityClassName }} - {{- end }} - {{- if .Values.hidden.runtimeClassName }} - runtimeClassName: {{ .Values.hidden.runtimeClassName }} - {{- end }} - {{- if .Values.hidden.podSecurityContext.enabled }} - securityContext: {{- omit .Values.hidden.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{ if .Values.hidden.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.hidden.terminationGracePeriodSeconds }} - {{- end }} - {{- if or .Values.hidden.initContainers (and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled) (and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} - initContainers: - {{- if .Values.hidden.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled }} - - name: volume-permissions - image: {{ include "mongodb.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} - find {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.hidden.persistence.mountPath }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: generate-tls-certs - image: {{ include "mongodb.tls.image" . }} - imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - volumeMounts: - - name: certs-volume - mountPath: /certs/CAs - - name: certs - mountPath: /certs - - name: common-scripts - mountPath: /drycc/scripts - command: - - /drycc/scripts/generate-certs.sh - args: - - -s {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} - {{- if .Values.externalAccess.hidden.service.loadBalancerIPs }} - - -i {{ join "," .Values.externalAccess.hidden.service.loadBalancerIPs }} - {{- end }} - {{- if .Values.tls.extraDnsNames }} - - -n {{ join "," .Values.tls.extraDnsNames }} - {{- end }} - {{- if .Values.tls.resources }} - resources: {{- toYaml .Values.tls.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} - - name: auto-discovery - image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} - imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} - command: - - /scripts/auto-discovery.sh - env: - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SHARED_FILE - value: "/shared/info.txt" - {{- if .Values.externalAccess.autoDiscovery.resources }} - resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: shared - mountPath: /shared - - name: scripts - mountPath: /scripts/auto-discovery.sh - subPath: auto-discovery.sh - {{- end }} - {{- end }} - containers: - - name: mongodb - image: {{ include "mongodb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.hidden.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.hidden.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.hidden.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.command "context" $) | nindent 12 }} - {{- else }} - command: - - /scripts/setup-hidden.sh - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.hidden.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.hidden.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} - - name: SHARED_FILE - value: "/shared/info.txt" - {{- end }} - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: K8S_SERVICE_NAME - value: "{{ include "mongodb.service.nameOverride" . }}" - - name: K8S_HIDDEN_NODE_SERVICE_NAME - value: "{{ include "mongodb.fullname" . }}-hidden-headless" - - name: MONGODB_REPLICA_SET_MODE - value: "hidden" - - name: MONGODB_INITIAL_PRIMARY_HOST - value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} - - name: MONGODB_REPLICA_SET_NAME - value: {{ .Values.replicaSetName | quote }} - {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.hidden.enabled) }} - - name: MONGODB_ADVERTISED_HOSTNAME - value: "$(MY_POD_NAME).$(K8S_HIDDEN_NODE_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" - {{- end }} - {{- $customUsers := include "mongodb.customUsers" . -}} - {{- $customDatabases := include "mongodb.customDatabases" . -}} - {{- if not (empty $customUsers) }} - - name: MONGODB_EXTRA_USERNAMES - value: {{ $customUsers | quote }} - {{- end }} - {{- if not (empty $customDatabases) }} - - name: MONGODB_EXTRA_DATABASES - value: {{ $customDatabases | quote }} - {{- end }} - {{- if .Values.auth.enabled }} - {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} - - name: MONGODB_EXTRA_PASSWORDS - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-passwords - {{- end }} - - name: MONGODB_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - - name: MONGODB_REPLICA_SET_KEY - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-replica-set-key - {{- end }} - {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} - - name: MONGODB_METRICS_USERNAME - value: {{ .Values.metrics.username | quote }} - {{- if .Values.auth.enabled }} - - name: MONGODB_METRICS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-metrics-password - {{- end }} - {{- end }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - - name: MONGODB_SYSTEM_LOG_VERBOSITY - value: {{ .Values.systemLogVerbosity | quote }} - - name: MONGODB_DISABLE_SYSTEM_LOG - value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} - - name: MONGODB_DISABLE_JAVASCRIPT - value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} - - name: MONGODB_ENABLE_JOURNAL - value: {{ ternary "yes" "no" .Values.enableJournal | quote }} - - name: MONGODB_PORT_NUMBER - value: {{ .Values.hidden.containerPorts.mongodb | quote }} - - name: MONGODB_ENABLE_IPV6 - value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} - - name: MONGODB_ENABLE_DIRECTORY_PER_DB - value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} - {{- $extraFlags := .Values.hidden.extraFlags | join " " -}} - {{- if .Values.tls.enabled }} - {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} - {{- end }} - {{- if ne $extraFlags "" }} - - name: MONGODB_EXTRA_FLAGS - value: {{ $extraFlags | quote }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: MONGODB_CLIENT_EXTRA_FLAGS - value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert - {{- end }} - {{- if .Values.hidden.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.hidden.extraEnvVarsCM .Values.hidden.extraEnvVarsSecret }} - envFrom: - {{- if .Values.hidden.extraEnvVarsCM }} - - configMapRef: - name: {{ tpl .Values.hidden.extraEnvVarsCM . | quote }} - {{- end }} - {{- if .Values.hidden.extraEnvVarsSecret }} - - secretRef: - name: {{ tpl .Values.hidden.extraEnvVarsSecret . | quote }} - {{- end }} - {{- end }} - ports: - - containerPort: {{ .Values.hidden.containerPorts.mongodb }} - name: mongodb - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.hidden.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.hidden.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.livenessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/ping-mongodb.sh - {{- end }} - {{- if .Values.hidden.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.hidden.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.readinessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/ping-mongodb.sh - {{- end }} - {{- if .Values.hidden.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.hidden.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.startupProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/startup-probe.sh - {{- end }} - {{- end }} - {{- if .Values.hidden.resources }} - resources: {{- toYaml .Values.hidden.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.hidden.persistence.mountPath }} - subPath: {{ .Values.hidden.persistence.subPath }} - - name: common-scripts - mountPath: /drycc/scripts - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d - {{- end }} - {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }} - - name: config - mountPath: /opt/drycc/mongodb/conf/mongodb.conf - subPath: mongodb.conf - {{- end }} - - name: scripts - mountPath: /scripts/setup-hidden.sh - subPath: setup-hidden.sh - {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} - - name: shared - mountPath: /shared - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /certs - {{- end }} - {{- if .Values.hidden.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "mongodb.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.metrics.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -ec - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.metrics.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} - {{- else }} - args: - - | - /bin/mongodb_exporter --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} - {{- end }} - env: - {{- if .Values.auth.enabled }} - {{- if not .Values.metrics.username }} - - name: MONGODB_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - {{- else }} - - name: MONGODB_METRICS_USERNAME - value: {{ .Values.metrics.username | quote }} - - name: MONGODB_METRICS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-metrics-password - {{- end }} - {{- end }} - volumeMounts: - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /certs - {{- end }} - ports: - - name: metrics - containerPort: 9216 - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.hidden.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: common-scripts - configMap: - name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} - defaultMode: 0555 - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "mongodb.initdbScriptsCM" . }} - {{- end }} - {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }} - - name: config - configMap: - name: {{ include "mongodb.hidden.configmapName" . }} - {{- end }} - {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} - - name: shared - emptyDir: {} - {{- end }} - - name: scripts - configMap: - name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} - defaultMode: 0755 - {{- if .Values.hidden.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - emptyDir: {} - - name: certs-volume - secret: - secretName: {{ template "mongodb.tlsSecretName" . }} - items: - - key: mongodb-ca-cert - path: mongodb-ca-cert - mode: 0600 - - key: mongodb-ca-key - path: mongodb-ca-key - mode: 0600 - {{- end }} - {{- if not .Values.hidden.persistence.enabled }} - - name: datadir - {{- if .Values.hidden.persistence.medium }} - emptyDir: - medium: {{ .Values.hidden.persistence.medium | quote }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: datadir - {{- if .Values.hidden.persistence.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.hidden.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.hidden.persistence.size | quote }} - {{- if .Values.hidden.persistence.volumeClaimTemplates.requests }} - {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.hidden.persistence.volumeClaimTemplates.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.hidden.persistence.volumeClaimTemplates.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} - {{- end }} - {{ include "common.storage.class" (dict "persistence" .Values.hidden.persistence "global" .Values.global) }} - {{- end }} -{{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml deleted file mode 100644 index f3d023ab..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-init-scripts" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml deleted file mode 100644 index 2a36dfc8..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - ports: - - port: {{ .Values.metrics.service.ports.metrics }} - targetPort: metrics - protocol: TCP - name: http-metrics - {{- if .Values.metrics.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} - app.kubernetes.io/component: mongodb -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml deleted file mode 100644 index 26149ccb..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if eq .Values.service.type "ClusterIP" }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.service.ports.mongodb }} - {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} - from: - {{- if .Values.networkPolicy.allowCurrentNamespace }} - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: {{ .Release.Namespace }} - {{- end }} - {{- range $namespace := .Values.networkPolicy.allowNamespaces }} - {{- if $namespace }} - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: {{ $namespace }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if eq .Values.service.type "LoadBalancer" }} - ingress: - - {} - {{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml b/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml deleted file mode 100644 index 29d2ea46..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.prometheusRule.namespace" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.prometheusRule.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} - {{- end }} -spec: - groups: - - name: {{ include "mongodb.fullname" . }} - rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml b/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml deleted file mode 100644 index e9ef023b..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- if and $pspAvailable .Values.podSecurityPolicy.create }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: -{{- if .Values.podSecurityPolicy.spec }} -{{ include "common.tplvalues.render" ( dict "value" .Values.podSecurityPolicy.spec "context" $ ) | nindent 2 }} -{{- else }} - allowPrivilegeEscalation: {{ .Values.podSecurityPolicy.allowPrivilegeEscalation }} - fsGroup: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.podSecurityContext.fsGroup }} - max: {{ .Values.podSecurityContext.fsGroup }} - hostIPC: false - hostNetwork: false - hostPID: false - privileged: {{ .Values.podSecurityPolicy.privileged }} - readOnlyRootFilesystem: false - requiredDropCapabilities: - - ALL - runAsUser: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.containerSecurityContext.runAsUser }} - max: {{ .Values.containerSecurityContext.runAsUser }} - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.containerSecurityContext.runAsUser }} - max: {{ .Values.containerSecurityContext.runAsUser }} - volumes: - - 'configMap' - - 'secret' - - 'emptyDir' - - 'persistentVolumeClaim' -{{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml deleted file mode 100644 index caa15f36..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if (eq .Values.architecture "replicaset") }} -{{- $fullName := include "mongodb.fullname" . }} -{{- $replicaCount := .Values.replicaCount | int }} -{{- $root := . }} - -{{- range $i, $e := until $replicaCount }} -{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} -{{- $_ := set $ "targetPod" $targetPod }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-%d" $fullName $i }} - namespace: {{ include "mongodb.namespace" $ }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if $root.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - pod: {{ $targetPod }} -spec: - type: {{ $root.Values.service.type }} - publishNotReadyAddresses: true - ports: - - name: {{ $root.Values.service.portName | quote }} - port: {{ $root.Values.service.ports.mongodb }} - targetPort: mongodb - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} - app.kubernetes.io/component: mongodb - statefulset.kubernetes.io/pod-name: {{ $targetPod }} ---- -{{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml deleted file mode 100644 index f1acd6bf..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not (eq .Values.externalAccess.service.type "ClusterIP")) false}} -{{- $fullName := include "mongodb.fullname" . }} -{{- $replicaCount := .Values.replicaCount | int }} -{{- $root := . }} - -{{- range $i, $e := until $replicaCount }} -{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} -{{- $_ := set $ "targetPod" $targetPod }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-%d-external" $fullName $i }} - namespace: {{ include "mongodb.namespace" $ }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if $root.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - pod: {{ $targetPod }} - {{- if or $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations }} - annotations: - {{- if $root.Values.externalAccess.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if $root.Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ $root.Values.externalAccess.service.type }} - {{- if eq $root.Values.externalAccess.service.type "LoadBalancer" }} - {{- if not (empty $root.Values.externalAccess.service.loadBalancerIPs) }} - loadBalancerIP: {{ index $root.Values.externalAccess.service.loadBalancerIPs $i }} - {{- end }} - {{- if $root.Values.externalAccess.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- end }} - {{- if (or (eq $root.Values.externalAccess.service.type "LoadBalancer") (eq $root.Values.externalAccess.service.type "NodePort")) }} - externalTrafficPolicy: {{ $root.Values.externalAccess.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if $root.Values.externalAccess.service.sessionAffinity }} - sessionAffinity: {{ $root.Values.externalAccess.service.sessionAffinity }} - {{- end }} - {{- if $root.Values.externalAccess.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ $root.Values.externalAccess.service.portName | quote }} - port: {{ $root.Values.externalAccess.service.ports.mongodb }} - {{- if not (empty $root.Values.externalAccess.service.nodePorts) }} - {{- $nodePort := index $root.Values.externalAccess.service.nodePorts $i }} - nodePort: {{ $nodePort }} - {{- else }} - nodePort: null - {{- end }} - targetPort: mongodb - {{- if $root.Values.externalAccess.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} - app.kubernetes.io/component: mongodb - statefulset.kubernetes.io/pod-name: {{ $targetPod }} ---- -{{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml deleted file mode 100644 index 78f26ab9..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if eq .Values.architecture "replicaset" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mongodb.service.nameOverride" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: {{ .Values.service.portName | quote }} - port: {{ .Values.service.ports.mongodb }} - targetPort: mongodb - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: mongodb -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml deleted file mode 100644 index a2b6492f..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (eq .Values.architecture "replicaset") .Values.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: mongodb -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml deleted file mode 100644 index ed5a8627..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml +++ /dev/null @@ -1,301 +0,0 @@ -{{- if eq .Values.architecture "replicaset" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - {{- $fullname := include "mongodb.fullname" . }} - {{- $releaseNamespace := include "mongodb.namespace" . }} - {{- if and .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} - auto-discovery.sh: |- - #!/bin/bash - - SVC_NAME="${MY_POD_NAME}-external" - - # Auxiliary functions - retry_while() { - local -r cmd="${1:?cmd is missing}" - local -r retries="${2:-12}" - local -r sleep_time="${3:-5}" - local return_value=1 - - read -r -a command <<< "$cmd" - for ((i = 1 ; i <= retries ; i+=1 )); do - "${command[@]}" && return_value=0 && break - sleep "$sleep_time" - done - return $return_value - } - k8s_svc_lb_ip() { - local namespace=${1:?namespace is missing} - local service=${2:?service is missing} - local service_ip=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].ip}") - local service_hostname=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].hostname}") - - if [[ -n ${service_ip} ]]; then - echo "${service_ip}" - else - echo "${service_hostname}" - fi - } - k8s_svc_lb_ip_ready() { - local namespace=${1:?namespace is missing} - local service=${2:?service is missing} - [[ -n "$(k8s_svc_lb_ip "$namespace" "$service")" ]] - } - # Wait until LoadBalancer IP is ready - retry_while "k8s_svc_lb_ip_ready {{ $releaseNamespace }} $SVC_NAME" || exit 1 - # Obtain LoadBalancer external IP - k8s_svc_lb_ip "{{ $releaseNamespace }}" "$SVC_NAME" | tee "$SHARED_FILE" - {{- end }} - setup.sh: |- - #!/bin/bash - - . /opt/drycc/scripts/mongodb-env.sh - . /opt/drycc/scripts/libfs.sh - . /opt/drycc/scripts/liblog.sh - . /opt/drycc/scripts/libvalidations.sh - - {{- if .Values.externalAccess.enabled }} - {{- if eq .Values.externalAccess.service.type "LoadBalancer" }} - {{- if .Values.externalAccess.autoDiscovery.enabled }} - export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" - {{- else }} - ID="${MY_POD_NAME#"{{ $fullname }}-"}" - export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") - {{- end }} - {{- else if eq .Values.externalAccess.service.type "NodePort" }} - ID="${MY_POD_NAME#"{{ $fullname }}-"}" - export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") - {{- if .Values.externalAccess.service.domain }} - export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.service.domain }} - {{- else }} - export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP - {{- end }} - {{- end }} - {{- end }} - - {{- if .Values.replicaSetConfigurationSettings.enabled }} - # placed here before root password env is overwritten - # makes no assumption about starting state - # ensures that any stepDown or non-default starting state is handled - /scripts/replicaSetConfigurationSettings.sh & - {{- end }} - - if is_empty_value "$MONGODB_ADVERTISED_PORT_NUMBER"; then - export MONGODB_ADVERTISED_PORT_NUMBER="$MONGODB_PORT_NUMBER" - fi - - info "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME" - info "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER" - - # Check for existing replica set in case there is no data in the PVC - # This is for cases where the PVC is lost or for MongoDB caches without - # persistence - current_primary="" - if is_dir_empty "${MONGODB_DATA_DIR}/db"; then - info "Data dir empty, checking if the replica set already exists" - {{- $replicaCount := int .Values.replicaCount }} - {{- $portNumber := int .Values.service.ports.mongodb }} - {{- $fullname := include "mongodb.fullname" . }} - {{- $releaseNamespace := include "mongodb.namespace" . }} - {{- $clusterDomain := .Values.clusterDomain }} - {{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} - {{- $mongoList := list }} - {{- range $e, $i := until $replicaCount }} - {{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} - {{- end }} - current_primary=$(mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }}{{- if .Values.tls.enabled}} --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert{{- end }} --eval 'db.runCommand("ismaster")' | awk -F\' '/primary/ {print $2}') - - if ! is_empty_value "$current_primary"; then - info "Detected existing primary: ${current_primary}" - fi - fi - - if ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" == "$current_primary" ]]; then - info "Advertised name matches current primary, configuring node as a primary" - export MONGODB_REPLICA_SET_MODE="primary" - elif ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" != "$current_primary" ]]; then - info "Current primary is different from this node. Configuring the node as replica of ${current_primary}" - export MONGODB_REPLICA_SET_MODE="secondary" - export MONGODB_INITIAL_PRIMARY_HOST="${current_primary%:*}" - export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="${current_primary#*:}" - export MONGODB_SET_SECONDARY_OK="yes" - elif [[ "$MY_POD_NAME" = "{{ $fullname }}-0" ]]; then - info "Pod name matches initial primary pod name, configuring node as a primary" - export MONGODB_REPLICA_SET_MODE="primary" - else - info "Pod name doesn't match initial primary pod name, configuring node as a secondary" - export MONGODB_REPLICA_SET_MODE="secondary" - export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER" - fi - - if [[ "$MONGODB_REPLICA_SET_MODE" == "secondary" ]]; then - export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER" - export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" - export MONGODB_ROOT_PASSWORD="" - export MONGODB_EXTRA_USERNAMES="" - export MONGODB_EXTRA_DATABASES="" - export MONGODB_EXTRA_PASSWORDS="" - export MONGODB_ROOT_PASSWORD_FILE="" - export MONGODB_EXTRA_USERNAMES_FILE="" - export MONGODB_EXTRA_DATABASES_FILE="" - export MONGODB_EXTRA_PASSWORDS_FILE="" - fi - - exec /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh - setup-hidden.sh: |- - #!/bin/bash - - . /opt/drycc/scripts/mongodb-env.sh - - {{- if .Values.externalAccess.hidden.enabled }} - {{- if eq .Values.externalAccess.hidden.service.type "LoadBalancer" }} - {{- if .Values.externalAccess.autoDiscovery.enabled }} - export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" - {{- else }} - ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}" - export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.hidden.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") - {{- end }} - {{- else if eq .Values.externalAccess.hidden.service.type "NodePort" }} - ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}" - export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.hidden.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") - {{- if .Values.externalAccess.hidden.service.domain }} - export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.hidden.service.domain }} - {{- else }} - export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP - {{- end }} - {{- end }} - {{- end }} - - {{- if .Values.replicaSetConfigurationSettings.enabled }} - # placed here before root password env is overwritten - # makes no assumption about starting state - # ensures that any stepDown or non-default starting state is handled - /scripts/replicaSetConfigurationSettings.sh & - {{- end }} - - echo "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME" - echo "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER" - echo "Configuring node as a hidden node" - export MONGODB_REPLICA_SET_MODE="hidden" - export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER" - export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" - export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER" - export MONGODB_ROOT_PASSWORD="" - export MONGODB_EXTRA_USERNAMES="" - export MONGODB_EXTRA_DATABASES="" - export MONGODB_EXTRA_PASSWORDS="" - export MONGODB_ROOT_PASSWORD_FILE="" - export MONGODB_EXTRA_USERNAMES_FILE="" - export MONGODB_EXTRA_DATABASES_FILE="" - export MONGODB_EXTRA_PASSWORDS_FILE="" - exec /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh - {{- if .Values.replicaSetConfigurationSettings.enabled }} - replicaSetConfigurationSettings.sh: |- - #!/bin/bash - # This script to be called when pod starts. - # This script sets rs settings which can not be applied via conf file - - function logger () - #$1 is the line to be logged - { - echo "replicaSetConfigurationSettings.sh -- ${1}" >&1 - } - - SLEEP_PERIOD=10 - - {{- if and .Values.auth.enabled .Values.auth.rootPassword }} - usernameAndPassword="-u root -p ${MONGODB_ROOT_PASSWORD}" - {{- else }} - usernameAndPassword="" - {{- end }} - - # load Values.replicaSetConfigurationSettings.configuration into associtive array which makes iterating and string manipulation easy - declare -A desiredRsConf - {{ range $setting, $value := .Values.replicaSetConfigurationSettings.configuration -}} - {{ printf "desiredRsConf[%s]='%v'" $setting $value }} - {{ end }} - - rsConfWriteAttempts=0 - rs_conf_configured_ok=unknown - - while [[ "${rs_conf_configured_ok}" != "true" ]]; do - - # give the rs setup a chance to succeed before attempting to read or configure - sleep ${SLEEP_PERIOD} - - counter=0 - while ! mongosh ${usernameAndPassword} --eval 'rs.conf()'; do - counter=$((${counter} +1)) - logger "not yet able to read rs.conf settings from the currently running rs (after ${counter} attempts)" - sleep ${SLEEP_PERIOD} - done - counter=$((${counter} +1)) - logger "rs.conf settings have been read from the currently running rs (after ${counter} attempts)" - - # read rs.conf again and store it. settings format is '"" : ,' - currentRsConf=$(mongosh ${usernameAndPassword} --eval 'rs.conf()') - - desiredEqualsactual=unknown - settingsToConfigure="" - for key in ${!desiredRsConf[@]}; do - value=${desiredRsConf[$key]} - if ! $(echo "\"${currentRsConf}"\" | grep -q -e "${key}: ${value},"); then - logger "rs conf setting: ${key} value will be set to: ${value}" - settingsToConfigure="${settingsToConfigure}cfg.settings.${key} = ${value}; " - desiredEqualsactual=false - else - logger "rs conf: ${key} is already at desired value: ${value}" - fi - done - - if [[ "${desiredEqualsactual}" != "false" ]]; then - logger "replicaSetConfigurationSettings match the settings of the currently running rs" - desiredEqualsactual=true - rs_conf_configured_ok=true - logger "Current settings match desired settings (There have been ${rsConfWriteAttempts} attempts to write to mongoDB rs configuration)" - exit - fi - - # apply the settings only if this member is currently the mongo replicaset PRIMARY - # it might take a little time before any pod is PRIMARY - isMaster=unknown - if ! mongosh ${usernameAndPassword} --eval 'rs.isMaster()' | grep -q "ismaster: true"; then - isMaster=false - logger "This node is not yet PRIMARY - replicaSetConfigurationSettings will only be set on the member that is currently PRIMARY" - else - isMaster=true - logger "This node is PRIMARY" - fi - - if [[ "${isMaster}" == "true" ]]; then - logger "This node is currently PRIMARY - will apply rs.conf settings" - - # avoiding tricky string substitution with single quotes by making the eval string a set of vars - rsconf="cfg = rs.conf();" - rsreconf="rs.reconfig(cfg);" - rsCommand="${rsconf} ${settingsToConfigure} ${rsreconf}" - - mongosh ${usernameAndPassword} --eval "${rsCommand}" - if [ $? -ne 0 ]; then - logger "Failed to apply mongodb cfg.settings configuration" - else - logger "mongodb replicaset cfg.settings configuration applied" - logger "Will check rs conf" - # don't exit just yet - the settings will be checked in the next loop - fi - rsConfWriteAttempts=$((${rsConfWriteAttempts} + 1 )) - fi - done - {{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml deleted file mode 100644 index e7c0ff1c..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml +++ /dev/null @@ -1,543 +0,0 @@ -{{- if eq .Values.architecture "replicaset" }} -{{- $replicaCount := int .Values.replicaCount }} -{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} -{{- if not (and .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer")) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.labels "context" $) | nindent 4 }} - {{- end }} - {{- if or .Values.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - serviceName: {{ include "mongodb.service.nameOverride" . }} - podManagementPolicy: {{ .Values.podManagementPolicy }} - persistentVolumeClaimRetentionPolicy: - whenDeleted: Delete - whenScaled: Delete - replicas: {{ .Values.replicaCount }} - {{- if .Values.updateStrategy }} - updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: mongodb - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: mongodb - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} - annotations: - {{- if (include "mongodb.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "mongodb.imagePullSecrets" . | nindent 6 }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "mongodb.serviceAccountName" . }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.runtimeClassName }} - runtimeClassName: {{ .Values.runtimeClassName }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{ if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "mongodb.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} - find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: generate-tls-certs - image: {{ include "mongodb.tls.image" . }} - imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - volumeMounts: - - name: certs-volume - mountPath: /certs/CAs - - name: certs - mountPath: /certs - - name: common-scripts - mountPath: /drycc/scripts - command: - - /drycc/scripts/generate-certs.sh - args: - - -s {{ include "mongodb.service.nameOverride" . }} - {{- if .Values.externalAccess.service.loadBalancerIPs }} - - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} - {{- end }} - {{- if .Values.tls.extraDnsNames }} - - -n {{ join "," .Values.tls.extraDnsNames }} - {{- end }} - {{- if .Values.tls.resources }} - resources: {{- toYaml .Values.tls.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} - - name: auto-discovery - image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} - imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} - command: - - /scripts/auto-discovery.sh - env: - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SHARED_FILE - value: "/shared/info.txt" - {{- if .Values.externalAccess.autoDiscovery.resources }} - resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: shared - mountPath: /shared - - name: scripts - mountPath: /scripts/auto-discovery.sh - subPath: auto-discovery.sh - {{- end }} - {{- end }} - containers: - - name: mongodb - image: {{ include "mongodb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- else }} - command: - - /scripts/setup.sh - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: DRYCC_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} - - name: SHARED_FILE - value: "/shared/info.txt" - {{- end }} - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: K8S_SERVICE_NAME - value: "{{ include "mongodb.service.nameOverride" . }}" - - name: MONGODB_INITIAL_PRIMARY_HOST - value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} - - name: MONGODB_REPLICA_SET_NAME - value: {{ .Values.replicaSetName | quote }} - {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.enabled) }} - - name: MONGODB_ADVERTISED_HOSTNAME - value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" - {{- end }} - {{- $customUsers := include "mongodb.customUsers" . -}} - {{- $customDatabases := include "mongodb.customDatabases" . -}} - {{- if not (empty $customUsers) }} - - name: MONGODB_EXTRA_USERNAMES - value: {{ $customUsers | quote }} - {{- end }} - {{- if not (empty $customDatabases) }} - - name: MONGODB_EXTRA_DATABASES - value: {{ $customDatabases | quote }} - {{- end }} - {{- if .Values.auth.enabled }} - {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} - - name: MONGODB_EXTRA_PASSWORDS - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-passwords - {{- end }} - - name: MONGODB_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - - name: MONGODB_REPLICA_SET_KEY - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-replica-set-key - {{- end }} - {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} - - name: MONGODB_METRICS_USERNAME - value: {{ .Values.metrics.username | quote }} - {{- if .Values.auth.enabled }} - - name: MONGODB_METRICS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-metrics-password - {{- end }} - {{- end }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - - name: MONGODB_SYSTEM_LOG_VERBOSITY - value: {{ .Values.systemLogVerbosity | quote }} - - name: MONGODB_DISABLE_SYSTEM_LOG - value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} - - name: MONGODB_DISABLE_JAVASCRIPT - value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} - - name: MONGODB_ENABLE_JOURNAL - value: {{ ternary "yes" "no" .Values.enableJournal | quote }} - - name: MONGODB_PORT_NUMBER - value: {{ .Values.containerPorts.mongodb | quote }} - - name: MONGODB_ENABLE_IPV6 - value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} - - name: MONGODB_ENABLE_DIRECTORY_PER_DB - value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} - {{- $extraFlags := .Values.extraFlags | join " " -}} - {{- if .Values.tls.enabled }} - {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} - {{- end }} - {{- if ne $extraFlags "" }} - - name: MONGODB_EXTRA_FLAGS - value: {{ $extraFlags | quote }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: MONGODB_CLIENT_EXTRA_FLAGS - value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . | quote }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ tpl .Values.extraEnvVarsSecret . | quote }} - {{- end }} - {{- end }} - ports: - - name: mongodb - containerPort: {{ .Values.containerPorts.mongodb }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/ping-mongodb.sh - {{- end }} - {{- if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/readiness-probe.sh - {{- end }} - {{- if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/startup-probe.sh - {{- end }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - - name: common-scripts - mountPath: /drycc/scripts - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d - {{- end }} - {{- if or .Values.configuration .Values.existingConfigmap }} - - name: config - mountPath: /opt/drycc/mongodb/conf/mongodb.conf - subPath: mongodb.conf - {{- end }} - - name: scripts - mountPath: /scripts/setup.sh - subPath: setup.sh - {{ if .Values.replicaSetConfigurationSettings.enabled }} - - name: scripts - mountPath: /scripts/replicaSetConfigurationSettings.sh - subPath: replicaSetConfigurationSettings.sh - {{- end }} - {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} - - name: shared - mountPath: /shared - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /certs - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "mongodb.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.metrics.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -ec - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.metrics.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} - {{- else }} - args: - - | - /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} - {{- end }} - env: - {{- if .Values.auth.enabled }} - {{- if not .Values.metrics.username }} - - name: MONGODB_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - {{- else }} - - name: MONGODB_METRICS_USERNAME - value: {{ .Values.metrics.username | quote }} - - name: MONGODB_METRICS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-metrics-password - {{- end }} - {{- end }} - volumeMounts: - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /certs - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.metrics.containerPort }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: common-scripts - configMap: - name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} - defaultMode: 0550 - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "mongodb.initdbScriptsCM" . }} - {{- end }} - {{- if or .Values.configuration .Values.existingConfigmap }} - - name: config - configMap: - name: {{ include "mongodb.configmapName" . }} - {{- end }} - {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} - - name: shared - emptyDir: {} - {{- end }} - - name: scripts - configMap: - name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} - defaultMode: 0755 - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - emptyDir: {} - - name: certs-volume - secret: - secretName: {{ template "mongodb.tlsSecretName" . }} - items: - - key: mongodb-ca-cert - path: mongodb-ca-cert - mode: 0600 - - key: mongodb-ca-key - path: mongodb-ca-key - mode: 0600 - {{- end }} - {{- if not .Values.persistence.enabled }} - - name: datadir - {{- if .Values.persistence.medium }} - emptyDir: - medium: {{ .Values.persistence.medium | quote }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: datadir - {{- if .Values.persistence.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.volumeClaimTemplates.requests }} - {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.persistence.volumeClaimTemplates.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.persistence.volumeClaimTemplates.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} - {{- end }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} - {{- end }} -{{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml deleted file mode 100644 index 55c56b87..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }} - -{{- $fullName := include "mongodb.fullname" . }} -{{- $replicaCount := .Values.replicaCount | int }} -{{- $root := . }} - -{{- range $i, $e := until $replicaCount }} -{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} -{{- $_ := set $ "targetPod" $targetPod }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-%d" $fullName $i }} - namespace: {{ include "mongodb.namespace" $ }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if $root.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or $root.Values.service.annotations $root.Values.commonAnnotations }} - annotations: - {{- if $root.Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if $root.Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ $root.Values.externalAccess.service.type }} - ports: - - name: {{ $root.Values.service.portName | quote }} - port: {{ $root.Values.service.ports.mongodb }} - targetPort: mongodb - {{- if $root.Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" $root.Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} - app.kubernetes.io/component: mongodb - statefulset.kubernetes.io/pod-name: {{ $targetPod }} ---- -{{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/role.yaml b/addons/mongodb/7.0/chart/mongodb/templates/role.yaml deleted file mode 100644 index 56300431..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/role.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -{{- if .Values.rbac.rules }} -{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} -{{- end -}} -{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- if and $pspAvailable .Values.podSecurityPolicy.create }} - - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ include "mongodb.fullname" . }}] -{{- end -}} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml b/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml deleted file mode 100644 index 8950f8bb..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - kind: Role - name: {{ include "mongodb.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ include "mongodb.serviceAccountName" . }} - namespace: {{ include "mongodb.namespace" . | quote }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml b/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml deleted file mode 100644 index 1c4e76ff..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if (include "mongodb.createTlsSecret" .) }} -{{- $fullname := include "mongodb.fullname" . }} -{{- $releaseNamespace := .Release.Namespace }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $cn := printf "%s.%s.svc.%s" $fullname .Release.Namespace $clusterDomain }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "mongodb.tlsSecretName" . }} - namespace: {{ template "mongodb.namespace" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if or .Values.tls.caCert .Values.tls.caKey (not .Values.tls.autoGenerated) }} - {{- $ca := buildCustomCert (required "A valid .Values.tls.caCert is required!" .Values.tls.caCert) (required "A valid .Values.tls.caKey is required!" .Values.tls.caKey) }} - {{- $cert := genSignedCert $cn nil nil 3650 $ca }} - {{- $pem := printf "%s%s" $cert.Cert $cert.Key }} - mongodb-ca-cert: {{ b64enc $ca.Cert }} - mongodb-ca-key: {{ b64enc $ca.Key }} - client-pem: {{ b64enc $pem }} - {{- else }} - {{- $ca:= genCA "myMongo-ca" 3650 }} - {{- $cert := genSignedCert $cn nil nil 3650 $ca }} - {{- $pem := printf "%s%s" $cert.Cert $cert.Key }} - mongodb-ca-cert: {{ b64enc $ca.Cert }} - mongodb-ca-key: {{ b64enc $ca.Key }} - client-pem: {{ b64enc $pem }} - {{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml b/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml deleted file mode 100644 index acf8c483..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if (include "mongodb.createSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ template "mongodb.namespace" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - mongodb-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-root-password" "providedValues" (list "auth.rootPassword" ) "context" $) }} - {{- $customUsers := include "mongodb.customUsers" . -}} - {{- $customDatabases := include "mongodb.customDatabases" . -}} - {{- $customPasswords := include "mongodb.customPasswords" . -}} - {{- $passwordList := list -}} - {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) -}} - {{- if not (empty $customPasswords) -}} - {{- $passwordList = $customPasswords -}} - {{- else -}} - {{- $customUsersList := splitList "," $customUsers -}} - {{- $customPasswordsList := list -}} - {{- range $customUsersList -}} - {{- $customPasswordsList = append $customPasswordsList (randAlphaNum 10) -}} - {{- end -}} - {{- $passwordList = (join "," $customPasswordsList) -}} - {{- end }} - mongodb-passwords: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-passwords" "providedValues" (list "mongodbPasswords") "context" (set (deepCopy $) "Values" (dict "mongodbPasswords" $passwordList))) }} - {{- end }} - {{- if .Values.metrics.username }} - mongodb-metrics-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-metrics-password" "providedValues" (list "metrics.password" ) "context" $) }} - {{- end }} - {{- if eq .Values.architecture "replicaset" }} - mongodb-replica-set-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-replica-set-key" "providedValues" (list "auth.replicaSetKey" ) "context" $) }} - {{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml b/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml deleted file mode 100644 index f4aa81a5..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "mongodb.serviceAccountName" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.serviceAccount.annotations }} - {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -secrets: - - name: {{ template "mongodb.fullname" . }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml b/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml deleted file mode 100644 index 0a00f719..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.serviceMonitor.namespace" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - app.kubernetes.io/component: metrics - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - app.kubernetes.io/component: metrics - endpoints: - - port: http-metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - namespaceSelector: - matchNames: - - "{{ include "mongodb.namespace" . }}" -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml deleted file mode 100644 index ba3b74d2..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml +++ /dev/null @@ -1,474 +0,0 @@ -{{- if not (eq .Values.architecture "replicaset") }} -apiVersion: {{ if .Values.useStatefulSet }}{{ include "common.capabilities.statefulset.apiVersion" . }}{{- else }}{{ include "common.capabilities.deployment.apiVersion" . }}{{- end }} -kind: {{ if .Values.useStatefulSet }}StatefulSet{{- else }}Deployment{{- end }} -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.labels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - replicas: 1 - {{- if .Values.useStatefulSet }} - serviceName: {{ include "mongodb.fullname" . }} - {{- end }} - {{- if .Values.updateStrategy}} - {{- if .Values.useStatefulSet }} - updateStrategy: - {{- else }} - strategy: - {{- end }} - {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end}} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: mongodb - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: mongodb - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} - annotations: - {{- if (include "mongodb.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "mongodb.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "mongodb.serviceAccountName" . }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.runtimeClassName }} - runtimeClassName: {{ .Values.runtimeClassName }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{ if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.tls.enabled }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "mongodb.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} - find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: generate-tls-certs - image: {{ include "mongodb.tls.image" . }} - imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - volumeMounts: - - name: certs-volume - mountPath: /certs/CAs - - name: certs - mountPath: /certs - - name: common-scripts - mountPath: /drycc/scripts - command: - - /drycc/scripts/generate-certs.sh - args: - - -s {{ include "mongodb.service.nameOverride" . }} - {{- if .Values.externalAccess.service.loadBalancerIPs }} - - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} - {{- end }} - {{- if .Values.tls.extraDnsNames }} - - -n {{ join "," .Values.tls.extraDnsNames }} - {{- end }} - {{- if .Values.tls.resources }} - resources: {{- toYaml .Values.tls.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- end }} - containers: - - name: mongodb - image: {{ include "mongodb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- $customUsers := include "mongodb.customUsers" . -}} - {{- $customDatabases := include "mongodb.customDatabases" . -}} - {{- if not (empty $customUsers) }} - - name: MONGODB_EXTRA_USERNAMES - value: {{ $customUsers | quote }} - {{- end }} - {{- if not (empty $customDatabases) }} - - name: MONGODB_EXTRA_DATABASES - value: {{ $customDatabases | quote }} - {{- end }} - {{- if .Values.auth.enabled }} - {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} - - name: MONGODB_EXTRA_PASSWORDS - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-passwords - {{- end }} - - name: MONGODB_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - {{- end }} - {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} - - name: MONGODB_METRICS_USERNAME - value: {{ .Values.metrics.username | quote }} - {{- if .Values.auth.enabled }} - - name: MONGODB_METRICS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-metrics-password - {{- end }} - {{- end }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - - name: MONGODB_SYSTEM_LOG_VERBOSITY - value: {{ .Values.systemLogVerbosity | quote }} - - name: MONGODB_DISABLE_SYSTEM_LOG - value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} - - name: MONGODB_DISABLE_JAVASCRIPT - value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} - - name: MONGODB_ENABLE_JOURNAL - value: {{ ternary "yes" "no" .Values.enableJournal | quote }} - - name: MONGODB_PORT_NUMBER - value: {{ .Values.containerPorts.mongodb | quote }} - - name: MONGODB_ENABLE_IPV6 - value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} - - name: MONGODB_ENABLE_DIRECTORY_PER_DB - value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} - {{- $extraFlags := .Values.extraFlags | join " " -}} - {{- if .Values.tls.enabled }} - {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} - {{- end }} - {{- if ne $extraFlags "" }} - - name: MONGODB_EXTRA_FLAGS - value: {{ $extraFlags | quote }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: MONGODB_CLIENT_EXTRA_FLAGS - value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . | quote }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ tpl .Values.extraEnvVarsSecret . | quote }} - {{- end }} - {{- end }} - ports: - - name: mongodb - containerPort: {{ .Values.containerPorts.mongodb }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/ping-mongodb.sh - {{- end }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/readiness-probe.sh - {{- end }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /drycc/scripts/startup-probe.sh - {{- end }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - - name: common-scripts - mountPath: /drycc/scripts - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d - {{- end }} - {{- if or .Values.configuration .Values.existingConfigmap }} - - name: config - mountPath: /opt/drycc/mongodb/conf/mongodb.conf - subPath: mongodb.conf - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /certs - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "mongodb.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.metrics.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -ec - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.metrics.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} - {{- else }} - args: - - | - /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} - {{- end }} - env: - {{- if .Values.auth.enabled }} - {{- if not .Values.metrics.username }} - - name: MONGODB_ROOT_USER - value: {{ .Values.auth.rootUser | quote }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-root-password - {{- else }} - - name: MONGODB_METRICS_USERNAME - value: {{ .Values.metrics.username | quote }} - - name: MONGODB_METRICS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mongodb.secretName" . }} - key: mongodb-metrics-password - {{- end }} - {{- end }} - volumeMounts: - {{- if .Values.tls.enabled }} - - name: certs - mountPath: /certs - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.metrics.containerPort }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: common-scripts - configMap: - name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} - defaultMode: 0550 - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "mongodb.initdbScriptsCM" . }} - {{- end }} - {{- if or .Values.configuration .Values.existingConfigmap }} - - name: config - configMap: - name: {{ include "mongodb.configmapName" . }} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: certs - emptyDir: {} - - name: certs-volume - secret: - secretName: {{ template "mongodb.tlsSecretName" . }} - items: - - key: mongodb-ca-cert - path: mongodb-ca-cert - mode: 0600 - - key: mongodb-ca-key - path: mongodb-ca-key - mode: 0600 - {{- end }} - {{- if not .Values.persistence.enabled }} - - name: datadir - {{- if .Values.persistence.medium }} - emptyDir: - medium: {{ .Values.persistence.medium | quote }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else if .Values.persistence.existingClaim }} - - name: datadir - persistentVolumeClaim: - claimName: {{ printf "%s" (tpl .Values.persistence.existingClaim .) }} - {{- else if not .Values.useStatefulSet }} - - name: datadir - persistentVolumeClaim: - claimName: {{ template "mongodb.fullname" . }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: datadir - {{- if .Values.persistence.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.volumeClaimTemplates.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} - {{- end }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} - {{- end }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml deleted file mode 100644 index 7786de63..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (not (eq .Values.architecture "replicaset")) (not .Values.useStatefulSet) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.persistence.annotations .Values.commonAnnotations .Values.persistence.resourcePolicy }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.persistence.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.persistence.resourcePolicy }} - helm.sh/resource-policy: {{ .Values.persistence.resourcePolicy | quote }} - {{- end }} - {{- end }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml deleted file mode 100644 index 44255798..00000000 --- a/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if not (eq .Values.architecture "replicaset") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mongodb.fullname" . }} - namespace: {{ include "mongodb.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mongodb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: {{ toYaml .Values.service.externalIPs | nindent 4 }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if .Values.service.sessionAffinity }} - sessionAffinity: {{ .Values.service.sessionAffinity }} - {{- end }} - {{- if .Values.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: {{ .Values.service.portName | quote }} - port: {{ .Values.service.ports.mongodb }} - targetPort: mongodb - {{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) .Values.service.nodePorts.mongodb }} - nodePort: {{ .Values.service.nodePorts.mongodb }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: mongodb -{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/values.schema.json b/addons/mongodb/7.0/chart/mongodb/values.schema.json deleted file mode 100644 index be8e54b4..00000000 --- a/addons/mongodb/7.0/chart/mongodb/values.schema.json +++ /dev/null @@ -1,173 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "architecture": { - "type": "string", - "title": "MongoDB® architecture", - "form": true, - "description": "Allowed values: `standalone` or `replicaset`" - }, - "auth": { - "type": "object", - "title": "Authentication configuration", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Authentication", - "form": true - }, - "rootUser": { - "type": "string", - "title": "MongoDB® admin user", - "form": true, - "description": "Name of the admin user. Default is root" - }, - "rootPassword": { - "type": "string", - "title": "MongoDB® admin password", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set", - "hidden": { - "value": false, - "path": "auth/enabled" - } - }, - "database": { - "type": "string", - "title": "MongoDB® custom database", - "description": "Name of the custom database to be created during the 1st initialization of MongoDB®", - "form": true - }, - "username": { - "type": "string", - "title": "MongoDB® custom user", - "description": "Name of the custom user to be created during the 1st initialization of MongoDB®. This user only has permissions on the MongoDB® custom database", - "form": true - }, - "password": { - "type": "string", - "title": "Password for MongoDB® custom user", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set", - "hidden": { - "value": false, - "path": "auth/enabled" - } - }, - "replicaSetKey": { - "type": "string", - "title": "Key used for replica set authentication", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set", - "hidden": { - "value": "standalone", - "path": "architecture" - } - } - } - }, - "replicaCount": { - "type": "integer", - "form": true, - "title": "Number of MongoDB® replicas", - "hidden": { - "value": "standalone", - "path": "architecture" - } - }, - "configuration": { - "type": "string", - "title": "MongoDB® Custom Configuration", - "form": true, - "render": "textArea" - }, - "arbiter": { - "type": "object", - "title": "Arbiter configuration", - "form": true, - "properties": { - "configuration": { - "type": "string", - "title": "Arbiter Custom Configuration", - "form": true, - "render": "textArea", - "hidden": { - "value": "standalone", - "path": "architecture" - } - } - } - }, - "persistence": { - "type": "object", - "title": "Persistence configuration", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable persistence", - "description": "Enable persistence using Persistent Volume Claims" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "persistence/enabled" - } - } - } - }, - "volumePermissions": { - "type": "object", - "hidden": { - "value": false, - "path": "persistence/enabled" - }, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" - } - } - }, - "metrics": { - "type": "object", - "form": true, - "title": "Prometheus metrics details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus metrics exporter", - "description": "Create a side-car container to expose Prometheus metrics", - "form": true - }, - "serviceMonitor": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus Operator ServiceMonitor", - "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", - "form": true, - "hidden": { - "value": false, - "path": "metrics/enabled" - } - } - } - } - } - } - } -} diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml deleted file mode 100644 index 3ffc0b04..00000000 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ /dev/null @@ -1,2053 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## @param global.namespaceOverride Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - namespaceOverride: "" - -## @section Common parameters -## - -## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override mongodb.fullname template -## -fullnameOverride: "" -## @param namespaceOverride String to fully override common.names.namespace -## -namespaceOverride: "" -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param clusterDomain Default Kubernetes cluster domain -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## extraDeploy: -## This needs to be uncommented and added to 'extraDeploy' in order to use the replicaset 'mongo-labeler' sidecar -## for dynamically discovering the mongodb primary pod -## suggestion is to use a hard-coded and predictable TCP port for the primary mongodb pod (here is 30001, choose your own) -## - apiVersion: v1 -## kind: Service -## metadata: -## name: mongodb-primary -## namespace: the-mongodb-namespace -## labels: -## app.kubernetes.io/component: mongodb -## app.kubernetes.io/instance: mongodb -## app.kubernetes.io/managed-by: Helm -## app.kubernetes.io/name: mongodb -## spec: -## type: NodePort -## externalTrafficPolicy: Cluster -## ports: -## - name: mongodb -## port: 30001 -## nodePort: 30001 -## protocol: TCP -## targetPort: mongodb -## selector: -## app.kubernetes.io/component: mongodb -## app.kubernetes.io/instance: mongodb -## app.kubernetes.io/name: mongodb -## primary: "true" -## -extraDeploy: [] -## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} -## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} - -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity - -## @section MongoDB(®) parameters -## - -## Drycc MongoDB(®) image -## ref: https://hub.docker.com/r/drycc/mongodb/tags/ -## @param image.registry MongoDB(®) image registry -## @param image.repository MongoDB(®) image registry -## @param image.tag MongoDB(®) image tag (immutable tags are recommended) -## @param image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag -## @param image.pullPolicy MongoDB(®) image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Set to true if you would like to see extra information on logs -## -image: - registry: registry.drycc.cc - repository: drycc-addons/mongodb - tag: "7.0" - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false - -## @param schedulerName Name of the scheduler (other than default) to dispatch pods -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`) -## -architecture: replicaset -## @param useStatefulSet Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) -## -useStatefulSet: false -## MongoDB(®) Authentication parameters -## -auth: - ## @param auth.enabled Enable authentication - ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ - ## - enabled: true - ## @param auth.rootUser MongoDB(®) root user - ## - rootUser: root - ## @param auth.rootPassword MongoDB(®) root password - ## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#setting-the-root-user-and-password-on-first-run - ## - rootPassword: "" - ## MongoDB(®) custom users and databases - ## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#creating-a-user-and-database-on-first-run - ## @param auth.usernames List of custom users to be created during the initialization - ## @param auth.passwords List of passwords for the custom users set at `auth.usernames` - ## @param auth.databases List of custom databases to be created during the initialization - ## - usernames: [] - passwords: [] - databases: [] - ## @param auth.username DEPRECATED: use `auth.usernames` instead - ## @param auth.password DEPRECATED: use `auth.passwords` instead - ## @param auth.database DEPRECATED: use `auth.databases` instead - username: "" - password: "" - database: "" - ## @param auth.replicaSetKey Key used for authentication in the replicaset (only when `architecture=replicaset`) - ## - replicaSetKey: "" - ## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) - ## NOTE: When it's set the previous parameters are ignored. - ## - existingSecret: "" -tls: - ## @param tls.enabled Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes - ## - enabled: false - ## @param tls.autoGenerated Generate a custom CA and self-signed certificates - ## - autoGenerated: true - ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) - ## NOTE: When it's set it will disable certificate creation - ## - existingSecret: "" - ## Add Custom CA certificate - ## @param tls.caCert Custom CA certificated (base64 encoded) - ## @param tls.caKey CA certificate private key (base64 encoded) - ## - caCert: "" - caKey: "" - ## Drycc Nginx image - ## @param tls.image.registry Init container TLS certs setup image registry - ## @param tls.image.repository Init container TLS certs setup image repository - ## @param tls.image.tag Init container TLS certs setup image tag (immutable tags are recommended) - ## @param tls.image.digest Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param tls.image.pullPolicy Init container TLS certs setup image pull policy - ## @param tls.image.pullSecrets Init container TLS certs specify docker-registry secret names as an array - ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients - ## - image: - registry: docker.io - repository: drycc/nginx - tag: 1.23.1-debian-11-r26 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - - ## e.g: - ## extraDnsNames - ## "DNS.6": "$my_host" - ## "DNS.7": "$test" - ## - extraDnsNames: [] - ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) - ## - mode: requireTLS - ## Init Container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param tls.resources.limits Init container generate-tls-certs resource limits - ## @param tls.resources.requests Init container generate-tls-certs resource requests - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} -## @param hostAliases Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param replicaSetName Name of the replica set (only when `architecture=replicaset`) -## Ignored when mongodb.architecture=standalone -## -replicaSetName: rs0 -## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) -## Ignored when mongodb.architecture=standalone -## Ignored when externalAccess.enabled=true -## -replicaSetHostnames: true -## @param enableIPv6 Switch to enable/disable IPv6 on MongoDB(®) -## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#enablingdisabling-ipv6 -## -enableIPv6: false -## @param directoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB(®) -## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#enablingdisabling-directoryperdb -## -directoryPerDB: false -## MongoDB(®) System Log configuration -## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#configuring-system-log-verbosity-level -## @param systemLogVerbosity MongoDB(®) system log verbosity level -## @param disableSystemLog Switch to enable/disable MongoDB(®) system log -## -systemLogVerbosity: 0 -disableSystemLog: false -## @param disableJavascript Switch to enable/disable MongoDB(®) server-side JavaScript execution -## ref: https://docs.mongodb.com/manual/core/server-side-javascript/ -## -disableJavascript: false -## @param enableJournal Switch to enable/disable MongoDB(®) Journaling -## ref: https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-storage.journal.enabled -## -enableJournal: true -## @param configuration MongoDB(®) configuration file to be used for Primary and Secondary nodes -## For documentation of all options, see: http://docs.mongodb.org/manual/reference/configuration-options/ -## Example: -## configuration: |- -## # where and how to store data. -## storage: -## dbPath: /drycc/mongodb/data/db -## journal: -## enabled: true -## directoryPerDB: false -## # where to write logging data -## systemLog: -## destination: file -## quiet: false -## logAppend: true -## logRotate: reopen -## path: /opt/drycc/mongodb/logs/mongodb.log -## verbosity: 0 -## # network interfaces -## net: -## port: 27017 -## unixDomainSocket: -## enabled: true -## pathPrefix: /opt/drycc/mongodb/tmp -## ipv6: false -## bindIpAll: true -## # replica set options -## #replication: -## #replSetName: replicaset -## #enableMajorityReadConcern: true -## # process management optionsT -## processManagement: -## fork: false -## pidFilePath: /opt/drycc/mongodb/tmp/mongodb.pid -## # set parameter options -## setParameter: -## enableLocalhostAuthBypass: true -## # security options -## security: -## authorization: disabled -## #keyFile: /opt/drycc/mongodb/conf/keyfile -## -configuration: "" -## @section replicaSetConfigurationSettings settings applied during runtime (not via configuration file) -## If enabled, these are applied by a script which is called within setup.sh -## for documentation see https://docs.mongodb.com/manual/reference/replica-configuration/#replica-set-configuration-fields -## @param replicaSetConfigurationSettings.enabled Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings -## @param replicaSetConfigurationSettings.configuration run-time rs.conf settings -## -replicaSetConfigurationSettings: - enabled: false - configuration: {} -## chainingAllowed : false -## heartbeatTimeoutSecs : 10 -## heartbeatIntervalMillis : 2000 -## electionTimeoutMillis : 10000 -## catchUpTimeoutMillis : 30000 -## @param existingConfigmap Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes -## NOTE: When it's set the arbiter.configuration parameter is ignored -## -existingConfigmap: "" -## @param initdbScripts Dictionary of initdb scripts -## Specify dictionary of scripts to be run at first boot -## Example: -## initdbScripts: -## my_init_script.sh: | -## #!/bin/bash -## echo "Do something." -## -initdbScripts: {} -## @param initdbScriptsConfigMap Existing ConfigMap with custom initdb scripts -## -initdbScriptsConfigMap: "" -## Command and args for running the container (set to default if not set). Use array form -## @param command Override default container command (useful when using custom images) -## @param args Override default container args (useful when using custom images) -## -command: [] -args: [] -## @param extraFlags MongoDB(®) additional command line flags -## Example: -## extraFlags: -## - "--wiredTigerCacheSizeGB=2" -## -extraFlags: [] -## @param extraEnvVars Extra environment variables to add to MongoDB(®) pods -## E.g: -## extraEnvVars: -## - name: FOO -## value: BAR -## -extraEnvVars: [] -## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) -## -extraEnvVarsSecret: "" - -## @section MongoDB(®) statefulset parameters -## - -## @param annotations Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template -## -annotations: {} -## @param labels Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template -## -labels: {} -## @param replicaCount Number of MongoDB(®) nodes (only when `architecture=replicaset`) -## Ignored when mongodb.architecture=standalone -## -replicaCount: 3 -## @param updateStrategy.type Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, -## this parameter will be applied on a deployment object. In other case it will be applied on a statefulset object -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## Example: -## updateStrategy: -## type: RollingUpdate -## rollingUpdate: -## maxSurge: 25% -## maxUnavailable: 25% -## -updateStrategy: - type: RollingUpdate -## @param podManagementPolicy Pod management policy for MongoDB(®) -## Should be initialized one by one when building the replicaset for the first time -## -podManagementPolicy: OrderedReady -## @param podAffinityPreset MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key MongoDB(®) Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values MongoDB(®) Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity MongoDB(®) Affinity for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector MongoDB(®) Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations MongoDB(®) Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param topologySpreadConstraints MongoDB(®) Spread Constraints for Pods -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -## -topologySpreadConstraints: [] -## @param lifecycleHooks LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup -## -lifecycleHooks: {} -## @param terminationGracePeriodSeconds MongoDB(®) Termination Grace Period -## -terminationGracePeriodSeconds: "" -## @param podLabels MongoDB(®) pod labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations MongoDB(®) Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param priorityClassName Name of the existing priority class to be used by MongoDB(®) pod(s) -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" -## @param runtimeClassName Name of the runtime class to be used by MongoDB(®) pod(s) -## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ -## -runtimeClassName: "" -## MongoDB(®) pods' Security Context. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable MongoDB(®) pod(s)' Security Context -## @param podSecurityContext.fsGroup Group ID for the volumes of the MongoDB(®) pod(s) -## @param podSecurityContext.sysctls sysctl settings of the MongoDB(®) pod(s)' -## -podSecurityContext: - enabled: true - fsGroup: 1001 - ## sysctl settings - ## Example: - ## sysctls: - ## - name: net.core.somaxconn - ## value: "10000" - ## - sysctls: [] -## MongoDB(®) containers' Security Context (main and metrics container). -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable MongoDB(®) container(s)' Security Context -## @param containerSecurityContext.runAsUser User ID for the MongoDB(®) container -## @param containerSecurityContext.runAsNonRoot Set MongoDB(®) container's Security Context runAsNonRoot -## -containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true -## MongoDB(®) containers' resource requests and limits. -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for MongoDB(®) containers -## @param resources.requests The requested resources for MongoDB(®) containers -## -resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} -## @param containerPorts.mongodb MongoDB(®) container port -containerPorts: - mongodb: 27017 -## MongoDB(®) pods' liveness probe. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - successThreshold: 1 -## MongoDB(®) pods' readiness probe. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Slow starting containers can be protected through startup probes -## Startup probes are available in Kubernetes version 1.16 and above -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes -## @param startupProbe.enabled Enable startupProbe -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - initialDelaySeconds: 5 - periodSeconds: 20 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 30 -## @param customLivenessProbe Override default liveness probe for MongoDB(®) containers -## Ignored when livenessProbe.enabled=true -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe for MongoDB(®) containers -## Ignored when readinessProbe.enabled=true -## -customReadinessProbe: {} -## @param customStartupProbe Override default startup probe for MongoDB(®) containers -## Ignored when startupProbe.enabled=true -## -customStartupProbe: {} -## @param initContainers Add additional init containers for the hidden node pod(s) -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param sidecars Add additional sidecar containers for the MongoDB(®) pod(s) -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## This is an optional 'mongo-labeler' sidecar container that tracks replica-set for the primary mongodb pod -## and labels it dynamically with ' primary: "true" ' in order for an extra-deployed service to always expose -## and attach to the primary pod, this needs to be uncommented along with the suggested 'extraDeploy' example -## and the suggested rbac example for the pod to be allowed adding labels to mongo replica pods -## search 'mongo-labeler' through this file to find the sections that needs to be uncommented to make it work -## -## - name: mongo-labeler -## image: korenlev/k8s-mongo-labeler-sidecar -## imagePullPolicy: Always -## env: -## - name: LABEL_SELECTOR -## value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb" -## - name: NAMESPACE -## value: "the-mongodb-namespace" -## - name: DEBUG -## value: "true" -## -sidecars: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) -## Examples: -## extraVolumeMounts: -## - name: extras -## mountPath: /usr/share/extras -## readOnly: true -## -extraVolumeMounts: [] -## @param extraVolumes Optionally specify extra list of additional volumes to the MongoDB(®) statefulset -## extraVolumes: -## - name: extras -## emptyDir: {} -## -extraVolumes: [] -## MongoDB(®) Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## -pdb: - ## @param pdb.create Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) - ## - create: false - ## @param pdb.minAvailable Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction - ## - minAvailable: 1 - ## @param pdb.maxUnavailable Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction - ## - maxUnavailable: "" - -## @section Traffic exposure parameters -## - -## Service parameters -## -service: - ## @param service.nameOverride MongoDB(®) service name - ## - nameOverride: "" - ## @param service.type Kubernetes Service type (only for standalone architecture) - ## - type: ClusterIP - ## @param service.portName MongoDB(®) service port name (only for standalone architecture) - ## - portName: mongodb - ## @param service.ports.mongodb MongoDB(®) service port. - ## - ports: - mongodb: 27017 - ## @param service.nodePorts.mongodb Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePorts: - mongodb: "" - ## @param service.clusterIP MongoDB(®) service cluster IP (only for standalone architecture) - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips - ## - externalIPs: [] - ## @param service.loadBalancerIP loadBalancerIP for MongoDB(®) Service (only for standalone architecture) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - loadBalancerSourceRanges: [] - ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param service.annotations Provide any additional annotations that may be required - ## - annotations: {} - ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture) - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Local - ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/user-guide/services/ - ## - sessionAffinity: None - ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - -## External Access to MongoDB(®) nodes configuration -## -externalAccess: - ## @param externalAccess.enabled Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) - ## - enabled: false - ## External IPs auto-discovery configuration - ## An init container is used to auto-detect LB IPs or node ports by querying the K8s API - ## Note: RBAC might be required - ## - autoDiscovery: - ## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs by querying the K8s API - ## - enabled: false - ## Drycc Kubectl image - ## ref: https://hub.docker.com/r/drycc/kubectl/tags/ - ## @param externalAccess.autoDiscovery.image.registry Init container auto-discovery image registry - ## @param externalAccess.autoDiscovery.image.repository Init container auto-discovery image repository - ## @param externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended) - ## @param externalAccess.autoDiscovery.image.digest Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy - ## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets - ## - image: - registry: docker.io - repository: drycc/kubectl - tag: 1.25.2-debian-11-r2 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init Container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param externalAccess.autoDiscovery.resources.limits Init container auto-discovery resource limits - ## @param externalAccess.autoDiscovery.resources.requests Init container auto-discovery resource requests - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## Parameters to configure K8s service(s) used to externally access MongoDB(®) - ## A new service per broker will be created - ## - service: - ## @param externalAccess.service.type Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP - ## - type: LoadBalancer - ## @param externalAccess.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer - ## - portName: "mongodb" - ## @param externalAccess.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer - ## - ports: - mongodb: 27017 - ## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes - ## Example: - ## loadBalancerIPs: - ## - X.X.X.X - ## - Y.Y.Y.Y - ## - loadBalancerIPs: [] - ## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## Example: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param externalAccess.service.externalTrafficPolicy MongoDB(®) service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Local - ## @param externalAccess.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort - ## Example: - ## nodePorts: - ## - 30001 - ## - 30002 - ## - nodePorts: [] - ## @param externalAccess.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort - ## If not specified, the container will try to get the kubernetes node external IP - ## e.g: - ## domain: mydomain.com - ## - domain: "" - ## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param externalAccess.service.annotations Service annotations for external access - ## - annotations: {} - ## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/user-guide/services/ - ## - sessionAffinity: None - ## @param externalAccess.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## External Access to MongoDB(®) Hidden nodes configuration - ## - hidden: - ## @param externalAccess.hidden.enabled Enable Kubernetes external cluster access to MongoDB(®) hidden nodes - ## - enabled: false - ## Parameters to configure K8s service(s) used to externally access MongoDB(®) - ## A new service per broker will be created - ## - service: - ## @param externalAccess.hidden.service.type Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer - ## - type: LoadBalancer - ## @param externalAccess.hidden.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer - ## - portName: "mongodb" - ## @param externalAccess.hidden.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer - ## - ports: - mongodb: 27017 - ## @param externalAccess.hidden.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes - ## Example: - ## loadBalancerIPs: - ## - X.X.X.X - ## - Y.Y.Y.Y - ## - loadBalancerIPs: [] - ## @param externalAccess.hidden.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## Example: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param externalAccess.hidden.service.externalTrafficPolicy MongoDB(®) service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Local - ## @param externalAccess.hidden.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount - ## Example: - ## nodePorts: - ## - 30001 - ## - 30002 - ## - nodePorts: [] - ## @param externalAccess.hidden.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort - ## If not specified, the container will try to get the kubernetes node external IP - ## e.g: - ## domain: mydomain.com - ## - domain: "" - ## @param externalAccess.hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param externalAccess.hidden.service.annotations Service annotations for external access - ## - annotations: {} - ## @param externalAccess.hidden.service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/user-guide/services/ - ## - sessionAffinity: None - ## @param externalAccess.hidden.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - -## @section Persistence parameters -## - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable MongoDB(®) data persistence using PVC - ## - enabled: true - ## @param persistence.medium Provide a medium for `emptyDir` volumes. - ## Requires persistence.enabled: false - ## - medium: "" - ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## Ignored when mongodb.architecture=replicaset - ## - existingClaim: "" - ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted - resourcePolicy: "" - ## @param persistence.storageClass PVC Storage Class for MongoDB(®) data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. - ## - storageClass: "" - ## @param persistence.accessModes PV Access Mode - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size PVC Storage Request for MongoDB(®) data volume - ## - size: 8Gi - ## @param persistence.annotations PVC annotations - ## - annotations: {} - ## @param persistence.mountPath Path to mount the volume at - ## MongoDB(®) images. - ## - mountPath: /drycc/mongodb - ## @param persistence.subPath Subdirectory of the volume to mount at - ## and one PV for multiple services. - ## - subPath: "" - ## Fine tuning for volumeClaimTemplates - ## - volumeClaimTemplates: - ## @param persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) - ## A label query over volumes to consider for binding (e.g. when using local volumes) - ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details - ## - selector: {} - ## @param persistence.volumeClaimTemplates.requests Custom PVC requests attributes - ## Sometime cloud providers use additional requests attributes to provision custom storage instance - ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset - ## - requests: {} - ## @param persistence.volumeClaimTemplates.dataSource Add dataSource to the VolumeClaimTemplate - ## - dataSource: {} - -## @section RBAC parameters -## - -## ServiceAccount -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Enable creation of ServiceAccount for MongoDB(®) pods - ## - create: true - ## @param serviceAccount.name Name of the created serviceAccount - ## If not set and create is true, a name is generated using the mongodb.fullname template - ## - name: "" - ## @param serviceAccount.annotations Additional Service Account annotations - ## - annotations: {} - ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created - ## Can be set to false if pods using this serviceAccount do not need to use K8s API - ## - automountServiceAccountToken: true -## Role Based Access -## ref: https://kubernetes.io/docs/admin/authorization/rbac/ -## -rbac: - ## @param rbac.create Whether to create & use RBAC resources or not - ## binding MongoDB(®) ServiceAccount to a role - ## that allows MongoDB(®) pods querying the K8s API - ## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery - ## - create: false - ## @param rbac.rules Custom rules to create following the role specification - ## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod: - ## rules: - ## - apiGroups: - ## - "" - ## resources: - ## - pods - ## verbs: - ## - get - ## - list - ## - watch - ## - update - ## - rules: [] -## PodSecurityPolicy configuration -## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created. -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later - ## - create: false - ## @param podSecurityPolicy.allowPrivilegeEscalation Enable privilege escalation - ## Either use predefined policy with some adjustments or use `podSecurityPolicy.spec` - ## - allowPrivilegeEscalation: false - ## @param podSecurityPolicy.privileged Allow privileged - ## - privileged: false - ## @param podSecurityPolicy.spec Specify the full spec to use for Pod Security Policy - ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - ## Defining a spec ignores the above values. - ## - spec: {} - ## Example: - ## allowPrivilegeEscalation: false - ## fsGroup: - ## rule: 'MustRunAs' - ## ranges: - ## - min: 1001 - ## max: 1001 - ## hostIPC: false - ## hostNetwork: false - ## hostPID: false - ## privileged: false - ## readOnlyRootFilesystem: false - ## requiredDropCapabilities: - ## - ALL - ## runAsUser: - ## rule: 'MustRunAs' - ## ranges: - ## - min: 1001 - ## max: 1001 - ## seLinux: - ## rule: 'RunAsAny' - ## supplementalGroups: - ## rule: 'MustRunAs' - ## ranges: - ## - min: 1001 - ## max: 1001 - ## volumes: - ## - 'configMap' - ## - 'secret' - ## - 'emptyDir' - ## - 'persistentVolumeClaim' - ## - -## @section Volume Permissions parameters -## -## Init Container parameters -## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component -## values from the securityContext section of the component -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: drycc/drycc-shell - tag: 11-debian-11-r37 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init Container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits Init container volume-permissions resource limits - ## @param volumePermissions.resources.requests Init container volume-permissions resource requests - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## Init container Security Context - ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false and shmVolume.chmod.enabled=false - ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container - ## - securityContext: - runAsUser: 0 - -## @section Arbiter parameters -## - -arbiter: - ## @param arbiter.enabled Enable deploying the arbiter - ## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/ - ## - enabled: false - ## @param arbiter.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param arbiter.configuration Arbiter configuration file to be used - ## http://docs.mongodb.org/manual/reference/configuration-options/ - ## - configuration: "" - ## @param arbiter.existingConfigmap Name of existing ConfigMap with Arbiter configuration - ## NOTE: When it's set the arbiter.configuration parameter is ignored - ## - existingConfigmap: "" - ## Command and args for running the container (set to default if not set). Use array form - ## @param arbiter.command Override default container command (useful when using custom images) - ## @param arbiter.args Override default container args (useful when using custom images) - ## - command: [] - args: [] - ## @param arbiter.extraFlags Arbiter additional command line flags - ## Example: - ## extraFlags: - ## - "--wiredTigerCacheSizeGB=2" - ## - extraFlags: [] - ## @param arbiter.extraEnvVars Extra environment variables to add to Arbiter pods - ## E.g: - ## extraEnvVars: - ## - name: FOO - ## value: BAR - ## - extraEnvVars: [] - ## @param arbiter.extraEnvVarsCM Name of existing ConfigMap containing extra env vars - ## - extraEnvVarsCM: "" - ## @param arbiter.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param arbiter.annotations Additional labels to be added to the Arbiter statefulset - ## - annotations: {} - ## @param arbiter.labels Annotations to be added to the Arbiter statefulset - ## - labels: {} - ## @param arbiter.topologySpreadConstraints MongoDB(®) Spread Constraints for arbiter Pods - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - topologySpreadConstraints: [] - ## @param arbiter.lifecycleHooks LifecycleHook for the Arbiter container to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param arbiter.terminationGracePeriodSeconds Arbiter Termination Grace Period - ## - terminationGracePeriodSeconds: "" - ## @param arbiter.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: RollingUpdate - ## @param arbiter.podManagementPolicy Pod management policy for MongoDB(®) - ## Should be initialized one by one when building the replicaset for the first time - ## - podManagementPolicy: OrderedReady - ## @param arbiter.schedulerName Name of the scheduler (other than default) to dispatch pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param arbiter.podAffinityPreset Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param arbiter.podAntiAffinityPreset Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param arbiter.nodeAffinityPreset.type Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param arbiter.nodeAffinityPreset.key Arbiter Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param arbiter.nodeAffinityPreset.values Arbiter Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param arbiter.affinity Arbiter Affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: arbiter.podAffinityPreset, arbiter.podAntiAffinityPreset, and arbiter.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param arbiter.nodeSelector Arbiter Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param arbiter.tolerations Arbiter Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param arbiter.podLabels Arbiter pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param arbiter.podAnnotations Arbiter Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param arbiter.priorityClassName Name of the existing priority class to be used by Arbiter pod(s) - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param arbiter.runtimeClassName Name of the runtime class to be used by Arbiter pod(s) - ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ - ## - runtimeClassName: "" - ## MongoDB(®) Arbiter pods' Security Context. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param arbiter.podSecurityContext.enabled Enable Arbiter pod(s)' Security Context - ## @param arbiter.podSecurityContext.fsGroup Group ID for the volumes of the Arbiter pod(s) - ## @param arbiter.podSecurityContext.sysctls sysctl settings of the Arbiter pod(s)' - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## sysctl settings - ## Example: - ## sysctls: - ## - name: net.core.somaxconn - ## value: "10000" - ## - sysctls: [] - ## MongoDB(®) Arbiter containers' Security Context (only main container). - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param arbiter.containerSecurityContext.enabled Enable Arbiter container(s)' Security Context - ## @param arbiter.containerSecurityContext.runAsUser User ID for the Arbiter container - ## @param arbiter.containerSecurityContext.runAsNonRoot Set Arbiter containers' Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## MongoDB(®) Arbiter containers' resource requests and limits. - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param arbiter.resources.limits The resources limits for Arbiter containers - ## @param arbiter.resources.requests The requested resources for Arbiter containers - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port - ## - containerPorts: - mongodb: 27017 - ## MongoDB(®) Arbiter pods' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param arbiter.livenessProbe.enabled Enable livenessProbe - ## @param arbiter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param arbiter.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param arbiter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param arbiter.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param arbiter.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - successThreshold: 1 - ## MongoDB(®) Arbiter pods' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param arbiter.readinessProbe.enabled Enable readinessProbe - ## @param arbiter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param arbiter.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param arbiter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param arbiter.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param arbiter.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - successThreshold: 1 - ## MongoDB(®) Arbiter pods' startup probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param arbiter.startupProbe.enabled Enable startupProbe - ## @param arbiter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param arbiter.startupProbe.periodSeconds Period seconds for startupProbe - ## @param arbiter.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param arbiter.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param arbiter.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 30 - ## @param arbiter.customLivenessProbe Override default liveness probe for Arbiter containers - ## Ignored when arbiter.livenessProbe.enabled=true - ## - customLivenessProbe: {} - ## @param arbiter.customReadinessProbe Override default readiness probe for Arbiter containers - ## Ignored when arbiter.readinessProbe.enabled=true - ## - customReadinessProbe: {} - ## @param arbiter.customStartupProbe Override default startup probe for Arbiter containers - ## Ignored when arbiter.startupProbe.enabled=true - ## - customStartupProbe: {} - ## @param arbiter.initContainers Add additional init containers for the Arbiter pod(s) - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param arbiter.sidecars Add additional sidecar containers for the Arbiter pod(s) - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param arbiter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Arbiter container(s) - ## Examples: - ## extraVolumeMounts: - ## - name: extras - ## mountPath: /usr/share/extras - ## readOnly: true - ## - extraVolumeMounts: [] - ## @param arbiter.extraVolumes Optionally specify extra list of additional volumes to the Arbiter statefulset - ## extraVolumes: - ## - name: extras - ## emptyDir: {} - ## - extraVolumes: [] - ## MongoDB(®) Arbiter Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param arbiter.pdb.create Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) - ## - create: false - ## @param arbiter.pdb.minAvailable Minimum number/percentage of Arbiter pods that should remain scheduled - ## - minAvailable: 1 - ## @param arbiter.pdb.maxUnavailable Maximum number/percentage of Arbiter pods that may be made unavailable - ## - maxUnavailable: "" - ## MongoDB(®) Arbiter service parameters - ## - service: - ## @param arbiter.service.nameOverride The arbiter service name - ## - nameOverride: "" - ## @param arbiter.service.ports.mongodb MongoDB(®) service port - ## - ports: - mongodb: 27017 - ## @param arbiter.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param arbiter.service.annotations Provide any additional annotations that may be required - ## - annotations: {} - -## @section Hidden Node parameters -## - -hidden: - ## @param hidden.enabled Enable deploying the hidden nodes - ## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/ - ## - enabled: false - ## @param hidden.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param hidden.configuration Hidden node configuration file to be used - ## http://docs.mongodb.org/manual/reference/configuration-options/ - ## - configuration: "" - ## @param hidden.existingConfigmap Name of existing ConfigMap with Hidden node configuration - ## NOTE: When it's set the hidden.configuration parameter is ignored - ## - existingConfigmap: "" - ## Command and args for running the container (set to default if not set). Use array form - ## @param hidden.command Override default container command (useful when using custom images) - ## @param hidden.args Override default container args (useful when using custom images) - ## - command: [] - args: [] - ## @param hidden.extraFlags Hidden node additional command line flags - ## Example: - ## extraFlags: - ## - "--wiredTigerCacheSizeGB=2" - ## - extraFlags: [] - ## @param hidden.extraEnvVars Extra environment variables to add to Hidden node pods - ## E.g: - ## extraEnvVars: - ## - name: FOO - ## value: BAR - ## - extraEnvVars: [] - ## @param hidden.extraEnvVarsCM Name of existing ConfigMap containing extra env vars - ## - extraEnvVarsCM: "" - ## @param hidden.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param hidden.annotations Additional labels to be added to thehidden node statefulset - ## - annotations: {} - ## @param hidden.labels Annotations to be added to the hidden node statefulset - ## - labels: {} - ## @param hidden.topologySpreadConstraints MongoDB(®) Spread Constraints for hidden Pods - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - topologySpreadConstraints: [] - ## @param hidden.lifecycleHooks LifecycleHook for the Hidden container to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param hidden.replicaCount Number of hidden nodes (only when `architecture=replicaset`) - ## Ignored when mongodb.architecture=standalone - ## - replicaCount: 1 - ## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period - ## - terminationGracePeriodSeconds: "" - ## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: RollingUpdate - ## @param hidden.podManagementPolicy Pod management policy for hidden node - ## - podManagementPolicy: OrderedReady - ## @param hidden.schedulerName Name of the scheduler (other than default) to dispatch pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param hidden.podAffinityPreset Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param hidden.podAntiAffinityPreset Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard - ## - nodeAffinityPreset: - ## @param hidden.nodeAffinityPreset.type Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param hidden.nodeAffinityPreset.key Hidden Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param hidden.nodeAffinityPreset.values Hidden Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param hidden.affinity Hidden node Affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param hidden.nodeSelector Hidden node Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param hidden.tolerations Hidden node Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param hidden.podLabels Hidden node pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param hidden.podAnnotations Hidden node Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param hidden.priorityClassName Name of the existing priority class to be used by hidden node pod(s) - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param hidden.runtimeClassName Name of the runtime class to be used by hidden node pod(s) - ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ - ## - runtimeClassName: "" - ## MongoDB(®) Hidden pods' Security Context. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param hidden.podSecurityContext.enabled Enable Hidden pod(s)' Security Context - ## @param hidden.podSecurityContext.fsGroup Group ID for the volumes of the Hidden pod(s) - ## @param hidden.podSecurityContext.sysctls sysctl settings of the Hidden pod(s)' - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## sysctl settings - ## Example: - ## sysctls: - ## - name: net.core.somaxconn - ## value: "10000" - ## - sysctls: [] - ## MongoDB(®) Hidden containers' Security Context (only main container). - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param hidden.containerSecurityContext.enabled Enable Hidden container(s)' Security Context - ## @param hidden.containerSecurityContext.runAsUser User ID for the Hidden container - ## @param hidden.containerSecurityContext.runAsNonRoot Set Hidden containers' Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## MongoDB(®) Hidden containers' resource requests and limits. - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param hidden.resources.limits The resources limits for hidden node containers - ## @param hidden.resources.requests The requested resources for hidden node containers - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## @param hidden.containerPorts.mongodb MongoDB(®) hidden container port - containerPorts: - mongodb: 27017 - ## MongoDB(®) Hidden pods' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param hidden.livenessProbe.enabled Enable livenessProbe - ## @param hidden.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param hidden.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param hidden.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param hidden.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param hidden.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - successThreshold: 1 - ## MongoDB(®) Hidden pods' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param hidden.readinessProbe.enabled Enable readinessProbe - ## @param hidden.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param hidden.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param hidden.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param hidden.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param hidden.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 20 - timeoutSeconds: 10 - failureThreshold: 6 - successThreshold: 1 - ## Slow starting containers can be protected through startup probes - ## Startup probes are available in Kubernetes version 1.16 and above - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes - ## @param hidden.startupProbe.enabled Enable startupProbe - ## @param hidden.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param hidden.startupProbe.periodSeconds Period seconds for startupProbe - ## @param hidden.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param hidden.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param hidden.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 30 - ## @param hidden.customLivenessProbe Override default liveness probe for hidden node containers - ## Ignored when hidden.livenessProbe.enabled=true - ## - customLivenessProbe: {} - ## @param hidden.customReadinessProbe Override default readiness probe for hidden node containers - ## Ignored when hidden.readinessProbe.enabled=true - ## - customReadinessProbe: {} - ## @param hidden.customStartupProbe Override default startup probe for MongoDB(®) containers - ## Ignored when hidden.startupProbe.enabled=true - ## - customStartupProbe: {} - ## @param hidden.initContainers Add init containers to the MongoDB(®) Hidden pods. - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param hidden.sidecars Add additional sidecar containers for the hidden node pod(s) - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param hidden.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the hidden node container(s) - ## Examples: - ## extraVolumeMounts: - ## - name: extras - ## mountPath: /usr/share/extras - ## readOnly: true - ## - extraVolumeMounts: [] - ## @param hidden.extraVolumes Optionally specify extra list of additional volumes to the hidden node statefulset - ## extraVolumes: - ## - name: extras - ## emptyDir: {} - ## - extraVolumes: [] - ## MongoDB(®) Hidden Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param hidden.pdb.create Enable/disable a Pod Disruption Budget creation for hidden node pod(s) - ## - create: false - ## @param hidden.pdb.minAvailable Minimum number/percentage of hidden node pods that should remain scheduled - ## - minAvailable: 1 - ## @param hidden.pdb.maxUnavailable Maximum number/percentage of hidden node pods that may be made unavailable - ## - maxUnavailable: "" - ## Enable persistence using Persistent Volume Claims - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param hidden.persistence.enabled Enable hidden node data persistence using PVC - ## - enabled: true - ## @param hidden.persistence.medium Provide a medium for `emptyDir` volumes. - ## Requires hidden.persistence.enabled: false - ## - medium: "" - ## @param hidden.persistence.storageClass PVC Storage Class for hidden node data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. - ## - storageClass: "" - ## @param hidden.persistence.accessModes PV Access Mode - ## - accessModes: - - ReadWriteOnce - ## @param hidden.persistence.size PVC Storage Request for hidden node data volume - ## - size: 8Gi - ## @param hidden.persistence.annotations PVC annotations - ## - annotations: {} - ## @param hidden.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB(®) images. - ## - mountPath: /drycc/mongodb - ## @param hidden.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: "" - ## Fine tuning for volumeClaimTemplates - ## - volumeClaimTemplates: - ## @param hidden.persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) - ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details - ## - selector: {} - ## @param hidden.persistence.volumeClaimTemplates.requests Custom PVC requests attributes - ## Sometime cloud providers use additional requests attributes to provision custom storage instance - ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset - ## - requests: {} - ## @param hidden.persistence.volumeClaimTemplates.dataSource Set volumeClaimTemplate dataSource - ## - dataSource: {} - service: - ## @param hidden.service.portName MongoDB(®) service port name - ## - portName: "mongodb" - ## @param hidden.service.ports.mongodb MongoDB(®) service port - ## - ports: - mongodb: 27017 - ## @param hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param hidden.service.annotations Provide any additional annotations that may be required - ## - annotations: {} - -## @section Metrics parameters -## - -metrics: - ## @param metrics.enabled Enable using a sidecar Prometheus exporter - ## - enabled: false - ## Drycc MongoDB(®) Promtheus Exporter image - ## ref: https://hub.docker.com/r/drycc/mongodb-exporter/tags/ - ## @param metrics.image.registry MongoDB(®) Prometheus exporter image registry - ## @param metrics.image.repository MongoDB(®) Prometheus exporter image repository - ## @param metrics.image.tag MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) - ## @param metrics.image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param metrics.image.pullPolicy MongoDB(®) Prometheus exporter image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: drycc/mongodb-exporter - tag: 0.34.0-debian-11-r19 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - - ## @param metrics.username String with username for the metrics exporter - ## If undefined the root user will be used for the metrics exporter - username: "" - ## @param metrics.password String with password for the metrics exporter - ## If undefined but metrics.username is defined, a random password will be generated - password: "" - ## @param metrics.extraFlags String with extra flags to the metrics exporter - ## ref: https://github.com/percona/mongodb_exporter/blob/master/mongodb_exporter.go - ## - extraFlags: "" - ## Command and args for running the container (set to default if not set). Use array form - ## @param metrics.command Override default container command (useful when using custom images) - ## @param metrics.args Override default container args (useful when using custom images) - ## - command: [] - args: [] - ## Metrics exporter container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resources.limits The resources limits for Prometheus exporter containers - ## @param metrics.resources.requests The requested resources for Prometheus exporter containers - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## @param metrics.containerPort Port of the Prometheus metrics container - ## - containerPort: 9216 - ## Prometheus Exporter service configuration - ## - service: - ## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" - prometheus.io/path: "/metrics" - ## @param metrics.service.type Type of the Prometheus metrics service - ## - type: ClusterIP - ## @param metrics.service.ports.metrics Port of the Prometheus metrics service - ## - ports: - metrics: 9216 - ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## Metrics exporter liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## @param metrics.livenessProbe.enabled Enable livenessProbe - ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 5 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - ## Metrics exporter readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## @param metrics.readinessProbe.enabled Enable readinessProbe - ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## Slow starting containers can be protected through startup probes - ## Startup probes are available in Kubernetes version 1.16 and above - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes - ## @param metrics.startupProbe.enabled Enable startupProbe - ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe - ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 30 - ## @param metrics.customLivenessProbe Override default liveness probe for MongoDB(®) containers - ## Ignored when livenessProbe.enabled=true - ## - customLivenessProbe: {} - ## @param metrics.customReadinessProbe Override default readiness probe for MongoDB(®) containers - ## Ignored when readinessProbe.enabled=true - ## - customReadinessProbe: {} - ## @param metrics.customStartupProbe Override default startup probe for MongoDB(®) containers - ## Ignored when startupProbe.enabled=true - ## - customStartupProbe: {} - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended - ## e.g: - ## scrapeTimeout: 30s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. - ## - relabelings: [] - ## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion. - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - labels: {} - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/drycc/charts/tree/master/drycc/prometheus-operator#prometheus-configuration - ## - selector: {} - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - ## Custom PrometheusRule to be defined - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator - ## - enabled: false - ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus - ## - additionalLabels: {} - ## @param metrics.prometheusRule.namespace Namespace where prometheusRules resource should be created - ## - namespace: "" - ## @param metrics.prometheusRule.rules Rules to be created, check values for an example - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup - ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ - ## - ## This is an example of a rule, you should add the below code block under the "rules" param, removing the brackets - ## rules: - ## - alert: HighRequestLatency - ## expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5 - ## for: 10m - ## labels: - ## severity: page - ## annotations: - ## summary: High request latency - ## - rules: [] - -## Mongodb Nework Policy configuration -## -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - ## - enabled: true - ## @param networkPolicy.allowExternal The Policy model to apply. - ## When set to false, only pods with the correct - ## client label will have network access to the port Mongodb is listening - ## on. When true, Mongodb will accept connections from any source - ## (with the correct destination port). - ## - allowCurrentNamespace: true - allowNamespaces: [] diff --git a/addons/mongodb/7.0/meta.yaml b/addons/mongodb/7.0/meta.yaml deleted file mode 100644 index 9bfe6bb4..00000000 --- a/addons/mongodb/7.0/meta.yaml +++ /dev/null @@ -1,24 +0,0 @@ -name: mongodb -version: 7.0 -id: 383f7316-84f3-4955-8491-1d4b02b749c8 -description: "mongodb" -displayName: "mongodb" -metadata: - displayName: "mongodb" - provider: - name: drycc - supportURL: https://www.mongodb.com/docs/manual/ - documentationURL: https://www.mongodb.com/docs/manual/ -tags: mongodb -bindable: true -instances_retrievable: true -bindings_retrievable: true -plan_updateable: true -allow_parameters: -- name: "service.type" - required: false - description: "service type config for values.yaml" -- name: "networkPolicy.allowNamespaces" - required: false - description: "networkPolicy allowNamespaces config for values.yaml" -archive: false \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml deleted file mode 100644 index 13939fc0..00000000 --- a/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- $fullName := include "mongodb.fullname" . }} -{{- $replicaCount := .Values.replicaCount | int }} -credential: -{{- if (eq .Values.service.type "LoadBalancer") }} - {{- range $i, $e := until $replicaCount }} - - name: {{ printf "EXTRANET_HOST_%d" $i }} - valueFrom: - serviceRef: - name: {{ printf "%s-%d" $fullName $i }} - jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- end }} -{{- end }} -{{- range $i, $e := until $replicaCount }} - - name: {{ printf "HOSTNAME_%d" $i }} - valueFrom: - serviceRef: - name: {{ printf "%s-%d" $fullName $i }} - jsonpath: '{ .spec.clusterIP }' -{{- end }} - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.mongodb-root-password }' - - name: USERNAME - value: 'root' - - name: PORT - value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml deleted file mode 100644 index b70bcfb0..00000000 --- a/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-1c2g10" -id: 8e0ff3e6-f633-4c25-8ff1-6d25cdc2ed98 -description: "mongodb standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G " -displayName: "standard-1c2g10" -bindable: true -maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml deleted file mode 100644 index 2f543d11..00000000 --- a/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml +++ /dev/null @@ -1,23 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-mongo-cluster-standard-1c2g10 - -## MinIO® containers' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the MinIO® container -## @param resources.requests The requested resources for the MinIO® container -## -resources: - limits: - cpu: 1000m - memory: 2Gi - requests: - cpu: 1000m - memory: 2Gi - -persistence: - size: 10Gi From 50d373db36aa2c994267e5b2800db4bb9466ca84 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 29 Apr 2024 10:57:36 +0800 Subject: [PATCH 075/122] chore(addons): add mongodb --- addons/mongodb/7.0/chart/mongodb/.helmignore | 21 + addons/mongodb/7.0/chart/mongodb/Chart.yaml | 29 + addons/mongodb/7.0/chart/mongodb/README.md | 787 +++++++ .../7.0/chart/mongodb/templates/NOTES.txt | 202 ++ .../7.0/chart/mongodb/templates/_helpers.tpl | 432 ++++ .../mongodb/templates/arbiter/configmap.yaml | 18 + .../templates/arbiter/headless-svc.yaml | 33 + .../chart/mongodb/templates/arbiter/pdb.yaml | 25 + .../templates/arbiter/statefulset.yaml | 279 +++ .../mongodb/templates/common-scripts-cm.yaml | 104 + .../chart/mongodb/templates/configmap.yaml | 18 + .../chart/mongodb/templates/extra-list.yaml | 4 + .../mongodb/templates/hidden/configmap.yaml | 15 + .../templates/hidden/external-access-svc.yaml | 67 + .../templates/hidden/headless-svc.yaml | 34 + .../chart/mongodb/templates/hidden/pdb.yaml | 22 + .../mongodb/templates/hidden/statefulset.yaml | 533 +++++ .../templates/initialization-configmap.yaml | 17 + .../chart/mongodb/templates/metrics-svc.yaml | 33 + .../mongodb/templates/networkpolicy.yaml | 44 + .../mongodb/templates/prometheusrule.yaml | 18 + .../7.0/chart/mongodb/templates/psp.yaml | 50 + .../templates/replicaset/access-svc.yaml | 32 + .../replicaset/external-access-svc.yaml | 67 + .../templates/replicaset/headless-svc.yaml | 34 + .../mongodb/templates/replicaset/pdb.yaml | 25 + .../replicaset/scripts-configmap.yaml | 301 +++ .../templates/replicaset/statefulset.yaml | 543 +++++ .../mongodb/templates/replicaset/svc.yaml | 43 + .../7.0/chart/mongodb/templates/role.yaml | 30 + .../chart/mongodb/templates/rolebinding.yaml | 19 + .../chart/mongodb/templates/secrets-ca.yaml | 37 + .../7.0/chart/mongodb/templates/secrets.yaml | 41 + .../mongodb/templates/serviceaccount.yaml | 23 + .../mongodb/templates/servicemonitor.yaml | 48 + .../mongodb/templates/standalone/dep-sts.yaml | 474 ++++ .../mongodb/templates/standalone/pvc.yaml | 33 + .../mongodb/templates/standalone/svc.yaml | 58 + .../7.0/chart/mongodb/values.schema.json | 173 ++ addons/mongodb/7.0/chart/mongodb/values.yaml | 2053 +++++++++++++++++ addons/mongodb/7.0/meta.yaml | 24 + .../7.0/plans/standard-1c2g10/bind.yaml | 28 + .../create-instance-schema.json | 12 + .../7.0/plans/standard-1c2g10/meta.yaml | 6 + .../7.0/plans/standard-1c2g10/values.yaml | 23 + 45 files changed, 6912 insertions(+) create mode 100644 addons/mongodb/7.0/chart/mongodb/.helmignore create mode 100644 addons/mongodb/7.0/chart/mongodb/Chart.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/README.md create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/psp.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/role.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml create mode 100644 addons/mongodb/7.0/chart/mongodb/values.schema.json create mode 100644 addons/mongodb/7.0/chart/mongodb/values.yaml create mode 100644 addons/mongodb/7.0/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-1c2g10/values.yaml diff --git a/addons/mongodb/7.0/chart/mongodb/.helmignore b/addons/mongodb/7.0/chart/mongodb/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/addons/mongodb/7.0/chart/mongodb/Chart.yaml b/addons/mongodb/7.0/chart/mongodb/Chart.yaml new file mode 100644 index 00000000..4d7cf00d --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/Chart.yaml @@ -0,0 +1,29 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 7.0.8 +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + tags: + - drycc-common + version: ~1.1.2 +description: MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. +engine: gotpl +home: https://github.com/drycc/charts/tree/master/drycc/mongodb +icon: https://drycc.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png +keywords: + - mongodb + - database + - nosql + - cluster + - replicaset + - replication +maintainers: + - name: Drycc + url: https://github.com/drycc/charts +name: mongodb +sources: + - https://github.com/drycc/containers/tree/main/drycc/mongodb + - https://mongodb.org +version: 13.1.7 diff --git a/addons/mongodb/7.0/chart/mongodb/README.md b/addons/mongodb/7.0/chart/mongodb/README.md new file mode 100644 index 00000000..5a83118a --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/README.md @@ -0,0 +1,787 @@ + + +# MongoDB(R) packaged by Drycc + +MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications. + +[Overview of MongoDB®](http://www.mongodb.org) + +Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from Drycc. + +## TL;DR + +```bash +$ helm repo add my-repo https://charts.drycc.com/drycc +$ helm install my-release my-repo/mongodb +``` + +## Introduction + +This chart bootstraps a [MongoDB(®)](https://github.com/drycc/containers/tree/main/drycc/mongodb) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Drycc charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install my-release my-repo/mongodb +``` + +The command deploys MongoDB(®) on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Architecture + +This chart allows installing MongoDB(®) using two different architecture setups: `standalone` or `replicaset`. Use the `architecture` parameter to choose the one to use: + +```console +architecture="standalone" +architecture="replicaset" +``` + +Refer to the [chart documentation for more information on each of these architectures](https://docs.drycc.com/kubernetes/infrastructure/mongodb/get-started/understand-architecture/). + +## Parameters + +### Global parameters + +| Name | Description | Value | +| -------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.namespaceOverride` | Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------------------------- | --------------- | +| `nameOverride` | String to partially override mongodb.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override mongodb.fullname template | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `commonLabels` | Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template | `{}` | +| `commonAnnotations` | Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template | `{}` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + + +### MongoDB(®) parameters + +| Name | Description | Value | +| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------- | +| `image.registry` | MongoDB(®) image registry | `docker.io` | +| `image.repository` | MongoDB(®) image registry | `drycc/mongodb` | +| `image.tag` | MongoDB(®) image tag (immutable tags are recommended) | `6.0.2-debian-11-r1` | +| `image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | MongoDB(®) image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Set to true if you would like to see extra information on logs | `false` | +| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `architecture` | MongoDB(®) architecture (`standalone` or `replicaset`) | `standalone` | +| `useStatefulSet` | Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) | `false` | +| `auth.enabled` | Enable authentication | `true` | +| `auth.rootUser` | MongoDB(®) root user | `root` | +| `auth.rootPassword` | MongoDB(®) root password | `""` | +| `auth.usernames` | List of custom users to be created during the initialization | `[]` | +| `auth.passwords` | List of passwords for the custom users set at `auth.usernames` | `[]` | +| `auth.databases` | List of custom databases to be created during the initialization | `[]` | +| `auth.username` | DEPRECATED: use `auth.usernames` instead | `""` | +| `auth.password` | DEPRECATED: use `auth.passwords` instead | `""` | +| `auth.database` | DEPRECATED: use `auth.databases` instead | `""` | +| `auth.replicaSetKey` | Key used for authentication in the replicaset (only when `architecture=replicaset`) | `""` | +| `auth.existingSecret` | Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) | `""` | +| `tls.enabled` | Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes | `false` | +| `tls.autoGenerated` | Generate a custom CA and self-signed certificates | `true` | +| `tls.existingSecret` | Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) | `""` | +| `tls.caCert` | Custom CA certificated (base64 encoded) | `""` | +| `tls.caKey` | CA certificate private key (base64 encoded) | `""` | +| `tls.image.registry` | Init container TLS certs setup image registry | `docker.io` | +| `tls.image.repository` | Init container TLS certs setup image repository | `drycc/nginx` | +| `tls.image.tag` | Init container TLS certs setup image tag (immutable tags are recommended) | `1.23.1-debian-11-r26` | +| `tls.image.digest` | Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `tls.image.pullPolicy` | Init container TLS certs setup image pull policy | `IfNotPresent` | +| `tls.image.pullSecrets` | Init container TLS certs specify docker-registry secret names as an array | `[]` | +| `tls.extraDnsNames` | Add extra dns names to the CA, can solve x509 auth issue for pod clients | `[]` | +| `tls.mode` | Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) | `requireTLS` | +| `tls.resources.limits` | Init container generate-tls-certs resource limits | `{}` | +| `tls.resources.requests` | Init container generate-tls-certs resource requests | `{}` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `replicaSetName` | Name of the replica set (only when `architecture=replicaset`) | `rs0` | +| `replicaSetHostnames` | Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) | `true` | +| `enableIPv6` | Switch to enable/disable IPv6 on MongoDB(®) | `false` | +| `directoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB(®) | `false` | +| `systemLogVerbosity` | MongoDB(®) system log verbosity level | `0` | +| `disableSystemLog` | Switch to enable/disable MongoDB(®) system log | `false` | +| `disableJavascript` | Switch to enable/disable MongoDB(®) server-side JavaScript execution | `false` | +| `enableJournal` | Switch to enable/disable MongoDB(®) Journaling | `true` | +| `configuration` | MongoDB(®) configuration file to be used for Primary and Secondary nodes | `""` | + + +### replicaSetConfigurationSettings settings applied during runtime (not via configuration file) + +| Name | Description | Value | +| ----------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------- | +| `replicaSetConfigurationSettings.enabled` | Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings | `false` | +| `replicaSetConfigurationSettings.configuration` | run-time rs.conf settings | `{}` | +| `existingConfigmap` | Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes | `""` | +| `initdbScripts` | Dictionary of initdb scripts | `{}` | +| `initdbScriptsConfigMap` | Existing ConfigMap with custom initdb scripts | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `extraFlags` | MongoDB(®) additional command line flags | `[]` | +| `extraEnvVars` | Extra environment variables to add to MongoDB(®) pods | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | + + +### MongoDB(®) statefulset parameters + +| Name | Description | Value | +| --------------------------------------- | --------------------------------------------------------------------------------------------------------------- | --------------- | +| `annotations` | Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | +| `labels` | Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` | +| `replicaCount` | Number of MongoDB(®) nodes (only when `architecture=replicaset`) | `2` | +| `updateStrategy.type` | Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, | `RollingUpdate` | +| `podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | +| `podAffinityPreset` | MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | MongoDB(®) Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | MongoDB(®) Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | MongoDB(®) Affinity for pod assignment | `{}` | +| `nodeSelector` | MongoDB(®) Node labels for pod assignment | `{}` | +| `tolerations` | MongoDB(®) Tolerations for pod assignment | `[]` | +| `topologySpreadConstraints` | MongoDB(®) Spread Constraints for Pods | `[]` | +| `lifecycleHooks` | LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup | `{}` | +| `terminationGracePeriodSeconds` | MongoDB(®) Termination Grace Period | `""` | +| `podLabels` | MongoDB(®) pod labels | `{}` | +| `podAnnotations` | MongoDB(®) Pod annotations | `{}` | +| `priorityClassName` | Name of the existing priority class to be used by MongoDB(®) pod(s) | `""` | +| `runtimeClassName` | Name of the runtime class to be used by MongoDB(®) pod(s) | `""` | +| `podSecurityContext.enabled` | Enable MongoDB(®) pod(s)' Security Context | `true` | +| `podSecurityContext.fsGroup` | Group ID for the volumes of the MongoDB(®) pod(s) | `1001` | +| `podSecurityContext.sysctls` | sysctl settings of the MongoDB(®) pod(s)' | `[]` | +| `containerSecurityContext.enabled` | Enable MongoDB(®) container(s)' Security Context | `true` | +| `containerSecurityContext.runAsUser` | User ID for the MongoDB(®) container | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set MongoDB(®) container's Security Context runAsNonRoot | `true` | +| `resources.limits` | The resources limits for MongoDB(®) containers | `{}` | +| `resources.requests` | The requested resources for MongoDB(®) containers | `{}` | +| `containerPorts.mongodb` | MongoDB(®) container port | `27017` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `20` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `10` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | +| `customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | +| `customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `initContainers` | Add additional init containers for the hidden node pod(s) | `[]` | +| `sidecars` | Add additional sidecar containers for the MongoDB(®) pod(s) | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) | `[]` | +| `extraVolumes` | Optionally specify extra list of additional volumes to the MongoDB(®) statefulset | `[]` | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) | `false` | +| `pdb.minAvailable` | Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction | `1` | +| `pdb.maxUnavailable` | Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction | `""` | + + +### Traffic exposure parameters + +| Name | Description | Value | +| -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `service.nameOverride` | MongoDB(®) service name | `""` | +| `service.type` | Kubernetes Service type (only for standalone architecture) | `ClusterIP` | +| `service.portName` | MongoDB(®) service port name (only for standalone architecture) | `mongodb` | +| `service.ports.mongodb` | MongoDB(®) service port. | `27017` | +| `service.nodePorts.mongodb` | Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) | `""` | +| `service.clusterIP` | MongoDB(®) service cluster IP (only for standalone architecture) | `""` | +| `service.externalIPs` | Specify the externalIP value ClusterIP service type (only for standalone architecture) | `[]` | +| `service.loadBalancerIP` | loadBalancerIP for MongoDB(®) Service (only for standalone architecture) | `""` | +| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) | `[]` | +| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `service.annotations` | Provide any additional annotations that may be required | `{}` | +| `service.externalTrafficPolicy` | service external traffic policy (only for standalone architecture) | `Local` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `externalAccess.enabled` | Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) | `false` | +| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs by querying the K8s API | `false` | +| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | +| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `drycc/kubectl` | +| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.2-debian-11-r2` | +| `externalAccess.autoDiscovery.image.digest` | Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | +| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | +| `externalAccess.autoDiscovery.resources.limits` | Init container auto-discovery resource limits | `{}` | +| `externalAccess.autoDiscovery.resources.requests` | Init container auto-discovery resource requests | `{}` | +| `externalAccess.service.type` | Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | +| `externalAccess.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | +| `externalAccess.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | +| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | +| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | +| `externalAccess.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort | `[]` | +| `externalAccess.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | +| `externalAccess.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `externalAccess.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `externalAccess.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `externalAccess.hidden.enabled` | Enable Kubernetes external cluster access to MongoDB(®) hidden nodes | `false` | +| `externalAccess.hidden.service.type` | Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer | `LoadBalancer` | +| `externalAccess.hidden.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | +| `externalAccess.hidden.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | +| `externalAccess.hidden.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | +| `externalAccess.hidden.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.hidden.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | +| `externalAccess.hidden.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount | `[]` | +| `externalAccess.hidden.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | +| `externalAccess.hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `externalAccess.hidden.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.hidden.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `externalAccess.hidden.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | + + +### Persistence parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `persistence.enabled` | Enable MongoDB(®) data persistence using PVC | `true` | +| `persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` | +| `persistence.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` | +| `persistence.storageClass` | PVC Storage Class for MongoDB(®) data volume | `""` | +| `persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | +| `persistence.size` | PVC Storage Request for MongoDB(®) data volume | `8Gi` | +| `persistence.annotations` | PVC annotations | `{}` | +| `persistence.mountPath` | Path to mount the volume at | `/drycc/mongodb` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | +| `persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | +| `persistence.volumeClaimTemplates.dataSource` | Add dataSource to the VolumeClaimTemplate | `{}` | + + +### RBAC parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable creation of ServiceAccount for MongoDB(®) pods | `true` | +| `serviceAccount.name` | Name of the created serviceAccount | `""` | +| `serviceAccount.annotations` | Additional Service Account annotations | `{}` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | +| `rbac.create` | Whether to create & use RBAC resources or not | `false` | +| `rbac.rules` | Custom rules to create following the role specification | `[]` | +| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | +| `podSecurityPolicy.allowPrivilegeEscalation` | Enable privilege escalation | `false` | +| `podSecurityPolicy.privileged` | Allow privileged | `false` | +| `podSecurityPolicy.spec` | Specify the full spec to use for Pod Security Policy | `{}` | + + +### Volume Permissions parameters + +| Name | Description | Value | +| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `drycc/drycc-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r37` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | +| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | +| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions container | `0` | + + +### Arbiter parameters + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------------------- | --------------- | +| `arbiter.enabled` | Enable deploying the arbiter | `true` | +| `arbiter.hostAliases` | Add deployment host aliases | `[]` | +| `arbiter.configuration` | Arbiter configuration file to be used | `""` | +| `arbiter.existingConfigmap` | Name of existing ConfigMap with Arbiter configuration | `""` | +| `arbiter.command` | Override default container command (useful when using custom images) | `[]` | +| `arbiter.args` | Override default container args (useful when using custom images) | `[]` | +| `arbiter.extraFlags` | Arbiter additional command line flags | `[]` | +| `arbiter.extraEnvVars` | Extra environment variables to add to Arbiter pods | `[]` | +| `arbiter.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `arbiter.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | +| `arbiter.annotations` | Additional labels to be added to the Arbiter statefulset | `{}` | +| `arbiter.labels` | Annotations to be added to the Arbiter statefulset | `{}` | +| `arbiter.topologySpreadConstraints` | MongoDB(®) Spread Constraints for arbiter Pods | `[]` | +| `arbiter.lifecycleHooks` | LifecycleHook for the Arbiter container to automate configuration before or after startup | `{}` | +| `arbiter.terminationGracePeriodSeconds` | Arbiter Termination Grace Period | `""` | +| `arbiter.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | +| `arbiter.podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` | +| `arbiter.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `arbiter.podAffinityPreset` | Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `arbiter.podAntiAffinityPreset` | Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `arbiter.nodeAffinityPreset.type` | Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `arbiter.nodeAffinityPreset.key` | Arbiter Node label key to match Ignored if `affinity` is set. | `""` | +| `arbiter.nodeAffinityPreset.values` | Arbiter Node label values to match. Ignored if `affinity` is set. | `[]` | +| `arbiter.affinity` | Arbiter Affinity for pod assignment | `{}` | +| `arbiter.nodeSelector` | Arbiter Node labels for pod assignment | `{}` | +| `arbiter.tolerations` | Arbiter Tolerations for pod assignment | `[]` | +| `arbiter.podLabels` | Arbiter pod labels | `{}` | +| `arbiter.podAnnotations` | Arbiter Pod annotations | `{}` | +| `arbiter.priorityClassName` | Name of the existing priority class to be used by Arbiter pod(s) | `""` | +| `arbiter.runtimeClassName` | Name of the runtime class to be used by Arbiter pod(s) | `""` | +| `arbiter.podSecurityContext.enabled` | Enable Arbiter pod(s)' Security Context | `true` | +| `arbiter.podSecurityContext.fsGroup` | Group ID for the volumes of the Arbiter pod(s) | `1001` | +| `arbiter.podSecurityContext.sysctls` | sysctl settings of the Arbiter pod(s)' | `[]` | +| `arbiter.containerSecurityContext.enabled` | Enable Arbiter container(s)' Security Context | `true` | +| `arbiter.containerSecurityContext.runAsUser` | User ID for the Arbiter container | `1001` | +| `arbiter.containerSecurityContext.runAsNonRoot` | Set Arbiter containers' Security Context runAsNonRoot | `true` | +| `arbiter.resources.limits` | The resources limits for Arbiter containers | `{}` | +| `arbiter.resources.requests` | The requested resources for Arbiter containers | `{}` | +| `arbiter.containerPorts.mongodb` | MongoDB(®) arbiter container port | `27017` | +| `arbiter.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `arbiter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `arbiter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `arbiter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `arbiter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `arbiter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `arbiter.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `arbiter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `arbiter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | +| `arbiter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | +| `arbiter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `arbiter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `arbiter.startupProbe.enabled` | Enable startupProbe | `false` | +| `arbiter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `arbiter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `arbiter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `arbiter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `arbiter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `arbiter.customLivenessProbe` | Override default liveness probe for Arbiter containers | `{}` | +| `arbiter.customReadinessProbe` | Override default readiness probe for Arbiter containers | `{}` | +| `arbiter.customStartupProbe` | Override default startup probe for Arbiter containers | `{}` | +| `arbiter.initContainers` | Add additional init containers for the Arbiter pod(s) | `[]` | +| `arbiter.sidecars` | Add additional sidecar containers for the Arbiter pod(s) | `[]` | +| `arbiter.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Arbiter container(s) | `[]` | +| `arbiter.extraVolumes` | Optionally specify extra list of additional volumes to the Arbiter statefulset | `[]` | +| `arbiter.pdb.create` | Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) | `false` | +| `arbiter.pdb.minAvailable` | Minimum number/percentage of Arbiter pods that should remain scheduled | `1` | +| `arbiter.pdb.maxUnavailable` | Maximum number/percentage of Arbiter pods that may be made unavailable | `""` | +| `arbiter.service.nameOverride` | The arbiter service name | `""` | +| `arbiter.service.ports.mongodb` | MongoDB(®) service port | `27017` | +| `arbiter.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `arbiter.service.annotations` | Provide any additional annotations that may be required | `{}` | + + +### Hidden Node parameters + +| Name | Description | Value | +| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------- | +| `hidden.enabled` | Enable deploying the hidden nodes | `false` | +| `hidden.hostAliases` | Add deployment host aliases | `[]` | +| `hidden.configuration` | Hidden node configuration file to be used | `""` | +| `hidden.existingConfigmap` | Name of existing ConfigMap with Hidden node configuration | `""` | +| `hidden.command` | Override default container command (useful when using custom images) | `[]` | +| `hidden.args` | Override default container args (useful when using custom images) | `[]` | +| `hidden.extraFlags` | Hidden node additional command line flags | `[]` | +| `hidden.extraEnvVars` | Extra environment variables to add to Hidden node pods | `[]` | +| `hidden.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `hidden.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` | +| `hidden.annotations` | Additional labels to be added to thehidden node statefulset | `{}` | +| `hidden.labels` | Annotations to be added to the hidden node statefulset | `{}` | +| `hidden.topologySpreadConstraints` | MongoDB(®) Spread Constraints for hidden Pods | `[]` | +| `hidden.lifecycleHooks` | LifecycleHook for the Hidden container to automate configuration before or after startup | `{}` | +| `hidden.replicaCount` | Number of hidden nodes (only when `architecture=replicaset`) | `1` | +| `hidden.terminationGracePeriodSeconds` | Hidden Termination Grace Period | `""` | +| `hidden.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` | +| `hidden.podManagementPolicy` | Pod management policy for hidden node | `OrderedReady` | +| `hidden.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `hidden.podAffinityPreset` | Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `hidden.podAntiAffinityPreset` | Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `hidden.nodeAffinityPreset.type` | Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `hidden.nodeAffinityPreset.key` | Hidden Node label key to match Ignored if `affinity` is set. | `""` | +| `hidden.nodeAffinityPreset.values` | Hidden Node label values to match. Ignored if `affinity` is set. | `[]` | +| `hidden.affinity` | Hidden node Affinity for pod assignment | `{}` | +| `hidden.nodeSelector` | Hidden node Node labels for pod assignment | `{}` | +| `hidden.tolerations` | Hidden node Tolerations for pod assignment | `[]` | +| `hidden.podLabels` | Hidden node pod labels | `{}` | +| `hidden.podAnnotations` | Hidden node Pod annotations | `{}` | +| `hidden.priorityClassName` | Name of the existing priority class to be used by hidden node pod(s) | `""` | +| `hidden.runtimeClassName` | Name of the runtime class to be used by hidden node pod(s) | `""` | +| `hidden.podSecurityContext.enabled` | Enable Hidden pod(s)' Security Context | `true` | +| `hidden.podSecurityContext.fsGroup` | Group ID for the volumes of the Hidden pod(s) | `1001` | +| `hidden.podSecurityContext.sysctls` | sysctl settings of the Hidden pod(s)' | `[]` | +| `hidden.containerSecurityContext.enabled` | Enable Hidden container(s)' Security Context | `true` | +| `hidden.containerSecurityContext.runAsUser` | User ID for the Hidden container | `1001` | +| `hidden.containerSecurityContext.runAsNonRoot` | Set Hidden containers' Security Context runAsNonRoot | `true` | +| `hidden.resources.limits` | The resources limits for hidden node containers | `{}` | +| `hidden.resources.requests` | The requested resources for hidden node containers | `{}` | +| `hidden.containerPorts.mongodb` | MongoDB(®) hidden container port | `27017` | +| `hidden.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `hidden.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `hidden.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `hidden.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` | +| `hidden.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `hidden.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `hidden.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `hidden.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `hidden.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | +| `hidden.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` | +| `hidden.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `hidden.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `hidden.startupProbe.enabled` | Enable startupProbe | `false` | +| `hidden.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `hidden.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `hidden.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `hidden.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `hidden.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `hidden.customLivenessProbe` | Override default liveness probe for hidden node containers | `{}` | +| `hidden.customReadinessProbe` | Override default readiness probe for hidden node containers | `{}` | +| `hidden.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `hidden.initContainers` | Add init containers to the MongoDB(®) Hidden pods. | `[]` | +| `hidden.sidecars` | Add additional sidecar containers for the hidden node pod(s) | `[]` | +| `hidden.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the hidden node container(s) | `[]` | +| `hidden.extraVolumes` | Optionally specify extra list of additional volumes to the hidden node statefulset | `[]` | +| `hidden.pdb.create` | Enable/disable a Pod Disruption Budget creation for hidden node pod(s) | `false` | +| `hidden.pdb.minAvailable` | Minimum number/percentage of hidden node pods that should remain scheduled | `1` | +| `hidden.pdb.maxUnavailable` | Maximum number/percentage of hidden node pods that may be made unavailable | `""` | +| `hidden.persistence.enabled` | Enable hidden node data persistence using PVC | `true` | +| `hidden.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `hidden.persistence.storageClass` | PVC Storage Class for hidden node data volume | `""` | +| `hidden.persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` | +| `hidden.persistence.size` | PVC Storage Request for hidden node data volume | `8Gi` | +| `hidden.persistence.annotations` | PVC annotations | `{}` | +| `hidden.persistence.mountPath` | The path the volume will be mounted at, useful when using different MongoDB(®) images. | `/drycc/mongodb` | +| `hidden.persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments | `""` | +| `hidden.persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` | +| `hidden.persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` | +| `hidden.persistence.volumeClaimTemplates.dataSource` | Set volumeClaimTemplate dataSource | `{}` | +| `hidden.service.portName` | MongoDB(®) service port name | `mongodb` | +| `hidden.service.ports.mongodb` | MongoDB(®) service port | `27017` | +| `hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `hidden.service.annotations` | Provide any additional annotations that may be required | `{}` | + + +### Metrics parameters + +| Name | Description | Value | +| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `metrics.enabled` | Enable using a sidecar Prometheus exporter | `false` | +| `metrics.image.registry` | MongoDB(®) Prometheus exporter image registry | `docker.io` | +| `metrics.image.repository` | MongoDB(®) Prometheus exporter image repository | `drycc/mongodb-exporter` | +| `metrics.image.tag` | MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) | `0.34.0-debian-11-r19` | +| `metrics.image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | MongoDB(®) Prometheus exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.username` | String with username for the metrics exporter | `""` | +| `metrics.password` | String with password for the metrics exporter | `""` | +| `metrics.extraFlags` | String with extra flags to the metrics exporter | `""` | +| `metrics.command` | Override default container command (useful when using custom images) | `[]` | +| `metrics.args` | Override default container args (useful when using custom images) | `[]` | +| `metrics.resources.limits` | The resources limits for Prometheus exporter containers | `{}` | +| `metrics.resources.requests` | The requested resources for Prometheus exporter containers | `{}` | +| `metrics.containerPort` | Port of the Prometheus metrics container | `9216` | +| `metrics.service.annotations` | Annotations for Prometheus Exporter pods. Evaluated as a template. | `{}` | +| `metrics.service.type` | Type of the Prometheus metrics service | `ClusterIP` | +| `metrics.service.ports.metrics` | Port of the Prometheus metrics service | `9216` | +| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.startupProbe.enabled` | Enable startupProbe | `false` | +| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` | +| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `metrics.customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` | +| `metrics.customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` | +| `metrics.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricsRelabelConfigs to apply to samples before ingestion. | `[]` | +| `metrics.serviceMonitor.labels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | Namespace where prometheusRules resource should be created | `""` | +| `metrics.prometheusRule.rules` | Rules to be created, check values for an example | `[]` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set auth.rootPassword=secretpassword,auth.username=my-user,auth.password=my-password,auth.database=my-database \ + my-repo/mongodb +``` + +The above command sets the MongoDB(®) `root` account password to `secretpassword`. Additionally, it creates a standard database user named `my-user`, with the password `my-password`, who has access to a database named `my-database`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install my-release -f values.yaml my-repo/mongodb +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling vs Immutable tags](https://docs.drycc.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Drycc will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Customize a new MongoDB instance + +The [Drycc MongoDB(®) image](https://github.com/drycc/containers/tree/main/drycc/mongodb) supports the use of custom scripts to initialize a fresh instance. In order to execute the scripts, two options are available: + +* Specify them using the `initdbScripts` parameter as dict. +* Define an external Kubernetes ConfigMap with all the initialization scripts by setting the `initdbScriptsConfigMap` parameter. Note that this will override the previous option. + +The allowed script extensions are `.sh` and `.js`. + +### Replicaset: Access MongoDB(®) nodes from outside the cluster + +In order to access MongoDB(®) nodes from outside the cluster when using a replicaset architecture, a specific service per MongoDB(®) pod will be created. There are two ways of configuring external access: + +- Using LoadBalancer services +- Using NodePort services. + +Refer to the [chart documentation for more details and configuration examples](https://docs.drycc.com/kubernetes/infrastructure/mongodb/configuration/configure-external-access-replicaset/). + +### Add extra environment variables + +To add extra environment variables (useful for advanced operations like custom init scripts), use the `extraEnvVars` property. + +```yaml +extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` properties. + +### Use Sidecars and Init Containers + +If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. + +Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.drycc.com/kubernetes/infrastructure/mongodb/configuration/configure-sidecar-init-containers/). + +## Persistence + +The [Drycc MongoDB(®)](https://github.com/drycc/containers/tree/main/drycc/mongodb) image stores the MongoDB(®) data and configurations at the `/drycc/mongodb` path of the container. + +The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. + +If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.drycc.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). + +## Use custom Prometheus rules + +Custom Prometheus rules can be defined for the Prometheus Operator by using the `prometheusRule` parameter. + +Refer to the [chart documentation for an example of a custom rule](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/use-prometheus-rules/). + +## Enable SSL/TLS + +This chart supports enabling SSL/TLS between nodes in the cluster, as well as between MongoDB(®) clients and nodes, by setting the `MONGODB_EXTRA_FLAGS` and `MONGODB_CLIENT_EXTRA_FLAGS` container environment variables, together with the correct `MONGODB_ADVERTISED_HOSTNAME`. To enable full TLS encryption, set the `tls.enabled` parameter to `true`. + +Refer to the [chart documentation for more information on enabling TLS](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/enable-tls/). + +### Set Pod affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [drycc/common](https://github.com/drycc/charts/tree/master/drycc/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Drycc's Helm charts in [this troubleshooting guide](https://docs.drycc.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +If authentication is enabled, it's necessary to set the `auth.rootPassword` (also `auth.replicaSetKey` when using a replicaset architecture) when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Credentials' section. Please note down the password, and run the command below to upgrade your chart: + +```bash +$ helm upgrade my-release my-repo/mongodb --set auth.rootPassword=[PASSWORD] (--set auth.replicaSetKey=[REPLICASETKEY]) +``` + +> Note: you need to substitute the placeholders [PASSWORD] and [REPLICASETKEY] with the values obtained in the installation notes. + +### To 12.0.0 + +This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Drycc charts repository. + +Affected values: + +- `strategyType` is replaced by `updateStrategy` +- `service.port` is renamed to `service.ports.mongodb` +- `service.nodePort` is renamed to `service.nodePorts.mongodb` +- `externalAccess.service.port` is renamed to `externalAccess.hidden.service.ports.mongodb` +- `rbac.role.rules` is renamed to `rbac.rules` +- `externalAccess.hidden.service.port` is renamed ot `externalAccess.hidden.service.ports.mongodb` +- `hidden.strategyType` is replaced by `hidden.updateStrategy` +- `metrics.serviceMonitor.relabellings` is renamed to `metrics.serviceMonitor.relabelings`(typo fixed) +- `metrics.serviceMonitor.additionalLabels` is renamed to `metrics.serviceMonitor.labels` + +Additionally also updates the MongoDB image dependency to it newest major, 5.0 + +### To 11.0.0 + +In this version, the mongodb-exporter bundled as part of this Helm chart was updated to a new version which, even it is not a major change, can contain breaking changes (from `0.11.X` to `0.30.X`). +Please visit the release notes from the upstream project at https://github.com/percona/mongodb_exporter/releases + +### To 10.0.0 + +[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +[Learn more about this change and related upgrade considerations](https://docs.drycc.com/kubernetes/infrastructure/mongodb/administration/upgrade-helm3/). + +### To 9.0.0 + +MongoDB(®) container images were updated to `4.4.x` and it can affect compatibility with older versions of MongoDB(®). Refer to the following guides to upgrade your applications: + +- [Standalone](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-standalone/) +- [Replica Set](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-replica-set/) + +### To 8.0.0 + +- Architecture used to configure MongoDB(®) as a replicaset was completely refactored. Now, both primary and secondary nodes are part of the same statefulset. +- Chart labels were adapted to follow the Helm charts best practices. +- This version introduces `drycc/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/drycc/charts/tree/master/drycc/common#drycc-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. +- Several parameters were renamed or disappeared in favor of new ones on this major version. These are the most important ones: + - `replicas` is renamed to `replicaCount`. + - Authentication parameters are reorganized under the `auth.*` parameter: + - `usePassword` is renamed to `auth.enabled`. + - `mongodbRootPassword`, `mongodbUsername`, `mongodbPassword`, `mongodbDatabase`, and `replicaSet.key` are now `auth.rootPassword`, `auth.username`, `auth.password`, `auth.database`, and `auth.replicaSetKey` respectively. + - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. + - Parameters prefixed with `mongodb` are renamed removing the prefix. E.g. `mongodbEnableIPv6` is renamed to `enableIPv6`. + - Parameters affecting Arbiter nodes are reorganized under the `arbiter.*` parameter. + +Consequences: + +- Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MongoDB(®) chart, and migrate your data by creating a backup of the database, and restoring it on the new release. + +### To 7.0.0 + +From this version, the way of setting the ingress rules has changed. Instead of using `ingress.paths` and `ingress.hosts` as separate objects, you should now define the rules as objects inside the `ingress.hosts` value, for example: + +```yaml +ingress: + hosts: + - name: mongodb.local + path: / +``` + +### To 6.0.0 + +From this version, `mongodbEnableIPv6` is set to `false` by default in order to work properly in most k8s clusters, if you want to use IPv6 support, you need to set this variable to `true` by adding `--set mongodbEnableIPv6=true` to your `helm` command. +You can find more information in the [`drycc/mongodb` image README](https://github.com/drycc/containers/tree/main/drycc/mongodb#readme). + +### To 5.0.0 + +When enabling replicaset configuration, backwards compatibility is not guaranteed unless you modify the labels used on the chart's statefulsets. +Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is `my-release`: + +```console +$ kubectl delete statefulset my-release-mongodb-arbiter my-release-mongodb-primary my-release-mongodb-secondary --cascade=false +``` + +### Add extra deployment options + +To add extra deployments (useful for advanced features like sidecars), use the `extraDeploy` property. + +In the example below, you can find how to use a example here for a [MongoDB replica set pod labeler sidecar](https://github.com/combor/k8s-mongo-labeler-sidecar) to identify the primary pod and dynamically label it as the primary node: + +```yaml +extraDeploy: + - apiVersion: v1 + kind: Service + metadata: + name: mongodb-primary + namespace: default + labels: + app.kubernetes.io/component: mongodb + app.kubernetes.io/instance: mongodb + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: mongodb + spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - name: mongodb-primary + port: 30001 + nodePort: 30001 + protocol: TCP + targetPort: mongodb + selector: + app.kubernetes.io/component: mongodb + app.kubernetes.io/instance: mongodb + app.kubernetes.io/name: mongodb + primary: "true" +``` + +## License + +Copyright © 2022 Drycc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt b/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt new file mode 100644 index 00000000..2bb79222 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/NOTES.txt @@ -0,0 +1,202 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + +{{- else }} + +{{- $replicaCount := int .Values.replicaCount }} +{{- $portNumber := int .Values.service.ports.mongodb }} +{{- $fullname := include "mongodb.fullname" . }} +{{- $releaseNamespace := include "mongodb.namespace" . }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- $mongoList := list }} +{{- range $e, $i := until $replicaCount }} +{{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} +{{- end }} + +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer") }} + +#################################################################################### +### ERROR: You enabled external access to MongoDB® nodes without specifying ### +### the array of load balancer IPs for MongoDB® nodes. ### +#################################################################################### + +This deployment will be incomplete until you configure the array of load balancer +IPs for MongoDB® nodes. To complete your deployment follow the steps below: + +1. Wait for the load balancer IPs (it may take a few minutes for them to be available): + + kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb" -w + +2. Obtain the load balancer IPs and upgrade your chart: + + {{- range $e, $i := until $replicaCount }} + LOAD_BALANCER_IP_{{ add $i 1 }}="$(kubectl get svc --namespace {{ $releaseNamespace }} {{ $fullname }}-{{ $i }}-external -o jsonpath='{.status.loadBalancer.ingress[0].ip}')" + {{- end }} + +3. Upgrade you chart: + + helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} my-repo/{{ .Chart.Name }} \ + --set mongodb.replicaCount={{ $replicaCount }} \ + --set mongodb.externalAccess.enabled=true \ + {{- range $i, $e := until $replicaCount }} + --set mongodb.externalAccess.service.loadBalancerIPs[{{ $i }}]=$LOAD_BALANCER_IP_{{ add $i 1 }} \ + {{- end }} + --set mongodb.externalAccess.service.type=LoadBalancer + +{{- else }} + +{{- if and (or (and (eq .Values.architecture "standalone") (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort"))) (and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled)) (not .Values.auth.enabled) }} +------------------------------------------------------------------------------- + WARNING + + By not enabling "mongodb.auth.enabled" you have most likely exposed the + MongoDB® service externally without any authentication mechanism. + + For security reasons, we strongly suggest that you enable authentiation + setting the "mongodb.auth.enabled" parameter to "true". + +------------------------------------------------------------------------------- +{{- end }} + +** Please be patient while the chart is being deployed ** + +MongoDB® can be accessed on the following DNS name(s) and ports from within your cluster: + +{{- if eq .Values.architecture "replicaset" }} +{{ join "\n" $mongoList | nindent 4 }} +{{- else }} + + {{ $fullname }}.{{ $releaseNamespace }}.svc.{{ .Values.clusterDomain }} + +{{- end }} + +{{- if .Values.auth.enabled }} + +To get the root password run: + + export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.secretName" . }} -o jsonpath="{.data.mongodb-root-password}" | base64 -d) + +{{- end }} +{{- $customUsers := include "mongodb.customUsers" . -}} +{{- $customDatabases := include "mongodb.customDatabases" . -}} +{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} +{{- $customUsersList := splitList "," $customUsers }} +{{- range $index, $user := $customUsersList }} + +To get the password for "{{ $user }}" run: + + export MONGODB_PASSWORD=$(kubectl get secret --namespace {{ include "mongodb.namespace" $ }} {{ include "mongodb.secretName" $ }} -o jsonpath="{.data.mongodb-passwords}" | base64 -d | awk -F',' '{print ${{ add 1 $index }}}') + +{{- end }} +{{- end }} + +To connect to your database, create a MongoDB® client container: + + kubectl run --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }}-client --rm --tty -i --restart='Never' --env="MONGODB_ROOT_PASSWORD=$MONGODB_ROOT_PASSWORD" --image {{ template "mongodb.image" . }} --command -- bash + +Then, run the following command: + + {{- if eq .Values.architecture "replicaset" }} + mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} + {{- else }} + mongosh admin --host "{{ template "mongodb.fullname" . }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} + {{- end }} + +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }} + +To connect to your database nodes from outside, you need to add both primary and secondary nodes hostnames/IPs to your Mongo client. To obtain them, follow the instructions below: + +{{- if eq "NodePort" .Values.externalAccess.service.type }} +{{- if .Values.externalAccess.service.domain }} + + MongoDB® nodes domain: Use your provided hostname to reach MongoDB® nodes, {{ .Values.externalAccess.service.domain }} + +{{- else }} + + MongoDB® nodes domain: you can reach MongoDB® nodes on any of the K8s nodes external IPs. + + kubectl get nodes -o wide + +{{- end }} + + MongoDB® nodes port: You will have a different node port for each MongoDB® node. You can get the list of configured node ports using the command below: + + echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].spec.ports[0].nodePort}' | tr ' ' '\n')" + +{{- else if contains "LoadBalancer" .Values.externalAccess.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IPs to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -w' + + MongoDB® nodes domain: You will have a different external IP for each MongoDB® node. You can get the list of external IPs using the command below: + + echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}' | tr ' ' '\n')" + + MongoDB® nodes port: {{ .Values.externalAccess.service.ports.mongodb }} + +{{- end }} + +{{- else if eq .Values.architecture "standalone" }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "mongodb.fullname" . }}) + mongo --host $NODE_IP --port $NODE_PORT {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ template "mongodb.namespace" . }} -w {{ template "mongodb.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + mongosh --host $SERVICE_IP --port {{ $portNumber }} {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ template "mongodb.namespace" . }} svc/{{ template "mongodb.fullname" . }} {{ $portNumber }}:{{ $portNumber }} & + mongosh --host 127.0.0.1 {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + +{{- end }} +{{- end }} +{{- end }} + +{{- if .Values.metrics.enabled }} + +To access the MongoDB® Prometheus metrics, get the MongoDB® Prometheus URL by running: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "mongodb.fullname" . }}-metrics {{ .Values.metrics.service.ports.metrics }}:{{ .Values.metrics.service.ports.metrics }} & + echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.metrics.service.ports.metrics }}/metrics" + +Then, open the obtained URL in a browser. + +{{- end }} +{{- end }} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "common.warnings.rollingTag" .Values.externalAccess.autoDiscovery.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "common.warnings.rollingTag" .Values.tls.image }} + diff --git a/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl b/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl new file mode 100644 index 00000000..81f6889c --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/_helpers.tpl @@ -0,0 +1,432 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mongodb.name" -}} +{{- include "common.names.name" . -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mongodb.fullname" -}} +{{- include "common.names.fullname" . -}} +{{- end -}} + +{{/* +Create a default mongo service name which can be overridden. +*/}} +{{- define "mongodb.service.nameOverride" -}} + {{- if and .Values.service .Values.service.nameOverride -}} + {{- print .Values.service.nameOverride -}} + {{- else -}} + {{- printf "%s-headless" (include "mongodb.fullname" .) -}} + {{- end }} +{{- end }} + +{{/* +Create a default mongo arbiter service name which can be overridden. +*/}} +{{- define "mongodb.arbiter.service.nameOverride" -}} + {{- if and .Values.arbiter.service .Values.arbiter.service.nameOverride -}} + {{- print .Values.arbiter.service.nameOverride -}} + {{- else -}} + {{- printf "%s-arbiter-headless" (include "mongodb.fullname" .) -}} + {{- end }} +{{- end }} + +{{/* +Return the proper MongoDB® image name +*/}} +{{- define "mongodb.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the metrics image) +*/}} +{{- define "mongodb.metrics.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "mongodb.volumePermissions.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container auto-discovery image) +*/}} +{{- define "mongodb.externalAccess.autoDiscovery.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the TLS Certs image) +*/}} +{{- define "mongodb.tls.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.tls.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "mongodb.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "mongodb.namespace" -}} + {{- if and .Values.global .Values.global.namespaceOverride -}} + {{- print .Values.global.namespaceOverride -}} + {{- else -}} + {{- print .Release.Namespace -}} + {{- end }} +{{- end -}} +{{- define "mongodb.serviceMonitor.namespace" -}} + {{- if .Values.metrics.serviceMonitor.namespace -}} + {{- print .Values.metrics.serviceMonitor.namespace -}} + {{- else -}} + {{- include "mongodb.namespace" . -}} + {{- end }} +{{- end -}} +{{- define "mongodb.prometheusRule.namespace" -}} + {{- if .Values.metrics.prometheusRule.namespace -}} + {{- print .Values.metrics.prometheusRule.namespace -}} + {{- else -}} + {{- include "mongodb.namespace" . -}} + {{- end }} +{{- end -}} + +{{/* +Returns the proper service account name depending if an explicit service account name is set +in the values file. If the name is not set it will default to either mongodb.fullname if serviceAccount.create +is true or default otherwise. +*/}} +{{- define "mongodb.serviceAccountName" -}} + {{- if .Values.serviceAccount.create -}} + {{- default (include "mongodb.fullname" .) (print .Values.serviceAccount.name) -}} + {{- else -}} + {{- default "default" (print .Values.serviceAccount.name) -}} + {{- end -}} +{{- end -}} + +{{/* +Return the list of custom users to create during the initialization (string format) +*/}} +{{- define "mongodb.customUsers" -}} + {{- $customUsers := list -}} + {{- if .Values.auth.username -}} + {{- $customUsers = append $customUsers .Values.auth.username }} + {{- end }} + {{- range .Values.auth.usernames }} + {{- $customUsers = append $customUsers . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customUsers)) -}} +{{- end -}} + +{{/* +Return the list of passwords for the custom users (string format) +*/}} +{{- define "mongodb.customPasswords" -}} + {{- $customPasswords := list -}} + {{- if .Values.auth.password -}} + {{- $customPasswords = append $customPasswords .Values.auth.password }} + {{- end }} + {{- range .Values.auth.passwords }} + {{- $customPasswords = append $customPasswords . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customPasswords)) -}} +{{- end -}} + +{{/* +Return the list of custom databases to create during the initialization (string format) +*/}} +{{- define "mongodb.customDatabases" -}} + {{- $customDatabases := list -}} + {{- if .Values.auth.database -}} + {{- $customDatabases = append $customDatabases .Values.auth.database }} + {{- end }} + {{- range .Values.auth.databases }} + {{- $customDatabases = append $customDatabases . }} + {{- end }} + {{- printf "%s" (default "" (join "," $customDatabases)) -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration +*/}} +{{- define "mongodb.configmapName" -}} +{{- if .Values.existingConfigmap -}} + {{- printf "%s" (tpl .Values.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® +*/}} +{{- define "mongodb.createConfigmap" -}} +{{- if and .Values.configuration (not .Values.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret with MongoDB® credentials +*/}} +{{- define "mongodb.secretName" -}} + {{- if .Values.auth.existingSecret -}} + {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} + {{- else -}} + {{- printf "%s" (include "mongodb.fullname" .) -}} + {{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for MongoDB® +*/}} +{{- define "mongodb.createSecret" -}} +{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "mongodb.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if the Arbiter should be deployed +*/}} +{{- define "mongodb.arbiter.enabled" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration for the Arbiter +*/}} +{{- define "mongodb.arbiter.configmapName" -}} +{{- if .Values.arbiter.existingConfigmap -}} + {{- printf "%s" (tpl .Values.arbiter.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-arbiter" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® Arbiter +*/}} +{{- define "mongodb.arbiter.createConfigmap" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled .Values.arbiter.configuration (not .Values.arbiter.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if the Hidden should be deployed +*/}} +{{- define "mongodb.hidden.enabled" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.hidden.enabled }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap with the MongoDB® configuration for the Hidden +*/}} +{{- define "mongodb.hidden.configmapName" -}} +{{- if .Values.hidden.existingConfigmap -}} + {{- printf "%s" (tpl .Values.hidden.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-hidden" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MongoDB® Hidden +*/}} +{{- define "mongodb.hidden.createConfigmap" -}} +{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.enabled .Values.hidden.configuration (not .Values.hidden.existingConfigmap) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "mongodb.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "mongodb.validateValues.pspAndRBAC" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.architecture" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBs" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBsLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.externalAccessServiceType" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.loadBalancerIPsListLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.nodePortListLength" .) -}} +{{- $messages := append $messages (include "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate RBAC is created when using PSP */}} +{{- define "mongodb.validateValues.pspAndRBAC" -}} +{{- if and (.Values.podSecurityPolicy.create) (not .Values.rbac.create) -}} +mongodb: podSecurityPolicy.create, rbac.create + Both podSecurityPolicy.create and rbac.create must be true, if you want + to create podSecurityPolicy +{{- end -}} +{{- end -}} + +{{/* Validate values of MongoDB® - must provide a valid architecture */}} +{{- define "mongodb.validateValues.architecture" -}} +{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replicaset") -}} +mongodb: architecture + Invalid architecture selected. Valid values are "standalone" and + "replicaset". Please set a valid architecture (--set mongodb.architecture="xxxx") +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - both auth.usernames and auth.databases are necessary +to create a custom user and database during 1st initialization +*/}} +{{- define "mongodb.validateValues.customUsersDBs" -}} +{{- $customUsers := include "mongodb.customUsers" . -}} +{{- $customDatabases := include "mongodb.customDatabases" . -}} +{{- if or (and (empty $customUsers) (not (empty $customDatabases))) (and (not (empty $customUsers)) (empty $customDatabases)) }} +mongodb: auth.usernames, auth.databases + Both auth.usernames and auth.databases must be provided to create + custom users and databases during 1st initialization. + Please set both of them (--set auth.usernames[0]="xxxx",auth.databases[0]="yyyy") +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - both auth.usernames and auth.databases arrays should have the same length +to create a custom user and database during 1st initialization +*/}} +{{- define "mongodb.validateValues.customUsersDBsLength" -}} +{{- if ne (len .Values.auth.usernames) (len .Values.auth.databases) }} +mongodb: auth.usernames, auth.databases + Both auth.usernames and auth.databases arrays should have the same length +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - service type for external access +*/}} +{{- define "mongodb.validateValues.externalAccessServiceType" -}} +{{- if and (eq .Values.architecture "replicaset") (not (eq .Values.externalAccess.service.type "NodePort")) (not (eq .Values.externalAccess.service.type "LoadBalancer")) (not (eq .Values.externalAccess.service.type "ClusterIP")) -}} +mongodb: externalAccess.service.type + Available service type for external access are NodePort, LoadBalancer or ClusterIP. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - number of replicas must be the same than LoadBalancer IPs list +*/}} +{{- define "mongodb.validateValues.loadBalancerIPsListLength" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- $loadBalancerListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled ) (eq .Values.externalAccess.service.type "LoadBalancer") (not (eq $replicaCount $loadBalancerListLength )) -}} +mongodb: .Values.externalAccess.service.loadBalancerIPs + Number of replicas and loadBalancerIPs array length must be the same. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - number of replicas must be the same than NodePort list +*/}} +{{- define "mongodb.validateValues.nodePortListLength" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- $nodePortListLength := len .Values.externalAccess.service.nodePorts }} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "NodePort") (not (eq $replicaCount $nodePortListLength )) -}} +mongodb: .Values.externalAccess.service.nodePorts + Number of replicas and nodePorts array length must be the same. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - RBAC should be enabled when autoDiscovery is enabled +*/}} +{{- define "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" -}} +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (not .Values.rbac.create ) }} +mongodb: rbac.create + By specifying "externalAccess.enabled=true" and "externalAccess.autoDiscovery.enabled=true" + an initContainer will be used to autodetect the external IPs/ports by querying the + K8s API. Please note this initContainer requires specific RBAC resources. You can create them + by specifying "--set rbac.create=true". +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® exporter URI string - auth.enabled and/or tls.enabled must be enabled or it defaults +*/}} +{{- define "mongodb.mongodb_exporter.uri" -}} + {{- $uriTlsArgs := ternary "tls=true&tlsCertificateKeyFile=/certs/mongodb.pem&tlsCAFile=/certs/mongodb-ca-cert" "" .Values.tls.enabled -}} + {{- if .Values.metrics.username }} + {{- $uriAuth := ternary "$(echo $MONGODB_METRICS_USERNAME | sed -r \"s/@/%40/g;s/:/%3A/g\"):$(echo $MONGODB_METRICS_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} + {{- printf "mongodb://%slocalhost:27017/admin?%s" $uriAuth $uriTlsArgs -}} + {{- else -}} + {{- $uriAuth := ternary "$MONGODB_ROOT_USER:$(echo $MONGODB_ROOT_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}} + {{- printf "mongodb://%slocalhost:27017/admin?%s" $uriAuth $uriTlsArgs -}} + {{- end -}} +{{- end -}} + + +{{/* +Return the appropriate apiGroup for PodSecurityPolicy. +*/}} +{{- define "podSecurityPolicy.apiGroup" -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "policy" -}} +{{- else -}} +{{- print "extensions" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS secret object should be created +*/}} +{{- define "mongodb.createTlsSecret" -}} +{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret containing MongoDB® TLS certificates +*/}} +{{- define "mongodb.tlsSecretName" -}} +{{- $secretName := .Values.tls.existingSecret -}} +{{- if $secretName -}} + {{- printf "%s" (tpl $secretName $) -}} +{{- else -}} + {{- printf "%s-ca" (include "mongodb.fullname" .) -}} +{{- end -}} +{{- end -}} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml new file mode 100644 index 00000000..1aacbd79 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "mongodb.arbiter.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ print "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml new file mode 100644 index 00000000..2bc3658c --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/headless-svc.yaml @@ -0,0 +1,33 @@ +{{- if (include "mongodb.arbiter.enabled" .) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.arbiter.service.nameOverride" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.arbiter.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.arbiter.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-mongodb + port: {{ .Values.arbiter.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.arbiter.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: arbiter +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml new file mode 100644 index 00000000..6402f682 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/pdb.yaml @@ -0,0 +1,25 @@ +{{- if and (include "mongodb.arbiter.enabled" .) .Values.arbiter.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.arbiter.pdb.minAvailable }} + minAvailable: {{ .Values.arbiter.pdb.minAvailable }} + {{- end }} + {{- if .Values.arbiter.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.arbiter.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: arbiter +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml new file mode 100644 index 00000000..a54b3575 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/arbiter/statefulset.yaml @@ -0,0 +1,279 @@ +{{- if (include "mongodb.arbiter.enabled" .) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: arbiter + {{- if .Values.arbiter.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.arbiter.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.arbiter.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + serviceName: {{ include "mongodb.arbiter.service.nameOverride" . }} + podManagementPolicy: {{ .Values.arbiter.podManagementPolicy }} + {{- if .Values.arbiter.updateStrategy }} + updateStrategy: {{- toYaml .Values.arbiter.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: arbiter + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: arbiter + {{- if .Values.arbiter.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.arbiter.createConfigmap" .) .Values.arbiter.podAnnotations }} + annotations: + {{- if (include "mongodb.arbiter.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/arbiter/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.arbiter.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.arbiter.schedulerName }} + schedulerName: {{ .Values.arbiter.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.arbiter.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAffinityPreset "component" "arbiter" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAntiAffinityPreset "component" "arbiter" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.arbiter.nodeAffinityPreset.type "key" .Values.arbiter.nodeAffinityPreset.key "values" .Values.arbiter.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.arbiter.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.arbiter.priorityClassName }} + priorityClassName: {{ .Values.arbiter.priorityClassName }} + {{- end }} + {{- if .Values.arbiter.runtimeClassName }} + runtimeClassName: {{ .Values.arbiter.runtimeClassName }} + {{- end }} + {{- if .Values.arbiter.podSecurityContext.enabled }} + securityContext: {{- omit .Values.arbiter.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.arbiter.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.arbiter.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if .Values.arbiter.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: generate-client + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.arbiter.service.nameOverride" . }} + {{- end }} + containers: + - name: mongodb-arbiter + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.arbiter.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.arbiter.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.arbiter.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.arbiter.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.arbiter.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.arbiter.service.nameOverride" . }}" + - name: MONGODB_REPLICA_SET_MODE + value: "arbiter" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.%s.$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) (include "mongodb.service.nameOverride" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + - name: MONGODB_PORT_NUMBER + value: {{ .Values.arbiter.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_INITIAL_PRIMARY_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + {{- $extraFlags := .Values.arbiter.extraFlags | join " " -}} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.arbiter.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.arbiter.extraEnvVarsCM .Values.arbiter.extraEnvVarsSecret }} + envFrom: + {{- if .Values.arbiter.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.arbiter.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.arbiter.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.arbiter.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.arbiter.containerPorts.mongodb }} + name: mongodb + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.arbiter.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- if .Values.arbiter.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.readinessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- if .Values.arbiter.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.arbiter.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: mongodb + {{- end }} + {{- end }} + {{- if .Values.arbiter.resources }} + resources: {{- toYaml .Values.arbiter.resources | nindent 12 }} + {{- end }} + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumeMounts .Values.tls.enabled }} + volumeMounts: + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.arbiter.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.arbiter.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0555 + {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.arbiter.configmapName" . }} + {{- end }} + {{- if and .Values.tls.enabled .Values.arbiter.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if .Values.arbiter.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml b/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml new file mode 100644 index 00000000..cb70b52f --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml @@ -0,0 +1,104 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + startup-probe.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true$' + readiness-probe.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + # Run the proper check depending on the version + [[ $(mongod -version | grep "db version") =~ ([0-9]+\.[0-9]+\.[0-9]+) ]] && VERSION=${BASH_REMATCH[1]} + . /opt/drycc/scripts/libversion.sh + VERSION_MAJOR="$(get_sematic_version "$VERSION" 1)" + VERSION_MINOR="$(get_sematic_version "$VERSION" 2)" + VERSION_PATCH="$(get_sematic_version "$VERSION" 3)" + if [[ ( "$VERSION_MAJOR" -ge 5 ) || ( "$VERSION_MAJOR" -ge 4 && "$VERSION_MINOR" -ge 4 && "$VERSION_PATCH" -ge 2 ) ]]; then + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true$' + else + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.isMaster().ismaster || db.isMaster().secondary' | grep -q 'true$' + fi + ping-mongodb.sh: | + #!/bin/bash + {{- if .Values.tls.enabled }} + TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert' + {{- end }} + mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval "db.adminCommand('ping')" + {{- if .Values.tls.enabled }} + generate-certs.sh: | + #!/bin/bash + additional_ips=() + additional_names=() + while getopts "i:n:s:" flag + do + case "${flag}" in + i) read -a additional_ips <<< ${OPTARG//,/ } ;; + n) read -a additional_names <<< ${OPTARG//,/ } ;; + s) svc=${OPTARG// /} ;; + \?) exit 1 ;; + esac + done + + my_hostname=$(hostname) + cp /certs/CAs/* /certs/ + cat >/certs/openssl.cnf <>/certs/openssl.cnf <>/certs/openssl.cnf < /certs/mongodb.pem + cd /certs/ + shopt -s extglob + rm -rf !(mongodb-ca-cert|mongodb.pem|CAs|openssl.cnf) + chmod 0600 mongodb-ca-cert mongodb.pem + {{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml new file mode 100644 index 00000000..76608c4e --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "mongodb.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml b/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml new file mode 100644 index 00000000..9ac65f9e --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml new file mode 100644 index 00000000..d7271f05 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/configmap.yaml @@ -0,0 +1,15 @@ +{{- if (include "mongodb.hidden.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.configuration "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml new file mode 100644 index 00000000..d9bbdc8e --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/external-access-svc.yaml @@ -0,0 +1,67 @@ +{{- if and (include "mongodb.hidden.enabled" .) .Values.externalAccess.hidden.enabled }} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.hidden.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-hidden-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-hidden-%d-external" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} + {{- if or $root.Values.externalAccess.hidden.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.externalAccess.hidden.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.hidden.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.hidden.service.type }} + {{- if eq $root.Values.externalAccess.hidden.service.type "LoadBalancer" }} + {{- if not (empty $root.Values.externalAccess.hidden.service.loadBalancerIPs) }} + loadBalancerIP: {{ index $root.Values.externalAccess.hidden.service.loadBalancerIPs $i }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + {{- if (or (eq $root.Values.externalAccess.hidden.service.type "LoadBalancer") (eq $root.Values.externalAccess.hidden.service.type "NodePort")) }} + externalTrafficPolicy: {{ $root.Values.externalAccess.hidden.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.sessionAffinity }} + sessionAffinity: {{ $root.Values.externalAccess.hidden.service.sessionAffinity }} + {{- end }} + {{- if $root.Values.externalAccess.hidden.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.externalAccess.hidden.service.portName | quote }} + port: {{ $root.Values.externalAccess.hidden.service.ports.mongodb }} + {{- if not (empty $root.Values.externalAccess.hidden.service.nodePorts) }} + {{- $nodePort := index $root.Values.externalAccess.hidden.service.nodePorts $i }} + nodePort: {{ $nodePort }} + {{- else }} + nodePort: null + {{- end }} + targetPort: mongodb + {{- if $root.Values.externalAccess.hidden.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: hidden + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml new file mode 100644 index 00000000..725e0256 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/headless-svc.yaml @@ -0,0 +1,34 @@ +{{- if (include "mongodb.hidden.enabled" .) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.hidden.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.hidden.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: {{ .Values.hidden.service.portName | quote }} + port: {{ .Values.hidden.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.hidden.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: hidden +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml new file mode 100644 index 00000000..ce233db3 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/pdb.yaml @@ -0,0 +1,22 @@ +{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" . )}} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.hidden.pdb.minAvailable }} + minAvailable: {{ .Values.hidden.pdb.minAvailable }} + {{- end }} + {{- if .Values.hidden.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.hidden.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: hidden +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml new file mode 100644 index 00000000..56ce237b --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml @@ -0,0 +1,533 @@ +{{- if (include "mongodb.hidden.enabled" .) }} +{{- $replicaCount := int .Values.hidden.replicaCount }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.hidden.service.loadBalancerIPs }} +{{- if not (and .Values.externalAccess.hidden.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.hidden.service.type "LoadBalancer")) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: hidden + {{- if .Values.hidden.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.hidden.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + serviceName: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + podManagementPolicy: {{ .Values.hidden.podManagementPolicy }} + replicas: {{ .Values.hidden.replicaCount }} + {{- if .Values.hidden.updateStrategy }} + updateStrategy: {{- toYaml .Values.hidden.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: hidden + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: hidden + {{- if .Values.hidden.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.hidden.createConfigmap" .) .Values.hidden.podAnnotations }} + annotations: + {{- if (include "mongodb.hidden.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/hidden/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.hidden.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hidden.schedulerName }} + schedulerName: {{ .Values.hidden.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.hidden.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAffinityPreset "component" "" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAntiAffinityPreset "component" "" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.hidden.nodeAffinityPreset.type "key" .Values.hidden.nodeAffinityPreset.key "values" .Values.hidden.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.hidden.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hidden.priorityClassName }} + priorityClassName: {{ .Values.hidden.priorityClassName }} + {{- end }} + {{- if .Values.hidden.runtimeClassName }} + runtimeClassName: {{ .Values.hidden.runtimeClassName }} + {{- end }} + {{- if .Values.hidden.podSecurityContext.enabled }} + securityContext: {{- omit .Values.hidden.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.hidden.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.hidden.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.hidden.initContainers (and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled) (and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.hidden.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} + find {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.hidden.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }} + {{- if .Values.externalAccess.hidden.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.hidden.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: auto-discovery + image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} + imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} + command: + - /scripts/auto-discovery.sh + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SHARED_FILE + value: "/shared/info.txt" + {{- if .Values.externalAccess.autoDiscovery.resources }} + resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: shared + mountPath: /shared + - name: scripts + mountPath: /scripts/auto-discovery.sh + subPath: auto-discovery.sh + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.hidden.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.hidden.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.hidden.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.command "context" $) | nindent 12 }} + {{- else }} + command: + - /scripts/setup-hidden.sh + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.hidden.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.hidden.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: SHARED_FILE + value: "/shared/info.txt" + {{- end }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.service.nameOverride" . }}" + - name: K8S_HIDDEN_NODE_SERVICE_NAME + value: "{{ include "mongodb.fullname" . }}-hidden-headless" + - name: MONGODB_REPLICA_SET_MODE + value: "hidden" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.hidden.enabled) }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_HIDDEN_NODE_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + {{- end }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.hidden.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.hidden.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.hidden.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.hidden.extraEnvVarsCM .Values.hidden.extraEnvVarsSecret }} + envFrom: + {{- if .Values.hidden.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.hidden.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.hidden.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.hidden.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.hidden.containerPorts.mongodb }} + name: mongodb + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.hidden.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.hidden.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.hidden.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.hidden.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.hidden.resources }} + resources: {{- toYaml .Values.hidden.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.hidden.persistence.mountPath }} + subPath: {{ .Values.hidden.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + - name: scripts + mountPath: /scripts/setup-hidden.sh + subPath: setup-hidden.sh + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: shared + mountPath: /shared + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.hidden.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + /bin/mongodb_exporter --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: 9216 + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.hidden.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0555 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.hidden.configmapName" . }} + {{- end }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + - name: shared + emptyDir: {} + {{- end }} + - name: scripts + configMap: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0755 + {{- if .Values.hidden.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.hidden.persistence.enabled }} + - name: datadir + {{- if .Values.hidden.persistence.medium }} + emptyDir: + medium: {{ .Values.hidden.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.hidden.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.hidden.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.hidden.persistence.size | quote }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.requests }} + {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.hidden.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.hidden.persistence "global" .Values.global) }} + {{- end }} +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml new file mode 100644 index 00000000..f3d023ab --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/initialization-configmap.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-init-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml new file mode 100644 index 00000000..2a36dfc8 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/metrics-svc.yaml @@ -0,0 +1,33 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.metrics.service.type }} + ports: + - port: {{ .Values.metrics.service.ports.metrics }} + targetPort: metrics + protocol: TCP + name: http-metrics + {{- if .Values.metrics.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml new file mode 100644 index 00000000..26149ccb --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml @@ -0,0 +1,44 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.service.type "ClusterIP" }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.service.ports.mongodb }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + ingress: + - {} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml b/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml new file mode 100644 index 00000000..29d2ea46 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/prometheusrule.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.prometheusRule.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "mongodb.fullname" . }} + rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml b/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml new file mode 100644 index 00000000..e9ef023b --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/psp.yaml @@ -0,0 +1,50 @@ +{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- if and $pspAvailable .Values.podSecurityPolicy.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: +{{- if .Values.podSecurityPolicy.spec }} +{{ include "common.tplvalues.render" ( dict "value" .Values.podSecurityPolicy.spec "context" $ ) | nindent 2 }} +{{- else }} + allowPrivilegeEscalation: {{ .Values.podSecurityPolicy.allowPrivilegeEscalation }} + fsGroup: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.podSecurityContext.fsGroup }} + max: {{ .Values.podSecurityContext.fsGroup }} + hostIPC: false + hostNetwork: false + hostPID: false + privileged: {{ .Values.podSecurityPolicy.privileged }} + readOnlyRootFilesystem: false + requiredDropCapabilities: + - ALL + runAsUser: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.containerSecurityContext.runAsUser }} + max: {{ .Values.containerSecurityContext.runAsUser }} + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.containerSecurityContext.runAsUser }} + max: {{ .Values.containerSecurityContext.runAsUser }} + volumes: + - 'configMap' + - 'secret' + - 'emptyDir' + - 'persistentVolumeClaim' +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml new file mode 100644 index 00000000..caa15f36 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/access-svc.yaml @@ -0,0 +1,32 @@ +{{- if (eq .Values.architecture "replicaset") }} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} +spec: + type: {{ $root.Values.service.type }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.service.portName | quote }} + port: {{ $root.Values.service.ports.mongodb }} + targetPort: mongodb + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml new file mode 100644 index 00000000..f1acd6bf --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/external-access-svc.yaml @@ -0,0 +1,67 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not (eq .Values.externalAccess.service.type "ClusterIP")) false}} +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d-external" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + pod: {{ $targetPod }} + {{- if or $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.externalAccess.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.service.type }} + {{- if eq $root.Values.externalAccess.service.type "LoadBalancer" }} + {{- if not (empty $root.Values.externalAccess.service.loadBalancerIPs) }} + loadBalancerIP: {{ index $root.Values.externalAccess.service.loadBalancerIPs $i }} + {{- end }} + {{- if $root.Values.externalAccess.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + {{- if (or (eq $root.Values.externalAccess.service.type "LoadBalancer") (eq $root.Values.externalAccess.service.type "NodePort")) }} + externalTrafficPolicy: {{ $root.Values.externalAccess.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if $root.Values.externalAccess.service.sessionAffinity }} + sessionAffinity: {{ $root.Values.externalAccess.service.sessionAffinity }} + {{- end }} + {{- if $root.Values.externalAccess.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + publishNotReadyAddresses: true + ports: + - name: {{ $root.Values.externalAccess.service.portName | quote }} + port: {{ $root.Values.externalAccess.service.ports.mongodb }} + {{- if not (empty $root.Values.externalAccess.service.nodePorts) }} + {{- $nodePort := index $root.Values.externalAccess.service.nodePorts $i }} + nodePort: {{ $nodePort }} + {{- else }} + nodePort: null + {{- end }} + targetPort: mongodb + {{- if $root.Values.externalAccess.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml new file mode 100644 index 00000000..78f26ab9 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/headless-svc.yaml @@ -0,0 +1,34 @@ +{{- if eq .Values.architecture "replicaset" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.service.nameOverride" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: {{ .Values.service.portName | quote }} + port: {{ .Values.service.ports.mongodb }} + targetPort: mongodb + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml new file mode 100644 index 00000000..a2b6492f --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/pdb.yaml @@ -0,0 +1,25 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml new file mode 100644 index 00000000..ed5a8627 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/scripts-configmap.yaml @@ -0,0 +1,301 @@ +{{- if eq .Values.architecture "replicaset" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- $fullname := include "mongodb.fullname" . }} + {{- $releaseNamespace := include "mongodb.namespace" . }} + {{- if and .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + auto-discovery.sh: |- + #!/bin/bash + + SVC_NAME="${MY_POD_NAME}-external" + + # Auxiliary functions + retry_while() { + local -r cmd="${1:?cmd is missing}" + local -r retries="${2:-12}" + local -r sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<< "$cmd" + for ((i = 1 ; i <= retries ; i+=1 )); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value + } + k8s_svc_lb_ip() { + local namespace=${1:?namespace is missing} + local service=${2:?service is missing} + local service_ip=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].ip}") + local service_hostname=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].hostname}") + + if [[ -n ${service_ip} ]]; then + echo "${service_ip}" + else + echo "${service_hostname}" + fi + } + k8s_svc_lb_ip_ready() { + local namespace=${1:?namespace is missing} + local service=${2:?service is missing} + [[ -n "$(k8s_svc_lb_ip "$namespace" "$service")" ]] + } + # Wait until LoadBalancer IP is ready + retry_while "k8s_svc_lb_ip_ready {{ $releaseNamespace }} $SVC_NAME" || exit 1 + # Obtain LoadBalancer external IP + k8s_svc_lb_ip "{{ $releaseNamespace }}" "$SVC_NAME" | tee "$SHARED_FILE" + {{- end }} + setup.sh: |- + #!/bin/bash + + . /opt/drycc/scripts/mongodb-env.sh + . /opt/drycc/scripts/libfs.sh + . /opt/drycc/scripts/liblog.sh + . /opt/drycc/scripts/libvalidations.sh + + {{- if .Values.externalAccess.enabled }} + {{- if eq .Values.externalAccess.service.type "LoadBalancer" }} + {{- if .Values.externalAccess.autoDiscovery.enabled }} + export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" + {{- else }} + ID="${MY_POD_NAME#"{{ $fullname }}-"}" + export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- end }} + {{- else if eq .Values.externalAccess.service.type "NodePort" }} + ID="${MY_POD_NAME#"{{ $fullname }}-"}" + export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- if .Values.externalAccess.service.domain }} + export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.service.domain }} + {{- else }} + export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP + {{- end }} + {{- end }} + {{- end }} + + {{- if .Values.replicaSetConfigurationSettings.enabled }} + # placed here before root password env is overwritten + # makes no assumption about starting state + # ensures that any stepDown or non-default starting state is handled + /scripts/replicaSetConfigurationSettings.sh & + {{- end }} + + if is_empty_value "$MONGODB_ADVERTISED_PORT_NUMBER"; then + export MONGODB_ADVERTISED_PORT_NUMBER="$MONGODB_PORT_NUMBER" + fi + + info "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME" + info "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER" + + # Check for existing replica set in case there is no data in the PVC + # This is for cases where the PVC is lost or for MongoDB caches without + # persistence + current_primary="" + if is_dir_empty "${MONGODB_DATA_DIR}/db"; then + info "Data dir empty, checking if the replica set already exists" + {{- $replicaCount := int .Values.replicaCount }} + {{- $portNumber := int .Values.service.ports.mongodb }} + {{- $fullname := include "mongodb.fullname" . }} + {{- $releaseNamespace := include "mongodb.namespace" . }} + {{- $clusterDomain := .Values.clusterDomain }} + {{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} + {{- $mongoList := list }} + {{- range $e, $i := until $replicaCount }} + {{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} + {{- end }} + current_primary=$(mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }}{{- if .Values.tls.enabled}} --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert{{- end }} --eval 'db.runCommand("ismaster")' | awk -F\' '/primary/ {print $2}') + + if ! is_empty_value "$current_primary"; then + info "Detected existing primary: ${current_primary}" + fi + fi + + if ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" == "$current_primary" ]]; then + info "Advertised name matches current primary, configuring node as a primary" + export MONGODB_REPLICA_SET_MODE="primary" + elif ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" != "$current_primary" ]]; then + info "Current primary is different from this node. Configuring the node as replica of ${current_primary}" + export MONGODB_REPLICA_SET_MODE="secondary" + export MONGODB_INITIAL_PRIMARY_HOST="${current_primary%:*}" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="${current_primary#*:}" + export MONGODB_SET_SECONDARY_OK="yes" + elif [[ "$MY_POD_NAME" = "{{ $fullname }}-0" ]]; then + info "Pod name matches initial primary pod name, configuring node as a primary" + export MONGODB_REPLICA_SET_MODE="primary" + else + info "Pod name doesn't match initial primary pod name, configuring node as a secondary" + export MONGODB_REPLICA_SET_MODE="secondary" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER" + fi + + if [[ "$MONGODB_REPLICA_SET_MODE" == "secondary" ]]; then + export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER" + export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" + export MONGODB_ROOT_PASSWORD="" + export MONGODB_EXTRA_USERNAMES="" + export MONGODB_EXTRA_DATABASES="" + export MONGODB_EXTRA_PASSWORDS="" + export MONGODB_ROOT_PASSWORD_FILE="" + export MONGODB_EXTRA_USERNAMES_FILE="" + export MONGODB_EXTRA_DATABASES_FILE="" + export MONGODB_EXTRA_PASSWORDS_FILE="" + fi + + exec /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + setup-hidden.sh: |- + #!/bin/bash + + . /opt/drycc/scripts/mongodb-env.sh + + {{- if .Values.externalAccess.hidden.enabled }} + {{- if eq .Values.externalAccess.hidden.service.type "LoadBalancer" }} + {{- if .Values.externalAccess.autoDiscovery.enabled }} + export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" + {{- else }} + ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}" + export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.hidden.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- end }} + {{- else if eq .Values.externalAccess.hidden.service.type "NodePort" }} + ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}" + export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.hidden.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + {{- if .Values.externalAccess.hidden.service.domain }} + export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.hidden.service.domain }} + {{- else }} + export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP + {{- end }} + {{- end }} + {{- end }} + + {{- if .Values.replicaSetConfigurationSettings.enabled }} + # placed here before root password env is overwritten + # makes no assumption about starting state + # ensures that any stepDown or non-default starting state is handled + /scripts/replicaSetConfigurationSettings.sh & + {{- end }} + + echo "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME" + echo "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER" + echo "Configuring node as a hidden node" + export MONGODB_REPLICA_SET_MODE="hidden" + export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER" + export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" + export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER" + export MONGODB_ROOT_PASSWORD="" + export MONGODB_EXTRA_USERNAMES="" + export MONGODB_EXTRA_DATABASES="" + export MONGODB_EXTRA_PASSWORDS="" + export MONGODB_ROOT_PASSWORD_FILE="" + export MONGODB_EXTRA_USERNAMES_FILE="" + export MONGODB_EXTRA_DATABASES_FILE="" + export MONGODB_EXTRA_PASSWORDS_FILE="" + exec /opt/drycc/scripts/mongodb/entrypoint.sh /opt/drycc/scripts/mongodb/run.sh + {{- if .Values.replicaSetConfigurationSettings.enabled }} + replicaSetConfigurationSettings.sh: |- + #!/bin/bash + # This script to be called when pod starts. + # This script sets rs settings which can not be applied via conf file + + function logger () + #$1 is the line to be logged + { + echo "replicaSetConfigurationSettings.sh -- ${1}" >&1 + } + + SLEEP_PERIOD=10 + + {{- if and .Values.auth.enabled .Values.auth.rootPassword }} + usernameAndPassword="-u root -p ${MONGODB_ROOT_PASSWORD}" + {{- else }} + usernameAndPassword="" + {{- end }} + + # load Values.replicaSetConfigurationSettings.configuration into associtive array which makes iterating and string manipulation easy + declare -A desiredRsConf + {{ range $setting, $value := .Values.replicaSetConfigurationSettings.configuration -}} + {{ printf "desiredRsConf[%s]='%v'" $setting $value }} + {{ end }} + + rsConfWriteAttempts=0 + rs_conf_configured_ok=unknown + + while [[ "${rs_conf_configured_ok}" != "true" ]]; do + + # give the rs setup a chance to succeed before attempting to read or configure + sleep ${SLEEP_PERIOD} + + counter=0 + while ! mongosh ${usernameAndPassword} --eval 'rs.conf()'; do + counter=$((${counter} +1)) + logger "not yet able to read rs.conf settings from the currently running rs (after ${counter} attempts)" + sleep ${SLEEP_PERIOD} + done + counter=$((${counter} +1)) + logger "rs.conf settings have been read from the currently running rs (after ${counter} attempts)" + + # read rs.conf again and store it. settings format is '"" : ,' + currentRsConf=$(mongosh ${usernameAndPassword} --eval 'rs.conf()') + + desiredEqualsactual=unknown + settingsToConfigure="" + for key in ${!desiredRsConf[@]}; do + value=${desiredRsConf[$key]} + if ! $(echo "\"${currentRsConf}"\" | grep -q -e "${key}: ${value},"); then + logger "rs conf setting: ${key} value will be set to: ${value}" + settingsToConfigure="${settingsToConfigure}cfg.settings.${key} = ${value}; " + desiredEqualsactual=false + else + logger "rs conf: ${key} is already at desired value: ${value}" + fi + done + + if [[ "${desiredEqualsactual}" != "false" ]]; then + logger "replicaSetConfigurationSettings match the settings of the currently running rs" + desiredEqualsactual=true + rs_conf_configured_ok=true + logger "Current settings match desired settings (There have been ${rsConfWriteAttempts} attempts to write to mongoDB rs configuration)" + exit + fi + + # apply the settings only if this member is currently the mongo replicaset PRIMARY + # it might take a little time before any pod is PRIMARY + isMaster=unknown + if ! mongosh ${usernameAndPassword} --eval 'rs.isMaster()' | grep -q "ismaster: true"; then + isMaster=false + logger "This node is not yet PRIMARY - replicaSetConfigurationSettings will only be set on the member that is currently PRIMARY" + else + isMaster=true + logger "This node is PRIMARY" + fi + + if [[ "${isMaster}" == "true" ]]; then + logger "This node is currently PRIMARY - will apply rs.conf settings" + + # avoiding tricky string substitution with single quotes by making the eval string a set of vars + rsconf="cfg = rs.conf();" + rsreconf="rs.reconfig(cfg);" + rsCommand="${rsconf} ${settingsToConfigure} ${rsreconf}" + + mongosh ${usernameAndPassword} --eval "${rsCommand}" + if [ $? -ne 0 ]; then + logger "Failed to apply mongodb cfg.settings configuration" + else + logger "mongodb replicaset cfg.settings configuration applied" + logger "Will check rs conf" + # don't exit just yet - the settings will be checked in the next loop + fi + rsConfWriteAttempts=$((${rsConfWriteAttempts} + 1 )) + fi + done + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml new file mode 100644 index 00000000..e7c0ff1c --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml @@ -0,0 +1,543 @@ +{{- if eq .Values.architecture "replicaset" }} +{{- $replicaCount := int .Values.replicaCount }} +{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- if not (and .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer")) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.labels "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + serviceName: {{ include "mongodb.service.nameOverride" . }} + podManagementPolicy: {{ .Values.podManagementPolicy }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: Delete + whenScaled: Delete + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mongodb + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} + annotations: + {{- if (include "mongodb.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: {{ .Values.runtimeClassName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.service.nameOverride" . }} + {{- if .Values.externalAccess.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: auto-discovery + image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} + imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} + command: + - /scripts/auto-discovery.sh + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SHARED_FILE + value: "/shared/info.txt" + {{- if .Values.externalAccess.autoDiscovery.resources }} + resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: shared + mountPath: /shared + - name: scripts + mountPath: /scripts/auto-discovery.sh + subPath: auto-discovery.sh + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- else }} + command: + - /scripts/setup.sh + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: DRYCC_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: SHARED_FILE + value: "/shared/info.txt" + {{- end }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: K8S_SERVICE_NAME + value: "{{ include "mongodb.service.nameOverride" . }}" + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ .Values.replicaSetName | quote }} + {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.enabled) }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + {{- end }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-replica-set-key + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - name: mongodb + containerPort: {{ .Values.containerPorts.mongodb }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/readiness-probe.sh + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + - name: scripts + mountPath: /scripts/setup.sh + subPath: setup.sh + {{ if .Values.replicaSetConfigurationSettings.enabled }} + - name: scripts + mountPath: /scripts/replicaSetConfigurationSettings.sh + subPath: replicaSetConfigurationSettings.sh + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: shared + mountPath: /shared + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPort }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0550 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.configmapName" . }} + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + - name: shared + emptyDir: {} + {{- end }} + - name: scripts + configMap: + name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0755 + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: datadir + {{- if .Values.persistence.medium }} + emptyDir: + medium: {{ .Values.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.volumeClaimTemplates.requests }} + {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.persistence.volumeClaimTemplates.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- end }} +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml new file mode 100644 index 00000000..55c56b87 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/svc.yaml @@ -0,0 +1,43 @@ +{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }} + +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +{{- $root := . }} + +{{- range $i, $e := until $replicaCount }} +{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} +{{- $_ := set $ "targetPod" $targetPod }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-%d" $fullName $i }} + namespace: {{ include "mongodb.namespace" $ }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if $root.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or $root.Values.service.annotations $root.Values.commonAnnotations }} + annotations: + {{- if $root.Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $root.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $root.Values.externalAccess.service.type }} + ports: + - name: {{ $root.Values.service.portName | quote }} + port: {{ $root.Values.service.ports.mongodb }} + targetPort: mongodb + {{- if $root.Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $root.Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongodb + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/role.yaml b/addons/mongodb/7.0/chart/mongodb/templates/role.yaml new file mode 100644 index 00000000..56300431 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/role.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +{{- if .Values.rbac.rules }} +{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} +{{- end -}} +{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- if and $pspAvailable .Values.podSecurityPolicy.create }} + - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ include "mongodb.fullname" . }}] +{{- end -}} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml b/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml new file mode 100644 index 00000000..8950f8bb --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: Role + name: {{ include "mongodb.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "mongodb.serviceAccountName" . }} + namespace: {{ include "mongodb.namespace" . | quote }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml b/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml new file mode 100644 index 00000000..1c4e76ff --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml @@ -0,0 +1,37 @@ +{{- if (include "mongodb.createTlsSecret" .) }} +{{- $fullname := include "mongodb.fullname" . }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $cn := printf "%s.%s.svc.%s" $fullname .Release.Namespace $clusterDomain }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "mongodb.tlsSecretName" . }} + namespace: {{ template "mongodb.namespace" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if or .Values.tls.caCert .Values.tls.caKey (not .Values.tls.autoGenerated) }} + {{- $ca := buildCustomCert (required "A valid .Values.tls.caCert is required!" .Values.tls.caCert) (required "A valid .Values.tls.caKey is required!" .Values.tls.caKey) }} + {{- $cert := genSignedCert $cn nil nil 3650 $ca }} + {{- $pem := printf "%s%s" $cert.Cert $cert.Key }} + mongodb-ca-cert: {{ b64enc $ca.Cert }} + mongodb-ca-key: {{ b64enc $ca.Key }} + client-pem: {{ b64enc $pem }} + {{- else }} + {{- $ca:= genCA "myMongo-ca" 3650 }} + {{- $cert := genSignedCert $cn nil nil 3650 $ca }} + {{- $pem := printf "%s%s" $cert.Cert $cert.Key }} + mongodb-ca-cert: {{ b64enc $ca.Cert }} + mongodb-ca-key: {{ b64enc $ca.Key }} + client-pem: {{ b64enc $pem }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml b/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml new file mode 100644 index 00000000..acf8c483 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/secrets.yaml @@ -0,0 +1,41 @@ +{{- if (include "mongodb.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ template "mongodb.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + mongodb-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-root-password" "providedValues" (list "auth.rootPassword" ) "context" $) }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- $customPasswords := include "mongodb.customPasswords" . -}} + {{- $passwordList := list -}} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) -}} + {{- if not (empty $customPasswords) -}} + {{- $passwordList = $customPasswords -}} + {{- else -}} + {{- $customUsersList := splitList "," $customUsers -}} + {{- $customPasswordsList := list -}} + {{- range $customUsersList -}} + {{- $customPasswordsList = append $customPasswordsList (randAlphaNum 10) -}} + {{- end -}} + {{- $passwordList = (join "," $customPasswordsList) -}} + {{- end }} + mongodb-passwords: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-passwords" "providedValues" (list "mongodbPasswords") "context" (set (deepCopy $) "Values" (dict "mongodbPasswords" $passwordList))) }} + {{- end }} + {{- if .Values.metrics.username }} + mongodb-metrics-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-metrics-password" "providedValues" (list "metrics.password" ) "context" $) }} + {{- end }} + {{- if eq .Values.architecture "replicaset" }} + mongodb-replica-set-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-replica-set-key" "providedValues" (list "auth.replicaSetKey" ) "context" $) }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml b/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml new file mode 100644 index 00000000..f4aa81a5 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/serviceaccount.yaml @@ -0,0 +1,23 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mongodb.serviceAccountName" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.serviceAccount.annotations }} + {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +secrets: + - name: {{ template "mongodb.fullname" . }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml b/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml new file mode 100644 index 00000000..0a00f719 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.serviceMonitor.namespace" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: metrics + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: metrics + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - "{{ include "mongodb.namespace" . }}" +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml new file mode 100644 index 00000000..ba3b74d2 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml @@ -0,0 +1,474 @@ +{{- if not (eq .Values.architecture "replicaset") }} +apiVersion: {{ if .Values.useStatefulSet }}{{ include "common.capabilities.statefulset.apiVersion" . }}{{- else }}{{ include "common.capabilities.deployment.apiVersion" . }}{{- end }} +kind: {{ if .Values.useStatefulSet }}StatefulSet{{- else }}Deployment{{- end }} +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + replicas: 1 + {{- if .Values.useStatefulSet }} + serviceName: {{ include "mongodb.fullname" . }} + {{- end }} + {{- if .Values.updateStrategy}} + {{- if .Values.useStatefulSet }} + updateStrategy: + {{- else }} + strategy: + {{- end }} + {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end}} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongodb + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mongodb + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} + annotations: + {{- if (include "mongodb.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "mongodb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mongodb.serviceAccountName" . }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: {{ .Values.runtimeClassName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{ if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.tls.enabled }} + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: generate-tls-certs + image: {{ include "mongodb.tls.image" . }} + imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: certs-volume + mountPath: /certs/CAs + - name: certs + mountPath: /certs + - name: common-scripts + mountPath: /drycc/scripts + command: + - /drycc/scripts/generate-certs.sh + args: + - -s {{ include "mongodb.service.nameOverride" . }} + {{- if .Values.externalAccess.service.loadBalancerIPs }} + - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} + {{- end }} + {{- if .Values.tls.extraDnsNames }} + - -n {{ join "," .Values.tls.extraDnsNames }} + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- $customUsers := include "mongodb.customUsers" . -}} + {{- $customDatabases := include "mongodb.customDatabases" . -}} + {{- if not (empty $customUsers) }} + - name: MONGODB_EXTRA_USERNAMES + value: {{ $customUsers | quote }} + {{- end }} + {{- if not (empty $customDatabases) }} + - name: MONGODB_EXTRA_DATABASES + value: {{ $customDatabases | quote }} + {{- end }} + {{- if .Values.auth.enabled }} + {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} + - name: MONGODB_EXTRA_PASSWORDS + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-passwords + {{- end }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- end }} + {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + {{- if .Values.auth.enabled }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.systemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} + - name: MONGODB_DISABLE_JAVASCRIPT + value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} + - name: MONGODB_ENABLE_JOURNAL + value: {{ ternary "yes" "no" .Values.enableJournal | quote }} + - name: MONGODB_PORT_NUMBER + value: {{ .Values.containerPorts.mongodb | quote }} + - name: MONGODB_ENABLE_IPV6 + value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} + {{- $extraFlags := .Values.extraFlags | join " " -}} + {{- if .Values.tls.enabled }} + {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert %s" .Values.tls.mode $extraFlags }} + {{- end }} + {{- if ne $extraFlags "" }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $extraFlags | quote }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: MONGODB_CLIENT_EXTRA_FLAGS + value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + - name: mongodb + containerPort: {{ .Values.containerPorts.mongodb }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/ping-mongodb.sh + {{- end }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/readiness-probe.sh + {{- end }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /drycc/scripts/startup-probe.sh + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + - name: common-scripts + mountPath: /drycc/scripts + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + mountPath: /opt/drycc/mongodb/conf/mongodb.conf + subPath: mongodb.conf + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mongodb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -ec + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} + {{- else }} + args: + - | + /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + {{- end }} + env: + {{- if .Values.auth.enabled }} + {{- if not .Values.metrics.username }} + - name: MONGODB_ROOT_USER + value: {{ .Values.auth.rootUser | quote }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-root-password + {{- else }} + - name: MONGODB_METRICS_USERNAME + value: {{ .Values.metrics.username | quote }} + - name: MONGODB_METRICS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb.secretName" . }} + key: mongodb-metrics-password + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.tls.enabled }} + - name: certs + mountPath: /certs + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPort }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: common-scripts + configMap: + name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} + defaultMode: 0550 + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mongodb.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: config + configMap: + name: {{ include "mongodb.configmapName" . }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: certs + emptyDir: {} + - name: certs-volume + secret: + secretName: {{ template "mongodb.tlsSecretName" . }} + items: + - key: mongodb-ca-cert + path: mongodb-ca-cert + mode: 0600 + - key: mongodb-ca-key + path: mongodb-ca-key + mode: 0600 + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: datadir + {{- if .Values.persistence.medium }} + emptyDir: + medium: {{ .Values.persistence.medium | quote }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else if .Values.persistence.existingClaim }} + - name: datadir + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.persistence.existingClaim .) }} + {{- else if not .Values.useStatefulSet }} + - name: datadir + persistentVolumeClaim: + claimName: {{ template "mongodb.fullname" . }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: datadir + {{- if .Values.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.volumeClaimTemplates.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- end }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml new file mode 100644 index 00000000..7786de63 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/standalone/pvc.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (not (eq .Values.architecture "replicaset")) (not .Values.useStatefulSet) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations .Values.persistence.resourcePolicy }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.resourcePolicy }} + helm.sh/resource-policy: {{ .Values.persistence.resourcePolicy | quote }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml new file mode 100644 index 00000000..44255798 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/templates/standalone/svc.yaml @@ -0,0 +1,58 @@ +{{- if not (eq .Values.architecture "replicaset") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "mongodb.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.externalIPs }} + externalIPs: {{ toYaml .Values.service.externalIPs | nindent 4 }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + ports: + - name: {{ .Values.service.portName | quote }} + port: {{ .Values.service.ports.mongodb }} + targetPort: mongodb + {{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) .Values.service.nodePorts.mongodb }} + nodePort: {{ .Values.service.nodePorts.mongodb }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: mongodb +{{- end }} diff --git a/addons/mongodb/7.0/chart/mongodb/values.schema.json b/addons/mongodb/7.0/chart/mongodb/values.schema.json new file mode 100644 index 00000000..be8e54b4 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/values.schema.json @@ -0,0 +1,173 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "architecture": { + "type": "string", + "title": "MongoDB® architecture", + "form": true, + "description": "Allowed values: `standalone` or `replicaset`" + }, + "auth": { + "type": "object", + "title": "Authentication configuration", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Authentication", + "form": true + }, + "rootUser": { + "type": "string", + "title": "MongoDB® admin user", + "form": true, + "description": "Name of the admin user. Default is root" + }, + "rootPassword": { + "type": "string", + "title": "MongoDB® admin password", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": false, + "path": "auth/enabled" + } + }, + "database": { + "type": "string", + "title": "MongoDB® custom database", + "description": "Name of the custom database to be created during the 1st initialization of MongoDB®", + "form": true + }, + "username": { + "type": "string", + "title": "MongoDB® custom user", + "description": "Name of the custom user to be created during the 1st initialization of MongoDB®. This user only has permissions on the MongoDB® custom database", + "form": true + }, + "password": { + "type": "string", + "title": "Password for MongoDB® custom user", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": false, + "path": "auth/enabled" + } + }, + "replicaSetKey": { + "type": "string", + "title": "Key used for replica set authentication", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "replicaCount": { + "type": "integer", + "form": true, + "title": "Number of MongoDB® replicas", + "hidden": { + "value": "standalone", + "path": "architecture" + } + }, + "configuration": { + "type": "string", + "title": "MongoDB® Custom Configuration", + "form": true, + "render": "textArea" + }, + "arbiter": { + "type": "object", + "title": "Arbiter configuration", + "form": true, + "properties": { + "configuration": { + "type": "string", + "title": "Arbiter Custom Configuration", + "form": true, + "render": "textArea", + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "persistence": { + "type": "object", + "title": "Persistence configuration", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable persistence", + "description": "Enable persistence using Persistent Volume Claims" + }, + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi", + "hidden": { + "value": false, + "path": "persistence/enabled" + } + } + } + }, + "volumePermissions": { + "type": "object", + "hidden": { + "value": false, + "path": "persistence/enabled" + }, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" + } + } + }, + "metrics": { + "type": "object", + "form": true, + "title": "Prometheus metrics details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus metrics exporter", + "description": "Create a side-car container to expose Prometheus metrics", + "form": true + }, + "serviceMonitor": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus Operator ServiceMonitor", + "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", + "form": true, + "hidden": { + "value": false, + "path": "metrics/enabled" + } + } + } + } + } + } + } +} diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml new file mode 100644 index 00000000..3ffc0b04 --- /dev/null +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -0,0 +1,2053 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## @param global.namespaceOverride Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + namespaceOverride: "" + +## @section Common parameters +## + +## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override mongodb.fullname template +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## extraDeploy: +## This needs to be uncommented and added to 'extraDeploy' in order to use the replicaset 'mongo-labeler' sidecar +## for dynamically discovering the mongodb primary pod +## suggestion is to use a hard-coded and predictable TCP port for the primary mongodb pod (here is 30001, choose your own) +## - apiVersion: v1 +## kind: Service +## metadata: +## name: mongodb-primary +## namespace: the-mongodb-namespace +## labels: +## app.kubernetes.io/component: mongodb +## app.kubernetes.io/instance: mongodb +## app.kubernetes.io/managed-by: Helm +## app.kubernetes.io/name: mongodb +## spec: +## type: NodePort +## externalTrafficPolicy: Cluster +## ports: +## - name: mongodb +## port: 30001 +## nodePort: 30001 +## protocol: TCP +## targetPort: mongodb +## selector: +## app.kubernetes.io/component: mongodb +## app.kubernetes.io/instance: mongodb +## app.kubernetes.io/name: mongodb +## primary: "true" +## +extraDeploy: [] +## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template +## +commonLabels: {} +## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template +## +commonAnnotations: {} + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section MongoDB(®) parameters +## + +## Drycc MongoDB(®) image +## ref: https://hub.docker.com/r/drycc/mongodb/tags/ +## @param image.registry MongoDB(®) image registry +## @param image.repository MongoDB(®) image registry +## @param image.tag MongoDB(®) image tag (immutable tags are recommended) +## @param image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy MongoDB(®) image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Set to true if you would like to see extra information on logs +## +image: + registry: registry.drycc.cc + repository: drycc-addons/mongodb + tag: "7.0" + digest: "" + ## Specify a imagePullPolicy + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false + +## @param schedulerName Name of the scheduler (other than default) to dispatch pods +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`) +## +architecture: replicaset +## @param useStatefulSet Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) +## +useStatefulSet: false +## MongoDB(®) Authentication parameters +## +auth: + ## @param auth.enabled Enable authentication + ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ + ## + enabled: true + ## @param auth.rootUser MongoDB(®) root user + ## + rootUser: root + ## @param auth.rootPassword MongoDB(®) root password + ## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#setting-the-root-user-and-password-on-first-run + ## + rootPassword: "" + ## MongoDB(®) custom users and databases + ## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#creating-a-user-and-database-on-first-run + ## @param auth.usernames List of custom users to be created during the initialization + ## @param auth.passwords List of passwords for the custom users set at `auth.usernames` + ## @param auth.databases List of custom databases to be created during the initialization + ## + usernames: [] + passwords: [] + databases: [] + ## @param auth.username DEPRECATED: use `auth.usernames` instead + ## @param auth.password DEPRECATED: use `auth.passwords` instead + ## @param auth.database DEPRECATED: use `auth.databases` instead + username: "" + password: "" + database: "" + ## @param auth.replicaSetKey Key used for authentication in the replicaset (only when `architecture=replicaset`) + ## + replicaSetKey: "" + ## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) + ## NOTE: When it's set the previous parameters are ignored. + ## + existingSecret: "" +tls: + ## @param tls.enabled Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes + ## + enabled: false + ## @param tls.autoGenerated Generate a custom CA and self-signed certificates + ## + autoGenerated: true + ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) + ## NOTE: When it's set it will disable certificate creation + ## + existingSecret: "" + ## Add Custom CA certificate + ## @param tls.caCert Custom CA certificated (base64 encoded) + ## @param tls.caKey CA certificate private key (base64 encoded) + ## + caCert: "" + caKey: "" + ## Drycc Nginx image + ## @param tls.image.registry Init container TLS certs setup image registry + ## @param tls.image.repository Init container TLS certs setup image repository + ## @param tls.image.tag Init container TLS certs setup image tag (immutable tags are recommended) + ## @param tls.image.digest Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param tls.image.pullPolicy Init container TLS certs setup image pull policy + ## @param tls.image.pullSecrets Init container TLS certs specify docker-registry secret names as an array + ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients + ## + image: + registry: docker.io + repository: drycc/nginx + tag: 1.23.1-debian-11-r26 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + ## e.g: + ## extraDnsNames + ## "DNS.6": "$my_host" + ## "DNS.7": "$test" + ## + extraDnsNames: [] + ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) + ## + mode: requireTLS + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param tls.resources.limits Init container generate-tls-certs resource limits + ## @param tls.resources.requests Init container generate-tls-certs resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} +## @param hostAliases Add deployment host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param replicaSetName Name of the replica set (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## +replicaSetName: rs0 +## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## Ignored when externalAccess.enabled=true +## +replicaSetHostnames: true +## @param enableIPv6 Switch to enable/disable IPv6 on MongoDB(®) +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#enablingdisabling-ipv6 +## +enableIPv6: false +## @param directoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB(®) +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#enablingdisabling-directoryperdb +## +directoryPerDB: false +## MongoDB(®) System Log configuration +## ref: https://github.com/drycc/containers/tree/main/drycc/mongodb#configuring-system-log-verbosity-level +## @param systemLogVerbosity MongoDB(®) system log verbosity level +## @param disableSystemLog Switch to enable/disable MongoDB(®) system log +## +systemLogVerbosity: 0 +disableSystemLog: false +## @param disableJavascript Switch to enable/disable MongoDB(®) server-side JavaScript execution +## ref: https://docs.mongodb.com/manual/core/server-side-javascript/ +## +disableJavascript: false +## @param enableJournal Switch to enable/disable MongoDB(®) Journaling +## ref: https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-storage.journal.enabled +## +enableJournal: true +## @param configuration MongoDB(®) configuration file to be used for Primary and Secondary nodes +## For documentation of all options, see: http://docs.mongodb.org/manual/reference/configuration-options/ +## Example: +## configuration: |- +## # where and how to store data. +## storage: +## dbPath: /drycc/mongodb/data/db +## journal: +## enabled: true +## directoryPerDB: false +## # where to write logging data +## systemLog: +## destination: file +## quiet: false +## logAppend: true +## logRotate: reopen +## path: /opt/drycc/mongodb/logs/mongodb.log +## verbosity: 0 +## # network interfaces +## net: +## port: 27017 +## unixDomainSocket: +## enabled: true +## pathPrefix: /opt/drycc/mongodb/tmp +## ipv6: false +## bindIpAll: true +## # replica set options +## #replication: +## #replSetName: replicaset +## #enableMajorityReadConcern: true +## # process management optionsT +## processManagement: +## fork: false +## pidFilePath: /opt/drycc/mongodb/tmp/mongodb.pid +## # set parameter options +## setParameter: +## enableLocalhostAuthBypass: true +## # security options +## security: +## authorization: disabled +## #keyFile: /opt/drycc/mongodb/conf/keyfile +## +configuration: "" +## @section replicaSetConfigurationSettings settings applied during runtime (not via configuration file) +## If enabled, these are applied by a script which is called within setup.sh +## for documentation see https://docs.mongodb.com/manual/reference/replica-configuration/#replica-set-configuration-fields +## @param replicaSetConfigurationSettings.enabled Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings +## @param replicaSetConfigurationSettings.configuration run-time rs.conf settings +## +replicaSetConfigurationSettings: + enabled: false + configuration: {} +## chainingAllowed : false +## heartbeatTimeoutSecs : 10 +## heartbeatIntervalMillis : 2000 +## electionTimeoutMillis : 10000 +## catchUpTimeoutMillis : 30000 +## @param existingConfigmap Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes +## NOTE: When it's set the arbiter.configuration parameter is ignored +## +existingConfigmap: "" +## @param initdbScripts Dictionary of initdb scripts +## Specify dictionary of scripts to be run at first boot +## Example: +## initdbScripts: +## my_init_script.sh: | +## #!/bin/bash +## echo "Do something." +## +initdbScripts: {} +## @param initdbScriptsConfigMap Existing ConfigMap with custom initdb scripts +## +initdbScriptsConfigMap: "" +## Command and args for running the container (set to default if not set). Use array form +## @param command Override default container command (useful when using custom images) +## @param args Override default container args (useful when using custom images) +## +command: [] +args: [] +## @param extraFlags MongoDB(®) additional command line flags +## Example: +## extraFlags: +## - "--wiredTigerCacheSizeGB=2" +## +extraFlags: [] +## @param extraEnvVars Extra environment variables to add to MongoDB(®) pods +## E.g: +## extraEnvVars: +## - name: FOO +## value: BAR +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) +## +extraEnvVarsSecret: "" + +## @section MongoDB(®) statefulset parameters +## + +## @param annotations Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template +## +annotations: {} +## @param labels Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template +## +labels: {} +## @param replicaCount Number of MongoDB(®) nodes (only when `architecture=replicaset`) +## Ignored when mongodb.architecture=standalone +## +replicaCount: 3 +## @param updateStrategy.type Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, +## this parameter will be applied on a deployment object. In other case it will be applied on a statefulset object +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## Example: +## updateStrategy: +## type: RollingUpdate +## rollingUpdate: +## maxSurge: 25% +## maxUnavailable: 25% +## +updateStrategy: + type: RollingUpdate +## @param podManagementPolicy Pod management policy for MongoDB(®) +## Should be initialized one by one when building the replicaset for the first time +## +podManagementPolicy: OrderedReady +## @param podAffinityPreset MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key MongoDB(®) Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values MongoDB(®) Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity MongoDB(®) Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector MongoDB(®) Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations MongoDB(®) Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param topologySpreadConstraints MongoDB(®) Spread Constraints for Pods +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## +topologySpreadConstraints: [] +## @param lifecycleHooks LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @param terminationGracePeriodSeconds MongoDB(®) Termination Grace Period +## +terminationGracePeriodSeconds: "" +## @param podLabels MongoDB(®) pod labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations MongoDB(®) Pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param priorityClassName Name of the existing priority class to be used by MongoDB(®) pod(s) +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param runtimeClassName Name of the runtime class to be used by MongoDB(®) pod(s) +## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ +## +runtimeClassName: "" +## MongoDB(®) pods' Security Context. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable MongoDB(®) pod(s)' Security Context +## @param podSecurityContext.fsGroup Group ID for the volumes of the MongoDB(®) pod(s) +## @param podSecurityContext.sysctls sysctl settings of the MongoDB(®) pod(s)' +## +podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] +## MongoDB(®) containers' Security Context (main and metrics container). +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enable MongoDB(®) container(s)' Security Context +## @param containerSecurityContext.runAsUser User ID for the MongoDB(®) container +## @param containerSecurityContext.runAsNonRoot Set MongoDB(®) container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true +## MongoDB(®) containers' resource requests and limits. +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for MongoDB(®) containers +## @param resources.requests The requested resources for MongoDB(®) containers +## +resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} +## @param containerPorts.mongodb MongoDB(®) container port +containerPorts: + mongodb: 27017 +## MongoDB(®) pods' liveness probe. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 +## MongoDB(®) pods' readiness probe. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## Slow starting containers can be protected through startup probes +## Startup probes are available in Kubernetes version 1.16 and above +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 30 +## @param customLivenessProbe Override default liveness probe for MongoDB(®) containers +## Ignored when livenessProbe.enabled=true +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe for MongoDB(®) containers +## Ignored when readinessProbe.enabled=true +## +customReadinessProbe: {} +## @param customStartupProbe Override default startup probe for MongoDB(®) containers +## Ignored when startupProbe.enabled=true +## +customStartupProbe: {} +## @param initContainers Add additional init containers for the hidden node pod(s) +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] +## @param sidecars Add additional sidecar containers for the MongoDB(®) pod(s) +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## This is an optional 'mongo-labeler' sidecar container that tracks replica-set for the primary mongodb pod +## and labels it dynamically with ' primary: "true" ' in order for an extra-deployed service to always expose +## and attach to the primary pod, this needs to be uncommented along with the suggested 'extraDeploy' example +## and the suggested rbac example for the pod to be allowed adding labels to mongo replica pods +## search 'mongo-labeler' through this file to find the sections that needs to be uncommented to make it work +## +## - name: mongo-labeler +## image: korenlev/k8s-mongo-labeler-sidecar +## imagePullPolicy: Always +## env: +## - name: LABEL_SELECTOR +## value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb" +## - name: NAMESPACE +## value: "the-mongodb-namespace" +## - name: DEBUG +## value: "true" +## +sidecars: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) +## Examples: +## extraVolumeMounts: +## - name: extras +## mountPath: /usr/share/extras +## readOnly: true +## +extraVolumeMounts: [] +## @param extraVolumes Optionally specify extra list of additional volumes to the MongoDB(®) statefulset +## extraVolumes: +## - name: extras +## emptyDir: {} +## +extraVolumes: [] +## MongoDB(®) Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) + ## + create: false + ## @param pdb.minAvailable Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction + ## + maxUnavailable: "" + +## @section Traffic exposure parameters +## + +## Service parameters +## +service: + ## @param service.nameOverride MongoDB(®) service name + ## + nameOverride: "" + ## @param service.type Kubernetes Service type (only for standalone architecture) + ## + type: ClusterIP + ## @param service.portName MongoDB(®) service port name (only for standalone architecture) + ## + portName: mongodb + ## @param service.ports.mongodb MongoDB(®) service port. + ## + ports: + mongodb: 27017 + ## @param service.nodePorts.mongodb Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + mongodb: "" + ## @param service.clusterIP MongoDB(®) service cluster IP (only for standalone architecture) + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## + externalIPs: [] + ## @param service.loadBalancerIP loadBalancerIP for MongoDB(®) Service (only for standalone architecture) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + loadBalancerSourceRanges: [] + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations Provide any additional annotations that may be required + ## + annotations: {} + ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture) + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## External Access to MongoDB(®) nodes configuration +## +externalAccess: + ## @param externalAccess.enabled Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) + ## + enabled: false + ## External IPs auto-discovery configuration + ## An init container is used to auto-detect LB IPs or node ports by querying the K8s API + ## Note: RBAC might be required + ## + autoDiscovery: + ## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs by querying the K8s API + ## + enabled: false + ## Drycc Kubectl image + ## ref: https://hub.docker.com/r/drycc/kubectl/tags/ + ## @param externalAccess.autoDiscovery.image.registry Init container auto-discovery image registry + ## @param externalAccess.autoDiscovery.image.repository Init container auto-discovery image repository + ## @param externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended) + ## @param externalAccess.autoDiscovery.image.digest Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy + ## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets + ## + image: + registry: docker.io + repository: drycc/kubectl + tag: 1.25.2-debian-11-r2 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param externalAccess.autoDiscovery.resources.limits Init container auto-discovery resource limits + ## @param externalAccess.autoDiscovery.resources.requests Init container auto-discovery resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## Parameters to configure K8s service(s) used to externally access MongoDB(®) + ## A new service per broker will be created + ## + service: + ## @param externalAccess.service.type Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP + ## + type: LoadBalancer + ## @param externalAccess.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer + ## + portName: "mongodb" + ## @param externalAccess.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer + ## + ports: + mongodb: 27017 + ## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes + ## Example: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + loadBalancerIPs: [] + ## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param externalAccess.service.externalTrafficPolicy MongoDB(®) service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param externalAccess.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort + ## Example: + ## nodePorts: + ## - 30001 + ## - 30002 + ## + nodePorts: [] + ## @param externalAccess.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort + ## If not specified, the container will try to get the kubernetes node external IP + ## e.g: + ## domain: mydomain.com + ## + domain: "" + ## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param externalAccess.service.annotations Service annotations for external access + ## + annotations: {} + ## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param externalAccess.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## External Access to MongoDB(®) Hidden nodes configuration + ## + hidden: + ## @param externalAccess.hidden.enabled Enable Kubernetes external cluster access to MongoDB(®) hidden nodes + ## + enabled: false + ## Parameters to configure K8s service(s) used to externally access MongoDB(®) + ## A new service per broker will be created + ## + service: + ## @param externalAccess.hidden.service.type Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer + ## + type: LoadBalancer + ## @param externalAccess.hidden.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer + ## + portName: "mongodb" + ## @param externalAccess.hidden.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer + ## + ports: + mongodb: 27017 + ## @param externalAccess.hidden.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes + ## Example: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + loadBalancerIPs: [] + ## @param externalAccess.hidden.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param externalAccess.hidden.service.externalTrafficPolicy MongoDB(®) service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Local + ## @param externalAccess.hidden.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount + ## Example: + ## nodePorts: + ## - 30001 + ## - 30002 + ## + nodePorts: [] + ## @param externalAccess.hidden.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort + ## If not specified, the container will try to get the kubernetes node external IP + ## e.g: + ## domain: mydomain.com + ## + domain: "" + ## @param externalAccess.hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param externalAccess.hidden.service.annotations Service annotations for external access + ## + annotations: {} + ## @param externalAccess.hidden.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param externalAccess.hidden.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## @section Persistence parameters +## + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable MongoDB(®) data persistence using PVC + ## + enabled: true + ## @param persistence.medium Provide a medium for `emptyDir` volumes. + ## Requires persistence.enabled: false + ## + medium: "" + ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + ## Ignored when mongodb.architecture=replicaset + ## + existingClaim: "" + ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted + resourcePolicy: "" + ## @param persistence.storageClass PVC Storage Class for MongoDB(®) data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param persistence.accessModes PV Access Mode + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for MongoDB(®) data volume + ## + size: 8Gi + ## @param persistence.annotations PVC annotations + ## + annotations: {} + ## @param persistence.mountPath Path to mount the volume at + ## MongoDB(®) images. + ## + mountPath: /drycc/mongodb + ## @param persistence.subPath Subdirectory of the volume to mount at + ## and one PV for multiple services. + ## + subPath: "" + ## Fine tuning for volumeClaimTemplates + ## + volumeClaimTemplates: + ## @param persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) + ## A label query over volumes to consider for binding (e.g. when using local volumes) + ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details + ## + selector: {} + ## @param persistence.volumeClaimTemplates.requests Custom PVC requests attributes + ## Sometime cloud providers use additional requests attributes to provision custom storage instance + ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset + ## + requests: {} + ## @param persistence.volumeClaimTemplates.dataSource Add dataSource to the VolumeClaimTemplate + ## + dataSource: {} + +## @section RBAC parameters +## + +## ServiceAccount +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for MongoDB(®) pods + ## + create: true + ## @param serviceAccount.name Name of the created serviceAccount + ## If not set and create is true, a name is generated using the mongodb.fullname template + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: true +## Role Based Access +## ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## +rbac: + ## @param rbac.create Whether to create & use RBAC resources or not + ## binding MongoDB(®) ServiceAccount to a role + ## that allows MongoDB(®) pods querying the K8s API + ## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery + ## + create: false + ## @param rbac.rules Custom rules to create following the role specification + ## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## - watch + ## - update + ## + rules: [] +## PodSecurityPolicy configuration +## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created. +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later + ## + create: false + ## @param podSecurityPolicy.allowPrivilegeEscalation Enable privilege escalation + ## Either use predefined policy with some adjustments or use `podSecurityPolicy.spec` + ## + allowPrivilegeEscalation: false + ## @param podSecurityPolicy.privileged Allow privileged + ## + privileged: false + ## @param podSecurityPolicy.spec Specify the full spec to use for Pod Security Policy + ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + ## Defining a spec ignores the above values. + ## + spec: {} + ## Example: + ## allowPrivilegeEscalation: false + ## fsGroup: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## hostIPC: false + ## hostNetwork: false + ## hostPID: false + ## privileged: false + ## readOnlyRootFilesystem: false + ## requiredDropCapabilities: + ## - ALL + ## runAsUser: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## seLinux: + ## rule: 'RunAsAny' + ## supplementalGroups: + ## rule: 'MustRunAs' + ## ranges: + ## - min: 1001 + ## max: 1001 + ## volumes: + ## - 'configMap' + ## - 'secret' + ## - 'emptyDir' + ## - 'persistentVolumeClaim' + ## + +## @section Volume Permissions parameters +## +## Init Container parameters +## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component +## values from the securityContext section of the component +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` + ## + enabled: false + ## @param volumePermissions.image.registry Init container volume-permissions image registry + ## @param volumePermissions.image.repository Init container volume-permissions image repository + ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: drycc/drycc-shell + tag: 11-debian-11-r37 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param volumePermissions.resources.limits Init container volume-permissions resource limits + ## @param volumePermissions.resources.requests Init container volume-permissions resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## Init container Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false and shmVolume.chmod.enabled=false + ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container + ## + securityContext: + runAsUser: 0 + +## @section Arbiter parameters +## + +arbiter: + ## @param arbiter.enabled Enable deploying the arbiter + ## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/ + ## + enabled: false + ## @param arbiter.hostAliases Add deployment host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param arbiter.configuration Arbiter configuration file to be used + ## http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configuration: "" + ## @param arbiter.existingConfigmap Name of existing ConfigMap with Arbiter configuration + ## NOTE: When it's set the arbiter.configuration parameter is ignored + ## + existingConfigmap: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param arbiter.command Override default container command (useful when using custom images) + ## @param arbiter.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## @param arbiter.extraFlags Arbiter additional command line flags + ## Example: + ## extraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + extraFlags: [] + ## @param arbiter.extraEnvVars Extra environment variables to add to Arbiter pods + ## E.g: + ## extraEnvVars: + ## - name: FOO + ## value: BAR + ## + extraEnvVars: [] + ## @param arbiter.extraEnvVarsCM Name of existing ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param arbiter.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) + ## + extraEnvVarsSecret: "" + ## @param arbiter.annotations Additional labels to be added to the Arbiter statefulset + ## + annotations: {} + ## @param arbiter.labels Annotations to be added to the Arbiter statefulset + ## + labels: {} + ## @param arbiter.topologySpreadConstraints MongoDB(®) Spread Constraints for arbiter Pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + ## @param arbiter.lifecycleHooks LifecycleHook for the Arbiter container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param arbiter.terminationGracePeriodSeconds Arbiter Termination Grace Period + ## + terminationGracePeriodSeconds: "" + ## @param arbiter.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: RollingUpdate + ## @param arbiter.podManagementPolicy Pod management policy for MongoDB(®) + ## Should be initialized one by one when building the replicaset for the first time + ## + podManagementPolicy: OrderedReady + ## @param arbiter.schedulerName Name of the scheduler (other than default) to dispatch pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param arbiter.podAffinityPreset Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param arbiter.podAntiAffinityPreset Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param arbiter.nodeAffinityPreset.type Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param arbiter.nodeAffinityPreset.key Arbiter Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param arbiter.nodeAffinityPreset.values Arbiter Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param arbiter.affinity Arbiter Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: arbiter.podAffinityPreset, arbiter.podAntiAffinityPreset, and arbiter.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param arbiter.nodeSelector Arbiter Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param arbiter.tolerations Arbiter Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param arbiter.podLabels Arbiter pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param arbiter.podAnnotations Arbiter Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param arbiter.priorityClassName Name of the existing priority class to be used by Arbiter pod(s) + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param arbiter.runtimeClassName Name of the runtime class to be used by Arbiter pod(s) + ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ + ## + runtimeClassName: "" + ## MongoDB(®) Arbiter pods' Security Context. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param arbiter.podSecurityContext.enabled Enable Arbiter pod(s)' Security Context + ## @param arbiter.podSecurityContext.fsGroup Group ID for the volumes of the Arbiter pod(s) + ## @param arbiter.podSecurityContext.sysctls sysctl settings of the Arbiter pod(s)' + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] + ## MongoDB(®) Arbiter containers' Security Context (only main container). + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param arbiter.containerSecurityContext.enabled Enable Arbiter container(s)' Security Context + ## @param arbiter.containerSecurityContext.runAsUser User ID for the Arbiter container + ## @param arbiter.containerSecurityContext.runAsNonRoot Set Arbiter containers' Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## MongoDB(®) Arbiter containers' resource requests and limits. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param arbiter.resources.limits The resources limits for Arbiter containers + ## @param arbiter.resources.requests The requested resources for Arbiter containers + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port + ## + containerPorts: + mongodb: 27017 + ## MongoDB(®) Arbiter pods' liveness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.livenessProbe.enabled Enable livenessProbe + ## @param arbiter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param arbiter.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param arbiter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param arbiter.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param arbiter.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Arbiter pods' readiness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.readinessProbe.enabled Enable readinessProbe + ## @param arbiter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param arbiter.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param arbiter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param arbiter.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param arbiter.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Arbiter pods' startup probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param arbiter.startupProbe.enabled Enable startupProbe + ## @param arbiter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param arbiter.startupProbe.periodSeconds Period seconds for startupProbe + ## @param arbiter.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param arbiter.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param arbiter.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param arbiter.customLivenessProbe Override default liveness probe for Arbiter containers + ## Ignored when arbiter.livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param arbiter.customReadinessProbe Override default readiness probe for Arbiter containers + ## Ignored when arbiter.readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param arbiter.customStartupProbe Override default startup probe for Arbiter containers + ## Ignored when arbiter.startupProbe.enabled=true + ## + customStartupProbe: {} + ## @param arbiter.initContainers Add additional init containers for the Arbiter pod(s) + ## Example: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + initContainers: [] + ## @param arbiter.sidecars Add additional sidecar containers for the Arbiter pod(s) + ## Example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param arbiter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Arbiter container(s) + ## Examples: + ## extraVolumeMounts: + ## - name: extras + ## mountPath: /usr/share/extras + ## readOnly: true + ## + extraVolumeMounts: [] + ## @param arbiter.extraVolumes Optionally specify extra list of additional volumes to the Arbiter statefulset + ## extraVolumes: + ## - name: extras + ## emptyDir: {} + ## + extraVolumes: [] + ## MongoDB(®) Arbiter Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + ## @param arbiter.pdb.create Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) + ## + create: false + ## @param arbiter.pdb.minAvailable Minimum number/percentage of Arbiter pods that should remain scheduled + ## + minAvailable: 1 + ## @param arbiter.pdb.maxUnavailable Maximum number/percentage of Arbiter pods that may be made unavailable + ## + maxUnavailable: "" + ## MongoDB(®) Arbiter service parameters + ## + service: + ## @param arbiter.service.nameOverride The arbiter service name + ## + nameOverride: "" + ## @param arbiter.service.ports.mongodb MongoDB(®) service port + ## + ports: + mongodb: 27017 + ## @param arbiter.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param arbiter.service.annotations Provide any additional annotations that may be required + ## + annotations: {} + +## @section Hidden Node parameters +## + +hidden: + ## @param hidden.enabled Enable deploying the hidden nodes + ## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/ + ## + enabled: false + ## @param hidden.hostAliases Add deployment host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param hidden.configuration Hidden node configuration file to be used + ## http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configuration: "" + ## @param hidden.existingConfigmap Name of existing ConfigMap with Hidden node configuration + ## NOTE: When it's set the hidden.configuration parameter is ignored + ## + existingConfigmap: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param hidden.command Override default container command (useful when using custom images) + ## @param hidden.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## @param hidden.extraFlags Hidden node additional command line flags + ## Example: + ## extraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + extraFlags: [] + ## @param hidden.extraEnvVars Extra environment variables to add to Hidden node pods + ## E.g: + ## extraEnvVars: + ## - name: FOO + ## value: BAR + ## + extraEnvVars: [] + ## @param hidden.extraEnvVarsCM Name of existing ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param hidden.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) + ## + extraEnvVarsSecret: "" + ## @param hidden.annotations Additional labels to be added to thehidden node statefulset + ## + annotations: {} + ## @param hidden.labels Annotations to be added to the hidden node statefulset + ## + labels: {} + ## @param hidden.topologySpreadConstraints MongoDB(®) Spread Constraints for hidden Pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + ## @param hidden.lifecycleHooks LifecycleHook for the Hidden container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param hidden.replicaCount Number of hidden nodes (only when `architecture=replicaset`) + ## Ignored when mongodb.architecture=standalone + ## + replicaCount: 1 + ## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period + ## + terminationGracePeriodSeconds: "" + ## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: RollingUpdate + ## @param hidden.podManagementPolicy Pod management policy for hidden node + ## + podManagementPolicy: OrderedReady + ## @param hidden.schedulerName Name of the scheduler (other than default) to dispatch pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param hidden.podAffinityPreset Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param hidden.podAntiAffinityPreset Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## Allowed values: soft, hard + ## + nodeAffinityPreset: + ## @param hidden.nodeAffinityPreset.type Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param hidden.nodeAffinityPreset.key Hidden Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param hidden.nodeAffinityPreset.values Hidden Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param hidden.affinity Hidden node Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param hidden.nodeSelector Hidden node Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param hidden.tolerations Hidden node Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param hidden.podLabels Hidden node pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param hidden.podAnnotations Hidden node Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param hidden.priorityClassName Name of the existing priority class to be used by hidden node pod(s) + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param hidden.runtimeClassName Name of the runtime class to be used by hidden node pod(s) + ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ + ## + runtimeClassName: "" + ## MongoDB(®) Hidden pods' Security Context. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param hidden.podSecurityContext.enabled Enable Hidden pod(s)' Security Context + ## @param hidden.podSecurityContext.fsGroup Group ID for the volumes of the Hidden pod(s) + ## @param hidden.podSecurityContext.sysctls sysctl settings of the Hidden pod(s)' + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## sysctl settings + ## Example: + ## sysctls: + ## - name: net.core.somaxconn + ## value: "10000" + ## + sysctls: [] + ## MongoDB(®) Hidden containers' Security Context (only main container). + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param hidden.containerSecurityContext.enabled Enable Hidden container(s)' Security Context + ## @param hidden.containerSecurityContext.runAsUser User ID for the Hidden container + ## @param hidden.containerSecurityContext.runAsNonRoot Set Hidden containers' Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## MongoDB(®) Hidden containers' resource requests and limits. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param hidden.resources.limits The resources limits for hidden node containers + ## @param hidden.resources.requests The requested resources for hidden node containers + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param hidden.containerPorts.mongodb MongoDB(®) hidden container port + containerPorts: + mongodb: 27017 + ## MongoDB(®) Hidden pods' liveness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param hidden.livenessProbe.enabled Enable livenessProbe + ## @param hidden.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param hidden.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param hidden.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param hidden.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param hidden.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## MongoDB(®) Hidden pods' readiness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param hidden.readinessProbe.enabled Enable readinessProbe + ## @param hidden.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param hidden.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param hidden.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param hidden.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param hidden.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + ## Slow starting containers can be protected through startup probes + ## Startup probes are available in Kubernetes version 1.16 and above + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes + ## @param hidden.startupProbe.enabled Enable startupProbe + ## @param hidden.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param hidden.startupProbe.periodSeconds Period seconds for startupProbe + ## @param hidden.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param hidden.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param hidden.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param hidden.customLivenessProbe Override default liveness probe for hidden node containers + ## Ignored when hidden.livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param hidden.customReadinessProbe Override default readiness probe for hidden node containers + ## Ignored when hidden.readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param hidden.customStartupProbe Override default startup probe for MongoDB(®) containers + ## Ignored when hidden.startupProbe.enabled=true + ## + customStartupProbe: {} + ## @param hidden.initContainers Add init containers to the MongoDB(®) Hidden pods. + ## Example: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + initContainers: [] + ## @param hidden.sidecars Add additional sidecar containers for the hidden node pod(s) + ## Example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param hidden.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the hidden node container(s) + ## Examples: + ## extraVolumeMounts: + ## - name: extras + ## mountPath: /usr/share/extras + ## readOnly: true + ## + extraVolumeMounts: [] + ## @param hidden.extraVolumes Optionally specify extra list of additional volumes to the hidden node statefulset + ## extraVolumes: + ## - name: extras + ## emptyDir: {} + ## + extraVolumes: [] + ## MongoDB(®) Hidden Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + ## @param hidden.pdb.create Enable/disable a Pod Disruption Budget creation for hidden node pod(s) + ## + create: false + ## @param hidden.pdb.minAvailable Minimum number/percentage of hidden node pods that should remain scheduled + ## + minAvailable: 1 + ## @param hidden.pdb.maxUnavailable Maximum number/percentage of hidden node pods that may be made unavailable + ## + maxUnavailable: "" + ## Enable persistence using Persistent Volume Claims + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param hidden.persistence.enabled Enable hidden node data persistence using PVC + ## + enabled: true + ## @param hidden.persistence.medium Provide a medium for `emptyDir` volumes. + ## Requires hidden.persistence.enabled: false + ## + medium: "" + ## @param hidden.persistence.storageClass PVC Storage Class for hidden node data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param hidden.persistence.accessModes PV Access Mode + ## + accessModes: + - ReadWriteOnce + ## @param hidden.persistence.size PVC Storage Request for hidden node data volume + ## + size: 8Gi + ## @param hidden.persistence.annotations PVC annotations + ## + annotations: {} + ## @param hidden.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB(®) images. + ## + mountPath: /drycc/mongodb + ## @param hidden.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: "" + ## Fine tuning for volumeClaimTemplates + ## + volumeClaimTemplates: + ## @param hidden.persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) + ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details + ## + selector: {} + ## @param hidden.persistence.volumeClaimTemplates.requests Custom PVC requests attributes + ## Sometime cloud providers use additional requests attributes to provision custom storage instance + ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset + ## + requests: {} + ## @param hidden.persistence.volumeClaimTemplates.dataSource Set volumeClaimTemplate dataSource + ## + dataSource: {} + service: + ## @param hidden.service.portName MongoDB(®) service port name + ## + portName: "mongodb" + ## @param hidden.service.ports.mongodb MongoDB(®) service port + ## + ports: + mongodb: 27017 + ## @param hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param hidden.service.annotations Provide any additional annotations that may be required + ## + annotations: {} + +## @section Metrics parameters +## + +metrics: + ## @param metrics.enabled Enable using a sidecar Prometheus exporter + ## + enabled: false + ## Drycc MongoDB(®) Promtheus Exporter image + ## ref: https://hub.docker.com/r/drycc/mongodb-exporter/tags/ + ## @param metrics.image.registry MongoDB(®) Prometheus exporter image registry + ## @param metrics.image.repository MongoDB(®) Prometheus exporter image repository + ## @param metrics.image.tag MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) + ## @param metrics.image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param metrics.image.pullPolicy MongoDB(®) Prometheus exporter image pull policy + ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: drycc/mongodb-exporter + tag: 0.34.0-debian-11-r19 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + ## @param metrics.username String with username for the metrics exporter + ## If undefined the root user will be used for the metrics exporter + username: "" + ## @param metrics.password String with password for the metrics exporter + ## If undefined but metrics.username is defined, a random password will be generated + password: "" + ## @param metrics.extraFlags String with extra flags to the metrics exporter + ## ref: https://github.com/percona/mongodb_exporter/blob/master/mongodb_exporter.go + ## + extraFlags: "" + ## Command and args for running the container (set to default if not set). Use array form + ## @param metrics.command Override default container command (useful when using custom images) + ## @param metrics.args Override default container args (useful when using custom images) + ## + command: [] + args: [] + ## Metrics exporter container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param metrics.resources.limits The resources limits for Prometheus exporter containers + ## @param metrics.resources.requests The requested resources for Prometheus exporter containers + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param metrics.containerPort Port of the Prometheus metrics container + ## + containerPort: 9216 + ## Prometheus Exporter service configuration + ## + service: + ## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + prometheus.io/path: "/metrics" + ## @param metrics.service.type Type of the Prometheus metrics service + ## + type: ClusterIP + ## @param metrics.service.ports.metrics Port of the Prometheus metrics service + ## + ports: + metrics: 9216 + ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## Metrics exporter liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param metrics.livenessProbe.enabled Enable livenessProbe + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 5 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + ## Metrics exporter readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param metrics.readinessProbe.enabled Enable readinessProbe + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + ## Slow starting containers can be protected through startup probes + ## Startup probes are available in Kubernetes version 1.16 and above + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes + ## @param metrics.startupProbe.enabled Enable startupProbe + ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe + ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + ## @param metrics.customLivenessProbe Override default liveness probe for MongoDB(®) containers + ## Ignored when livenessProbe.enabled=true + ## + customLivenessProbe: {} + ## @param metrics.customReadinessProbe Override default readiness probe for MongoDB(®) containers + ## Ignored when readinessProbe.enabled=true + ## + customReadinessProbe: {} + ## @param metrics.customStartupProbe Override default startup probe for MongoDB(®) containers + ## Ignored when startupProbe.enabled=true + ## + customStartupProbe: {} + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion. + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + labels: {} + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/drycc/charts/tree/master/drycc/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## Custom PrometheusRule to be defined + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator + ## + enabled: false + ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.prometheusRule.namespace Namespace where prometheusRules resource should be created + ## + namespace: "" + ## @param metrics.prometheusRule.rules Rules to be created, check values for an example + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup + ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ + ## + ## This is an example of a rule, you should add the below code block under the "rules" param, removing the brackets + ## rules: + ## - alert: HighRequestLatency + ## expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5 + ## for: 10m + ## labels: + ## severity: page + ## annotations: + ## summary: High request latency + ## + rules: [] + +## Mongodb Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port Mongodb is listening + ## on. When true, Mongodb will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] diff --git a/addons/mongodb/7.0/meta.yaml b/addons/mongodb/7.0/meta.yaml new file mode 100644 index 00000000..9bfe6bb4 --- /dev/null +++ b/addons/mongodb/7.0/meta.yaml @@ -0,0 +1,24 @@ +name: mongodb +version: 7.0 +id: 383f7316-84f3-4955-8491-1d4b02b749c8 +description: "mongodb" +displayName: "mongodb" +metadata: + displayName: "mongodb" + provider: + name: drycc + supportURL: https://www.mongodb.com/docs/manual/ + documentationURL: https://www.mongodb.com/docs/manual/ +tags: mongodb +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "service.type" + required: false + description: "service type config for values.yaml" +- name: "networkPolicy.allowNamespaces" + required: false + description: "networkPolicy allowNamespaces config for values.yaml" +archive: false \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml new file mode 100644 index 00000000..b70bcfb0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1c2g10" +id: 8e0ff3e6-f633-4c25-8ff1-6d25cdc2ed98 +description: "mongodb standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G " +displayName: "standard-1c2g10" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml b/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml new file mode 100644 index 00000000..2f543d11 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-1c2g10/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-1c2g10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 1000m + memory: 2Gi + requests: + cpu: 1000m + memory: 2Gi + +persistence: + size: 10Gi From 455dc68e29a11ac5cebf410c5abad0bf2a2d4c8b Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 9 May 2024 14:21:44 +0800 Subject: [PATCH 076/122] chore(grafana): add plans --- .../{standard-5 => standard-1c1g5}/bind.yaml | 0 .../{standard-5 => standard-1c1g5}/meta.yaml | 0 .../values.yaml | 0 .../10/plans/standard-2c4g10/bind.yaml | 29 +++++++++++++++++++ .../10/plans/standard-2c4g10/meta.yaml | 6 ++++ .../10/plans/standard-2c4g10/values.yaml | 14 +++++++++ .../10/plans/standard-4c8g15/bind.yaml | 29 +++++++++++++++++++ .../10/plans/standard-4c8g15/meta.yaml | 6 ++++ .../10/plans/standard-4c8g15/values.yaml | 14 +++++++++ 9 files changed, 98 insertions(+) rename addons/grafana/10/plans/{standard-5 => standard-1c1g5}/bind.yaml (100%) rename addons/grafana/10/plans/{standard-5 => standard-1c1g5}/meta.yaml (100%) rename addons/grafana/10/plans/{standard-5 => standard-1c1g5}/values.yaml (100%) create mode 100644 addons/grafana/10/plans/standard-2c4g10/bind.yaml create mode 100644 addons/grafana/10/plans/standard-2c4g10/meta.yaml create mode 100644 addons/grafana/10/plans/standard-2c4g10/values.yaml create mode 100644 addons/grafana/10/plans/standard-4c8g15/bind.yaml create mode 100644 addons/grafana/10/plans/standard-4c8g15/meta.yaml create mode 100644 addons/grafana/10/plans/standard-4c8g15/values.yaml diff --git a/addons/grafana/10/plans/standard-5/bind.yaml b/addons/grafana/10/plans/standard-1c1g5/bind.yaml similarity index 100% rename from addons/grafana/10/plans/standard-5/bind.yaml rename to addons/grafana/10/plans/standard-1c1g5/bind.yaml diff --git a/addons/grafana/10/plans/standard-5/meta.yaml b/addons/grafana/10/plans/standard-1c1g5/meta.yaml similarity index 100% rename from addons/grafana/10/plans/standard-5/meta.yaml rename to addons/grafana/10/plans/standard-1c1g5/meta.yaml diff --git a/addons/grafana/10/plans/standard-5/values.yaml b/addons/grafana/10/plans/standard-1c1g5/values.yaml similarity index 100% rename from addons/grafana/10/plans/standard-5/values.yaml rename to addons/grafana/10/plans/standard-1c1g5/values.yaml diff --git a/addons/grafana/10/plans/standard-2c4g10/bind.yaml b/addons/grafana/10/plans/standard-2c4g10/bind.yaml new file mode 100644 index 00000000..ba4641b9 --- /dev/null +++ b/addons/grafana/10/plans/standard-2c4g10/bind.yaml @@ -0,0 +1,29 @@ +credential: + {{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.names.fullname" . }}-admin + jsonpath: '{ .data.GF_SECURITY_ADMIN_PASSWORD }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ include "common.names.fullname" . }}-admin + jsonpath: '{ .data.GF_SECURITY_ADMIN_USER }' + - name: PORT + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.ports[?(@.name=="http")].port }' + diff --git a/addons/grafana/10/plans/standard-2c4g10/meta.yaml b/addons/grafana/10/plans/standard-2c4g10/meta.yaml new file mode 100644 index 00000000..57ec73b0 --- /dev/null +++ b/addons/grafana/10/plans/standard-2c4g10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g10" +id: 837227d2-1522-45b9-abfe-7b631bd3bc91 +description: "grafana plan standard-2c4g10 which limit 2c4g ,default persistence size 10Gi." +displayName: "2c4g10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/grafana/10/plans/standard-2c4g10/values.yaml b/addons/grafana/10/plans/standard-2c4g10/values.yaml new file mode 100644 index 00000000..5c7adfbf --- /dev/null +++ b/addons/grafana/10/plans/standard-2c4g10/values.yaml @@ -0,0 +1,14 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-grafana-standard-10 + +resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi + +persistence: + size: 10Gi \ No newline at end of file diff --git a/addons/grafana/10/plans/standard-4c8g15/bind.yaml b/addons/grafana/10/plans/standard-4c8g15/bind.yaml new file mode 100644 index 00000000..ba4641b9 --- /dev/null +++ b/addons/grafana/10/plans/standard-4c8g15/bind.yaml @@ -0,0 +1,29 @@ +credential: + {{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.names.fullname" . }}-admin + jsonpath: '{ .data.GF_SECURITY_ADMIN_PASSWORD }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ include "common.names.fullname" . }}-admin + jsonpath: '{ .data.GF_SECURITY_ADMIN_USER }' + - name: PORT + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.ports[?(@.name=="http")].port }' + diff --git a/addons/grafana/10/plans/standard-4c8g15/meta.yaml b/addons/grafana/10/plans/standard-4c8g15/meta.yaml new file mode 100644 index 00000000..63abd120 --- /dev/null +++ b/addons/grafana/10/plans/standard-4c8g15/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c8g15" +id: bb2f6e62-b279-40a4-967b-20aa5c12e770 +description: "grafana plan standard-4c8g15 which limit 4c8g ,default persistence size 15Gi." +displayName: "4c8g15" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/grafana/10/plans/standard-4c8g15/values.yaml b/addons/grafana/10/plans/standard-4c8g15/values.yaml new file mode 100644 index 00000000..d92cd6ee --- /dev/null +++ b/addons/grafana/10/plans/standard-4c8g15/values.yaml @@ -0,0 +1,14 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-grafana-standard-15 + +resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 4000m + memory: 8Gi + +persistence: + size: 15Gi \ No newline at end of file From c02ad8ffe4b056e5b25f89f507715d76de88978f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 10 May 2024 11:14:58 +0800 Subject: [PATCH 077/122] chore(prometheus): add namespace containers base metrics --- .../prometheus/templates/networkpolicy.yaml | 6 +++ .../templates/server/configmap.yaml | 1 - .../templates/server/deployment.yaml | 1 - .../prometheus/2/chart/prometheus/values.yaml | 42 ++++++++----------- addons/prometheus/2/meta.yaml | 19 ++++++--- .../prometheus/2/plans/standard-10/meta.yaml | 6 --- .../2/plans/standard-10/values.yaml | 8 ---- .../prometheus/2/plans/standard-100/meta.yaml | 6 --- .../2/plans/standard-100/values.yaml | 8 ---- .../bind.yaml | 0 .../create-instance-schema.json | 0 .../meta.yaml | 4 +- .../2/plans/standard-16c32g500/values.yaml | 15 +++++++ .../bind.yaml | 0 .../create-instance-schema.json | 0 .../2/plans/standard-1c1g10/meta.yaml | 6 +++ .../2/plans/standard-1c1g10/values.yaml | 15 +++++++ .../2/plans/standard-200/values.yaml | 8 ---- .../bind.yaml | 0 .../create-instance-schema.json | 0 .../2/plans/standard-2c4g50/meta.yaml | 6 +++ .../values.yaml | 9 +++- .../bind.yaml | 0 .../create-instance-schema.json | 0 .../2/plans/standard-4c8g100/meta.yaml | 6 +++ .../2/plans/standard-4c8g100/values.yaml | 15 +++++++ .../prometheus/2/plans/standard-50/meta.yaml | 6 --- .../2/plans/standard-500/values.yaml | 8 ---- .../bind.yaml | 0 .../create-instance-schema.json | 0 .../meta.yaml | 4 +- .../2/plans/standard-8c16g200/values.yaml | 15 +++++++ 32 files changed, 126 insertions(+), 88 deletions(-) delete mode 100644 addons/prometheus/2/plans/standard-10/meta.yaml delete mode 100644 addons/prometheus/2/plans/standard-10/values.yaml delete mode 100644 addons/prometheus/2/plans/standard-100/meta.yaml delete mode 100644 addons/prometheus/2/plans/standard-100/values.yaml rename addons/prometheus/2/plans/{standard-100 => standard-16c32g500}/bind.yaml (100%) rename addons/prometheus/2/plans/{standard-10 => standard-16c32g500}/create-instance-schema.json (100%) rename addons/prometheus/2/plans/{standard-500 => standard-16c32g500}/meta.yaml (52%) create mode 100644 addons/prometheus/2/plans/standard-16c32g500/values.yaml rename addons/prometheus/2/plans/{standard-10 => standard-1c1g10}/bind.yaml (100%) rename addons/prometheus/2/plans/{standard-100 => standard-1c1g10}/create-instance-schema.json (100%) create mode 100644 addons/prometheus/2/plans/standard-1c1g10/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-1c1g10/values.yaml delete mode 100644 addons/prometheus/2/plans/standard-200/values.yaml rename addons/prometheus/2/plans/{standard-200 => standard-2c4g50}/bind.yaml (100%) rename addons/prometheus/2/plans/{standard-200 => standard-2c4g50}/create-instance-schema.json (100%) create mode 100644 addons/prometheus/2/plans/standard-2c4g50/meta.yaml rename addons/prometheus/2/plans/{standard-50 => standard-2c4g50}/values.yaml (56%) rename addons/prometheus/2/plans/{standard-50 => standard-4c8g100}/bind.yaml (100%) rename addons/prometheus/2/plans/{standard-50 => standard-4c8g100}/create-instance-schema.json (100%) create mode 100644 addons/prometheus/2/plans/standard-4c8g100/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-4c8g100/values.yaml delete mode 100644 addons/prometheus/2/plans/standard-50/meta.yaml delete mode 100644 addons/prometheus/2/plans/standard-500/values.yaml rename addons/prometheus/2/plans/{standard-500 => standard-8c16g200}/bind.yaml (100%) rename addons/prometheus/2/plans/{standard-500 => standard-8c16g200}/create-instance-schema.json (100%) rename addons/prometheus/2/plans/{standard-200 => standard-8c16g200}/meta.yaml (52%) create mode 100644 addons/prometheus/2/plans/standard-8c16g200/values.yaml diff --git a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml index 3b86d46e..51aa1a90 100644 --- a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml @@ -20,6 +20,7 @@ spec: podSelector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if eq .Values.server.service.type "ClusterIP" }} ingress: # Allow inbound connections - ports: @@ -44,4 +45,9 @@ spec: {{- end }} {{- end }} {{- end }} + {{- end }} + {{- if eq .Values.server.service.type "LoadBalancer" }} + ingress: + - {} + {{- end}} {{- end }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml index 8297025d..c2cf9d56 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml @@ -22,5 +22,4 @@ data: {{- include "common.tplvalues.render" (dict "value" .Values.server.webconfig "context" $) | toYaml | nindent 4 }} rules.yaml: {{- include "common.tplvalues.render" (dict "value" .Values.server.rules "context" $) | toYaml | nindent 4 }} - {{- end }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml index 83711fde..f1a5e88b 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml @@ -149,7 +149,6 @@ spec: args: - "--config.file=/opt/drycc/prometheus/conf/{{ include "prometheus.server.configmapKey" . }}" - "--storage.tsdb.path={{ .Values.server.persistence.mountPath }}" - - "--storage.tsdb.retention.time={{ .Values.server.retentionDays }}" - "--storage.tsdb.retention.size={{ .Values.server.retentionSize }}" - "--log.level={{ .Values.server.logLevel }}" - "--log.format={{ .Values.server.logFormat }}" diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 0f497da7..bf00f231 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -564,7 +564,10 @@ alertmanager: ## app: my-app ## selector: {} - +drycc: + token: xxxxx + url: xxxx + scheme: https ## @section Prometheus server Parameters ## ## Drycc Prometheus image @@ -577,8 +580,8 @@ alertmanager: ## @param server.image.pullSecrets Prometheus image pull secrets ## server: - username: admin - password: Sx3EIELCA + username: xxxx + password: xxxx image: registry: registry.drycc.cc repository: drycc-addons/prometheus @@ -658,26 +661,20 @@ server: ## @param server.alertingRules Prometheus alerting rules. This content will be stored in the the rules.yaml file and the content can be a template. ## ref: ## - rules: | - {{` - groups: - - name: PG数据库-监控告警 - rules: - - alert: PostgresqlDown - expr: pg_up == 0 - for: 0m - labels: - severity: critical - annotations: - summary: Postgresql down (instance {{ $labels.instance }}) - description: "Postgresql instance is down\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" - - `}} + rules: "" ## @param server.extraScrapeConfigs Promethus configuration, useful to declare new scrape_configs. This content will be merged with the 'server.configuration' value and stored in the the prometheus.yaml file. ## ref: ## - extraScrapeConfigs: [] + extraScrapeConfigs: + - job_name: 'containers' + scheme: '{{ .Values.drycc.scheme }}' + metrics_path: /v2/apps/{{ include "common.names.namespace" . }}/metrics + authorization: + type: Token + credentials: '{{ .Values.drycc.token }}' + static_configs: + - targets: [ '{{ .Values.drycc.url }}' ] ## @param server.replicaCount Number of Prometheus replicas to deploy ## @@ -1503,8 +1500,7 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: - - traefik + allowNamespaces: [] ## @section Init Container Parameters ## @@ -1557,10 +1553,6 @@ volumePermissions: scrapeAddons: enabled: true -scrapeNamespaces: - - xx1 - - xx2 - configmapReload: prometheus: ## If false, the configmap-reload container will not be deployed diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index a95995b0..c0047a1c 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -24,15 +24,22 @@ allow_parameters: - name: "alertmanager.enabled" required: false description: "alertmanager config for values.yaml" -- name: "server.retentionDays" +- name: "server.username" required: false - description: "retentionDays config for values.yaml default 15d" -- name: "server.retentionSize" + description: "prometheus administor username" +- name: "server.password" required: false - description: "retentionSize config for values.yaml default 0, unit MB, GB, TB" + description: "prometheus administor password" +- name: "drycc.token" + required: false + description: "drycc user token" +- name: "drycc.url" + required: false + description: "drycc url" +- name: "drycc.scheme" + required: false + description: "drycc scheme" - name: "server.rules" required: false description: "rules config for values.yaml" -- name: "scrapeNamespaces" - required: false archive: false diff --git a/addons/prometheus/2/plans/standard-10/meta.yaml b/addons/prometheus/2/plans/standard-10/meta.yaml deleted file mode 100644 index deb9b860..00000000 --- a/addons/prometheus/2/plans/standard-10/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-10" -id: c0a84136-5799-4267-b7bd-7b4398bcff72 -description: "Prometheus Cluster standard-10 plan persistence size 10Gi." -displayName: "10Gi" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-10/values.yaml b/addons/prometheus/2/plans/standard-10/values.yaml deleted file mode 100644 index 06e89f6a..00000000 --- a/addons/prometheus/2/plans/standard-10/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-prometheus-standard-10 - -server: - persistence: - size: 10Gi - # retentionSize: 8GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-100/meta.yaml b/addons/prometheus/2/plans/standard-100/meta.yaml deleted file mode 100644 index fdc3185e..00000000 --- a/addons/prometheus/2/plans/standard-100/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-100" -id: 118aada0-4826-4dba-83d8-989fbf47c55a -description: "Prometheus Cluster standard-100 plan persistence size 100Gi." -displayName: "100Gi" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-100/values.yaml b/addons/prometheus/2/plans/standard-100/values.yaml deleted file mode 100644 index 7e8b3d46..00000000 --- a/addons/prometheus/2/plans/standard-100/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-prometheus-standard-100 - -server: - persistence: - size: 100Gi - # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-100/bind.yaml b/addons/prometheus/2/plans/standard-16c32g500/bind.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-100/bind.yaml rename to addons/prometheus/2/plans/standard-16c32g500/bind.yaml diff --git a/addons/prometheus/2/plans/standard-10/create-instance-schema.json b/addons/prometheus/2/plans/standard-16c32g500/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plans/standard-10/create-instance-schema.json rename to addons/prometheus/2/plans/standard-16c32g500/create-instance-schema.json diff --git a/addons/prometheus/2/plans/standard-500/meta.yaml b/addons/prometheus/2/plans/standard-16c32g500/meta.yaml similarity index 52% rename from addons/prometheus/2/plans/standard-500/meta.yaml rename to addons/prometheus/2/plans/standard-16c32g500/meta.yaml index d58ee8e0..80b40ae3 100644 --- a/addons/prometheus/2/plans/standard-500/meta.yaml +++ b/addons/prometheus/2/plans/standard-16c32g500/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-500" +name: "standard-16c32g500" id: c28dc645-f17d-4304-a3f9-5dcaabad2a49 -description: "Prometheus Cluster standard-500 plan persistence size 500Gi." +description: "Prometheus server plan standard-16c32g500." displayName: "500Gi" bindable: true maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-16c32g500/values.yaml b/addons/prometheus/2/plans/standard-16c32g500/values.yaml new file mode 100644 index 00000000..dbb7f395 --- /dev/null +++ b/addons/prometheus/2/plans/standard-16c32g500/values.yaml @@ -0,0 +1,15 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-16c32g500 + +server: + resources: + limits: + cpu: 16000m + memory: 32Gi + requests: + cpu: 16000m + memory: 32Gi + persistence: + size: 500Gi + retentionSize: 498GB \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-10/bind.yaml b/addons/prometheus/2/plans/standard-1c1g10/bind.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-10/bind.yaml rename to addons/prometheus/2/plans/standard-1c1g10/bind.yaml diff --git a/addons/prometheus/2/plans/standard-100/create-instance-schema.json b/addons/prometheus/2/plans/standard-1c1g10/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plans/standard-100/create-instance-schema.json rename to addons/prometheus/2/plans/standard-1c1g10/create-instance-schema.json diff --git a/addons/prometheus/2/plans/standard-1c1g10/meta.yaml b/addons/prometheus/2/plans/standard-1c1g10/meta.yaml new file mode 100644 index 00000000..009714ad --- /dev/null +++ b/addons/prometheus/2/plans/standard-1c1g10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1c1g10" +id: c0a84136-5799-4267-b7bd-7b4398bcff72 +description: "Prometheus server plan standard-1c1g10." +displayName: "1c1g10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-1c1g10/values.yaml b/addons/prometheus/2/plans/standard-1c1g10/values.yaml new file mode 100644 index 00000000..b10bb91f --- /dev/null +++ b/addons/prometheus/2/plans/standard-1c1g10/values.yaml @@ -0,0 +1,15 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-1c1g10 + +server: + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 1000m + memory: 1Gi + persistence: + size: 10Gi + retentionSize: 8GB \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-200/values.yaml b/addons/prometheus/2/plans/standard-200/values.yaml deleted file mode 100644 index c5f2a7e5..00000000 --- a/addons/prometheus/2/plans/standard-200/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-prometheus-standard-200 - -server: - persistence: - size: 200Gi - # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-200/bind.yaml b/addons/prometheus/2/plans/standard-2c4g50/bind.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-200/bind.yaml rename to addons/prometheus/2/plans/standard-2c4g50/bind.yaml diff --git a/addons/prometheus/2/plans/standard-200/create-instance-schema.json b/addons/prometheus/2/plans/standard-2c4g50/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plans/standard-200/create-instance-schema.json rename to addons/prometheus/2/plans/standard-2c4g50/create-instance-schema.json diff --git a/addons/prometheus/2/plans/standard-2c4g50/meta.yaml b/addons/prometheus/2/plans/standard-2c4g50/meta.yaml new file mode 100644 index 00000000..1d46c14b --- /dev/null +++ b/addons/prometheus/2/plans/standard-2c4g50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g50" +id: eb7b3f73-dd94-4d05-8a48-63e7775f534d +description: "Prometheus server plan standard-2c4g50." +displayName: "2c4g50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-50/values.yaml b/addons/prometheus/2/plans/standard-2c4g50/values.yaml similarity index 56% rename from addons/prometheus/2/plans/standard-50/values.yaml rename to addons/prometheus/2/plans/standard-2c4g50/values.yaml index b59af0aa..31da543c 100644 --- a/addons/prometheus/2/plans/standard-50/values.yaml +++ b/addons/prometheus/2/plans/standard-2c4g50/values.yaml @@ -3,6 +3,13 @@ fullnameOverride: hb-prometheus-standard-50 server: + resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi persistence: size: 50Gi - # retentionSize: 48GBi \ No newline at end of file + retentionSize: 48GB \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-4c8g100/bind.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-50/bind.yaml rename to addons/prometheus/2/plans/standard-4c8g100/bind.yaml diff --git a/addons/prometheus/2/plans/standard-50/create-instance-schema.json b/addons/prometheus/2/plans/standard-4c8g100/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plans/standard-50/create-instance-schema.json rename to addons/prometheus/2/plans/standard-4c8g100/create-instance-schema.json diff --git a/addons/prometheus/2/plans/standard-4c8g100/meta.yaml b/addons/prometheus/2/plans/standard-4c8g100/meta.yaml new file mode 100644 index 00000000..3288c553 --- /dev/null +++ b/addons/prometheus/2/plans/standard-4c8g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c8g100" +id: 118aada0-4826-4dba-83d8-989fbf47c55a +description: "Prometheus server plan standard-4c8g100." +displayName: "100Gi" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-4c8g100/values.yaml b/addons/prometheus/2/plans/standard-4c8g100/values.yaml new file mode 100644 index 00000000..2aedee7d --- /dev/null +++ b/addons/prometheus/2/plans/standard-4c8g100/values.yaml @@ -0,0 +1,15 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-4c8g100 + +server: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 4000m + memory: 8Gi + persistence: + size: 100Gi + retentionSize: 98GB \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/meta.yaml b/addons/prometheus/2/plans/standard-50/meta.yaml deleted file mode 100644 index 0baaf0f9..00000000 --- a/addons/prometheus/2/plans/standard-50/meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: "standard-50" -id: eb7b3f73-dd94-4d05-8a48-63e7775f534d -description: "Prometheus Cluster standard-50 plan persistence size 50Gi." -displayName: "50Gi" -bindable: true -maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-500/values.yaml b/addons/prometheus/2/plans/standard-500/values.yaml deleted file mode 100644 index 2b8e6318..00000000 --- a/addons/prometheus/2/plans/standard-500/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-prometheus-standard-500 - -server: - persistence: - size: 500Gi - # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-500/bind.yaml b/addons/prometheus/2/plans/standard-8c16g200/bind.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-500/bind.yaml rename to addons/prometheus/2/plans/standard-8c16g200/bind.yaml diff --git a/addons/prometheus/2/plans/standard-500/create-instance-schema.json b/addons/prometheus/2/plans/standard-8c16g200/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plans/standard-500/create-instance-schema.json rename to addons/prometheus/2/plans/standard-8c16g200/create-instance-schema.json diff --git a/addons/prometheus/2/plans/standard-200/meta.yaml b/addons/prometheus/2/plans/standard-8c16g200/meta.yaml similarity index 52% rename from addons/prometheus/2/plans/standard-200/meta.yaml rename to addons/prometheus/2/plans/standard-8c16g200/meta.yaml index ddc6523c..72baec3e 100644 --- a/addons/prometheus/2/plans/standard-200/meta.yaml +++ b/addons/prometheus/2/plans/standard-8c16g200/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-200" +name: "standard-8c16g200" id: be99a35d-dbb4-4e17-8b27-1f00c5bca057 -description: "Prometheus Cluster standard-200 plan persistence size 200Gi." +description: "Prometheus server plan standard-8c16g200." displayName: "200Gi" bindable: true maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-8c16g200/values.yaml b/addons/prometheus/2/plans/standard-8c16g200/values.yaml new file mode 100644 index 00000000..dfd0bf66 --- /dev/null +++ b/addons/prometheus/2/plans/standard-8c16g200/values.yaml @@ -0,0 +1,15 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-8c16g200 + +server: + resources: + limits: + cpu: 8000m + memory: 16Gi + requests: + cpu: 8000m + memory: 16Gi + persistence: + size: 200Gi + retentionSize: 198GB \ No newline at end of file From cdfb83fd6768ffc4370214e27d55e81c8ba312bd Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 14 May 2024 15:40:56 +0800 Subject: [PATCH 078/122] chore(grafana): add plans --- .../grafana/10/plans/standard-1c1g5/values.yaml | 15 ++++++++------- .../grafana/10/plans/standard-2c4g10/values.yaml | 16 ++++++++-------- .../grafana/10/plans/standard-4c8g15/values.yaml | 15 ++++++++------- 3 files changed, 24 insertions(+), 22 deletions(-) diff --git a/addons/grafana/10/plans/standard-1c1g5/values.yaml b/addons/grafana/10/plans/standard-1c1g5/values.yaml index ce943f14..f25675fc 100644 --- a/addons/grafana/10/plans/standard-1c1g5/values.yaml +++ b/addons/grafana/10/plans/standard-1c1g5/values.yaml @@ -2,13 +2,14 @@ ## fullnameOverride: hb-grafana-standard-5 -resources: - limits: - cpu: 1000m - memory: 1024Mi - requests: - cpu: 1000m - memory: 1024Mi +grafana: + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 1000m + memory: 1Gi persistence: size: 5Gi \ No newline at end of file diff --git a/addons/grafana/10/plans/standard-2c4g10/values.yaml b/addons/grafana/10/plans/standard-2c4g10/values.yaml index 5c7adfbf..8c60f5b9 100644 --- a/addons/grafana/10/plans/standard-2c4g10/values.yaml +++ b/addons/grafana/10/plans/standard-2c4g10/values.yaml @@ -1,14 +1,14 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## fullnameOverride: hb-grafana-standard-10 - -resources: - limits: - cpu: 2000m - memory: 4Gi - requests: - cpu: 2000m - memory: 4Gi +grafana: + resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi persistence: size: 10Gi \ No newline at end of file diff --git a/addons/grafana/10/plans/standard-4c8g15/values.yaml b/addons/grafana/10/plans/standard-4c8g15/values.yaml index d92cd6ee..33df72ff 100644 --- a/addons/grafana/10/plans/standard-4c8g15/values.yaml +++ b/addons/grafana/10/plans/standard-4c8g15/values.yaml @@ -2,13 +2,14 @@ ## fullnameOverride: hb-grafana-standard-15 -resources: - limits: - cpu: 4000m - memory: 8Gi - requests: - cpu: 4000m - memory: 8Gi +grafana: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 4000m + memory: 8Gi persistence: size: 15Gi \ No newline at end of file From 26980a26105c639ef752d60da58dc4c7aea4fe57 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 14 May 2024 15:41:20 +0800 Subject: [PATCH 079/122] chore(pmm): add plans --- .../2.41/plans/standard-2c2g10/values.yaml | 10 +++---- .../pmm/2.41/plans/standard-4c8g100/bind.yaml | 15 ++++++++++ .../create-instance-schema.json} | 0 .../pmm/2.41/plans/standard-4c8g100/meta.yaml | 6 ++++ .../2.41/plans/standard-4c8g100/values.yaml | 30 +++++++++++++++++++ .../2.41/plans/standard-8c16g200/bind.yaml | 15 ++++++++++ .../create-instance-schema.json | 12 ++++++++ .../2.41/plans/standard-8c16g200/meta.yaml | 6 ++++ .../2.41/plans/standard-8c16g200/values.yaml | 30 +++++++++++++++++++ 9 files changed, 119 insertions(+), 5 deletions(-) create mode 100644 addons/pmm/2.41/plans/standard-4c8g100/bind.yaml rename addons/pmm/2.41/plans/{standard-2c2g10/create-instance-schema.json~merged => standard-4c8g100/create-instance-schema.json} (100%) create mode 100644 addons/pmm/2.41/plans/standard-4c8g100/meta.yaml create mode 100644 addons/pmm/2.41/plans/standard-4c8g100/values.yaml create mode 100644 addons/pmm/2.41/plans/standard-8c16g200/bind.yaml create mode 100644 addons/pmm/2.41/plans/standard-8c16g200/create-instance-schema.json create mode 100644 addons/pmm/2.41/plans/standard-8c16g200/meta.yaml create mode 100644 addons/pmm/2.41/plans/standard-8c16g200/values.yaml diff --git a/addons/pmm/2.41/plans/standard-2c2g10/values.yaml b/addons/pmm/2.41/plans/standard-2c2g10/values.yaml index 676edb9d..dbca0885 100644 --- a/addons/pmm/2.41/plans/standard-2c2g10/values.yaml +++ b/addons/pmm/2.41/plans/standard-2c2g10/values.yaml @@ -1,6 +1,6 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: pmm-standard-10 +fullnameOverride: pmm-standard-2c2g10 ## MinIO® containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ @@ -13,12 +13,12 @@ fullnameOverride: pmm-standard-10 ## pmmResources: requests: - memory: "4Gi" - cpu: "4" + memory: "2Gi" + cpu: "2" hugepages-2Mi: 4Mi limits: - memory: "4Gi" - cpu: "4" + memory: "2Gi" + cpu: "2" hugepages-2Mi: 4Mi ## @section Persistence parameters diff --git a/addons/pmm/2.41/plans/standard-4c8g100/bind.yaml b/addons/pmm/2.41/plans/standard-4c8g100/bind.yaml new file mode 100644 index 00000000..973abc94 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-4c8g100/bind.yaml @@ -0,0 +1,15 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + value: 80 \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-2c2g10/create-instance-schema.json~merged b/addons/pmm/2.41/plans/standard-4c8g100/create-instance-schema.json similarity index 100% rename from addons/pmm/2.41/plans/standard-2c2g10/create-instance-schema.json~merged rename to addons/pmm/2.41/plans/standard-4c8g100/create-instance-schema.json diff --git a/addons/pmm/2.41/plans/standard-4c8g100/meta.yaml b/addons/pmm/2.41/plans/standard-4c8g100/meta.yaml new file mode 100644 index 00000000..a69cbf46 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-4c8g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c8g100" +id: f0056f40-4cf2-40f1-935c-9d7f6f98ea72 +description: "pmm standard-4c8g100G" +displayName: "standard-4c8g100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/pmm/2.41/plans/standard-4c8g100/values.yaml b/addons/pmm/2.41/plans/standard-4c8g100/values.yaml new file mode 100644 index 00000000..d38ab596 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-4c8g100/values.yaml @@ -0,0 +1,30 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: pmm-standard-4c8g100 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +pmmResources: + requests: + memory: "8Gi" + cpu: "4" + hugepages-2Mi: 4Mi + limits: + memory: "8Gi" + cpu: "4" + hugepages-2Mi: 4Mi + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +storage: + size: 100Gi diff --git a/addons/pmm/2.41/plans/standard-8c16g200/bind.yaml b/addons/pmm/2.41/plans/standard-8c16g200/bind.yaml new file mode 100644 index 00000000..973abc94 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-8c16g200/bind.yaml @@ -0,0 +1,15 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "pmm.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + value: 80 \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-8c16g200/create-instance-schema.json b/addons/pmm/2.41/plans/standard-8c16g200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-8c16g200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/pmm/2.41/plans/standard-8c16g200/meta.yaml b/addons/pmm/2.41/plans/standard-8c16g200/meta.yaml new file mode 100644 index 00000000..2830d4d4 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-8c16g200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c16g200" +id: 8059d78d-8ed1-4dd2-8f05-80dc63b321c3 +description: "pmm standard-8c16g200 " +displayName: "standard-8c16g200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/pmm/2.41/plans/standard-8c16g200/values.yaml b/addons/pmm/2.41/plans/standard-8c16g200/values.yaml new file mode 100644 index 00000000..b1f6f068 --- /dev/null +++ b/addons/pmm/2.41/plans/standard-8c16g200/values.yaml @@ -0,0 +1,30 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: pmm-standard-8c16g200 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +pmmResources: + requests: + memory: "16Gi" + cpu: "8" + hugepages-2Mi: 4Mi + limits: + memory: "16Gi" + cpu: "8" + hugepages-2Mi: 4Mi + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +storage: + size: 200Gi From 51412a639becc7c4b9c1c8054f89158c8c3a0346 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 14 May 2024 15:41:47 +0800 Subject: [PATCH 080/122] chore(prometheus): add plans --- .../prometheus/templates/_scrape_config.tpl | 1 + .../prometheus/templates/networkpolicy.yaml | 2 +- .../prometheus/2/chart/prometheus/values.yaml | 37 +++++++++++++------ addons/prometheus/2/meta.yaml | 11 ++---- 4 files changed, 31 insertions(+), 20 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index 4e078fe8..d89b798e 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -60,6 +60,7 @@ relabel_configs: - __meta_kubernetes_service_name target_label: service - source_labels: + - __meta_kubernetes_pod_name target_label: pod - source_labels: diff --git a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml index 51aa1a90..3e5bd000 100644 --- a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml @@ -44,7 +44,7 @@ spec: kubernetes.io/metadata.name: {{ $namespace }} {{- end }} {{- end }} - {{- end }} + {{- end }} {{- end }} {{- if eq .Values.server.service.type "LoadBalancer" }} ingress: diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index bf00f231..87ff3e47 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -564,10 +564,12 @@ alertmanager: ## app: my-app ## selector: {} -drycc: + +containerScrape: token: xxxxx url: xxxx scheme: https + namespaces: [] ## @section Prometheus server Parameters ## ## Drycc Prometheus image @@ -641,6 +643,24 @@ server: - job_name: addons {{- include "addons.ds_scrape_config" (dict "context" $) | nindent 4 }} {{- end }} + + {{ $scheme := .Values.containerScrape.scheme }} + {{ $token := .Values.containerScrape.token }} + {{ $url := .Values.containerScrape.url }} + {{- range $namespace := .Values.containerScrape.namespaces }} + + {{- if $namespace }} + - job_name: 'jobns-%s {{ $namespace }}' + scheme: {{ $scheme }} + metrics_path: /v2/apps/{{ $namespace }}/metrics + authorization: + type: Token + credentials: {{ $token }} + static_configs: + - targets: [ {{ $url }} ] + {{- end }} + {{- end }} + {{- if .Values.server.extraScrapeConfigs}} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraScrapeConfigs "context" $) | nindent 2 }} {{- end }} @@ -657,7 +677,7 @@ server: static_configs: - targets: [ "{{ printf "%s.%s.svc.%s:%d" (include "prometheus.alertmanager.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain (int .Values.alertmanager.service.ports.http) }}" ] {{- end }} - + ## @param server.alertingRules Prometheus alerting rules. This content will be stored in the the rules.yaml file and the content can be a template. ## ref: ## @@ -666,16 +686,9 @@ server: ## @param server.extraScrapeConfigs Promethus configuration, useful to declare new scrape_configs. This content will be merged with the 'server.configuration' value and stored in the the prometheus.yaml file. ## ref: ## - extraScrapeConfigs: - - job_name: 'containers' - scheme: '{{ .Values.drycc.scheme }}' - metrics_path: /v2/apps/{{ include "common.names.namespace" . }}/metrics - authorization: - type: Token - credentials: '{{ .Values.drycc.token }}' - static_configs: - - targets: [ '{{ .Values.drycc.url }}' ] - + + extraScrapeConfigs: [] + ## @param server.replicaCount Number of Prometheus replicas to deploy ## replicaCount: 1 diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index c0047a1c..4b39707e 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -30,15 +30,12 @@ allow_parameters: - name: "server.password" required: false description: "prometheus administor password" -- name: "drycc.token" +- name: "containerScrape" required: false - description: "drycc user token" -- name: "drycc.url" + description: "container scrape" +- name: "extraScrapeConfigs" required: false - description: "drycc url" -- name: "drycc.scheme" - required: false - description: "drycc scheme" + description: "extra scrape configs" - name: "server.rules" required: false description: "rules config for values.yaml" From e85ba0c39d2d42b1c6027dadbc158ba75af05dcb Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 14 May 2024 16:09:55 +0800 Subject: [PATCH 081/122] chore(mongodb): enable metrics --- addons/index.yaml | 5 ++++- .../7.0/chart/mongodb/templates/hidden/statefulset.yaml | 2 +- .../chart/mongodb/templates/replicaset/statefulset.yaml | 2 +- .../7.0/chart/mongodb/templates/standalone/dep-sts.yaml | 2 +- addons/mongodb/7.0/chart/mongodb/values.yaml | 8 ++++---- 5 files changed, 11 insertions(+), 8 deletions(-) diff --git a/addons/index.yaml b/addons/index.yaml index 0ec08fc0..7fb5ca90 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -56,4 +56,7 @@ entries: description: "Percona Monitoring and Management: an open source database monitoring, observability and management tool ." mongodb: - version: 7.0 - description: "MongoDB is a document database designed for ease of application development and scaling." \ No newline at end of file + description: "MongoDB is a document database designed for ease of application development and scaling." + clickhouse: + - version: 24 + description: "ClickHouse is the fastest and most resource efficient open-source database for real-time apps and analytics." \ No newline at end of file diff --git a/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml index 56ce237b..9373d937 100644 --- a/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml +++ b/addons/mongodb/7.0/chart/mongodb/templates/hidden/statefulset.yaml @@ -393,7 +393,7 @@ spec: {{- else }} args: - | - /bin/mongodb_exporter --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + mongodb_exporter --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} {{- end }} env: {{- if .Values.auth.enabled }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml index e7c0ff1c..6a385860 100644 --- a/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml +++ b/addons/mongodb/7.0/chart/mongodb/templates/replicaset/statefulset.yaml @@ -403,7 +403,7 @@ spec: {{- else }} args: - | - /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} {{- end }} env: {{- if .Values.auth.enabled }} diff --git a/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml b/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml index ba3b74d2..6ef4530c 100644 --- a/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml +++ b/addons/mongodb/7.0/chart/mongodb/templates/standalone/dep-sts.yaml @@ -341,7 +341,7 @@ spec: {{- else }} args: - | - /bin/mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} + mongodb_exporter --collect-all --compatible-mode --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} {{- end }} env: {{- if .Values.auth.enabled }} diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index 3ffc0b04..afb479ed 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -1822,7 +1822,7 @@ hidden: metrics: ## @param metrics.enabled Enable using a sidecar Prometheus exporter ## - enabled: false + enabled: true ## Drycc MongoDB(®) Promtheus Exporter image ## ref: https://hub.docker.com/r/drycc/mongodb-exporter/tags/ ## @param metrics.image.registry MongoDB(®) Prometheus exporter image registry @@ -1833,9 +1833,9 @@ metrics: ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array ## image: - registry: docker.io - repository: drycc/mongodb-exporter - tag: 0.34.0-debian-11-r19 + registry: registry.drycc.cc + repository: drycc-addons/mongodb_exporterr + tag: 0 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 4df630654885a6a2bd4840da5d2736308b767e53 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 14 May 2024 16:12:10 +0800 Subject: [PATCH 082/122] chore(mongodb): enable metrics --- addons/mongodb/7.0/chart/mongodb/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index afb479ed..b196cd90 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -1834,7 +1834,7 @@ metrics: ## image: registry: registry.drycc.cc - repository: drycc-addons/mongodb_exporterr + repository: drycc-addons/mongodb_exporter tag: 0 digest: "" pullPolicy: IfNotPresent From 3a1800986dabe25878a1d9b7330889bce17a29ae Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 14 May 2024 17:45:54 +0800 Subject: [PATCH 083/122] fix(mongodb): networkpolicy for exporter --- addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml | 1 + addons/mongodb/7.0/chart/mongodb/values.yaml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml index 26149ccb..91ca0aa1 100644 --- a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml +++ b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml @@ -21,6 +21,7 @@ spec: # Allow inbound connections - ports: - port: {{ .Values.service.ports.mongodb }} + - port: {{ .Values.metrics.service..ports.metrics }} {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index b196cd90..9068cec9 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -1834,7 +1834,7 @@ metrics: ## image: registry: registry.drycc.cc - repository: drycc-addons/mongodb_exporter + repository: drycc-addons/mongodb-exporter tag: 0 digest: "" pullPolicy: IfNotPresent From 42bce72945d7ef0f65a3854432b96a6f85b460ca Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 15 May 2024 09:05:10 +0800 Subject: [PATCH 084/122] megre(prometheus): megre upstream --- .../2/chart/prometheus/templates/networkpolicy.yaml | 4 ---- addons/prometheus/2/meta.yaml | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ .../create-instance-schema.json~merged | 12 ------------ 5 files changed, 52 deletions(-) delete mode 100644 addons/prometheus/2/plans/standard-16c32g500/create-instance-schema.json~merged delete mode 100644 addons/prometheus/2/plans/standard-1c1g10/create-instance-schema.json~merged delete mode 100644 addons/prometheus/2/plans/standard-2c4g50/create-instance-schema.json~merged diff --git a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml index 69c28664..3e5bd000 100644 --- a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml @@ -46,10 +46,6 @@ spec: {{- end }} {{- end }} {{- end }} -<<<<<<< HEAD -======= - {{- end }} ->>>>>>> 453a91857971275fb746127d5c3d9100c3c8215c {{- if eq .Values.server.service.type "LoadBalancer" }} ingress: - {} diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index 772c9ddb..4b39707e 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -30,24 +30,12 @@ allow_parameters: - name: "server.password" required: false description: "prometheus administor password" -<<<<<<< HEAD - name: "containerScrape" required: false description: "container scrape" - name: "extraScrapeConfigs" required: false description: "extra scrape configs" -======= -- name: "drycc.token" - required: false - description: "drycc user token" -- name: "drycc.url" - required: false - description: "drycc url" -- name: "drycc.scheme" - required: false - description: "drycc scheme" ->>>>>>> 453a91857971275fb746127d5c3d9100c3c8215c - name: "server.rules" required: false description: "rules config for values.yaml" diff --git a/addons/prometheus/2/plans/standard-16c32g500/create-instance-schema.json~merged b/addons/prometheus/2/plans/standard-16c32g500/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/prometheus/2/plans/standard-16c32g500/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-1c1g10/create-instance-schema.json~merged b/addons/prometheus/2/plans/standard-1c1g10/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/prometheus/2/plans/standard-1c1g10/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-2c4g50/create-instance-schema.json~merged b/addons/prometheus/2/plans/standard-2c4g50/create-instance-schema.json~merged deleted file mode 100644 index 66ebbaa0..00000000 --- a/addons/prometheus/2/plans/standard-2c4g50/create-instance-schema.json~merged +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "imagePullPolicy": { - "type": "string", - "enum": ["Always", "IfNotPresent", "Never"], - "default": "IfNotPresent", - "title": "Image pull policy" - } - } -} \ No newline at end of file From b7e8456ba7707b5f1fb337e07f2ab533e5667694 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 15 May 2024 09:12:12 +0800 Subject: [PATCH 085/122] megre(mongodb): megre upstream --- addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml index 91ca0aa1..28b22388 100644 --- a/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml +++ b/addons/mongodb/7.0/chart/mongodb/templates/networkpolicy.yaml @@ -21,7 +21,7 @@ spec: # Allow inbound connections - ports: - port: {{ .Values.service.ports.mongodb }} - - port: {{ .Values.metrics.service..ports.metrics }} + - port: {{ .Values.metrics.service.ports.metrics }} {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} From e9205e993716d594697942ad150c916cb6fc0b03 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 15 May 2024 10:34:56 +0800 Subject: [PATCH 086/122] chore(mongodb): add plans --- addons/mongodb/7.0/chart/mongodb/values.yaml | 18 ++++-------- .../7.0/plans/standard-16c64g400/bind.yaml | 28 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++ .../7.0/plans/standard-16c64g400/meta.yaml | 6 ++++ .../7.0/plans/standard-16c64g400/values.yaml | 23 +++++++++++++++ .../7.0/plans/standard-2c4g20/bind.yaml | 28 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++ .../7.0/plans/standard-2c4g20/meta.yaml | 6 ++++ .../7.0/plans/standard-2c4g20/values.yaml | 23 +++++++++++++++ .../7.0/plans/standard-2c8g50/bind.yaml | 28 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++ .../7.0/plans/standard-2c8g50/meta.yaml | 6 ++++ .../7.0/plans/standard-2c8g50/values.yaml | 23 +++++++++++++++ .../7.0/plans/standard-32c128g800/bind.yaml | 28 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++ .../7.0/plans/standard-32c128g800/meta.yaml | 6 ++++ .../7.0/plans/standard-32c128g800/values.yaml | 23 +++++++++++++++ .../7.0/plans/standard-4c16g100/bind.yaml | 28 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++ .../7.0/plans/standard-4c16g100/meta.yaml | 6 ++++ .../7.0/plans/standard-4c16g100/values.yaml | 23 +++++++++++++++ .../7.0/plans/standard-8c32g200/bind.yaml | 28 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++ .../7.0/plans/standard-8c32g200/meta.yaml | 6 ++++ .../7.0/plans/standard-8c32g200/values.yaml | 23 +++++++++++++++ 25 files changed, 420 insertions(+), 12 deletions(-) create mode 100644 addons/mongodb/7.0/plans/standard-16c64g400/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-16c64g400/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-16c64g400/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-16c64g400/values.yaml create mode 100644 addons/mongodb/7.0/plans/standard-2c4g20/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-2c4g20/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-2c4g20/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-2c4g20/values.yaml create mode 100644 addons/mongodb/7.0/plans/standard-2c8g50/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-2c8g50/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-2c8g50/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-2c8g50/values.yaml create mode 100644 addons/mongodb/7.0/plans/standard-32c128g800/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-32c128g800/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-32c128g800/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-32c128g800/values.yaml create mode 100644 addons/mongodb/7.0/plans/standard-4c16g100/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-4c16g100/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-4c16g100/values.yaml create mode 100644 addons/mongodb/7.0/plans/standard-8c32g200/bind.yaml create mode 100644 addons/mongodb/7.0/plans/standard-8c32g200/create-instance-schema.json create mode 100644 addons/mongodb/7.0/plans/standard-8c32g200/meta.yaml create mode 100644 addons/mongodb/7.0/plans/standard-8c32g200/values.yaml diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index 9068cec9..01e95fd8 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -1873,18 +1873,12 @@ metrics: ## @param metrics.resources.requests The requested resources for Prometheus exporter containers ## resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi ## @param metrics.containerPort Port of the Prometheus metrics container ## containerPort: 9216 diff --git a/addons/mongodb/7.0/plans/standard-16c64g400/bind.yaml b/addons/mongodb/7.0/plans/standard-16c64g400/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-16c64g400/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-16c64g400/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-16c64g400/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-16c64g400/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-16c64g400/meta.yaml b/addons/mongodb/7.0/plans/standard-16c64g400/meta.yaml new file mode 100644 index 00000000..22874e09 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-16c64g400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-16c64g400" +id: ae0a6495-8a57-4282-ba6c-7887078bc36a +description: "mongodb standard-16c64g400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G " +displayName: "standard-16c64g400" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml b/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml new file mode 100644 index 00000000..7e5e03a0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-16c64g400 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 16000m + memory: 64Gi + requests: + cpu: 16000m + memory: 64Gi + +persistence: + size: 400Gi diff --git a/addons/mongodb/7.0/plans/standard-2c4g20/bind.yaml b/addons/mongodb/7.0/plans/standard-2c4g20/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c4g20/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-2c4g20/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-2c4g20/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c4g20/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-2c4g20/meta.yaml b/addons/mongodb/7.0/plans/standard-2c4g20/meta.yaml new file mode 100644 index 00000000..d57e9ae5 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c4g20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g20" +id: 7a599bfe-42fe-45f0-a7e5-d706cceeb75a +description: "mongodb standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G " +displayName: "standard-2c4g20" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-2c4g20/values.yaml b/addons/mongodb/7.0/plans/standard-2c4g20/values.yaml new file mode 100644 index 00000000..9b7336ab --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c4g20/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-2c4g20 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi + +persistence: + size: 20Gi diff --git a/addons/mongodb/7.0/plans/standard-2c8g50/bind.yaml b/addons/mongodb/7.0/plans/standard-2c8g50/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c8g50/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-2c8g50/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-2c8g50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c8g50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-2c8g50/meta.yaml b/addons/mongodb/7.0/plans/standard-2c8g50/meta.yaml new file mode 100644 index 00000000..7e9d6bdc --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c8g50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c8g50" +id: 97810a15-2758-4c30-a758-fed359b3de90 +description: "mongodb standard-2c8g50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G " +displayName: "standard-2c8g50" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-2c8g50/values.yaml b/addons/mongodb/7.0/plans/standard-2c8g50/values.yaml new file mode 100644 index 00000000..e86171e5 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-2c8g50/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-2c8g50 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 2000m + memory: 8Gi + requests: + cpu: 2000m + memory: 8Gi + +persistence: + size: 50Gi diff --git a/addons/mongodb/7.0/plans/standard-32c128g800/bind.yaml b/addons/mongodb/7.0/plans/standard-32c128g800/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-32c128g800/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-32c128g800/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-32c128g800/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-32c128g800/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-32c128g800/meta.yaml b/addons/mongodb/7.0/plans/standard-32c128g800/meta.yaml new file mode 100644 index 00000000..f0003f6a --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-32c128g800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-32c128g800" +id: 3d08527b-4ed9-46e5-8f29-dd38a8b12513 +description: "mongodb standard-32c128g800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G " +displayName: "standard-32c128g800" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml b/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml new file mode 100644 index 00000000..c5074501 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-32c128g800 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 32000m + memory: 128Gi + requests: + cpu: 32000m + memory: 128Gi + +persistence: + size: 800Gi diff --git a/addons/mongodb/7.0/plans/standard-4c16g100/bind.yaml b/addons/mongodb/7.0/plans/standard-4c16g100/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-4c16g100/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-4c16g100/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-4c16g100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-4c16g100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml b/addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml new file mode 100644 index 00000000..b70bcfb0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-1c2g10" +id: 8e0ff3e6-f633-4c25-8ff1-6d25cdc2ed98 +description: "mongodb standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G " +displayName: "standard-1c2g10" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-4c16g100/values.yaml b/addons/mongodb/7.0/plans/standard-4c16g100/values.yaml new file mode 100644 index 00000000..51c69c34 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-4c16g100/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-4c16g100 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 4000m + memory: 16Gi + requests: + cpu: 4000m + memory: 16Gi + +persistence: + size: 100Gi diff --git a/addons/mongodb/7.0/plans/standard-8c32g200/bind.yaml b/addons/mongodb/7.0/plans/standard-8c32g200/bind.yaml new file mode 100644 index 00000000..13939fc0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-8c32g200/bind.yaml @@ -0,0 +1,28 @@ +{{- $fullName := include "mongodb.fullname" . }} +{{- $replicaCount := .Values.replicaCount | int }} +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + {{- range $i, $e := until $replicaCount }} + - name: {{ printf "EXTRANET_HOST_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} +{{- end }} +{{- range $i, $e := until $replicaCount }} + - name: {{ printf "HOSTNAME_%d" $i }} + valueFrom: + serviceRef: + name: {{ printf "%s-%d" $fullName $i }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.mongodb-root-password }' + - name: USERNAME + value: 'root' + - name: PORT + value: 27017 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-8c32g200/create-instance-schema.json b/addons/mongodb/7.0/plans/standard-8c32g200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-8c32g200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-8c32g200/meta.yaml b/addons/mongodb/7.0/plans/standard-8c32g200/meta.yaml new file mode 100644 index 00000000..e2229462 --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-8c32g200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c32g200" +id: 5d77eae9-03d4-4642-a583-964563d9b456 +description: "mongodb standard-8c32g200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G " +displayName: "standard-8c32g200" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml b/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml new file mode 100644 index 00000000..16158f0f --- /dev/null +++ b/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mongo-cluster-standard-8c32g200 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 8000m + memory: 32Gi + requests: + cpu: 8000m + memory: 32Gi + +persistence: + size: 200Gi From 269a5b5a487ac757b9ac54e82968787f511388ce Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 16 May 2024 17:10:04 +0800 Subject: [PATCH 087/122] fix(mongodb): plan meta uuid and metrics probe --- addons/mongodb/7.0/chart/mongodb/values.yaml | 18 +++++++++--------- .../7.0/plans/standard-4c16g100/meta.yaml | 8 ++++---- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index 01e95fd8..e26c875e 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -1913,10 +1913,10 @@ metrics: ## livenessProbe: enabled: true - initialDelaySeconds: 15 - periodSeconds: 5 + initialDelaySeconds: 60 + periodSeconds: 30 timeoutSeconds: 5 - failureThreshold: 3 + failureThreshold: 5 successThreshold: 1 ## Metrics exporter readiness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) @@ -1929,10 +1929,10 @@ metrics: ## readinessProbe: enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 1 - failureThreshold: 3 + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 5 successThreshold: 1 ## Slow starting containers can be protected through startup probes ## Startup probes are available in Kubernetes version 1.16 and above @@ -1946,8 +1946,8 @@ metrics: ## startupProbe: enabled: false - initialDelaySeconds: 5 - periodSeconds: 10 + initialDelaySeconds: 60 + periodSeconds: 30 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 30 diff --git a/addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml b/addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml index b70bcfb0..ce086d84 100644 --- a/addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml +++ b/addons/mongodb/7.0/plans/standard-4c16g100/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-1c2g10" -id: 8e0ff3e6-f633-4c25-8ff1-6d25cdc2ed98 -description: "mongodb standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G " -displayName: "standard-1c2g10" +name: "standard-4c16g100" +id: a7409cf8-dc92-42ff-95e8-8223d849afe4 +description: "mongodb standard-4c16g100 plan: Disk 100Gi ,vCPUs c , RAM 16G " +displayName: "standard-4c16g100" bindable: true maximum_polling_duration: 1800 \ No newline at end of file From b47a2be09d7a52fb335b6e9a20a9ed7da58f911d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 16 May 2024 17:39:01 +0800 Subject: [PATCH 088/122] chore(mongodb): add user for exporter --- addons/mongodb/7.0/chart/mongodb/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mongodb/7.0/chart/mongodb/values.yaml b/addons/mongodb/7.0/chart/mongodb/values.yaml index e26c875e..ae599f98 100644 --- a/addons/mongodb/7.0/chart/mongodb/values.yaml +++ b/addons/mongodb/7.0/chart/mongodb/values.yaml @@ -1849,7 +1849,7 @@ metrics: ## @param metrics.username String with username for the metrics exporter ## If undefined the root user will be used for the metrics exporter - username: "" + username: "user_exporter" ## @param metrics.password String with password for the metrics exporter ## If undefined but metrics.username is defined, a random password will be generated password: "" From c4796d6ea71b830a38d245745bdd9dd860cd81c9 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 17 May 2024 09:12:20 +0800 Subject: [PATCH 089/122] chore(mysql): update images registry address --- .../8.0/chart/mysql-cluster/templates/cluster/job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml index aa9ecfed..19bc1f9e 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml @@ -27,7 +27,7 @@ spec: - {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.cluster.local initContainers: - name: init-wait - image: registry.uucin.com/drycc/python-dev:latest + image: registry.drycc.cc/drycc/python-dev:latest imagePullPolicy: {{.Values.imagePullPolicy}} args: - netcat From a69d6c9d6176d4bc13e8958b354de5148e6c8542 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 17 May 2024 09:23:55 +0800 Subject: [PATCH 090/122] chore(prometheus): support kubernetes services probe --- .../prometheus/templates/_scrape_config.tpl | 152 +++++++++++++++++- .../prometheus/2/chart/prometheus/values.yaml | 38 +++-- addons/prometheus/2/meta.yaml | 2 +- 3 files changed, 174 insertions(+), 18 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index d89b798e..cba7ac84 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -87,7 +87,7 @@ relabel_configs: action: keep {{- end -}} -{{- define "addons.ds_scrape_config" -}} +{{- define "addons.kubernetes-service-endpoints" -}} honor_labels: true kubernetes_sd_configs: - role: endpoints @@ -121,6 +121,8 @@ relabel_configs: replacement: __param_$1 - action: labelmap regex: __meta_kubernetes_service_label_(.+) + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) - source_labels: [__meta_kubernetes_namespace] action: replace target_label: namespace @@ -131,3 +133,151 @@ relabel_configs: action: replace target_label: node {{- end -}} + +{{- define "addons.kubernetes-service-endpoints-slow" -}} +honor_labels: true +scrape_interval: 5m +scrape_timeout: 30s +kubernetes_sd_configs: + - role: endpoints + namespaces: + own_namespace: true + names: + - {{ include "common.names.namespace" .context }} +relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node +{{- end -}} + +{{- define "addons.kubernetes-pods" -}} +honor_labels: true +kubernetes_sd_configs: + - role: pod + namespaces: + own_namespace: true + names: + - {{ include "common.names.namespace" .context }} + +relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] + action: replace + regex: (https?) + target_label: __scheme__ + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_ip] + action: replace + regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}) + replacement: '[$2]:$1' + target_label: __address__ + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_ip] + action: replace + regex: (\d+);((([0-9]+?)(\.|$)){4}) + replacement: $2:$1 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod + - source_labels: [__meta_kubernetes_pod_phase] + regex: Pending|Succeeded|Failed|Completed + action: drop + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node +{{- end -}} + +{{- define "addons.kubernetes-pods-slow" -}} +honor_labels: true +scrape_interval: 5m +scrape_timeout: 30s +kubernetes_sd_configs: + - role: pod + namespaces: + own_namespace: true + names: + - {{ include "common.names.namespace" .context }} + +relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] + action: replace + regex: (https?) + target_label: __scheme__ + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_ip] + action: replace + regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}) + replacement: '[$2]:$1' + target_label: __address__ + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_ip] + action: replace + regex: (\d+);((([0-9]+?)(\.|$)){4}) + replacement: $2:$1 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod + - source_labels: [__meta_kubernetes_pod_phase] + regex: Pending|Succeeded|Failed|Completed + action: drop + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node +{{- end -}} \ No newline at end of file diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 0b9f47ec..de5908bb 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -565,11 +565,11 @@ alertmanager: ## selector: {} -containerScrape: +drycc: token: xxxxx - url: xxxx - scheme: https - namespaces: [] + endpoint: drycc-controller-api.drycc.svc.cluster.local + scheme: http + apps: [] ## @section Prometheus server Parameters ## @@ -583,8 +583,8 @@ containerScrape: ## @param server.image.pullSecrets Prometheus image pull secrets ## server: - username: xxxx - password: xxxx + username: admin + password: admin image: registry: registry.drycc.cc repository: drycc-addons/prometheus @@ -641,24 +641,30 @@ server: {{- include "prometheus.scrape_config" (dict "component" "alertmanager" "context" $) | nindent 4 }} {{- end }} {{- if .Values.scrapeAddons.enabled }} - - job_name: addons - {{- include "addons.ds_scrape_config" (dict "context" $) | nindent 4 }} + - job_name: kubernetes-service-endpoints + {{- include "addons.kubernetes-service-endpoints" (dict "context" $) | nindent 4 }} + - job_name: kubernetes-service-endpoints-slow + {{- include "addons.kubernetes-service-endpoints-slow" (dict "context" $) | nindent 4 }} + - job_name: kubernetes-pods + {{- include "addons.kubernetes-pods" (dict "context" $) | nindent 4 }} + - job_name: kubernetes-pods-slow + {{- include "addons.kubernetes-pods-slow" (dict "context" $) | nindent 4 }} {{- end }} - {{ $scheme := .Values.containerScrape.scheme }} - {{ $token := .Values.containerScrape.token }} - {{ $url := .Values.containerScrape.url }} - {{- range $namespace := .Values.containerScrape.namespaces }} + {{ $scheme := .Values.drycc.scheme }} + {{ $token := .Values.drycc.token }} + {{ $endpoint := .Values.drycc.endpoint }} + {{- range $app := .Values.drycc.apps }} - {{- if $namespace }} - - job_name: 'jobns-%s {{ $namespace }}' + {{- if $app }} + - job_name: 'drycc-apps-{{ $app }}' scheme: {{ $scheme }} - metrics_path: /v2/apps/{{ $namespace }}/metrics + metrics_path: /v2/apps/{{ $app }}/metrics authorization: type: Token credentials: {{ $token }} static_configs: - - targets: [ {{ $url }} ] + - targets: [ {{ $endpoint }} ] {{- end }} {{- end }} diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index 4b39707e..215d939a 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -30,7 +30,7 @@ allow_parameters: - name: "server.password" required: false description: "prometheus administor password" -- name: "containerScrape" +- name: "drycc" required: false description: "container scrape" - name: "extraScrapeConfigs" From 3f6c508d31a3a0f641d6e84c29fb442e72f2aec0 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 17 May 2024 10:36:41 +0800 Subject: [PATCH 091/122] chore(postgresql-cluster): use shared memory --- .../postgresql-cluster/templates/statefulset.yaml | 13 ++++++++++++- .../15/chart/postgresql-cluster/values.yaml | 11 +++++++++++ .../15/plans/standard-16c64g400/values.yaml | 3 +++ .../15/plans/standard-1c2g10/values.yaml | 2 ++ .../15/plans/standard-2c4g20/values.yaml | 3 +++ .../15/plans/standard-2c8g50/values.yaml | 3 +++ .../15/plans/standard-32c128g800/values.yaml | 3 +++ .../15/plans/standard-32c64g4000/values.yaml | 3 +++ .../15/plans/standard-4c16g100/values.yaml | 3 +++ .../15/plans/standard-8c32g200/values.yaml | 3 +++ 10 files changed, 46 insertions(+), 1 deletion(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 61881313..d826952c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -109,6 +109,8 @@ spec: # readOnly: true - mountPath: "/opt/drycc/postgresql/backup/" name: backup-config + - name: dshm + mountPath: /dev/shm # readOnly: true resources: {{ toYaml .Values.resources | indent 10 }} @@ -196,7 +198,7 @@ spec: mountPath: "{{ .Values.persistentVolume.mountPath }}" - mountPath: "/opt/drycc/postgresql/backup/" name: backup-config - + {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} @@ -229,6 +231,15 @@ spec: - name: storage-volume emptyDir: {} {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + {{- if .Values.shmVolume.sizeLimit }} + sizeLimit: {{ .Values.shmVolume.sizeLimit }} + {{- end }} + {{- end }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} persistentVolumeClaimRetentionPolicy: whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index d1e7d72f..6e70ea24 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -316,6 +316,17 @@ resources: cpu: 100m memory: 512Mi +shmVolume: + ## @param shmVolume.enabled Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) + ## + enabled: true + ## @param shmVolume.sizeLimit Set this to enable a size limit on the shm tmpfs + ## Note: the size of the tmpfs counts against container's memory limit + ## e.g: + ## sizeLimit: 1Gi + ## + sizeLimit: "1Gi" + # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} diff --git a/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml index 0ead38b4..fe3f5cbf 100644 --- a/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml @@ -73,3 +73,6 @@ resources: persistentVolume: enabled: true size: 400Gi + +shmVolume: + sizeLimit: "32Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml b/addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml index adf735cd..80634ab3 100644 --- a/addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-1c2g10/values.yaml @@ -74,3 +74,5 @@ persistentVolume: enabled: true size: 10Gi +shmVolume: + sizeLimit: "1Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml b/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml index b0f465d2..1f1b9a1b 100644 --- a/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-2c4g20/values.yaml @@ -75,3 +75,6 @@ resources: persistentVolume: enabled: true size: 20Gi + +shmVolume: + sizeLimit: "2Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml b/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml index 5d12b83a..293a8a45 100644 --- a/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-2c8g50/values.yaml @@ -74,3 +74,6 @@ resources: persistentVolume: enabled: true size: 50Gi + +shmVolume: + sizeLimit: "4Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml index 9ef5bde1..d9c9501e 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml @@ -73,3 +73,6 @@ resources: persistentVolume: enabled: true size: 800Gi + +shmVolume: + sizeLimit: "64Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml index ff1aab00..b4a6a7ee 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml @@ -73,3 +73,6 @@ resources: persistentVolume: enabled: true size: 4Ti + +shmVolume: + sizeLimit: "32Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml b/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml index 29e30b2e..a60c85ce 100644 --- a/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-4c16g100/values.yaml @@ -74,3 +74,6 @@ resources: persistentVolume: enabled: true size: 100Gi + +shmVolume: + sizeLimit: "8Gi" \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml index 255f68a5..3d129faa 100644 --- a/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml @@ -73,3 +73,6 @@ resources: persistentVolume: enabled: true size: 200Gi + +shmVolume: + sizeLimit: "16Gi" \ No newline at end of file From c0568f10ab35d6d29a118f00bef5e72791fc444a Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 23 May 2024 11:50:06 +0800 Subject: [PATCH 092/122] fix(mysql-cluster): fix plans typo --- addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml index c8f45468..b06fc92b 100644 --- a/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-1c2g10/meta.yaml @@ -1,4 +1,4 @@ -name: "standard-1g2g10" +name: "standard-1c2g10" id: 2b455154-8725-482a-95b2-a193c180d9b5 description: "Mysql Cluster standard-1c2g10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" displayName: "standard-1c2g10" From 551e5df23e95017e823433404bd56e6878592034 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 28 May 2024 16:01:25 +0800 Subject: [PATCH 093/122] fix(prometheus): add alertmanager config --- addons/prometheus/2/chart/prometheus/values.yaml | 3 +++ addons/prometheus/2/meta.yaml | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index de5908bb..c18a66fa 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -684,6 +684,9 @@ server: static_configs: - targets: [ "{{ printf "%s.%s.svc.%s:%d" (include "prometheus.alertmanager.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain (int .Values.alertmanager.service.ports.http) }}" ] {{- end }} + rule_files: + - "rules.yaml" + ## @param server.alertingRules Prometheus alerting rules. This content will be stored in the the rules.yaml file and the content can be a template. ## ref: diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index 215d939a..268f25a6 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -24,6 +24,9 @@ allow_parameters: - name: "alertmanager.enabled" required: false description: "alertmanager config for values.yaml" +- name: "alertmanager.configuration" + required: false + description: "alertmanager config for values.yaml" - name: "server.username" required: false description: "prometheus administor username" @@ -33,7 +36,7 @@ allow_parameters: - name: "drycc" required: false description: "container scrape" -- name: "extraScrapeConfigs" +- name: "server.extraScrapeConfigs" required: false description: "extra scrape configs" - name: "server.rules" From 9a3a04dc03a06fb9da734e9702e2c2c69282223e Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 14 Jun 2024 17:15:46 +0800 Subject: [PATCH 094/122] chore(mysql-cluster): add backup --- .../templates/cluster/cronjob.yaml | 96 +++++++++++++++++++ .../templates/networkpolicy.yaml | 2 + .../8.0/chart/mysql-cluster/values.yaml | 14 ++- addons/mysql-cluster/8.0/meta.yaml | 3 + 4 files changed, 113 insertions(+), 2 deletions(-) create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml new file mode 100644 index 00000000..6b51d3d7 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml @@ -0,0 +1,96 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- if .Values.backup.enabled }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "mysql.cluster.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + schedule: {{ .Values.backup.schedule| quote }} + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 1 + jobTemplate: + metadata: + spec: + template: + spec: + restartPolicy: OnFailure + initContainers: + - name: backup-wait + image: registry.drycc.cc/drycc/python-dev:latest + imagePullPolicy: {{.Values.imagePullPolicy}} + args: + - netcat + - -v + - -u + - mysql://$(MYSQL_HOST):$(MYSQL_PORT_NUMBER) + + env: + - name: MYSQL_HOST + value: {{ include "mysql.router.fullname" . }} + - name: MYSQL_PORT_NUMBER + value: {{ .Values.router.service.portro | quote }} + + containers: + - name: backup-cron + image: {{ include "cluster.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.primary.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 14 }} + {{- end }} + command: + - /bin/bash + - -ec + - | + # create file + echo " + import os + from datetime import datetime, timezone, timedelta + + now_utc = datetime.now(timezone.utc) + cst_timezone = timezone(timedelta(hours=8)) + now_cst = now_utc.astimezone(cst_timezone) + now_str = now_cst.strftime('%Y%m%d%H%M') + endpoint=os.getenv('AWS_ENDPOINT_URL') + bucket_name=os.getenv('AWS_BUCKET_NAME') + + util.dump_instance(now_str, {'s3BucketName': bucket_name, 's3EndpointOverride': endpoint, 'threads': 4, 'compatibility': ['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] ,'excludeSchemas': ['mysql_innodb_cluster_metadata','sys','information_schema','performance_schema','mondb'],'compatibility':['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] }) + " > /tmp/dump_instance.py + + mysqlsh --uri=${MYSQL_ROOT_USER}@${MYSQL_HOST}:${MYSQL_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} --py < /tmp/dump_instance.py + + env: + - name: MYSQL_HOST + value: {{ include "mysql.router.fullname" . }} + - name: MYSQL_PORT_NUMBER + value: {{ .Values.router.service.portro | quote }} + - name: MYSQL_ROOT_USER + value: "root" + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-root-password + - name: AWS_ENDPOINT_URL + value: {{ .Values.backup.s3.endpoint | quote }} + - name: AWS_BUCKET_NAME + value: {{ .Values.backup.s3.bucketName | quote }} + - name: AWS_ACCESS_KEY_ID + value: {{ .Values.backup.s3.accessKey | quote }} + - name: AWS_SECRET_ACCESS_KEY + value: {{ .Values.backup.s3.secretKey | quote }} + - name: AWS_DEFAULT_REGION + value: {{ .Values.backup.s3.region | quote }} +{{- end }} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index 7571e48b..916f06d5 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -28,6 +28,8 @@ spec: - port: {{ .Values.router.service.portro }} - port: 24901 - port: 33061 + - port: 6446 + - port: 6447 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.service.port }} {{- end }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 79c58704..bf95d6bf 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -592,8 +592,8 @@ cluster: image: registry: registry.drycc.cc - repository: drycc-addons/mysqlshell - tag: 8.0.34 + repository: drycc-addons/mysql-shell + tag: "8.0" digest: "" pullPolicy: IfNotPresent @@ -1245,3 +1245,13 @@ metrics: ## summary: MariaDB instance is down ## rules: [] + +backup: + enabled: false + schedule: "" + s3: + endpoint: "" + bucketName: "" + accessKey: "" + secretKey: "" + region: us-west-1 \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/meta.yaml b/addons/mysql-cluster/8.0/meta.yaml index 5c748c3b..df1189e4 100644 --- a/addons/mysql-cluster/8.0/meta.yaml +++ b/addons/mysql-cluster/8.0/meta.yaml @@ -24,4 +24,7 @@ allow_parameters: - name: "router.configuration" required: false description: "router config for values.yaml" +- name: "backup" + required: false + description: "backup config for values.yaml" archive: false \ No newline at end of file From c3452ce8f4e54ee5f69822937abbafb9ec9a192e Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 14 Jun 2024 17:23:24 +0800 Subject: [PATCH 095/122] chore(prometheus): add custom scrape --- addons/prometheus/2/meta.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index 268f25a6..50079cc3 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -42,4 +42,13 @@ allow_parameters: - name: "server.rules" required: false description: "rules config for values.yaml" +- name: "server.scrapeInterval" + required: false + description: "scrapeInterval values.yaml" +- name: "server.scrapeTimeout" + required: false + description: "scrapeTimeout values.yaml" +- name: "server.evaluationInterval" + required: false + description: "evaluationInterval values.yaml" archive: false From 9bf33fce110b7dd04fa86fa48e538b3f2b73cdbf Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 14 Jun 2024 17:27:59 +0800 Subject: [PATCH 096/122] chore(addons): add clickhouse --- .../24/chart/clickhouse/.helmignore | 21 + .../clickhouse/24/chart/clickhouse/Chart.yaml | 24 + .../clickhouse/24/chart/clickhouse/README.md | 478 +++++++++ .../24/chart/clickhouse/templates/NOTES.txt | 58 ++ .../chart/clickhouse/templates/_helpers.tpl | 201 ++++ .../clickhouse/templates/configmap-extra.yaml | 18 + .../chart/clickhouse/templates/configmap.yaml | 18 + .../clickhouse/templates/extra-list.yaml | 4 + .../templates/ingress-tls-secrets.yaml | 44 + .../chart/clickhouse/templates/ingress.yaml | 60 ++ .../templates/init-scripts-secret.yaml | 17 + .../24/chart/clickhouse/templates/secret.yaml | 18 + .../clickhouse/templates/service-account.yaml | 22 + .../templates/service-external-access.yaml | 114 ++ .../templates/service-headless.yaml | 55 + .../chart/clickhouse/templates/service.yaml | 112 ++ .../clickhouse/templates/servicemonitor.yaml | 49 + .../templates/start-scripts-secret.yaml | 17 + .../clickhouse/templates/statefulset.yaml | 362 +++++++ .../clickhouse/templates/tls-secret.yaml | 26 + .../24/chart/clickhouse/values.yaml | 973 ++++++++++++++++++ addons/clickhouse/24/meta.yaml | 24 + 22 files changed, 2715 insertions(+) create mode 100644 addons/clickhouse/24/chart/clickhouse/.helmignore create mode 100644 addons/clickhouse/24/chart/clickhouse/Chart.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/README.md create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/NOTES.txt create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml create mode 100755 addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/secret.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/service.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/values.yaml create mode 100644 addons/clickhouse/24/meta.yaml diff --git a/addons/clickhouse/24/chart/clickhouse/.helmignore b/addons/clickhouse/24/chart/clickhouse/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/addons/clickhouse/24/chart/clickhouse/Chart.yaml b/addons/clickhouse/24/chart/clickhouse/Chart.yaml new file mode 100644 index 00000000..5b3abe01 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 22.8.6 +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + tags: + - drycc-common + version: ~1.1.2 +description: ClickHouse is an open-source column-oriented OLAP database management system. Use it to boost your database performance while providing linear scalability and hardware efficiency. +home: https://clickhouse.com/ +icon: https://drycc.com/assets/stacks/clickhouse/img/clickhouse-stack-220x234.png +keywords: + - database + - sharding +maintainers: + - name: Drycc + url: https://github.com/drycc/charts +name: clickhouse +sources: + - https://github.com/drycc/containers/tree/main/drycc/clickhouse + - https://github.com/ClickHouse/ClickHouse +version: 24 diff --git a/addons/clickhouse/24/chart/clickhouse/README.md b/addons/clickhouse/24/chart/clickhouse/README.md new file mode 100644 index 00000000..caba5167 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/README.md @@ -0,0 +1,478 @@ + + +# ClickHouse packaged by Drycc + +ClickHouse is an open-source column-oriented OLAP database management system. Use it to boost your database performance while providing linear scalability and hardware efficiency. + +[Overview of ClickHouse](https://clickhouse.com/) + +Trademarks: This software listing is packaged by Drycc. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +$ helm repo add my-repo https://charts.drycc.com/drycc +$ helm install my-release my-repo/clickhouse +``` + +## Introduction + +Drycc charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. + +This chart bootstraps a [ClickHouse](https://github.com/clickhouse/clickhouse) Deployment in a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Drycc charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. + +[Learn more about the default configuration of the chart](https://docs.drycc.com/kubernetes/infrastructure/clickhouse/get-started/). + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release my-repo/clickhouse +``` + +The command deploys ClickHouse on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `nameOverride` | String to partially override common.names.name | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + + +### ClickHouse Parameters + +| Name | Description | Value | +| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- | +| `image.registry` | ClickHouse image registry | `docker.io` | +| `image.repository` | ClickHouse image repository | `drycc/clickhouse` | +| `image.tag` | ClickHouse image tag (immutable tags are recommended) | `22.8.6-debian-11-r0` | +| `image.digest` | ClickHouse image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | ClickHouse image pull policy | `IfNotPresent` | +| `image.pullSecrets` | ClickHouse image pull secrets | `[]` | +| `image.debug` | Enable ClickHouse image debug mode | `false` | +| `shards` | Number of ClickHouse shards to deploy | `2` | +| `replicaCount` | Number of ClickHouse replicas per shard to deploy | `2` | +| `containerPorts.http` | ClickHouse HTTP container port | `8123` | +| `containerPorts.tcp` | ClickHouse TCP container port | `9000` | +| `containerPorts.tcpSecure` | ClickHouse TCP container port | `9440` | +| `containerPorts.mysql` | ClickHouse MySQL container port | `9004` | +| `containerPorts.postgresql` | ClickHouse PostgreSQL container port | `9005` | +| `containerPorts.interserver` | ClickHouse Interserver container port | `9009` | +| `containerPorts.metrics` | ClickHouse metrics container port | `8001` | +| `livenessProbe.enabled` | Enable livenessProbe on ClickHouse containers | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe on ClickHouse containers | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe on ClickHouse containers | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `resources.limits` | The resources limits for the ClickHouse containers | `{}` | +| `resources.requests` | The requested resources for the ClickHouse containers | `{}` | +| `podSecurityContext.enabled` | Enabled ClickHouse pods' Security Context | `true` | +| `podSecurityContext.fsGroup` | Set ClickHouse pod's Security Context fsGroup | `1001` | +| `podSecurityContext.seccompProfile.type` | Set ClickHouse container's Security Context seccomp profile | `RuntimeDefault` | +| `containerSecurityContext.enabled` | Enabled ClickHouse containers' Security Context | `true` | +| `containerSecurityContext.runAsUser` | Set ClickHouse containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set ClickHouse containers' Security Context runAsNonRoot | `true` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set ClickHouse container's privilege escalation | `false` | +| `containerSecurityContext.capabilities.drop` | Set ClickHouse container's Security Context runAsNonRoot | `["ALL"]` | +| `auth.username` | ClickHouse Admin username | `default` | +| `auth.password` | ClickHouse Admin password | `""` | +| `auth.existingSecret` | Name of a secret containing the Admin password | `""` | +| `auth.existingSecretKey` | Name of the key inside the existing secret | `""` | +| `logLevel` | Logging level | `information` | +| `defaultConfigurationOverrides` | Default configuration overrides (evaluated as a template) | `""` | +| `existingOverridesConfigmap` | The name of an existing ConfigMap with your custom configuration for ClickHouse | `""` | +| `extraOverrides` | Extra configuration overrides (evaluated as a template) apart from the default | `""` | +| `extraOverridesConfigmap` | The name of an existing ConfigMap with extra configuration for ClickHouse | `""` | +| `extraOverridesSecret` | The name of an existing ConfigMap with your custom configuration for ClickHouse | `""` | +| `initdbScripts` | Dictionary of initdb scripts | `{}` | +| `initdbScriptsSecret` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | +| `startdbScripts` | Dictionary of startdb scripts | `{}` | +| `startdbScriptsSecret` | ConfigMap with the startdb scripts (Note: Overrides `startdbScripts`) | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `hostAliases` | ClickHouse pods host aliases | `[]` | +| `podLabels` | Extra labels for ClickHouse pods | `{}` | +| `podAnnotations` | Annotations for ClickHouse pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `affinity` | Affinity for ClickHouse pods assignment | `{}` | +| `nodeSelector` | Node labels for ClickHouse pods assignment | `{}` | +| `tolerations` | Tolerations for ClickHouse pods assignment | `[]` | +| `updateStrategy.type` | ClickHouse statefulset strategy type | `RollingUpdate` | +| `podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `Parallel` | +| `priorityClassName` | ClickHouse pods' priorityClassName | `""` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `schedulerName` | Name of the k8s scheduler (other than default) for ClickHouse pods | `""` | +| `terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `lifecycleHooks` | for the ClickHouse container(s) to automate configuration before or after startup | `{}` | +| `extraEnvVars` | Array with extra environment variables to add to ClickHouse nodes | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ClickHouse nodes | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ClickHouse nodes | `""` | +| `extraVolumes` | Optionally specify extra list of additional volumes for the ClickHouse pod(s) | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ClickHouse container(s) | `[]` | +| `sidecars` | Add additional sidecar containers to the ClickHouse pod(s) | `[]` | +| `initContainers` | Add additional init containers to the ClickHouse pod(s) | `[]` | +| `tls.enabled` | Enable TLS traffic support | `false` | +| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | +| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `""` | +| `tls.certFilename` | Certificate filename | `""` | +| `tls.certKeyFilename` | Certificate key filename | `""` | +| `tls.certCAFilename` | CA Certificate filename | `""` | + + +### Traffic Exposure Parameters + +| Name | Description | Value | +| ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `service.type` | ClickHouse service type | `ClusterIP` | +| `service.ports.http` | ClickHouse service HTTP port | `8123` | +| `service.ports.tcp` | ClickHouse service TCP port | `9000` | +| `service.ports.tcpSecure` | ClickHouse service TCP (secure) port | `9440` | +| `service.ports.mysql` | ClickHouse service MySQL port | `9004` | +| `service.ports.postgresql` | ClickHouse service PostgreSQL port | `9005` | +| `service.ports.interserver` | ClickHouse service Interserver port | `9009` | +| `service.ports.metrics` | ClickHouse service metrics port | `8001` | +| `service.nodePorts.http` | Node port for HTTP | `""` | +| `service.nodePorts.tcp` | Node port for TCP | `""` | +| `service.nodePorts.tcpSecure` | Node port for TCP (with TLS) | `""` | +| `service.nodePorts.mysql` | Node port for MySQL | `""` | +| `service.nodePorts.postgresql` | Node port for PostgreSQL | `""` | +| `service.nodePorts.interserver` | Node port for Interserver | `""` | +| `service.nodePorts.metrics` | Node port for metrics | `""` | +| `service.clusterIP` | ClickHouse service Cluster IP | `""` | +| `service.loadBalancerIP` | ClickHouse service Load Balancer IP | `""` | +| `service.loadBalancerSourceRanges` | ClickHouse service Load Balancer sources | `[]` | +| `service.externalTrafficPolicy` | ClickHouse service external traffic policy | `Cluster` | +| `service.annotations` | Additional custom annotations for ClickHouse service | `{}` | +| `service.extraPorts` | Extra ports to expose in ClickHouse service (normally used with the `sidecars` value) | `[]` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `externalAccess.enabled` | Enable Kubernetes external cluster access to ClickHouse | `false` | +| `externalAccess.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | +| `externalAccess.service.ports.http` | ClickHouse service HTTP port | `80` | +| `externalAccess.service.ports.tcp` | ClickHouse service TCP port | `9000` | +| `externalAccess.service.ports.tcpSecure` | ClickHouse service TCP (secure) port | `9440` | +| `externalAccess.service.ports.mysql` | ClickHouse service MySQL port | `9004` | +| `externalAccess.service.ports.postgresql` | ClickHouse service PostgreSQL port | `9005` | +| `externalAccess.service.ports.interserver` | ClickHouse service Interserver port | `9009` | +| `externalAccess.service.ports.metrics` | ClickHouse service metrics port | `8001` | +| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for each ClickHouse . Length must be the same as replicaCount | `[]` | +| `externalAccess.service.loadBalancerAnnotations` | Array of load balancer annotations for each ClickHouse . Length must be the same as replicaCount | `[]` | +| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.service.nodePorts.http` | Node port for HTTP | `[]` | +| `externalAccess.service.nodePorts.tcp` | Node port for TCP | `[]` | +| `externalAccess.service.nodePorts.tcpSecure` | Node port for TCP (with TLS) | `[]` | +| `externalAccess.service.nodePorts.mysql` | Node port for MySQL | `[]` | +| `externalAccess.service.nodePorts.postgresql` | Node port for PostgreSQL | `[]` | +| `externalAccess.service.nodePorts.interserver` | Node port for Interserver | `[]` | +| `externalAccess.service.nodePorts.metrics` | Node port for metrics | `[]` | +| `externalAccess.service.labels` | Service labels for external access | `{}` | +| `externalAccess.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.service.extraPorts` | Extra ports to expose in the ClickHouse external service | `[]` | +| `ingress.enabled` | Enable ingress record generation for ClickHouse | `false` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.hostname` | Default host for the ingress record | `clickhouse.local` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.path` | Default path for the ingress record | `/` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | +| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | +| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | +| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | +| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | + + +### Persistence Parameters + +| Name | Description | Value | +| -------------------------- | ---------------------------------------------------------------------- | ------------------- | +| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` | +| `persistence.storageClass` | Storage class of backing PVC | `""` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | +| `persistence.size` | Size of data volume | `8Gi` | +| `persistence.selector` | Selector to match an existing Persistent Volume for WordPress data PVC | `{}` | +| `persistence.dataSource` | Custom PVC data source | `{}` | + + +### Init Container Parameters + +| Name | Description | Value | +| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Drycc Shell image registry | `docker.io` | +| `volumePermissions.image.repository` | Drycc Shell image repository | `drycc/drycc-shell` | +| `volumePermissions.image.tag` | Drycc Shell image tag (immutable tags are recommended) | `11-debian-11-r37` | +| `volumePermissions.image.pullPolicy` | Drycc Shell image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Drycc Shell image pull secrets | `[]` | +| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | +| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | +| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | + + +### Other Parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `true` | +| `metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `metrics.podAnnotations` | Annotations for metrics scraping | `{}` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `metrics.serviceMonitor.annotations` | Additional custom annotations for the ServiceMonitor | `{}` | +| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | + + +### External Zookeeper paramaters + +| Name | Description | Value | +| --------------------------- | ----------------------------------------- | ------ | +| `externalZookeeper.servers` | List of external zookeeper servers to use | `[]` | +| `externalZookeeper.port` | Port of the Zookeeper servers | `2888` | + + +### Zookeeper subchart parameters + +| Name | Description | Value | +| -------------------------------- | ----------------------------- | ------ | +| `zookeeper.enabled` | Deploy Zookeeper subchart | `true` | +| `zookeeper.replicaCount` | Number of Zookeeper instances | `2` | +| `zookeeper.service.ports.client` | Zookeeper client port | `2181` | + + +See https://github.com/drycc-labs/readme-generator-for-helm to create the table + +The above parameters map to the env variables defined in [drycc/clickhouse](https://github.com/drycc/containers/tree/main/drycc/clickhouse). For more information please refer to the [drycc/clickhouse](https://github.com/drycc/containers/tree/main/drycc/clickhouse) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + --set auth.username=admin \ + --set auth.password=password \ + my-repo/clickhouse +``` + +The above command sets the ClickHouse administrator account username and password to `admin` and `password` respectively. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml my-repo/clickhouse +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.drycc.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Drycc will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### External Zookeeper support + +You may want to have ClickHouse connect to an external zookeeper rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalZookeeper` parameter](#parameters). You should also disable the Zookeeper installation with the `zookeeper.enabled` option. Here is an example: + +```console +zookeper.enabled=false +externalZookeeper.host=myexternalhost +externalZookeeper.user=myuser +externalZookeeper.password=mypassword +externalZookeeper.database=mydatabase +externalZookeeper.port=3306 +``` + +### TLS secrets + +The chart also facilitates the creation of TLS secrets for use with the Ingress controller, with different options for certificate management. [Learn more about TLS secrets](https://docs.drycc.com/kubernetes/apps/clickhouse/administration/enable-tls/). + +## Persistence + +The [Drycc ClickHouse](https://github.com/drycc/containers/tree/main/drycc/clickhouse) image stores the ClickHouse data and configurations at the `/drycc` path of the container. Persistent Volume Claims are used to keep the data across deployments. [Learn more about persistence in the chart documentation](https://docs.drycc.com/kubernetes/apps/clickhouse/configuration/chart-persistence/). + +### Additional environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +clickhouse: + extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Sidecars + +If additional containers are needed in the same pod as ClickHouse (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter. [Learn more about configuring and using sidecar containers](https://docs.drycc.com/kubernetes/apps/clickhouse/administration/configure-use-sidecars/). + +### Ingress without TLS + +For using ingress (example without TLS): + +```yaml +ingress: + ## If true, ClickHouse server Ingress will be created + ## + enabled: true + + ## ClickHouse server Ingress annotations + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: 'true' + + ## ClickHouse server Ingress hostnames + ## Must be provided if Ingress is enabled + ## + hosts: + - clickhouse.domain.com +``` + +### Ingress TLS + +If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [kube-lego](https://github.com/jetstack/kube-lego)), please refer to the documentation for that mechanism. + +To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret (named `clickhouse-server-tls` in this example) in the namespace. Include the secret's name, along with the desired hostnames, in the Ingress TLS section of your custom `values.yaml` file: + +```yaml +ingress: + ## If true, ClickHouse server Ingress will be created + ## + enabled: true + + ## ClickHouse server Ingress annotations + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: 'true' + + ## ClickHouse server Ingress hostnames + ## Must be provided if Ingress is enabled + ## + hosts: + - clickhouse.domain.com + + ## ClickHouse server Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: + - secretName: clickhouse-server-tls + hosts: + - clickhouse.domain.com +``` + +### Using custom scripts + +For advanced operations, the Drycc ClickHouse chart allows using custom init and start scripts that will be mounted in `/docker-entrypoint.initdb.d` and `/docker-entrypoint.startdb.d` . The `init` scripts will be run on the first boot whereas the `start` scripts will be run on every container start. For adding the scripts directly as values use the `initdbScripts` and `startdbScripts` values. For using Secrets use the `initdbScriptsSecret` and `startdbScriptsSecret`. + +```yaml +initdbScriptsSecret: init-scripts-secret +startdbScriptsSecret: start-scripts-secret +``` + +### Pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [drycc/common](https://github.com/drycc/charts/tree/master/drycc/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Drycc's Helm charts in [this troubleshooting guide](https://docs.drycc.com/general/how-to/troubleshoot-helm-chart-issues). + +## License + +Copyright © 2022 Drycc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/addons/clickhouse/24/chart/clickhouse/templates/NOTES.txt b/addons/clickhouse/24/chart/clickhouse/templates/NOTES.txt new file mode 100644 index 00000000..951446a3 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/NOTES.txt @@ -0,0 +1,58 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ include "common.names.namespace" . | quote }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/drycc/scripts/clickhouse/entrypoint.sh /opt/drycc/scripts/clickhouse/run.sh + +{{- else }} + +ClickHouse is available in the following address: + +{{- if .Values.externalAccess.enabled }} + +NOTE: It may take a few minutes for the LoadBalancer IP to be available. + + kubectl get svc --namespace {{ template "common.names.namespace" . }} -l "app.kubernetes.io/name={{ template "common.names.fullname" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=clickhouse" -w + +{{- else if (eq "LoadBalancer" .Values.service.type) }} + + export SERVICE_IP=$(kubectl get svc --namespace {{ template "common.names.namespace" . }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + +{{- else if (eq "NodePort" .Values.service.type)}} + + export NODE_IP=$(kubectl get nodes --namespace {{ template "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ template "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) + +{{- else if (eq "ClusterIP" .Values.service.type)}} + + kubectl port-forward --namespace {{ template "common.names.namespace" . }} svc/{{ template "common.names.fullname" . }} {{ .Values.service.ports.tcp }}:9000 & + +{{- end }} + +Credentials: + + echo "Username : {{ .Values.auth.username }}" + echo "Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "clickhouse.secretName" . }} -o jsonpath="{.data.{{ include "clickhouse.secretKey" .}}}" | base64 -d)" + +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "clickhouse.validateValues" . }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl b/addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl new file mode 100644 index 00000000..5d3b9dca --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl @@ -0,0 +1,201 @@ +{{/* +Return the proper ClickHouse image name +*/}} +{{- define "clickhouse.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "clickhouse.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "clickhouse.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Return true if a TLS credentials secret object should be created +*/}} +{{- define "clickhouse.createTlsSecret" -}} +{{- if and .Values.tls.autoGenerated (not .Values.tls.certificatesSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "clickhouse.tlsSecretName" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "%s-crt" (include "common.names.fullname" .) -}} +{{- else -}} + {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert file. +*/}} +{{- define "clickhouse.tlsCert" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/drycc/clickhouse/certs/tls.crt" -}} +{{- else -}} + {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/drycc/clickhouse/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert key file. +*/}} +{{- define "clickhouse.tlsCertKey" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/drycc/clickhouse/certs/tls.key" -}} +{{- else -}} +{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/drycc/clickhouse/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "clickhouse.tlsCACert" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/drycc/clickhouse/certs/ca.crt" -}} +{{- else -}} + {{- printf "/opt/drycc/clickhouse/certs/%s" .Values.tls.certCAFilename -}} +{{- end -}} +{{- end -}} + +{{/* +Get the ClickHouse configuration configmap. +*/}} +{{- define "clickhouse.configmapName" -}} +{{- if .Values.existingOverridesConfigmap -}} + {{- .Values.existingOverridesConfigmap -}} +{{- else }} + {{- printf "%s" (include "common.names.fullname" . ) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the ClickHouse configuration configmap. +*/}} +{{- define "clickhouse.extraConfigmapName" -}} +{{- if .Values.extraOverridesConfigmap -}} + {{- .Values.extraOverridesConfigmap -}} +{{- else }} + {{- printf "%s-extra" (include "common.names.fullname" . ) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the Clickhouse password secret name +*/}} +{{- define "clickhouse.secretName" -}} +{{- if .Values.auth.existingSecret -}} + {{- .Values.auth.existingSecret -}} +{{- else }} + {{- printf "%s" (include "common.names.fullname" . ) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the ClickHouse password key inside the secret +*/}} +{{- define "clickhouse.secretKey" -}} +{{- if .Values.auth.existingSecret -}} + {{- .Values.auth.existingSecretKey -}} +{{- else }} + {{- print "admin-password" -}} +{{- end -}} +{{- end -}} + +{{/* +Get the startialization scripts Secret name. +*/}} +{{- define "clickhouse.startdbScriptsSecret" -}} +{{- if .Values.startdbScriptsSecret -}} + {{- printf "%s" (tpl .Values.startdbScriptsSecret $) -}} +{{- else -}} + {{- printf "%s-start-scripts" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts Secret name. +*/}} +{{- define "clickhouse.initdbScriptsSecret" -}} +{{- if .Values.initdbScriptsSecret -}} + {{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} +{{- else -}} + {{- printf "%s-init-scripts" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "clickhouse.headlessServiceName" -}} +{{- printf "%s-headless" (include "common.names.fullname" .) -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "clickhouse.zookeeper.fullname" -}} +{{- include "common.names.dependency.fullname" (dict "chartName" "zookeeper" "chartValues" .Values.zookeeper "context" $) -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "clickhouse.zookeeper.headlessServiceName" -}} +{{- printf "%s-headless" (include "clickhouse.zookeeper.fullname" .) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "clickhouse.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "clickhouse.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "clickhouse.validateValues.zookeeper" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of ClickHouse - Zookeeper */}} +{{- define "clickhouse.validateValues.zookeeper" -}} +{{- if and .Values.zookeeper.enabled .Values.externalZookeeper.servers -}} +clickhouse: Multiple Zookeeper + You can only use one zookeeper + Please choose installing a Zookeeper chart (--set zookeeper.enabled=true) or + using an external instance (--set zookeeper.servers ) +{{- end -}} +{{- if and (not .Values.zookeeper.enabled) (not .Values.externalZookeeper.servers) (ne (int .Values.shards) 1) (ne (int .Values.replicaCount) 1) -}} +clickhouse: No Zookeeper + If you are deploying more than one ClickHouse instance, you need to enable Zookeeper. Please choose installing a Zookeeper chart (--set zookeeper.enabled=true) or + using an external instance (--set zookeeper.servers ) +{{- end -}} +{{- end -}} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml b/addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml new file mode 100644 index 00000000..f78a3aef --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.extraOverrides (not .Values.extraOverridesConfigmap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-extra" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + 01_extra_overrides.xml: | + {{- include "common.tplvalues.render" (dict "value" .Values.extraOverrides "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml b/addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml new file mode 100644 index 00000000..2a427dca --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml @@ -0,0 +1,18 @@ +{{- if not .Values.existingOverridesConfigmap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + 00_default_overrides.xml: | + {{- include "common.tplvalues.render" (dict "value" .Values.defaultConfigurationOverrides "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml b/addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml new file mode 100644 index 00000000..9ac65f9e --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml b/addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml new file mode 100644 index 00000000..cdab66cf --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml @@ -0,0 +1,44 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ $.Release.Namespace | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $ca := genCA "clickhouse-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls" .Values.ingress.hostname }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml b/addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml new file mode 100755 index 00000000..fa1b8db2 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml @@ -0,0 +1,60 @@ +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname | quote }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml new file mode 100644 index 00000000..96f83f61 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.initdbScripts (not .Values.initdbScriptsSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-init-scripts" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +stringData: +{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/secret.yaml new file mode 100644 index 00000000..89f58cee --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/secret.yaml @@ -0,0 +1,18 @@ +{{- if not .Values.auth.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + admin-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "admin-password" "providedValues" (list "auth.password") "context" $) }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml new file mode 100644 index 00000000..b3787391 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml @@ -0,0 +1,22 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "clickhouse.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml new file mode 100644 index 00000000..2af4abb2 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml @@ -0,0 +1,114 @@ +{{- if $.Values.externalAccess.enabled }} +{{- $shards := $.Values.shards | int }} +{{- $replicas := $.Values.replicaCount | int }} +{{- $totalNodes := mul $shards $replicas }} +{{- range $shard, $e := until $shards }} +{{- range $i, $_e := until $replicas }} +{{- $targetPod := printf "%s-shard%d-%d" (include "common.names.fullname" $) $shard $i }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-external" $targetPod | trunc 63 | trimSuffix "-" }} + namespace: {{ $.Release.Namespace | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: clickhouse + pod: {{ $targetPod }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.externalAccess.service.labels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.externalAccess.service.labels "context" $) | nindent 4 }} + {{- end }} + {{- if or $.Values.externalAccess.service.annotations $.Values.commonAnnotations $.Values.externalAccess.service.loadBalancerAnnotations }} + annotations: + {{- if and (not (empty $.Values.externalAccess.service.loadBalancerAnnotations)) (eq (len $.Values.externalAccess.service.loadBalancerAnnotations) $totalNodes) }} + {{ include "common.tplvalues.render" ( dict "value" (index $.Values.externalAccess.service.loadBalancerAnnotations $i) "context" $) | nindent 4 }} + {{- end }} + {{- if $.Values.externalAccess.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.externalAccess.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $.Values.externalAccess.service.type }} + {{- if eq $.Values.externalAccess.service.type "LoadBalancer" }} + {{- if and (not (empty $.Values.externalAccess.service.loadBalancerIPs)) (eq (len $.Values.externalAccess.service.loadBalancerIPs) $totalNodes) }} + loadBalancerIP: {{ index $.Values.externalAccess.service.loadBalancerIPs $i }} + {{- end }} + {{- if $.Values.externalAccess.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $.Values.externalAccess.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + ports: + - name: http + port: {{ $.Values.externalAccess.service.ports.http }} + targetPort: http + {{- if not (empty $.Values.externalAccess.service.nodePorts.http) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.http $i }} + {{- else }} + nodePort: null + {{- end }} + {{- if $.Values.metrics.enabled }} + - name: http-metrics + port: {{ $.Values.externalAccess.service.ports.metrics }} + targetPort: http-metrics + {{- if not (empty $.Values.externalAccess.service.nodePorts.metrics) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.metrics $i }} + {{- else }} + nodePort: null + {{- end }} + {{- end }} + - name: tcp + port: {{ $.Values.externalAccess.service.ports.tcp }} + targetPort: tcp + {{- if not (empty $.Values.externalAccess.service.nodePorts.tcp) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.tcp $i }} + {{- else }} + nodePort: null + {{- end }} + {{- if $.Values.tls.enabled }} + - name: tcp-secure + port: {{ $.Values.externalAccess.service.ports.tcpSecure }} + targetPort: tcp-secure + {{- if not (empty $.Values.externalAccess.service.nodePorts.tcpSecure) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.tcpSecure $i }} + {{- else }} + nodePort: null + {{- end }} + {{- end }} + - name: tcp-mysql + port: {{ $.Values.externalAccess.service.ports.mysql }} + targetPort: tcp-mysql + {{- if not (empty $.Values.externalAccess.service.nodePorts.mysql) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.mysql $i }} + {{- else }} + nodePort: null + {{- end }} + - name: tcp-postgresql + port: {{ $.Values.externalAccess.service.ports.postgresql }} + targetPort: tcp-postgresql + {{- if not (empty $.Values.externalAccess.service.nodePorts.postgresql) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.postgresql $i }} + {{- else }} + nodePort: null + {{- end }} + - name: tcp-intersrv + port: {{ $.Values.externalAccess.service.ports.interserver }} + targetPort: tcp-intersrv + {{- if not (empty $.Values.externalAccess.service.nodePorts.interserver) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.interserver $i }} + {{- else }} + nodePort: null + {{- end }} + {{- if $.Values.externalAccess.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $.Values.externalAccess.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: clickhouse + statefulset.kubernetes.io/pod-name: {{ $targetPod }} +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml new file mode 100644 index 00000000..33f86ce1 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml @@ -0,0 +1,55 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "clickhouse.headlessServiceName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: http + targetPort: http + port: {{ .Values.service.ports.http }} + protocol: TCP + - name: tcp + targetPort: tcp + port: {{ .Values.service.ports.tcp }} + protocol: TCP + {{- if .Values.tls.enabled }} + - name: tcp-secure + targetPort: tcp-secure + port: {{ .Values.service.ports.tcpSecure }} + protocol: TCP + {{- end }} + - name: mysql + targetPort: mysql + port: {{ .Values.service.ports.mysql }} + protocol: TCP + - name: tcp-postgresql + targetPort: tcp-postgresql + port: {{ .Values.service.ports.postgresql }} + protocol: TCP + - name: http-intersrv + targetPort: http-intersrv + port: {{ .Values.service.ports.interserver }} + protocol: TCP + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: clickhouse diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service.yaml new file mode 100644 index 00000000..fe2dfc60 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/service.yaml @@ -0,0 +1,112 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + targetPort: http + port: {{ .Values.service.ports.http }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: tcp + targetPort: tcp + port: {{ .Values.service.ports.tcp }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.tcp)) }} + nodePort: {{ .Values.service.nodePorts.tcp }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.tls.enabled }} + - name: tcp-secure + targetPort: tcp-secure + port: {{ .Values.service.ports.tcpSecure }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.tcpSecure)) }} + nodePort: {{ .Values.service.nodePorts.tcpSecure }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + - name: tcp-mysql + targetPort: tcp-mysql + port: {{ .Values.service.ports.mysql }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.mysql)) }} + nodePort: {{ .Values.service.nodePorts.mysql }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: tcp-postgresql + targetPort: tcp-postgresql + port: {{ .Values.service.ports.postgresql }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.postgresql)) }} + nodePort: {{ .Values.service.nodePorts.postgresql }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: http-intersrv + targetPort: http-intersrv + port: {{ .Values.service.ports.interserver }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.interserver)) }} + nodePort: {{ .Values.service.nodePorts.interserver }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.metrics.enabled }} + - name: http-metrics + targetPort: http-metrics + port: {{ .Values.service.ports.metrics }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.metrics)) }} + nodePort: {{ .Values.service.nodePorts.metrics }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: clickhouse diff --git a/addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml b/addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml new file mode 100644 index 00000000..8477fc6e --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: http-metrics + path: "/metrics" + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml new file mode 100644 index 00000000..0239d702 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.startdbScripts (not .Values.startdbScriptsSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-start-scripts" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +stringData: +{{- include "common.tplvalues.render" (dict "value" .Values.startdbScripts "context" .) | nindent 2 }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml b/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml new file mode 100644 index 00000000..3c4ffa7a --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml @@ -0,0 +1,362 @@ +{{- $replicas := .Values.shards | int }} +{{- range $i, $e := until $replicas }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }} +kind: StatefulSet +metadata: + name: {{ printf "%s-shard%d" (include "common.names.fullname" $ ) $i }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ $.Values.replicaCount }} + podManagementPolicy: {{ $.Values.podManagementPolicy | quote }} + selector: + matchLabels: {{ include "common.labels.matchLabels" $ | nindent 6 }} + app.kubernetes.io/component: clickhouse + serviceName: {{ printf "%s-headless" (include "common.names.fullname" $) }} + {{- if $.Values.updateStrategy }} + updateStrategy: {{- toYaml $.Values.updateStrategy | nindent 4 }} + {{- end }} + template: + metadata: + {{- if or $.Values.podAnnotations (and $.Values.metrics.enabled $.Values.metrics.podAnnotations) }} + annotations: + {{- if $.Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" $.Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if and $.Values.metrics.enabled $.Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" $.Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + labels: {{- include "common.labels.standard" $ | nindent 8 }} + app.kubernetes.io/component: clickhouse + {{- if $.Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" $.Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "clickhouse.serviceAccountName" $ }} + {{- include "clickhouse.imagePullSecrets" $ | nindent 6 }} + {{- if $.Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" $.Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" $.Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAffinityPreset "component" "clickhouse" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAntiAffinityPreset "component" "clickhouse" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" $.Values.nodeAffinityPreset.type "key" $.Values.nodeAffinityPreset.key "values" $.Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if $.Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" $.Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" $.Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.priorityClassName }} + priorityClassName: {{ $.Values.priorityClassName | quote }} + {{- end }} + {{- if $.Values.schedulerName }} + schedulerName: {{ $.Values.schedulerName | quote }} + {{- end }} + {{- if $.Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" $.Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if $.Values.podSecurityContext.enabled }} + securityContext: {{- omit $.Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if $.Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if and $.Values.tls.enabled (not $.Values.volumePermissions.enabled) }} + - name: copy-certs + image: {{ include "clickhouse.volumePermissions.image" $ }} + imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} + {{- if $.Values.resources }} + resources: {{- toYaml $.Values.resources | nindent 12 }} + {{- end }} + # We don't require a privileged container in this case + {{- if $.Values.containerSecurityContext.enabled }} + securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -ec + - | + cp -L /tmp/certs/* /opt/drycc/clickhouse/certs/ + chmod 600 {{ include "clickhouse.tlsCertKey" $ }} + volumeMounts: + - name: raw-certificates + mountPath: /tmp/certs + - name: clickhouse-certificates + mountPath: /opt/drycc/clickhouse/certs + {{- else if and $.Values.volumePermissions.enabled $.Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "clickhouse.volumePermissions.image" $ }} + imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} + command: | + mkdir -p /drycc/clickhouse/data + chmod 700 /drycc/clickhouse/data + chown {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /drycc/clickhouse + find /drycc/clickhouse -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + xargs -r chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} + {{- if $.Values.tls.enabled }} + cp /tmp/certs/* /opt/drycc/clickhouse/certs/ + {{- if eq ( toString ( $.Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/drycc/clickhouse/certs/ + {{- else }} + chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /opt/drycc/clickhouse/certs/ + {{- end }} + chmod 600 {{ include "clickhouse.tlsCertKey" $ }} + {{- end }} + {{- if $.Values.containerSecurityContext.enabled }} + securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if $.Values.volumePermissions.resources }} + resources: {{- toYaml $.Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /drycc/clickhouse + - name: config + mountPath: /drycc/clickhouse/conf/default + {{- if $.Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: clickhouse-certificates + mountPath: /opt/drycc/clickhouse/certs + {{- end }} + {{- end }} + {{- if $.Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" $.Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: clickhouse + image: {{ template "clickhouse.image" $ }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- if $.Values.containerSecurityContext.enabled }} + securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if $.Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if $.Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" $.Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if $.Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if $.Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" $.Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: DRYCC_DEBUG + value: {{ ternary "true" "false" (or $.Values.image.debug $.Values.diagnosticMode.enabled) | quote }} + - name: CLICKHOUSE_HTTP_PORT + value: {{ $.Values.containerPorts.http | quote }} + - name: CLICKHOUSE_TCP_PORT + value: {{ $.Values.containerPorts.tcp | quote }} + - name: CLICKHOUSE_MYSQL_PORT + value: {{ $.Values.containerPorts.mysql | quote }} + - name: CLICKHOUSE_POSTGRESQL_PORT + value: {{ $.Values.containerPorts.postgresql | quote }} + - name: CLICKHOUSE_INTERSERVER_HTTP_PORT + value: {{ $.Values.containerPorts.interserver | quote }} + {{- if $.Values.tls.enabled }} + - name: CLICKHOUSE_TCP_SECURE_PORT + value: {{ $.Values.containerPorts.tcpSecure | quote }} + {{- end }} + {{- if $.Values.metrics.enabled }} + - name: CLICKHOUSE_METRICS_PORT + value: {{ $.Values.containerPorts.metrics | quote }} + {{- end }} + - name: CLICKHOUSE_ADMIN_USER + value: {{ $.Values.auth.username | quote }} + - name: CLICKHOUSE_SHARD_ID + value: {{ printf "shard%d" $i | quote }} + - name: CLICKHOUSE_REPLICA_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CLICKHOUSE_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "clickhouse.secretName" $ }} + key: {{ include "clickhouse.secretKey" $ }} + {{- if $.Values.tls.enabled }} + - name: CLICKHOUSE_TLS_CERT_FILE + value: {{ include "clickhouse.tlsCert" $ | quote}} + - name: CLICKHOUSE_TLS_KEY_FILE + value: {{ include "clickhouse.tlsCertKey" $ | quote }} + - name: CLICKHOUSE_TLS_CA_FILE + value: {{ include "clickhouse.tlsCACert" $ | quote }} + {{- end }} + {{- if $.Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if $.Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" $.Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if $.Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" $.Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if $.Values.resources }} + resources: {{- toYaml $.Values.resources | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ $.Values.containerPorts.http }} + - name: tcp + containerPort: {{ $.Values.containerPorts.tcp }} + {{- if $.Values.tls.enabled }} + - name: tcp-secure + containerPort: {{ $.Values.containerPorts.tcpSecure }} + {{- end }} + - name: tcp-postgresql + containerPort: {{ $.Values.containerPorts.postgresql }} + - name: tcp-mysql + containerPort: {{ $.Values.containerPorts.mysql }} + - name: http-intersrv + containerPort: {{ $.Values.containerPorts.interserver }} + {{- if $.Values.metrics.enabled }} + - name: http-metrics + containerPort: {{ $.Values.containerPorts.metrics }} + {{- end }} + {{- if not $.Values.diagnosticMode.enabled }} + {{- if $.Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if $.Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /ping + port: http + {{- end }} + {{- if $.Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if $.Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /ping + port: http + {{- end }} + {{- if $.Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if $.Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.startupProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /ping + port: http + {{- end }} + {{- end }} + {{- if $.Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /drycc/clickhouse + - name: config + mountPath: /drycc/clickhouse/etc/conf.d/default + {{- if or $.Values.extraOverridesConfigmap $.Values.extraOverrides }} + - name: extra-config + mountPath: /drycc/clickhouse/etc/conf.d/extra-configmap + {{- end }} + {{- if $.Values.extraOverridesSecret }} + - name: extra-secret + mountPath: /drycc/clickhouse/etc/conf.d/extra-secret + {{- end }} + {{- if $.Values.tls.enabled }} + - name: clickhouse-certificates + mountPath: /drycc/clickhouse/certs + {{- end }} + {{- if or $.Values.initdbScriptsSecret $.Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or $.Values.startdbScriptsSecret $.Values.startdbScripts }} + - name: custom-start-scripts + mountPath: /docker-entrypoint-startdb.d + {{- end }} + {{- if $.Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" $.Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if $.Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "clickhouse.configmapName" $ }} + {{- if or $.Values.initdbScriptsSecret $.Values.initdbScripts }} + - name: custom-init-scripts + secret: + secretName: {{ include "clickhouse.initdbScriptsSecret" $ }} + {{- end }} + {{- if or $.Values.startdbScriptsSecret $.Values.startdbScripts }} + - name: custom-start-scripts + secret: + secretName: {{ include "clickhouse.startdbScriptsSecret" $ }} + {{- end }} + {{- if or $.Values.extraOverridesConfigmap $.Values.extraOverrides }} + - name: extra-config + configMap: + name: {{ template "clickhouse.extraConfigmapName" $ }} + {{- end }} + {{- if $.Values.extraOverridesSecret }} + - name: extra-secret + secret: + secretName: {{ $.Values.extraOverridesSecret }} + {{- end }} + {{- if not $.Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- end }} + {{- if $.Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ include "clickhouse.tlsSecretName" $ }} + - name: clickhouse-certificates + emptyDir: {} + {{- end }} + {{- if $.Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" $.Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + annotations: + {{- if $.Values.persistence.annotations }} + {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + {{- include "common.tplvalues.render" (dict "value" $.Values.commonAnnotations "context" $) | nindent 10 }} + {{- end }} + {{- if $.Values.commonLabels }} + labels: {{- include "common.tplvalues.render" (dict "value" $.Values.commonLabels "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range $.Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ $.Values.persistence.size | quote }} + {{- if $.Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- if $.Values.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" $.Values.persistence "global" $.Values.global) | nindent 8 }} + {{- end }} +--- +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml new file mode 100644 index 00000000..2e443900 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml @@ -0,0 +1,26 @@ +{{- if (include "clickhouse.createTlsSecret" . ) }} +{{- $ca := genCA "clickhouse-ca" 365 }} +{{- $fullname := include "common.names.fullname" . }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $primaryHeadlessServiceName := printf "%s-headless" (include "common.names.fullname" .)}} +{{- $altNames := list (printf "*.%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) $fullname }} +{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-crt" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + ca.crt: {{ $ca.Cert | b64enc | quote }} + tls.crt: {{ $crt.Cert | b64enc | quote }} + tls.key: {{ $crt.Key | b64enc | quote }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml new file mode 100644 index 00000000..fc6fef0d --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -0,0 +1,973 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.name +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section ClickHouse Parameters +## + +## Drycc ClickHouse image +## ref: https://hub.docker.com/r/drycc/clickhouse/tags/ +## @param image.registry ClickHouse image registry +## @param image.repository ClickHouse image repository +## @param image.tag ClickHouse image tag (immutable tags are recommended) +## @param image.digest ClickHouse image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy ClickHouse image pull policy +## @param image.pullSecrets ClickHouse image pull secrets +## @param image.debug Enable ClickHouse image debug mode +## +image: + registry: registry.drycc.cc + repository: drycc-addons/clickhouse + tag: 24 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false +## @param shards Number of ClickHouse shards to deploy +## +shards: 2 + +## @param replicaCount Number of ClickHouse replicas per shard to deploy +## +replicaCount: 2 +## @param containerPorts.http ClickHouse HTTP container port +## @param containerPorts.tcp ClickHouse TCP container port +## @param containerPorts.tcpSecure ClickHouse TCP container port +## @param containerPorts.mysql ClickHouse MySQL container port +## @param containerPorts.postgresql ClickHouse PostgreSQL container port +## @param containerPorts.interserver ClickHouse Interserver container port +## @param containerPorts.metrics ClickHouse metrics container port +## +containerPorts: + http: 8123 + tcp: 9000 + tcpSecure: 9440 + mysql: 9004 + postgresql: 9005 + interserver: 9009 + metrics: 8001 +## Configure extra options for ClickHouse containers' liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe on ClickHouse containers +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 +## @param readinessProbe.enabled Enable readinessProbe on ClickHouse containers +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 +## @param startupProbe.enabled Enable startupProbe on ClickHouse containers +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 +## @param customLivenessProbe Custom livenessProbe that overrides the default one +## +customLivenessProbe: {} +## @param customReadinessProbe Custom readinessProbe that overrides the default one +## +customReadinessProbe: {} +## @param customStartupProbe Custom startupProbe that overrides the default one +## +customStartupProbe: {} +## ClickHouse resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## @param resources.limits The resources limits for the ClickHouse containers +## @param resources.requests The requested resources for the ClickHouse containers +## +resources: + limits: {} + requests: {} +## Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled ClickHouse pods' Security Context +## @param podSecurityContext.fsGroup Set ClickHouse pod's Security Context fsGroup +## @param podSecurityContext.seccompProfile.type Set ClickHouse container's Security Context seccomp profile +## +podSecurityContext: + enabled: true + fsGroup: 1001 + seccompProfile: + type: "RuntimeDefault" +## Configure Container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled ClickHouse containers' Security Context +## @param containerSecurityContext.runAsUser Set ClickHouse containers' Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set ClickHouse containers' Security Context runAsNonRoot +## @param containerSecurityContext.allowPrivilegeEscalation Set ClickHouse container's privilege escalation +## @param containerSecurityContext.capabilities.drop Set ClickHouse container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + +## Authentication +## @param auth.username ClickHouse Admin username +## @param auth.password ClickHouse Admin password +## @param auth.existingSecret Name of a secret containing the Admin password +## @param auth.existingSecretKey Name of the key inside the existing secret +## +auth: + username: default + password: "" + existingSecret: "" + existingSecretKey: "" + +## @param logLevel Logging level +## +logLevel: information + +## @param defaultConfigurationOverrides [string] Default configuration overrides (evaluated as a template) +## +defaultConfigurationOverrides: | + + + + + + {{ include "common.names.fullname" . }} + + + + {{ .Values.logLevel }} + + {{- if or (ne (int .Values.shards) 1) (ne (int .Values.replicaCount) 1)}} + + + + {{- $shards := $.Values.shards | int }} + {{- range $shard, $e := until $shards }} + + {{- $replicas := $.Values.replicaCount | int }} + {{- range $i, $_e := until $replicas }} + + {{ printf "%s-shard%d-%d.%s.%s.svc.%s" (include "common.names.fullname" $ ) $shard $i (include "clickhouse.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} + {{ $.Values.service.ports.tcp }} + + {{- end }} + + {{- end }} + + + {{- end }} + {{- if or .Values.zookeeper.enabled .Values.externalZookeeper.servers }} + + + {{- if .Values.zookeeper.enabled }} + {{/* Zookeeper configuration using the helm chart */}} + {{- $nodes := .Values.zookeeper.replicaCount | int }} + {{- range $node, $e := until $nodes }} + + {{ printf "%s-%d.%s.%s.svc.%s" (include "clickhouse.zookeeper.fullname" $ ) $node (include "clickhouse.zookeeper.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} + {{ $.Values.zookeeper.service.ports.client }} + + {{- end }} + {{- else if .Values.externalZookeeper.servers }} + {{/* Zookeeper configuration using an external instance */}} + {{- range $node :=.Values.externalZookeeper.servers }} + + {{ $node }} + {{ $.Values.externalZookeeper.port }} + + {{- end }} + {{- end }} + + {{- end }} + {{- if .Values.tls.enabled }} + + + + + {{- $certFileName := default "tls.crt" .Values.tls.certFilename }} + {{- $keyFileName := default "tls.key" .Values.tls.certKeyFilename }} + /drycc/clickhouse/certs/{{$certFileName}} + /drycc/clickhouse/certs/{{$keyFileName}} + none + true + sslv2,sslv3 + true + {{- if or .Values.tls.autoGenerated .Values.tls.certCAFilename }} + {{- $caFileName := default "ca.crt" .Values.tls.certFilename }} + /drycc/clickhouse/certs/{{$caFileName}} + {{- else }} + true + {{- end }} + + + true + true + sslv2,sslv3 + true + none + + AcceptCertificateHandler + + + + {{- end }} + {{- if .Values.metrics.enabled }} + + + /metrics + + true + true + true + + {{- end }} + + +## @param existingOverridesConfigmap The name of an existing ConfigMap with your custom configuration for ClickHouse +## +existingOverridesConfigmap: "" + +## @param extraOverrides Extra configuration overrides (evaluated as a template) apart from the default +## +extraOverrides: "" + +## @param extraOverridesConfigmap The name of an existing ConfigMap with extra configuration for ClickHouse +## +extraOverridesConfigmap: "" + +## @param extraOverridesSecret The name of an existing ConfigMap with your custom configuration for ClickHouse +## +extraOverridesSecret: "" + +## @param initdbScripts Dictionary of initdb scripts +## Specify dictionary of scripts to be run at first boot +## Example: +## initdbScripts: +## my_init_script.sh: | +## #!/bin/bash +## echo "Do something." +## +initdbScripts: {} +## @param initdbScriptsSecret ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) +## +initdbScriptsSecret: "" + +## @param startdbScripts Dictionary of startdb scripts +## Specify dictionary of scripts to be run on every start +## Example: +## startdbScripts: +## my_start_script.sh: | +## #!/bin/bash +## echo "Do something." +## +startdbScripts: {} +## @param startdbScriptsSecret ConfigMap with the startdb scripts (Note: Overrides `startdbScripts`) +## +startdbScriptsSecret: "" + +## @param command Override default container command (useful when using custom images) +## +command: [] +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param hostAliases ClickHouse pods host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param podLabels Extra labels for ClickHouse pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations Annotations for ClickHouse pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for ClickHouse pods assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for ClickHouse pods assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations Tolerations for ClickHouse pods assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param updateStrategy.type ClickHouse statefulset strategy type +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + +## @param podManagementPolicy Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join +## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies +## +podManagementPolicy: Parallel + +## @param priorityClassName ClickHouse pods' priorityClassName +## +priorityClassName: "" +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods +## +topologySpreadConstraints: [] +## @param schedulerName Name of the k8s scheduler (other than default) for ClickHouse pods +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +terminationGracePeriodSeconds: "" +## @param lifecycleHooks for the ClickHouse container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @param extraEnvVars Array with extra environment variables to add to ClickHouse nodes +## e.g: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for ClickHouse nodes +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for ClickHouse nodes +## +extraEnvVarsSecret: "" +## @param extraVolumes Optionally specify extra list of additional volumes for the ClickHouse pod(s) +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the ClickHouse container(s) +## +extraVolumeMounts: [] +## @param sidecars Add additional sidecar containers to the ClickHouse pod(s) +## e.g: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] +## @param initContainers Add additional init containers to the ClickHouse pod(s) +## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## e.g: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## command: ['sh', '-c', 'echo "hello world"'] +## +initContainers: [] + +## TLS configuration +## +tls: + ## @param tls.enabled Enable TLS traffic support + ## + enabled: false + ## @param tls.autoGenerated Generate automatically self-signed TLS certificates + ## + autoGenerated: false + ## @param tls.certificatesSecret Name of an existing secret that contains the certificates + ## + certificatesSecret: "" + ## @param tls.certFilename Certificate filename + ## + certFilename: "" + ## @param tls.certKeyFilename Certificate key filename + ## + certKeyFilename: "" + ## @param tls.certCAFilename CA Certificate filename + ## If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate + ## ref: https://www.postgresql.org/docs/9.6/auth-methods.html + ## + certCAFilename: "" + +## @section Traffic Exposure Parameters +## + +## ClickHouse service parameters +## +service: + ## @param service.type ClickHouse service type + ## + type: ClusterIP + ## @param service.ports.http ClickHouse service HTTP port + ## @param service.ports.tcp ClickHouse service TCP port + ## @param service.ports.tcpSecure ClickHouse service TCP (secure) port + ## @param service.ports.mysql ClickHouse service MySQL port + ## @param service.ports.postgresql ClickHouse service PostgreSQL port + ## @param service.ports.interserver ClickHouse service Interserver port + ## @param service.ports.metrics ClickHouse service metrics port + ## + ports: + http: 8123 + tcp: 9000 + tcpSecure: 9440 + mysql: 9004 + postgresql: 9005 + interserver: 9009 + metrics: 8001 + ## Node ports to expose + ## @param service.nodePorts.http Node port for HTTP + ## @param service.nodePorts.tcp Node port for TCP + ## @param service.nodePorts.tcpSecure Node port for TCP (with TLS) + ## @param service.nodePorts.mysql Node port for MySQL + ## @param service.nodePorts.postgresql Node port for PostgreSQL + ## @param service.nodePorts.interserver Node port for Interserver + ## @param service.nodePorts.metrics Node port for metrics + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + tcp: "" + tcpSecure: "" + mysql: "" + postgresql: "" + interserver: "" + metrics: "" + ## @param service.clusterIP ClickHouse service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP ClickHouse service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges ClickHouse service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy ClickHouse service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Additional custom annotations for ClickHouse service + ## + annotations: {} + ## @param service.extraPorts Extra ports to expose in ClickHouse service (normally used with the `sidecars` value) + ## + extraPorts: [] + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## External Access to ClickHouse configuration +## +externalAccess: + ## @param externalAccess.enabled Enable Kubernetes external cluster access to ClickHouse + ## + enabled: false + ## Parameters to configure K8s service(s) used to externally access ClickHouse + ## Note: A new service per will be created + ## + service: + ## @param externalAccess.service.type Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP + ## + type: LoadBalancer + ## @param externalAccess.service.ports.http ClickHouse service HTTP port + ## @param externalAccess.service.ports.tcp ClickHouse service TCP port + ## @param externalAccess.service.ports.tcpSecure ClickHouse service TCP (secure) port + ## @param externalAccess.service.ports.mysql ClickHouse service MySQL port + ## @param externalAccess.service.ports.postgresql ClickHouse service PostgreSQL port + ## @param externalAccess.service.ports.interserver ClickHouse service Interserver port + ## @param externalAccess.service.ports.metrics ClickHouse service metrics port + ## + ports: + http: 80 + tcp: 9000 + tcpSecure: 9440 + mysql: 9004 + postgresql: 9005 + interserver: 9009 + metrics: 8001 + ## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for each ClickHouse . Length must be the same as replicaCount + ## e.g: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## + loadBalancerIPs: [] + ## @param externalAccess.service.loadBalancerAnnotations Array of load balancer annotations for each ClickHouse . Length must be the same as replicaCount + ## e.g: + ## loadBalancerAnnotations: + ## - external-dns.alpha.kubernetes.io/hostname: 1.external.example.com. + ## - external-dns.alpha.kubernetes.io/hostname: 2.external.example.com. + ## + loadBalancerAnnotations: [] + ## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param externalAccess.service.nodePorts.http Node port for HTTP + ## @param externalAccess.service.nodePorts.tcp Node port for TCP + ## @param externalAccess.service.nodePorts.tcpSecure Node port for TCP (with TLS) + ## @param externalAccess.service.nodePorts.mysql Node port for MySQL + ## @param externalAccess.service.nodePorts.postgresql Node port for PostgreSQL + ## @param externalAccess.service.nodePorts.interserver Node port for Interserver + ## @param externalAccess.service.nodePorts.metrics Node port for metrics + ## NOTE: choose port between <30000-32767> + ## e.g: + ## nodePorts: + ## tls: + ## - 30001 + ## - 30002 + ## + nodePorts: + http: [] + tcp: [] + tcpSecure: [] + mysql: [] + postgresql: [] + interserver: [] + metrics: [] + ## @param externalAccess.service.labels Service labels for external access + ## + labels: {} + ## @param externalAccess.service.annotations Service annotations for external access + ## + annotations: {} + ## @param externalAccess.service.extraPorts Extra ports to expose in the ClickHouse external service + ## + extraPorts: [] + +## ClickHouse ingress parameters +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress record generation for ClickHouse + ## + enabled: false + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.hostname Default host for the ingress record + ## + hostname: clickhouse.local + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + ## + path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: clickhouse.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - clickhouse.local + ## secretName: clickhouse.local-tls + ## + extraTls: [] + ## @param ingress.secrets Custom TLS certificates as secrets + ## NOTE: 'key' and 'certificate' are expected in PEM format + ## NOTE: 'name' should line up with a 'secretName' set further up + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## secrets: + ## - name: clickhouse.local-tls + ## key: |- + ## -----BEGIN RSA PRIVATE KEY----- + ## ... + ## -----END RSA PRIVATE KEY----- + ## certificate: |- + ## -----BEGIN CERTIFICATE----- + ## ... + ## -----END CERTIFICATE----- + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + +## @section Persistence Parameters +## + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable persistence using Persistent Volume Claims + ## + enabled: true + ## @param persistence.storageClass Storage class of backing PVC + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.annotations Persistent Volume Claim annotations + ## + annotations: {} + ## @param persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size Size of data volume + ## + size: 8Gi + ## @param persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC + ## If set, the PVC can't have a PV dynamically provisioned for it + ## E.g. + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param persistence.dataSource Custom PVC data source + ## + dataSource: {} +## @section Init Container Parameters +## + +## 'volumePermissions' init container parameters +## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values +## based on the *podSecurityContext/*containerSecurityContext parameters +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` + ## + enabled: false + ## Drycc Shell image + ## ref: https://hub.docker.com/r/drycc/drycc-shell/tags/ + ## @param volumePermissions.image.registry Drycc Shell image registry + ## @param volumePermissions.image.repository Drycc Shell image repository + ## @param volumePermissions.image.tag Drycc Shell image tag (immutable tags are recommended) + ## @param volumePermissions.image.pullPolicy Drycc Shell image pull policy + ## @param volumePermissions.image.pullSecrets Drycc Shell image pull secrets + ## + image: + registry: docker.io + repository: drycc/drycc-shell + tag: 11-debian-11-r37 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container's resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## @param volumePermissions.resources.limits The resources limits for the init container + ## @param volumePermissions.resources.requests The requested resources for the init container + ## + resources: + limits: {} + requests: {} + ## Init container Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser + ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the + ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) + ## + containerSecurityContext: + runAsUser: 0 + +## @section Other Parameters +## + +## ServiceAccount configuration +## +serviceAccount: + ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: true + +## Prometheus metrics +## +metrics: + ## @param metrics.enabled Enable the export of Prometheus metrics + ## + enabled: false + ## @param metrics.podAnnotations [object] Annotations for metrics scraping + ## + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.containerPorts.metrics }}" + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor + ## + annotations: {} + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/drycc/charts/tree/master/drycc/prometheus-operator#prometheus-configuration + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + +## @section External Zookeeper paramaters +## +externalZookeeper: + ## @param externalZookeeper.servers List of external zookeeper servers to use + ## @param externalZookeeper.port Port of the Zookeeper servers + ## + servers: [] + port: 2888 + +## @section Zookeeper subchart parameters +## +## @param zookeeper.enabled Deploy Zookeeper subchart +## @param zookeeper.replicaCount Number of Zookeeper instances +## @param zookeeper.service.ports.client Zookeeper client port +## +zookeeper: + enabled: true + replicaCount: 2 + service: + ports: + client: 2181 diff --git a/addons/clickhouse/24/meta.yaml b/addons/clickhouse/24/meta.yaml new file mode 100644 index 00000000..fccf62bb --- /dev/null +++ b/addons/clickhouse/24/meta.yaml @@ -0,0 +1,24 @@ +name: clickhouse +version: 23 +id: 5606a4c8-d0b6-4ad0-98d2-3e4fde3055f6 +description: "clickhouse" +displayName: "clickhouse" +metadata: + displayName: "clickhouse" + provider: + name: drycc + supportURL: http://clickhouse.io/ + documentationURL: https://github.com/drycc-addons/ +tags: clickhouse +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "networkPolicy.allowNamespaces" + required: false + description: "networkPolicy allowNamespaces config for values.yaml" +- name: "service.type" + required: false + description: "service type config for values.yaml" +archive: false From 2b32b73cbf789ca455d35f371bc682ec0da4b331 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 18 Jun 2024 17:03:19 +0800 Subject: [PATCH 097/122] chore(addons): modify cronjob images pull policy --- .../8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml index 6b51d3d7..f8f656e3 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml @@ -30,7 +30,7 @@ spec: initContainers: - name: backup-wait image: registry.drycc.cc/drycc/python-dev:latest - imagePullPolicy: {{.Values.imagePullPolicy}} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} args: - netcat - -v From 4b7ed95a636a26e46376b057cfc986a2cdb049fc Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 18 Jun 2024 17:07:59 +0800 Subject: [PATCH 098/122] chore(clickhouse): fix chart version --- addons/clickhouse/24/chart/clickhouse/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/clickhouse/24/chart/clickhouse/Chart.yaml b/addons/clickhouse/24/chart/clickhouse/Chart.yaml index 5b3abe01..05273a02 100644 --- a/addons/clickhouse/24/chart/clickhouse/Chart.yaml +++ b/addons/clickhouse/24/chart/clickhouse/Chart.yaml @@ -21,4 +21,4 @@ name: clickhouse sources: - https://github.com/drycc/containers/tree/main/drycc/clickhouse - https://github.com/ClickHouse/ClickHouse -version: 24 +version: 24.0 From 75ef7255b2d768339b859b134a081de8d8c2ad0f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 18 Jun 2024 17:15:29 +0800 Subject: [PATCH 099/122] chore(clickhouse): fix chart version --- addons/clickhouse/24/chart/clickhouse/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/clickhouse/24/chart/clickhouse/Chart.yaml b/addons/clickhouse/24/chart/clickhouse/Chart.yaml index 05273a02..ab3c1027 100644 --- a/addons/clickhouse/24/chart/clickhouse/Chart.yaml +++ b/addons/clickhouse/24/chart/clickhouse/Chart.yaml @@ -21,4 +21,4 @@ name: clickhouse sources: - https://github.com/drycc/containers/tree/main/drycc/clickhouse - https://github.com/ClickHouse/ClickHouse -version: 24.0 +version: 24.0.1 From b2669e8f847e5d7e1b06c77ec716d4eb85e89e00 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 21 Jun 2024 13:46:20 +0800 Subject: [PATCH 100/122] chore(mysql-cluster): change dump default theads to 1 for avoid use too many mem --- .../8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml index f8f656e3..0947721d 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml @@ -66,7 +66,7 @@ spec: endpoint=os.getenv('AWS_ENDPOINT_URL') bucket_name=os.getenv('AWS_BUCKET_NAME') - util.dump_instance(now_str, {'s3BucketName': bucket_name, 's3EndpointOverride': endpoint, 'threads': 4, 'compatibility': ['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] ,'excludeSchemas': ['mysql_innodb_cluster_metadata','sys','information_schema','performance_schema','mondb'],'compatibility':['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] }) + util.dump_instance(now_str, {'s3BucketName': bucket_name, 's3EndpointOverride': endpoint, 'threads': 1, 'compatibility': ['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] ,'excludeSchemas': ['mysql_innodb_cluster_metadata','sys','information_schema','performance_schema','mondb'],'compatibility':['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] }) " > /tmp/dump_instance.py mysqlsh --uri=${MYSQL_ROOT_USER}@${MYSQL_HOST}:${MYSQL_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} --py < /tmp/dump_instance.py From c0e9bec2fb0a809a451c69b15c131c8162cf556f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 21 Jun 2024 13:55:49 +0800 Subject: [PATCH 101/122] chore(clickhouse): add plans --- .../24/chart/clickhouse/values.yaml | 4 +-- .../24/plans/standard-2c4g20/bind.yaml | 26 +++++++++++++++++++ .../create-instance-schema.json | 12 +++++++++ .../24/plans/standard-2c4g20/meta.yaml | 6 +++++ .../24/plans/standard-2c4g20/values.yaml | 23 ++++++++++++++++ .../24/plans/standard-4c16g100/bind.yaml | 26 +++++++++++++++++++ .../create-instance-schema.json | 12 +++++++++ .../24/plans/standard-4c16g100/meta.yaml | 6 +++++ .../24/plans/standard-4c16g100/values.yaml | 23 ++++++++++++++++ 9 files changed, 136 insertions(+), 2 deletions(-) create mode 100644 addons/clickhouse/24/plans/standard-2c4g20/bind.yaml create mode 100644 addons/clickhouse/24/plans/standard-2c4g20/create-instance-schema.json create mode 100644 addons/clickhouse/24/plans/standard-2c4g20/meta.yaml create mode 100644 addons/clickhouse/24/plans/standard-2c4g20/values.yaml create mode 100644 addons/clickhouse/24/plans/standard-4c16g100/bind.yaml create mode 100644 addons/clickhouse/24/plans/standard-4c16g100/create-instance-schema.json create mode 100644 addons/clickhouse/24/plans/standard-4c16g100/meta.yaml create mode 100644 addons/clickhouse/24/plans/standard-4c16g100/values.yaml diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml index fc6fef0d..b1764c87 100644 --- a/addons/clickhouse/24/chart/clickhouse/values.yaml +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -212,7 +212,7 @@ containerSecurityContext: ## @param auth.existingSecretKey Name of the key inside the existing secret ## auth: - username: default + username: administrator password: "" existingSecret: "" existingSecretKey: "" @@ -898,7 +898,7 @@ serviceAccount: metrics: ## @param metrics.enabled Enable the export of Prometheus metrics ## - enabled: false + enabled: true ## @param metrics.podAnnotations [object] Annotations for metrics scraping ## podAnnotations: diff --git a/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml b/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml new file mode 100644 index 00000000..2f2ffbf1 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml @@ -0,0 +1,26 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: {{ printf "EXTRANET_HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: {{ printf "HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + value: 'administrator' + - name: TCP_PORT + value: 9000 + - name: HTTP_PORT + value: 8123 + - name: MYSQL_PORT + value: 9004 diff --git a/addons/clickhouse/24/plans/standard-2c4g20/create-instance-schema.json b/addons/clickhouse/24/plans/standard-2c4g20/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-2c4g20/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-2c4g20/meta.yaml b/addons/clickhouse/24/plans/standard-2c4g20/meta.yaml new file mode 100644 index 00000000..ca409ee7 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-2c4g20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-2c4g20" +id: 9866afb5-eeb1-4c89-a6d6-01197ff34bbc +description: "clickhouse standard-2c4g20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G " +displayName: "standard-2c4g20" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-2c4g20/values.yaml b/addons/clickhouse/24/plans/standard-2c4g20/values.yaml new file mode 100644 index 00000000..254b4fea --- /dev/null +++ b/addons/clickhouse/24/plans/standard-2c4g20/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-clickhouse-cluster-standard-2c4g20 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi + +persistence: + size: 20Gi diff --git a/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml b/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml new file mode 100644 index 00000000..a66a7cd7 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml @@ -0,0 +1,26 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: {{ printf "EXTRANET_HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: {{ printf "HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + value: 'administrator' + - name: TCP_PORT + value: 9000 + - name: HTTP_PORT + value: 8123 + - name: MYSQL_PORT + value: 9004 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-4c16g100/create-instance-schema.json b/addons/clickhouse/24/plans/standard-4c16g100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-4c16g100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-4c16g100/meta.yaml b/addons/clickhouse/24/plans/standard-4c16g100/meta.yaml new file mode 100644 index 00000000..ed5ad077 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-4c16g100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4c16g100" +id: e30e5296-ce38-48cb-981c-9bb1c2e43833 +description: "clickhouse standard-4c16g100 plan: Disk 100Gi ,vCPUs c , RAM 16G " +displayName: "standard-4c16g100" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-4c16g100/values.yaml b/addons/clickhouse/24/plans/standard-4c16g100/values.yaml new file mode 100644 index 00000000..8b69f236 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-4c16g100/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-clickhouse-cluster-standard-4c16g100 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 4000m + memory: 16Gi + requests: + cpu: 4000m + memory: 16Gi + +persistence: + size: 100Gi From 1ddd319dc24c6207e2bdb8f4b688568aa782bd07 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 26 Jun 2024 16:20:55 +0800 Subject: [PATCH 102/122] chore(clickhouse): update use keeper --- .../chart/clickhouse/templates/_helpers.tpl | 34 +- .../clickhouse/templates/configmap-extra.yaml | 10 +- .../templates/configmap-users-extra.yaml | 20 + .../chart/clickhouse/templates/configmap.yaml | 10 +- .../clickhouse/templates/extra-list.yaml | 5 + .../templates/ingress-tls-secrets.yaml | 26 +- .../chart/clickhouse/templates/ingress.yaml | 21 +- .../templates/init-scripts-secret.yaml | 10 +- .../clickhouse/templates/networkpolicy.yaml | 135 ++++++ .../24/chart/clickhouse/templates/pdb.yaml | 34 ++ .../clickhouse/templates/prometheusrule.yaml | 24 + .../templates/scripts-configmap.yaml | 34 ++ .../24/chart/clickhouse/templates/secret.yaml | 10 +- .../clickhouse/templates/service-account.yaml | 19 +- .../templates/service-external-access.yaml | 59 ++- .../templates/service-headless.yaml | 56 ++- .../chart/clickhouse/templates/service.yaml | 66 ++- .../clickhouse/templates/servicemonitor.yaml | 28 +- .../templates/start-scripts-secret.yaml | 10 +- .../clickhouse/templates/statefulset.yaml | 209 ++++++--- .../clickhouse/templates/tls-secret.yaml | 21 +- .../24/chart/clickhouse/values.yaml | 420 ++++++++++++++---- addons/clickhouse/24/meta.yaml | 2 +- .../24/plans/standard-2c4g20/bind.yaml | 2 +- .../24/plans/standard-4c16g100/bind.yaml | 2 +- 25 files changed, 1005 insertions(+), 262 deletions(-) create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/configmap-users-extra.yaml mode change 100755 => 100644 addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/networkpolicy.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/pdb.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/prometheusrule.yaml create mode 100644 addons/clickhouse/24/chart/clickhouse/templates/scripts-configmap.yaml diff --git a/addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl b/addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl index 5d3b9dca..64055c41 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl +++ b/addons/clickhouse/24/chart/clickhouse/templates/_helpers.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* Return the proper ClickHouse image name */}} @@ -94,6 +99,18 @@ Get the ClickHouse configuration configmap. {{- end -}} {{- end -}} + +{{/* +Get the ClickHouse configuration users configmap. +*/}} +{{- define "clickhouse.usersExtraConfigmapName" -}} +{{- if .Values.usersExtraOverridesConfigmap -}} + {{- .Values.usersExtraOverridesConfigmap -}} +{{- else }} + {{- printf "%s-users-extra" (include "common.names.fullname" . ) -}} +{{- end -}} +{{- end -}} + {{/* Get the Clickhouse password secret name */}} @@ -185,17 +202,18 @@ Compile all warnings into a single message. {{- end -}} {{- end -}} -{{/* Validate values of ClickHouse - Zookeeper */}} +{{/* Validate values of ClickHouse - [Zoo]keeper */}} {{- define "clickhouse.validateValues.zookeeper" -}} -{{- if and .Values.zookeeper.enabled .Values.externalZookeeper.servers -}} -clickhouse: Multiple Zookeeper - You can only use one zookeeper - Please choose installing a Zookeeper chart (--set zookeeper.enabled=true) or +{{- if or (and .Values.keeper.enabled .Values.zookeeper.enabled) (and .Values.keeper.enabled .Values.externalZookeeper.servers) (and .Values.zookeeper.enabled .Values.externalZookeeper.servers) -}} +clickhouse: Multiple [Zoo]keeper + You can only use one [zoo]keeper + Please choose use ClickHouse keeper or + installing a Zookeeper chart (--set zookeeper.enabled=true) or using an external instance (--set zookeeper.servers ) {{- end -}} -{{- if and (not .Values.zookeeper.enabled) (not .Values.externalZookeeper.servers) (ne (int .Values.shards) 1) (ne (int .Values.replicaCount) 1) -}} -clickhouse: No Zookeeper - If you are deploying more than one ClickHouse instance, you need to enable Zookeeper. Please choose installing a Zookeeper chart (--set zookeeper.enabled=true) or +{{- if and (not .Values.keeper.enabled) (not .Values.zookeeper.enabled) (not .Values.externalZookeeper.servers) (ne (int .Values.shards) 1) (ne (int .Values.replicaCount) 1) -}} +clickhouse: No [Zoo]keeper + If you are deploying more than one ClickHouse instance, you need to enable [Zoo]keeper. Please choose installing a [Zoo]keeper (--set keeper.enabled=true) or (--set zookeeper.enabled=true) or using an external instance (--set zookeeper.servers ) {{- end -}} {{- end -}} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml b/addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml index f78a3aef..e0bffcd6 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/configmap-extra.yaml @@ -1,14 +1,16 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.extraOverrides (not .Values.extraOverridesConfigmap) }} apiVersion: v1 kind: ConfigMap metadata: name: {{ printf "%s-extra" (include "common.names.fullname" .) }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/configmap-users-extra.yaml b/addons/clickhouse/24/chart/clickhouse/templates/configmap-users-extra.yaml new file mode 100644 index 00000000..bd408b79 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/configmap-users-extra.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.usersExtraOverrides (not .Values.usersExtraOverridesConfigmap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-users-extra" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + 01_users_extra_overrides.xml: | + {{- include "common.tplvalues.render" (dict "value" .Values.usersExtraOverrides "context" $) | nindent 4 }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml b/addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml index 2a427dca..49cf3e33 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/configmap.yaml @@ -1,14 +1,16 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if not .Values.existingOverridesConfigmap }} apiVersion: v1 kind: ConfigMap metadata: name: {{ template "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml b/addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml index 9ac65f9e..329f5c65 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/extra-list.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- range .Values.extraDeploy }} --- {{ include "common.tplvalues.render" (dict "value" . "context" $) }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml b/addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml index cdab66cf..27c438cd 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/ingress-tls-secrets.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.ingress.enabled }} {{- if .Values.ingress.secrets }} {{- range .Values.ingress.secrets }} @@ -6,12 +11,9 @@ kind: Secret metadata: name: {{ .name }} namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: kubernetes.io/tls data: @@ -21,24 +23,22 @@ data: {{- end }} {{- end }} {{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} {{- $ca := genCA "clickhouse-ca" 365 }} {{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} + name: {{ $secretName }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: kubernetes.io/tls data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml b/addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml old mode 100755 new mode 100644 index fa1b8db2..dbe543fa --- a/addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/ingress.yaml @@ -1,20 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.ingress.enabled }} apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ include "common.names.fullname" . }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} spec: {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} ingressClassName: {{ .Values.ingress.ingressClassName | quote }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml index 96f83f61..f5b32fc0 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/init-scripts-secret.yaml @@ -1,14 +1,16 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.initdbScripts (not .Values.initdbScriptsSecret) }} apiVersion: v1 kind: Secret metadata: name: {{ printf "%s-init-scripts" (include "common.names.fullname" .) }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/networkpolicy.yaml b/addons/clickhouse/24/chart/clickhouse/templates/networkpolicy.yaml new file mode 100644 index 00000000..92cef548 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/networkpolicy.yaml @@ -0,0 +1,135 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: clickhouse + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to other cluster pods + - ports: + - port: {{ .Values.service.ports.http }} + {{- if .Values.tls.enabled }} + - port: {{ .Values.service.ports.https }} + {{- end }} + - port: {{ .Values.service.ports.tcp }} + {{- if .Values.tls.enabled }} + - port: {{ .Values.service.ports.tcpSecure }} + {{- end }} + {{- if .Values.keeper.enabled }} + - port: {{ .Values.service.ports.keeper }} + - port: {{ .Values.service.ports.keeperInter }} + {{- if .Values.tls.enabled }} + - port: {{ .Values.service.ports.keeperSecure }} + {{- end }} + {{- end }} + - port: {{ .Values.service.ports.mysql }} + - port: {{ .Values.service.ports.postgresql }} + - port: {{ .Values.service.ports.interserver }} + {{- if .Values.metrics.enabled }} + - port: {{ .Values.service.ports.metrics }} + {{- end }} + {{- if $.Values.externalAccess.enabled }} + - port: {{ $.Values.externalAccess.service.ports.http }} + {{- if $.Values.tls.enabled }} + - port: {{ $.Values.externalAccess.service.ports.https }} + {{- end }} + {{- if $.Values.metrics.enabled }} + - port: {{ $.Values.externalAccess.service.ports.metrics }} + {{- end }} + - port: {{ $.Values.externalAccess.service.ports.tcp }} + {{- if $.Values.tls.enabled }} + - port: {{ $.Values.externalAccess.service.ports.tcpSecure }} + {{- end }} + {{- if $.Values.keeper.enabled }} + - port: {{ $.Values.externalAccess.service.ports.keeper }} + - port: {{ $.Values.externalAccess.service.ports.keeperInter }} + {{- if $.Values.tls.enabled }} + - port: {{ $.Values.externalAccess.service.ports.keeperSecure }} + {{- end }} + {{- end }} + - port: {{ $.Values.externalAccess.service.ports.mysql }} + - port: {{ $.Values.externalAccess.service.ports.postgresql }} + - port: {{ $.Values.externalAccess.service.ports.interserver }} + {{- end }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + {{- if eq $.Values.service.type "ClusterIP" }} + ingress: + - ports: + - port: {{ $.Values.containerPorts.http }} + - port: {{ $.Values.containerPorts.tcp }} + - port: {{ $.Values.containerPorts.mysql }} + - port: {{ $.Values.containerPorts.postgresql }} + - port: {{ $.Values.containerPorts.interserver }} + {{- if $.Values.tls.enabled }} + - port: {{ $.Values.containerPorts.tcpSecure }} + - port: {{ $.Values.containerPorts.https }} + {{- end }} + {{- if $.Values.keeper.enabled }} + - port: {{ $.Values.containerPorts.keeper }} + - port: {{ $.Values.containerPorts.keeperInter }} + {{- if $.Values.tls.enabled }} + - port : {{ $.Values.containerPorts.keeperSecure }} + {{- end }} + {{- end }} + {{- if $.Values.metrics.enabled }} + - port: {{ $.Values.containerPorts.metrics }} + {{- end }} + + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + {{- if eq $.Values.service.type "LoadBalancer" }} + ingress: + - {} + {{- end }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/pdb.yaml b/addons/clickhouse/24/chart/clickhouse/templates/pdb.yaml new file mode 100644 index 00000000..b8de1224 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/pdb.yaml @@ -0,0 +1,34 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.pdb.create }} +{{- $shards := .Values.shards | int }} +{{- range $i, $e := until $shards }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" $ }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-shard%d" (include "common.names.fullname" $ ) $i }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: clickhouse + shard: {{ $i | quote }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if $.Values.pdb.minAvailable }} + minAvailable: {{ $.Values.pdb.minAvailable }} + {{- end }} + {{- if or $.Values.pdb.maxUnavailable (not $.Values.pdb.minAvailable) }} + maxUnavailable: {{ $.Values.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list $.Values.podLabels $.Values.commonLabels) "context" $) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: clickhouse + shard: {{ $i | quote }} +--- +{{- end }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/prometheusrule.yaml b/addons/clickhouse/24/chart/clickhouse/templates/prometheusrule.yaml new file mode 100644 index 00000000..5e499111 --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/prometheusrule.yaml @@ -0,0 +1,24 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled .Values.metrics.prometheusRule.rules }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "common.names.fullname" . }} + rules: {{- toYaml .Values.metrics.prometheusRule.rules | nindent 8 }} +{{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/scripts-configmap.yaml b/addons/clickhouse/24/chart/clickhouse/templates/scripts-configmap.yaml new file mode 100644 index 00000000..80e64e8a --- /dev/null +++ b/addons/clickhouse/24/chart/clickhouse/templates/scripts-configmap.yaml @@ -0,0 +1,34 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + setup.sh: |- + #!/bin/bash + + # Execute entrypoint as usual after obtaining KEEPER_SERVER_ID + # check KEEPER_SERVER_ID in persistent volume via myid + # if not present, set based on POD hostname + if [[ -f "/drycc/clickhouse/keeper/data/myid" ]]; then + export KEEPER_SERVER_ID="$(cat /drycc/clickhouse/keeper/data/myid)" + else + HOSTNAME="$(hostname -s)" + if [[ $HOSTNAME =~ (.*)-([0-9]+)$ ]]; then + export KEEPER_SERVER_ID=${BASH_REMATCH[2]} + else + echo "Failed to get index from hostname $HOST" + exit 1 + fi + fi + exec /opt/drycc/scripts/clickhouse/entrypoint.sh /opt/drycc/scripts/clickhouse/run.sh -- --listen_host=0.0.0.0 diff --git a/addons/clickhouse/24/chart/clickhouse/templates/secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/secret.yaml index 89f58cee..7a1f961f 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/secret.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/secret.yaml @@ -1,14 +1,16 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if not .Values.auth.existingSecret }} apiVersion: v1 kind: Secret metadata: name: {{ template "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml index b3787391..58c3eeed 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/service-account.yaml @@ -1,22 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "clickhouse.serviceAccountName" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml index 2af4abb2..5393a531 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/service-external-access.yaml @@ -1,28 +1,30 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if $.Values.externalAccess.enabled }} {{- $shards := $.Values.shards | int }} {{- $replicas := $.Values.replicaCount | int }} {{- $totalNodes := mul $shards $replicas }} {{- range $shard, $e := until $shards }} {{- range $i, $_e := until $replicas }} +{{- $loadBalancerAnnotationPosOffset := mul $shard $replicas }} +{{- $loadBalancerAnnotationPosition := add $loadBalancerAnnotationPosOffset $i }} {{- $targetPod := printf "%s-shard%d-%d" (include "common.names.fullname" $) $shard $i }} apiVersion: v1 kind: Service metadata: name: {{ printf "%s-external" $targetPod | trunc 63 | trimSuffix "-" }} namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.externalAccess.service.labels $.Values.commonLabels ) "context" $ ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse pod: {{ $targetPod }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.externalAccess.service.labels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.externalAccess.service.labels "context" $) | nindent 4 }} - {{- end }} {{- if or $.Values.externalAccess.service.annotations $.Values.commonAnnotations $.Values.externalAccess.service.loadBalancerAnnotations }} annotations: {{- if and (not (empty $.Values.externalAccess.service.loadBalancerAnnotations)) (eq (len $.Values.externalAccess.service.loadBalancerAnnotations) $totalNodes) }} - {{ include "common.tplvalues.render" ( dict "value" (index $.Values.externalAccess.service.loadBalancerAnnotations $i) "context" $) | nindent 4 }} + {{ include "common.tplvalues.render" ( dict "value" (index $.Values.externalAccess.service.loadBalancerAnnotations $loadBalancerAnnotationPosition) "context" $) | nindent 4 }} {{- end }} {{- if $.Values.externalAccess.service.annotations }} {{- include "common.tplvalues.render" ( dict "value" $.Values.externalAccess.service.annotations "context" $) | nindent 4 }} @@ -50,6 +52,16 @@ spec: {{- else }} nodePort: null {{- end }} + {{- if $.Values.tls.enabled }} + - name: https + port: {{ $.Values.externalAccess.service.ports.https }} + targetPort: https + {{- if not (empty $.Values.externalAccess.service.nodePorts.https) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.https $i }} + {{- else }} + nodePort: null + {{- end }} + {{- end }} {{- if $.Values.metrics.enabled }} - name: http-metrics port: {{ $.Values.externalAccess.service.ports.metrics }} @@ -78,6 +90,34 @@ spec: nodePort: null {{- end }} {{- end }} + {{- if $.Values.keeper.enabled }} + - name: tcp-keeper + port: {{ $.Values.externalAccess.service.ports.keeper }} + targetPort: tcp-keeper + {{- if not (empty $.Values.externalAccess.service.nodePorts.keeper) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.keeper $i }} + {{- else }} + nodePort: null + {{- end }} + - name: tcp-keeperinter + port: {{ $.Values.externalAccess.service.ports.keeperInter }} + targetPort: tcp-keeperinter + {{- if not (empty $.Values.externalAccess.service.nodePorts.keeperInter) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.keeperInter $i }} + {{- else }} + nodePort: null + {{- end }} + {{- if $.Values.tls.enabled }} + - name: tcp-keepertls + port: {{ $.Values.externalAccess.service.ports.keeperSecure }} + targetPort: tcp-keepertls + {{- if not (empty $.Values.externalAccess.service.nodePorts.keeperSecure) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.keeperSecure $i }} + {{- else }} + nodePort: null + {{- end }} + {{- end }} + {{- end }} - name: tcp-mysql port: {{ $.Values.externalAccess.service.ports.mysql }} targetPort: tcp-mysql @@ -105,7 +145,8 @@ spec: {{- if $.Values.externalAccess.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" $.Values.externalAccess.service.extraPorts "context" $) | nindent 4 }} {{- end }} - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.podLabels $.Values.commonLabels ) "context" $ ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse statefulset.kubernetes.io/pod-name: {{ $targetPod }} --- diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml index 33f86ce1..23d4496a 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/service-headless.yaml @@ -1,21 +1,18 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: v1 kind: Service metadata: name: {{ include "clickhouse.headlessServiceName" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} + {{- if or .Values.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: type: ClusterIP @@ -24,32 +21,49 @@ spec: ports: - name: http targetPort: http - port: {{ .Values.service.ports.http }} + port: {{ .Values.containerPorts.http }} protocol: TCP - name: tcp targetPort: tcp - port: {{ .Values.service.ports.tcp }} + port: {{ .Values.containerPorts.tcp }} protocol: TCP {{- if .Values.tls.enabled }} - name: tcp-secure targetPort: tcp-secure - port: {{ .Values.service.ports.tcpSecure }} + port: {{ .Values.containerPorts.tcpSecure }} + protocol: TCP + {{- end }} + {{- if .Values.keeper.enabled }} + - name: tcp-keeper + targetPort: tcp-keeper + port: {{ .Values.containerPorts.keeper }} protocol: TCP + - name: tcp-keeperinter + targetPort: tcp-keeperinter + port: {{ .Values.containerPorts.keeperInter }} + protocol: TCP + {{- if .Values.tls.enabled }} + - name: tcp-keepertls + targetPort: tcp-keepertls + port: {{ .Values.containerPorts.keeperSecure }} + protocol: TCP + {{- end }} {{- end }} - - name: mysql - targetPort: mysql - port: {{ .Values.service.ports.mysql }} + - name: tcp-mysql + targetPort: tcp-mysql + port: {{ .Values.containerPorts.mysql }} protocol: TCP - name: tcp-postgresql targetPort: tcp-postgresql - port: {{ .Values.service.ports.postgresql }} + port: {{ .Values.containerPorts.postgresql }} protocol: TCP - name: http-intersrv targetPort: http-intersrv - port: {{ .Values.service.ports.interserver }} + port: {{ .Values.containerPorts.interserver }} protocol: TCP {{- if .Values.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse diff --git a/addons/clickhouse/24/chart/clickhouse/templates/service.yaml b/addons/clickhouse/24/chart/clickhouse/templates/service.yaml index fe2dfc60..3d3f3d7c 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/service.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/service.yaml @@ -1,21 +1,18 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: v1 kind: Service metadata: name: {{ template "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: type: {{ .Values.service.type }} @@ -32,7 +29,7 @@ spec: externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} {{- end }} {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} loadBalancerIP: {{ .Values.service.loadBalancerIP }} @@ -47,6 +44,17 @@ spec: {{- else if eq .Values.service.type "ClusterIP" }} nodePort: null {{- end }} + {{- if .Values.tls.enabled }} + - name: https + targetPort: https + port: {{ .Values.service.ports.https }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }} + nodePort: {{ .Values.service.nodePorts.https }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} - name: tcp targetPort: tcp port: {{ .Values.service.ports.tcp }} @@ -67,6 +75,37 @@ spec: nodePort: null {{- end }} {{- end }} + {{- if .Values.keeper.enabled }} + - name: tcp-keeper + targetPort: tcp-keeper + port: {{ .Values.service.ports.keeper }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.tcp)) }} + nodePort: {{ .Values.service.nodePorts.keeper }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: tcp-keeperinter + targetPort: tcp-keeperinter + port: {{ .Values.service.ports.keeperInter }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.tcp)) }} + nodePort: {{ .Values.service.nodePorts.keeperInter }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.tls.enabled }} + - name: tcp-keepertls + targetPort: tcp-keepertls + port: {{ .Values.service.ports.keeperSecure }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.tcpSecure)) }} + nodePort: {{ .Values.service.nodePorts.keeperSecure }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + {{- end }} - name: tcp-mysql targetPort: tcp-mysql port: {{ .Values.service.ports.mysql }} @@ -108,5 +147,6 @@ spec: {{- if .Values.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse diff --git a/addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml b/addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml index 8477fc6e..7e611255 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/servicemonitor.yaml @@ -1,27 +1,25 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "common.names.fullname" . }} namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.annotations "context" $ ) | nindent 4 }} - {{- end }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: clickhouse + {{- if or .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} spec: jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} {{- if .Values.metrics.serviceMonitor.selector }} {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml index 0239d702..a35a1648 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/start-scripts-secret.yaml @@ -1,14 +1,16 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.startdbScripts (not .Values.startdbScriptsSecret) }} apiVersion: v1 kind: Secret metadata: name: {{ printf "%s-start-scripts" (include "common.names.fullname" .) }} namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml b/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml index 3c4ffa7a..a9ae7440 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml @@ -1,23 +1,32 @@ -{{- $replicas := .Values.shards | int }} -{{- range $i, $e := until $replicas }} +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- $shards := .Values.shards | int }} +{{- range $i, $e := until $shards }} apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }} kind: StatefulSet metadata: name: {{ printf "%s-shard%d" (include "common.names.fullname" $ ) $i }} namespace: {{ include "common.names.namespace" $ | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + shard: {{ $i | quote }} {{- if $.Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: + {{- if $.Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ $.Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ $.Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} replicas: {{ $.Values.replicaCount }} podManagementPolicy: {{ $.Values.podManagementPolicy | quote }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.podLabels $.Values.commonLabels ) "context" $ ) }} selector: - matchLabels: {{ include "common.labels.matchLabels" $ | nindent 6 }} + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: clickhouse serviceName: {{ printf "%s-headless" (include "common.names.fullname" $) }} {{- if $.Values.updateStrategy }} @@ -25,23 +34,23 @@ spec: {{- end }} template: metadata: - {{- if or $.Values.podAnnotations (and $.Values.metrics.enabled $.Values.metrics.podAnnotations) }} annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") $ | sha256sum }} + checksum/config-extra: {{ include (print $.Template.BasePath "/configmap-extra.yaml") $ | sha256sum }} + checksum/config-users-extra: {{ include (print $.Template.BasePath "/configmap-users-extra.yaml") $ | sha256sum }} {{- if $.Values.podAnnotations }} {{- include "common.tplvalues.render" (dict "value" $.Values.podAnnotations "context" $) | nindent 8 }} {{- end }} {{- if and $.Values.metrics.enabled $.Values.metrics.podAnnotations }} {{- include "common.tplvalues.render" (dict "value" $.Values.metrics.podAnnotations "context" $) | nindent 8 }} {{- end }} - {{- end }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} app.kubernetes.io/component: clickhouse - {{- if $.Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" $.Values.podLabels "context" $) | nindent 8 }} - {{- end }} + shard: {{ $i | quote }} spec: serviceAccountName: {{ template "clickhouse.serviceAccountName" $ }} {{- include "clickhouse.imagePullSecrets" $ | nindent 6 }} + automountServiceAccountToken: {{ $.Values.automountServiceAccountToken }} {{- if $.Values.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" $.Values.hostAliases "context" $) | nindent 8 }} {{- end }} @@ -49,8 +58,8 @@ spec: affinity: {{- include "common.tplvalues.render" ( dict "value" $.Values.affinity "context" $) | nindent 8 }} {{- else }} affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAffinityPreset "component" "clickhouse" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAntiAffinityPreset "component" "clickhouse" "context" $) | nindent 10 }} + podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAffinityPreset "component" "clickhouse" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAntiAffinityPreset "component" "clickhouse" "customLabels" $podLabels "extraPodAffinityTerms" (ternary (list (dict "extraMatchLabels" (dict "shard" $i) "topologyKey" "topology.kubernetes.io/zone")) (list) $.Values.distributeReplicasByZone) "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" $.Values.nodeAffinityPreset.type "key" $.Values.nodeAffinityPreset.key "values" $.Values.nodeAffinityPreset.values) | nindent 10 }} {{- end }} {{- if $.Values.nodeSelector }} @@ -66,10 +75,10 @@ spec: schedulerName: {{ $.Values.schedulerName | quote }} {{- end }} {{- if $.Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" $.Values.topologySpreadConstraints "context" .) | nindent 8 }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" $.Values.topologySpreadConstraints "context" $) | nindent 8 }} {{- end }} {{- if $.Values.podSecurityContext.enabled }} - securityContext: {{- omit $.Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + ssecurityContext: {{- omit $.Values.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{- if $.Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} @@ -81,9 +90,11 @@ spec: imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} {{- if $.Values.resources }} resources: {{- toYaml $.Values.resources | nindent 12 }} + {{- else if ne $.Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" $.Values.resourcesPreset) | nindent 12 }} {{- end }} - # We don't require a privileged container in this case {{- if $.Values.containerSecurityContext.enabled }} + # We don't require a privileged container in this case securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} command: @@ -97,36 +108,47 @@ spec: mountPath: /tmp/certs - name: clickhouse-certificates mountPath: /opt/drycc/clickhouse/certs + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- else if and $.Values.volumePermissions.enabled $.Values.persistence.enabled }} - name: volume-permissions image: {{ include "clickhouse.volumePermissions.image" $ }} imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} - command: | - mkdir -p /drycc/clickhouse/data - chmod 700 /drycc/clickhouse/data - chown {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /drycc/clickhouse - find /drycc/clickhouse -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ - xargs -r chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} - {{- if $.Values.tls.enabled }} - cp /tmp/certs/* /opt/drycc/clickhouse/certs/ - {{- if eq ( toString ( $.Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/drycc/clickhouse/certs/ - {{- else }} - chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /opt/drycc/clickhouse/certs/ - {{- end }} - chmod 600 {{ include "clickhouse.tlsCertKey" $ }} - {{- end }} - {{- if $.Values.containerSecurityContext.enabled }} - securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} + command: + - /bin/sh + - -ec + - | + mkdir -p /drycc/clickhouse/data + chmod 700 /drycc/clickhouse/data + {{- if $.Values.keeper.enabled }} + mkdir -p /drycc/clickhouse/keeper + chmod 700 /drycc/clickhouse/keeper + {{- end }} + chown {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /drycc/clickhouse + find /drycc/clickhouse -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + xargs -r chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} + {{- if $.Values.tls.enabled }} + cp /tmp/certs/* /opt/drycc/clickhouse/certs/ + {{- if eq ( toString ( $.Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/drycc/clickhouse/certs/ + {{- else }} + chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /opt/drycc/clickhouse/certs/ + {{- end }} + chmod 600 {{ include "clickhouse.tlsCertKey" $ }} + {{- end }} + securityContext: {{- include "common.tplvalues.render" (dict "value" $.Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }} {{- if $.Values.volumePermissions.resources }} resources: {{- toYaml $.Values.volumePermissions.resources | nindent 12 }} + {{- else if ne $.Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" $.Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data mountPath: /drycc/clickhouse - - name: config - mountPath: /drycc/clickhouse/conf/default + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- if $.Values.tls.enabled }} - name: raw-certificates mountPath: /tmp/certs @@ -155,7 +177,7 @@ spec: args: {{- include "common.tplvalues.render" (dict "value" $.Values.args "context" $) | nindent 12 }} {{- end }} env: - - name: DRYCC_DEBUG + - name: drycc_DEBUG value: {{ ternary "true" "false" (or $.Values.image.debug $.Values.diagnosticMode.enabled) | quote }} - name: CLICKHOUSE_HTTP_PORT value: {{ $.Values.containerPorts.http | quote }} @@ -170,6 +192,18 @@ spec: {{- if $.Values.tls.enabled }} - name: CLICKHOUSE_TCP_SECURE_PORT value: {{ $.Values.containerPorts.tcpSecure | quote }} + - name: CLICKHOUSE_HTTPS_PORT + value: {{ $.Values.containerPorts.https | quote }} + {{- end }} + {{- if $.Values.keeper.enabled }} + - name: CLICKHOUSE_KEEPER_PORT + value: {{ $.Values.containerPorts.keeper | quote }} + - name: CLICKHOUSE_KEEPER_INTER_PORT + value: {{ $.Values.containerPorts.keeperInter | quote }} + {{- if $.Values.tls.enabled }} + - name: CLICKHOUSE_KEEPER_SECURE_PORT + value: {{ $.Values.containerPorts.keeperSecure | quote }} + {{- end }} {{- end }} {{- if $.Values.metrics.enabled }} - name: CLICKHOUSE_METRICS_PORT @@ -196,9 +230,22 @@ spec: - name: CLICKHOUSE_TLS_CA_FILE value: {{ include "clickhouse.tlsCACert" $ | quote }} {{- end }} - {{- if $.Values.extraEnvVars }} + {{- if $.Values.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }} {{- end }} + {{- if $.Values.keeper.enabled }} + {{- $replicas := $.Values.replicaCount | int }} + {{- range $j, $r := until $replicas }} + - name: {{ printf "KEEPER_NODE_%d" $j }} + value: {{ printf "%s-shard%d-%d.%s.%s.svc.%s" (include "common.names.fullname" $ ) $i $j (include "clickhouse.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} + {{- end }} + {{- else if $.Values.zookeeper.enabled }} + {{- $replicas := $.Values.zookeeper.replicaCount | int }} + {{- range $j, $r := until $replicas }} + - name: {{ printf "KEEPER_NODE_%d" $j }} + value: {{ printf "%s-%d.%s.%s.svc.%s" (include "clickhouse.zookeeper.fullname" $ ) $j (include "clickhouse.zookeeper.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} + {{- end }} + {{- end }} envFrom: {{- if $.Values.extraEnvVarsCM }} - configMapRef: @@ -210,6 +257,8 @@ spec: {{- end }} {{- if $.Values.resources }} resources: {{- toYaml $.Values.resources | nindent 12 }} + {{- else if ne $.Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" $.Values.resourcesPreset) | nindent 12 }} {{- end }} ports: - name: http @@ -217,9 +266,21 @@ spec: - name: tcp containerPort: {{ $.Values.containerPorts.tcp }} {{- if $.Values.tls.enabled }} + - name: https + containerPort: {{ $.Values.containerPorts.https }} - name: tcp-secure containerPort: {{ $.Values.containerPorts.tcpSecure }} {{- end }} + {{- if $.Values.keeper.enabled }} + - name: tcp-keeper + containerPort: {{ $.Values.containerPorts.keeper }} + - name: tcp-keeperinter + containerPort: {{ $.Values.containerPorts.keeperInter }} + {{- if $.Values.tls.enabled }} + - name: tcp-keepertls + containerPort: {{ $.Values.containerPorts.keeperSecure }} + {{- end }} + {{- end }} - name: tcp-postgresql containerPort: {{ $.Values.containerPorts.postgresql }} - name: tcp-mysql @@ -235,8 +296,7 @@ spec: livenessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customLivenessProbe "context" $) | nindent 12 }} {{- else if $.Values.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.livenessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: /ping + tcpSocket: port: http {{- end }} {{- if $.Values.customReadinessProbe }} @@ -260,6 +320,21 @@ spec: lifecycle: {{- include "common.tplvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /opt/drycc/clickhouse/etc + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/drycc/clickhouse/logs + subPath: app-logs-dir + - name: empty-dir + mountPath: /opt/drycc/clickhouse/tmp + subPath: app-tmp-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: scripts + mountPath: /scripts/setup.sh + subPath: setup.sh - name: data mountPath: /drycc/clickhouse - name: config @@ -268,10 +343,18 @@ spec: - name: extra-config mountPath: /drycc/clickhouse/etc/conf.d/extra-configmap {{- end }} + {{- if or $.Values.usersExtraOverridesConfigmap $.Values.usersExtraOverrides }} + - name: users-extra-config + mountPath: /drycc/clickhouse/etc/users.d/users-extra-configmap + {{- end }} {{- if $.Values.extraOverridesSecret }} - name: extra-secret mountPath: /drycc/clickhouse/etc/conf.d/extra-secret {{- end }} + {{- if $.Values.usersExtraOverridesSecret }} + - name: users-extra-secret + mountPath: /drycc/clickhouse/etc/users.d/users-extra-secret + {{- end }} {{- if $.Values.tls.enabled }} - name: clickhouse-certificates mountPath: /drycc/clickhouse/certs @@ -291,6 +374,12 @@ spec: {{- include "common.tplvalues.render" ( dict "value" $.Values.sidecars "context" $) | nindent 8 }} {{- end }} volumes: + - name: scripts + configMap: + name: {{ printf "%s-scripts" (include "common.names.fullname" $) }} + defaultMode: 0755 + - name: empty-dir + emptyDir: {} - name: config configMap: name: {{ template "clickhouse.configmapName" $ }} @@ -309,14 +398,28 @@ spec: configMap: name: {{ template "clickhouse.extraConfigmapName" $ }} {{- end }} + {{- if or $.Values.usersExtraOverridesConfigmap $.Values.usersExtraOverrides }} + - name: users-extra-config + configMap: + name: {{ template "clickhouse.usersExtraConfigmapName" $ }} + {{- end }} {{- if $.Values.extraOverridesSecret }} - name: extra-secret secret: secretName: {{ $.Values.extraOverridesSecret }} {{- end }} + {{- if $.Values.usersExtraOverridesSecret }} + - name: users-extra-secret + secret: + secretName: {{ $.Values.usersExtraOverridesSecret }} + {{- end }} {{- if not $.Values.persistence.enabled }} - name: data emptyDir: {} + {{- else if $.Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ tpl $.Values.persistence.existingClaim $ }} {{- end }} {{- if $.Values.tls.enabled }} - name: raw-certificates @@ -328,20 +431,18 @@ spec: {{- if $.Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" $.Values.extraVolumes "context" $) | nindent 8 }} {{- end }} - {{- if $.Values.persistence.enabled }} + {{- if or $.Values.extraVolumeClaimTemplates (and $.Values.persistence.enabled (not $.Values.persistence.existingClaim)) }} volumeClaimTemplates: + {{- if and $.Values.persistence.enabled (not $.Values.persistence.existingClaim) }} - metadata: name: data - annotations: - {{- if $.Values.persistence.annotations }} - {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" $.Values.commonAnnotations "context" $) | nindent 10 }} - {{- end }} - {{- if $.Values.commonLabels }} - labels: {{- include "common.tplvalues.render" (dict "value" $.Values.commonLabels "context" $) | nindent 10 }} + {{- if or $.Values.persistence.annotations $.Values.commonAnnotations }} + {{- $claimAnnotations := include "common.tplvalues.merge" ( dict "values" ( list $.Values.persistence.annotations $.Values.commonLabels ) "context" $ ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $ ) | nindent 10 }} {{- end }} + {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.persistence.labels $.Values.commonLabels ) "context" $ ) }} + labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} + app.kubernetes.io/component: clickhouse spec: accessModes: {{- range $.Values.persistence.accessModes }} @@ -357,6 +458,10 @@ spec: dataSource: {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.dataSource "context" $) | nindent 10 }} {{- end }} {{- include "common.storage.class" (dict "persistence" $.Values.persistence "global" $.Values.global) | nindent 8 }} + {{- end }} + {{- if $.Values.extraVolumeClaimTemplates }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.extraVolumeClaimTemplates "context" $) | nindent 4 }} + {{- end }} {{- end }} --- {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml b/addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml index 2e443900..a85a09ad 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/tls-secret.yaml @@ -1,26 +1,29 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if (include "clickhouse.createTlsSecret" . ) }} +{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} {{- $ca := genCA "clickhouse-ca" 365 }} {{- $fullname := include "common.names.fullname" . }} {{- $releaseNamespace := .Release.Namespace }} {{- $clusterDomain := .Values.clusterDomain }} {{- $primaryHeadlessServiceName := printf "%s-headless" (include "common.names.fullname" .)}} {{- $altNames := list (printf "*.%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-crt" (include "common.names.fullname" .) }} + name: {{ $secretName }} namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: kubernetes.io/tls data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml index b1764c87..a73682b5 100644 --- a/addons/clickhouse/24/chart/clickhouse/values.yaml +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -1,3 +1,6 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + ## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value @@ -16,7 +19,15 @@ global: ## imagePullSecrets: [] storageClass: "" - + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto ## @section Common parameters ## @@ -44,7 +55,6 @@ clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - ## Enable diagnostic mode in the deployment ## diagnosticMode: @@ -59,15 +69,14 @@ diagnosticMode: ## args: - infinity - ## @section ClickHouse Parameters ## -## Drycc ClickHouse image +## drycc ClickHouse image ## ref: https://hub.docker.com/r/drycc/clickhouse/tags/ -## @param image.registry ClickHouse image registry -## @param image.repository ClickHouse image repository -## @param image.tag ClickHouse image tag (immutable tags are recommended) +## @param image.registry [default: REGISTRY_NAME] ClickHouse image registry +## @param image.repository [default: REPOSITORY_NAME/clickhouse] ClickHouse image repository +## @skip image.tag ClickHouse image tag (immutable tags are recommended) ## @param image.digest ClickHouse image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param image.pullPolicy ClickHouse image pull policy ## @param image.pullSecrets ClickHouse image pull secrets @@ -80,7 +89,7 @@ image: digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -97,13 +106,20 @@ image: ## @param shards Number of ClickHouse shards to deploy ## shards: 2 - ## @param replicaCount Number of ClickHouse replicas per shard to deploy +## if keeper enable, same as keeper count, keeper cluster by shards. +## +replicaCount: 3 +## @param distributeReplicasByZone Schedules replicas of the same shard to different availability zones ## -replicaCount: 2 +distributeReplicasByZone: false ## @param containerPorts.http ClickHouse HTTP container port +## @param containerPorts.https ClickHouse HTTPS container port ## @param containerPorts.tcp ClickHouse TCP container port -## @param containerPorts.tcpSecure ClickHouse TCP container port +## @param containerPorts.tcpSecure ClickHouse TCP (secure) container port +## @param containerPorts.keeper ClickHouse keeper TCP container port +## @param containerPorts.keeperSecure ClickHouse keeper TCP (secure) container port +## @param containerPorts.keeperInter ClickHouse keeper interserver TCP container port ## @param containerPorts.mysql ClickHouse MySQL container port ## @param containerPorts.postgresql ClickHouse PostgreSQL container port ## @param containerPorts.interserver ClickHouse Interserver container port @@ -111,8 +127,12 @@ replicaCount: 2 ## containerPorts: http: 8123 + https: 8443 tcp: 9000 tcpSecure: 9440 + keeper: 2181 + keeperSecure: 3181 + keeperInter: 9444 mysql: 9004 postgresql: 9005 interserver: 9009 @@ -171,40 +191,63 @@ customReadinessProbe: {} ## customStartupProbe: {} ## ClickHouse resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## @param resources.limits The resources limits for the ClickHouse containers -## @param resources.requests The requested resources for the ClickHouse containers +## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/drycc/charts/blob/main/drycc/common/templates/_resources.tpl#L15 ## -resources: - limits: {} - requests: {} +resourcesPreset: "small" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enabled ClickHouse pods' Security Context +## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups ## @param podSecurityContext.fsGroup Set ClickHouse pod's Security Context fsGroup -## @param podSecurityContext.seccompProfile.type Set ClickHouse container's Security Context seccomp profile +## If you are using Kubernetes 1.18, the following code needs to be commented out. ## podSecurityContext: enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] fsGroup: 1001 - seccompProfile: - type: "RuntimeDefault" ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled ClickHouse containers' Security Context -## @param containerSecurityContext.runAsUser Set ClickHouse containers' Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot Set ClickHouse containers' Security Context runAsNonRoot -## @param containerSecurityContext.allowPrivilegeEscalation Set ClickHouse container's privilege escalation -## @param containerSecurityContext.capabilities.drop Set ClickHouse container's Security Context runAsNonRoot +## @param containerSecurityContext.enabled Enable containers' Security Context +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container +## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup +## @param containerSecurityContext.runAsNonRoot Set containers' Security Context runAsNonRoot +## @param containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's +## @param containerSecurityContext.privileged Set contraller container's Security Context privileged +## @param containerSecurityContext.allowPrivilegeEscalation Set contraller container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.capabilities.drop List of capabilities to be droppedn +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true + seLinuxOptions: {} runAsUser: 1001 + runAsGroup: 1001 runAsNonRoot: true + privileged: false allowPrivilegeEscalation: false + readOnlyRootFilesystem: true capabilities: drop: ["ALL"] - + seccompProfile: + type: "RuntimeDefault" ## Authentication ## @param auth.username ClickHouse Admin username ## @param auth.password ClickHouse Admin password @@ -212,15 +255,18 @@ containerSecurityContext: ## @param auth.existingSecretKey Name of the key inside the existing secret ## auth: - username: administrator + username: default password: "" existingSecret: "" existingSecretKey: "" - ## @param logLevel Logging level ## logLevel: information - +## @section ClickHouse keeper configuration parameters +## @param keeper.enabled Deploy ClickHouse keeper. Support is experimental. +## +keeper: + enabled: true ## @param defaultConfigurationOverrides [string] Default configuration overrides (evaluated as a template) ## defaultConfigurationOverrides: | @@ -247,6 +293,8 @@ defaultConfigurationOverrides: | {{ printf "%s-shard%d-%d.%s.%s.svc.%s" (include "common.names.fullname" $ ) $shard $i (include "clickhouse.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} {{ $.Values.service.ports.tcp }} + + {{- end }} @@ -254,15 +302,53 @@ defaultConfigurationOverrides: | {{- end }} - {{- if or .Values.zookeeper.enabled .Values.externalZookeeper.servers }} + {{- if .Values.keeper.enabled }} + + + {{/*ClickHouse keeper configuration using the helm chart */}} + {{ $.Values.containerPorts.keeper }} + {{- if .Values.tls.enabled }} + {{ $.Values.containerPorts.keeperSecure }} + {{- end }} + + /drycc/clickhouse/keeper/coordination/log + /drycc/clickhouse/keeper/coordination/snapshots + + + 10000 + 30000 + trace + + + + {{- $nodes := .Values.replicaCount | int }} + {{- range $node, $e := until $nodes }} + + {{ $node | int }} + + {{ $.Values.service.ports.keeperInter }} + + {{- end }} + + + {{- end }} + {{- if or .Values.keeper.enabled .Values.zookeeper.enabled .Values.externalZookeeper.servers }} - {{- if .Values.zookeeper.enabled }} + {{- if or .Values.keeper.enabled }} + {{- $nodes := .Values.replicaCount | int }} + {{- range $node, $e := until $nodes }} + + + {{ $.Values.service.ports.keeper }} + + {{- end }} + {{- else if .Values.zookeeper.enabled }} {{/* Zookeeper configuration using the helm chart */}} {{- $nodes := .Values.zookeeper.replicaCount | int }} {{- range $node, $e := until $nodes }} - {{ printf "%s-%d.%s.%s.svc.%s" (include "clickhouse.zookeeper.fullname" $ ) $node (include "clickhouse.zookeeper.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} + {{ $.Values.zookeeper.service.ports.client }} {{- end }} @@ -280,6 +366,7 @@ defaultConfigurationOverrides: | {{- if .Values.tls.enabled }} + {{- $certFileName := default "tls.crt" .Values.tls.certFilename }} @@ -291,7 +378,7 @@ defaultConfigurationOverrides: | sslv2,sslv3 true {{- if or .Values.tls.autoGenerated .Values.tls.certCAFilename }} - {{- $caFileName := default "ca.crt" .Values.tls.certFilename }} + {{- $caFileName := default "ca.crt" .Values.tls.certCAFilename }} /drycc/clickhouse/certs/{{$caFileName}} {{- else }} true @@ -320,23 +407,27 @@ defaultConfigurationOverrides: | {{- end }} - ## @param existingOverridesConfigmap The name of an existing ConfigMap with your custom configuration for ClickHouse ## existingOverridesConfigmap: "" - ## @param extraOverrides Extra configuration overrides (evaluated as a template) apart from the default ## extraOverrides: "" - ## @param extraOverridesConfigmap The name of an existing ConfigMap with extra configuration for ClickHouse ## extraOverridesConfigmap: "" - ## @param extraOverridesSecret The name of an existing ConfigMap with your custom configuration for ClickHouse ## extraOverridesSecret: "" - +## @param usersExtraOverrides Users extra configuration overrides (evaluated as a template) apart from the default +## +usersExtraOverrides: "" +## @param usersExtraOverridesConfigmap The name of an existing ConfigMap with users extra configuration for ClickHouse +## +usersExtraOverridesConfigmap: "" +## @param usersExtraOverridesSecret The name of an existing ConfigMap with your custom users configuration for ClickHouse +## +usersExtraOverridesSecret: "" ## @param initdbScripts Dictionary of initdb scripts ## Specify dictionary of scripts to be run at first boot ## Example: @@ -349,7 +440,6 @@ initdbScripts: {} ## @param initdbScriptsSecret ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) ## initdbScriptsSecret: "" - ## @param startdbScripts Dictionary of startdb scripts ## Specify dictionary of scripts to be run on every start ## Example: @@ -362,13 +452,16 @@ startdbScripts: {} ## @param startdbScriptsSecret ConfigMap with the startdb scripts (Note: Overrides `startdbScripts`) ## startdbScriptsSecret: "" - ## @param command Override default container command (useful when using custom images) ## -command: [] +command: + - /scripts/setup.sh ## @param args Override default container args (useful when using custom images) ## args: [] +## @param automountServiceAccountToken Mount Service Account token in pod +## +automountServiceAccountToken: false ## @param hostAliases ClickHouse pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## @@ -412,7 +505,7 @@ nodeAffinityPreset: ## affinity: {} ## @param nodeSelector Node labels for ClickHouse pods assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param tolerations Tolerations for ClickHouse pods assignment @@ -427,12 +520,10 @@ updateStrategy: ## Can be set to RollingUpdate or OnDelete ## type: RollingUpdate - ## @param podManagementPolicy Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies ## podManagementPolicy: Parallel - ## @param priorityClassName ClickHouse pods' priorityClassName ## priorityClassName: "" @@ -470,6 +561,9 @@ extraVolumes: [] ## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the ClickHouse container(s) ## extraVolumeMounts: [] +## @param extraVolumeClaimTemplates Optionally specify extra list of additional volumeClaimTemplates for the ClickHouse container(s) +## +extraVolumeClaimTemplates: [] ## @param sidecars Add additional sidecar containers to the ClickHouse pod(s) ## e.g: ## sidecars: @@ -491,7 +585,16 @@ sidecars: [] ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - +## Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb +## @param pdb.create Enable/disable a Pod Disruption Budget creation +## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled +## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty. +## +pdb: + create: true + minAvailable: "" + maxUnavailable: "" ## TLS configuration ## tls: @@ -515,7 +618,6 @@ tls: ## ref: https://www.postgresql.org/docs/9.6/auth-methods.html ## certCAFilename: "" - ## @section Traffic Exposure Parameters ## @@ -526,8 +628,12 @@ service: ## type: ClusterIP ## @param service.ports.http ClickHouse service HTTP port + ## @param service.ports.https ClickHouse service HTTPS port ## @param service.ports.tcp ClickHouse service TCP port ## @param service.ports.tcpSecure ClickHouse service TCP (secure) port + ## @param service.ports.keeper ClickHouse keeper TCP container port + ## @param service.ports.keeperSecure ClickHouse keeper TCP (secure) container port + ## @param service.ports.keeperInter ClickHouse keeper interserver TCP container port ## @param service.ports.mysql ClickHouse service MySQL port ## @param service.ports.postgresql ClickHouse service PostgreSQL port ## @param service.ports.interserver ClickHouse service Interserver port @@ -535,16 +641,24 @@ service: ## ports: http: 8123 + https: 443 tcp: 9000 tcpSecure: 9440 + keeper: 2181 + keeperSecure: 3181 + keeperInter: 9444 mysql: 9004 postgresql: 9005 interserver: 9009 metrics: 8001 ## Node ports to expose ## @param service.nodePorts.http Node port for HTTP + ## @param service.nodePorts.https Node port for HTTPS ## @param service.nodePorts.tcp Node port for TCP ## @param service.nodePorts.tcpSecure Node port for TCP (with TLS) + ## @param service.nodePorts.keeper ClickHouse keeper TCP container port + ## @param service.nodePorts.keeperSecure ClickHouse keeper TCP (secure) container port + ## @param service.nodePorts.keeperInter ClickHouse keeper interserver TCP container port ## @param service.nodePorts.mysql Node port for MySQL ## @param service.nodePorts.postgresql Node port for PostgreSQL ## @param service.nodePorts.interserver Node port for Interserver @@ -553,8 +667,12 @@ service: ## nodePorts: http: "" + https: "" tcp: "" tcpSecure: "" + keeper: "" + keeperSecure: "" + keeperInter: "" mysql: "" postgresql: "" interserver: "" @@ -587,7 +705,7 @@ service: extraPorts: [] ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/user-guide/services/ + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ ## sessionAffinity: None ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity @@ -596,7 +714,12 @@ service: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} - + ## Headless service properties + ## + headless: + ## @param service.headless.annotations Annotations for the headless service. + ## + annotations: {} ## External Access to ClickHouse configuration ## externalAccess: @@ -611,8 +734,12 @@ externalAccess: ## type: LoadBalancer ## @param externalAccess.service.ports.http ClickHouse service HTTP port + ## @param externalAccess.service.ports.https ClickHouse service HTTPS port ## @param externalAccess.service.ports.tcp ClickHouse service TCP port ## @param externalAccess.service.ports.tcpSecure ClickHouse service TCP (secure) port + ## @param externalAccess.service.ports.keeper ClickHouse keeper TCP container port + ## @param externalAccess.service.ports.keeperSecure ClickHouse keeper TCP (secure) container port + ## @param externalAccess.service.ports.keeperInter ClickHouse keeper interserver TCP container port ## @param externalAccess.service.ports.mysql ClickHouse service MySQL port ## @param externalAccess.service.ports.postgresql ClickHouse service PostgreSQL port ## @param externalAccess.service.ports.interserver ClickHouse service Interserver port @@ -620,8 +747,12 @@ externalAccess: ## ports: http: 80 + https: 443 tcp: 9000 tcpSecure: 9440 + keeper: 2181 + keeperSecure: 3181 + keeperInter: 9444 mysql: 9004 postgresql: 9005 interserver: 9009 @@ -633,7 +764,7 @@ externalAccess: ## - Y.Y.Y.Y ## loadBalancerIPs: [] - ## @param externalAccess.service.loadBalancerAnnotations Array of load balancer annotations for each ClickHouse . Length must be the same as replicaCount + ## @param externalAccess.service.loadBalancerAnnotations Array of load balancer annotations for each ClickHouse . Length must be the same as shards multiplied by replicaCount ## e.g: ## loadBalancerAnnotations: ## - external-dns.alpha.kubernetes.io/hostname: 1.external.example.com. @@ -648,8 +779,12 @@ externalAccess: ## loadBalancerSourceRanges: [] ## @param externalAccess.service.nodePorts.http Node port for HTTP + ## @param externalAccess.service.nodePorts.https Node port for HTTPS ## @param externalAccess.service.nodePorts.tcp Node port for TCP ## @param externalAccess.service.nodePorts.tcpSecure Node port for TCP (with TLS) + ## @param externalAccess.service.nodePorts.keeper ClickHouse keeper TCP container port + ## @param externalAccess.service.nodePorts.keeperSecure ClickHouse keeper TCP container port (with TLS) + ## @param externalAccess.service.nodePorts.keeperInter ClickHouse keeper interserver TCP container port ## @param externalAccess.service.nodePorts.mysql Node port for MySQL ## @param externalAccess.service.nodePorts.postgresql Node port for PostgreSQL ## @param externalAccess.service.nodePorts.interserver Node port for Interserver @@ -663,8 +798,12 @@ externalAccess: ## nodePorts: http: [] + https: [] tcp: [] tcpSecure: [] + keeper: [] + keeperSecure: [] + keeperInter: [] mysql: [] postgresql: [] interserver: [] @@ -678,9 +817,8 @@ externalAccess: ## @param externalAccess.service.extraPorts Extra ports to expose in the ClickHouse external service ## extraPorts: [] - ## ClickHouse ingress parameters -## ref: http://kubernetes.io/docs/user-guide/ingress/ +## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: ## @param ingress.enabled Enable ingress record generation for ClickHouse @@ -783,17 +921,19 @@ ingress: ## name: http ## extraRules: [] - ## @section Persistence Parameters ## ## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## persistence: ## @param persistence.enabled Enable persistence using Persistent Volume Claims ## enabled: true + ## @param persistence.existingClaim Name of an existing PVC to use + ## + existingClaim: "" ## @param persistence.storageClass Storage class of backing PVC ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning @@ -802,6 +942,9 @@ persistence: ## GKE, AWS & OpenStack) ## storageClass: "" + ## @param persistence.labels Persistent Volume Claim labels + ## + labels: {} ## @param persistence.annotations Persistent Volume Claim annotations ## annotations: {} @@ -812,7 +955,7 @@ persistence: ## @param persistence.size Size of data volume ## size: 8Gi - ## @param persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC + ## @param persistence.selector Selector to match an existing Persistent Volume for ClickHouse data PVC ## If set, the PVC can't have a PV dynamically provisioned for it ## E.g. ## selector: @@ -826,6 +969,16 @@ persistence: ## @section Init Container Parameters ## +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete + ## 'volumePermissions' init container parameters ## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values ## based on the *podSecurityContext/*containerSecurityContext parameters @@ -834,18 +987,18 @@ volumePermissions: ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` ## enabled: false - ## Drycc Shell image - ## ref: https://hub.docker.com/r/drycc/drycc-shell/tags/ - ## @param volumePermissions.image.registry Drycc Shell image registry - ## @param volumePermissions.image.repository Drycc Shell image repository - ## @param volumePermissions.image.tag Drycc Shell image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Drycc Shell image pull policy - ## @param volumePermissions.image.pullSecrets Drycc Shell image pull secrets + ## OS Shell + Utility image + ## ref: https://hub.docker.com/r/drycc/os-shell/tags/ + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository + ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) + ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy + ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets ## image: registry: docker.io - repository: drycc/drycc-shell - tag: 11-debian-11-r37 + repository: drycc/os-shell + tag: 12-debian-12-r22 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -856,23 +1009,33 @@ volumePermissions: ## pullSecrets: [] ## Init container's resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param volumePermissions.resources.limits The resources limits for the init container - ## @param volumePermissions.resources.requests The requested resources for the init container + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/drycc/charts/blob/main/drycc/common/templates/_resources.tpl#L15 ## - resources: - limits: {} - requests: {} + resourcesPreset: "nano" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Init container Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) ## containerSecurityContext: + seLinuxOptions: {} runAsUser: 0 - ## @section Other Parameters ## @@ -891,8 +1054,7 @@ serviceAccount: annotations: {} ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account ## - automountServiceAccountToken: true - + automountServiceAccountToken: false ## Prometheus metrics ## metrics: @@ -944,12 +1106,32 @@ metrics: ## relabelings: [] ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/drycc/charts/tree/master/drycc/prometheus-operator#prometheus-configuration + ## ref: https://github.com/drycc/charts/tree/main/drycc/prometheus-operator#prometheus-configuration ## selector: ## prometheus: my-prometheus ## selector: {} - + ## Prometheus Operator PrometheusRule configuration + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Create a PrometheusRule for Prometheus Operator + ## + enabled: false + ## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.prometheusRule.rules PrometheusRule definitions + ## - alert: ClickhouseServerRestart + ## annotations: + ## message: Clickhouse-server started recently + ## expr: ClickHouseAsyncMetrics_Uptime > 1 < 180 + ## for: 5m + ## labels: + ## severity: warning + rules: [] ## @section External Zookeeper paramaters ## externalZookeeper: @@ -958,7 +1140,6 @@ externalZookeeper: ## servers: [] port: 2888 - ## @section Zookeeper subchart parameters ## ## @param zookeeper.enabled Deploy Zookeeper subchart @@ -966,8 +1147,93 @@ externalZookeeper: ## @param zookeeper.service.ports.client Zookeeper client port ## zookeeper: - enabled: true - replicaCount: 2 + enabled: false + ## Override zookeeper default image as 3.9 is not supported https://github.com/ClickHouse/ClickHouse/issues/53749 + ## ref: https://github.com/drycc/containers/tree/main/drycc/zookeeper + ## @param zookeeper.image.registry [default: REGISTRY_NAME] Zookeeper image registry + ## @param zookeeper.image.repository [default: REPOSITORY_NAME/zookeeper] Zookeeper image repository + ## @skip zookeeper.image.tag Zookeeper image tag (immutable tags are recommended) + ## @param zookeeper.image.pullPolicy Zookeeper image pull policy + image: + registry: docker.io + repository: drycc/zookeeper + tag: 3.8.4-debian-12-r7 + pullPolicy: IfNotPresent + replicaCount: 3 service: ports: client: 2181 + ## ZooKeeper resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param zookeeper.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). + ## More information: https://github.com/drycc/charts/blob/main/drycc/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "micro" + ## @param zookeeper.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} +## @section Network Policies +## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports Clickhouse is listening + ## on. When true, Clickhouse will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + allowCurrentNamespace: true + allowNamespaces: \ No newline at end of file diff --git a/addons/clickhouse/24/meta.yaml b/addons/clickhouse/24/meta.yaml index fccf62bb..708a52ba 100644 --- a/addons/clickhouse/24/meta.yaml +++ b/addons/clickhouse/24/meta.yaml @@ -1,5 +1,5 @@ name: clickhouse -version: 23 +version: 24 id: 5606a4c8-d0b6-4ad0-98d2-3e4fde3055f6 description: "clickhouse" displayName: "clickhouse" diff --git a/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml b/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml index 2f2ffbf1..33dab895 100644 --- a/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml +++ b/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml @@ -17,7 +17,7 @@ credential: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.admin-password }' - name: USERNAME - value: 'administrator' + value: '{{ .Values.auth.username }}' - name: TCP_PORT value: 9000 - name: HTTP_PORT diff --git a/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml b/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml index a66a7cd7..e11ae81d 100644 --- a/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml +++ b/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml @@ -17,7 +17,7 @@ credential: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.admin-password }' - name: USERNAME - value: 'administrator' + value: '{{ .Values.auth.username }}' - name: TCP_PORT value: 9000 - name: HTTP_PORT From 4ccc78ac3734a5b149960c50802b29f2ff8124bb Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 1 Jul 2024 09:44:07 +0800 Subject: [PATCH 103/122] chore(clickhouse): change to use shard0 keeper cluster --- .../clickhouse/24/chart/clickhouse/README.md | 5 +++- .../clickhouse/templates/statefulset.yaml | 2 ++ .../24/chart/clickhouse/values.yaml | 6 ++--- addons/clickhouse/24/meta.yaml | 6 +++++ .../24/plans/standard-16c64g1000/bind.yaml | 24 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++++ .../24/plans/standard-16c64g1000/meta.yaml | 6 +++++ .../24/plans/standard-16c64g1000/values.yaml | 23 ++++++++++++++++++ .../24/plans/standard-2c4g20/bind.yaml | 2 -- .../24/plans/standard-4c16g100/bind.yaml | 4 +--- .../24/plans/standard-4c16g100/meta.yaml | 2 +- .../24/plans/standard-8c32g500/bind.yaml | 24 +++++++++++++++++++ .../create-instance-schema.json | 12 ++++++++++ .../24/plans/standard-8c32g500/meta.yaml | 6 +++++ .../24/plans/standard-8c32g500/values.yaml | 23 ++++++++++++++++++ 15 files changed, 147 insertions(+), 10 deletions(-) create mode 100644 addons/clickhouse/24/plans/standard-16c64g1000/bind.yaml create mode 100644 addons/clickhouse/24/plans/standard-16c64g1000/create-instance-schema.json create mode 100644 addons/clickhouse/24/plans/standard-16c64g1000/meta.yaml create mode 100644 addons/clickhouse/24/plans/standard-16c64g1000/values.yaml create mode 100644 addons/clickhouse/24/plans/standard-8c32g500/bind.yaml create mode 100644 addons/clickhouse/24/plans/standard-8c32g500/create-instance-schema.json create mode 100644 addons/clickhouse/24/plans/standard-8c32g500/meta.yaml create mode 100644 addons/clickhouse/24/plans/standard-8c32g500/values.yaml diff --git a/addons/clickhouse/24/chart/clickhouse/README.md b/addons/clickhouse/24/chart/clickhouse/README.md index caba5167..95466d70 100644 --- a/addons/clickhouse/24/chart/clickhouse/README.md +++ b/addons/clickhouse/24/chart/clickhouse/README.md @@ -475,4 +475,7 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file +limitations under the License. + + +https://github.com/ClickHouse/ClickHouse/pull/62366/ \ No newline at end of file diff --git a/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml b/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml index a9ae7440..2e1071c5 100644 --- a/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml +++ b/addons/clickhouse/24/chart/clickhouse/templates/statefulset.yaml @@ -238,6 +238,8 @@ spec: {{- range $j, $r := until $replicas }} - name: {{ printf "KEEPER_NODE_%d" $j }} value: {{ printf "%s-shard%d-%d.%s.%s.svc.%s" (include "common.names.fullname" $ ) $i $j (include "clickhouse.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} + - name: {{ printf "ZOOKEEPER_NODE_%d" $j }} + value: {{ printf "%s-shard%d-%d.%s.%s.svc.%s" (include "common.names.fullname" $ ) 0 $j (include "clickhouse.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} {{- end }} {{- else if $.Values.zookeeper.enabled }} {{- $replicas := $.Values.zookeeper.replicaCount | int }} diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml index a73682b5..4bae1fe9 100644 --- a/addons/clickhouse/24/chart/clickhouse/values.yaml +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -284,7 +284,7 @@ defaultConfigurationOverrides: | {{- if or (ne (int .Values.shards) 1) (ne (int .Values.replicaCount) 1)}} - + {{- $shards := $.Values.shards | int }} {{- range $shard, $e := until $shards }} @@ -299,7 +299,7 @@ defaultConfigurationOverrides: | {{- end }} {{- end }} - + {{- end }} {{- if .Values.keeper.enabled }} @@ -339,7 +339,7 @@ defaultConfigurationOverrides: | {{- $nodes := .Values.replicaCount | int }} {{- range $node, $e := until $nodes }} - + {{ $.Values.service.ports.keeper }} {{- end }} diff --git a/addons/clickhouse/24/meta.yaml b/addons/clickhouse/24/meta.yaml index 708a52ba..5dacdb78 100644 --- a/addons/clickhouse/24/meta.yaml +++ b/addons/clickhouse/24/meta.yaml @@ -21,4 +21,10 @@ allow_parameters: - name: "service.type" required: false description: "service type config for values.yaml" +- name: "shards" + required: false + description: "service type config for values.yaml" +- name: "replicaCount" + required: false + description: "service type config for values.yaml" archive: false diff --git a/addons/clickhouse/24/plans/standard-16c64g1000/bind.yaml b/addons/clickhouse/24/plans/standard-16c64g1000/bind.yaml new file mode 100644 index 00000000..8cddaa51 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-16c64g1000/bind.yaml @@ -0,0 +1,24 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: {{ printf "EXTRANET_HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: {{ printf "HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + value: '{{ .Values.auth.username }}' + - name: TCP_PORT + value: 9000 + - name: HTTP_PORT + value: 8123 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-16c64g1000/create-instance-schema.json b/addons/clickhouse/24/plans/standard-16c64g1000/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-16c64g1000/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-16c64g1000/meta.yaml b/addons/clickhouse/24/plans/standard-16c64g1000/meta.yaml new file mode 100644 index 00000000..7873429a --- /dev/null +++ b/addons/clickhouse/24/plans/standard-16c64g1000/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-16c64g1000" +id: 6447a8c0-ab6c-4afd-8d1b-fe3be3ecfa3f +description: "clickhouse standard-16c64g1000 plan: Disk 1000Gi ,vCPUs 16 , RAM 64G " +displayName: "standard-16c64g1000" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml b/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml new file mode 100644 index 00000000..60735b83 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-16c64g1000/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-clickhouse-cluster-standard-16c64g1000 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 16000m + memory: 64Gi + requests: + cpu: 16000m + memory: 64Gi + +persistence: + size: 1000Gi \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml b/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml index 33dab895..090f1bb1 100644 --- a/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml +++ b/addons/clickhouse/24/plans/standard-2c4g20/bind.yaml @@ -22,5 +22,3 @@ credential: value: 9000 - name: HTTP_PORT value: 8123 - - name: MYSQL_PORT - value: 9004 diff --git a/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml b/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml index e11ae81d..8cddaa51 100644 --- a/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml +++ b/addons/clickhouse/24/plans/standard-4c16g100/bind.yaml @@ -21,6 +21,4 @@ credential: - name: TCP_PORT value: 9000 - name: HTTP_PORT - value: 8123 - - name: MYSQL_PORT - value: 9004 \ No newline at end of file + value: 8123 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-4c16g100/meta.yaml b/addons/clickhouse/24/plans/standard-4c16g100/meta.yaml index ed5ad077..2cd181eb 100644 --- a/addons/clickhouse/24/plans/standard-4c16g100/meta.yaml +++ b/addons/clickhouse/24/plans/standard-4c16g100/meta.yaml @@ -1,6 +1,6 @@ name: "standard-4c16g100" id: e30e5296-ce38-48cb-981c-9bb1c2e43833 -description: "clickhouse standard-4c16g100 plan: Disk 100Gi ,vCPUs c , RAM 16G " +description: "clickhouse standard-4c16g100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G " displayName: "standard-4c16g100" bindable: true maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-8c32g500/bind.yaml b/addons/clickhouse/24/plans/standard-8c32g500/bind.yaml new file mode 100644 index 00000000..8cddaa51 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-8c32g500/bind.yaml @@ -0,0 +1,24 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: {{ printf "EXTRANET_HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: {{ printf "HOST" }} + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + value: '{{ .Values.auth.username }}' + - name: TCP_PORT + value: 9000 + - name: HTTP_PORT + value: 8123 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-8c32g500/create-instance-schema.json b/addons/clickhouse/24/plans/standard-8c32g500/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-8c32g500/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-8c32g500/meta.yaml b/addons/clickhouse/24/plans/standard-8c32g500/meta.yaml new file mode 100644 index 00000000..7f0eef62 --- /dev/null +++ b/addons/clickhouse/24/plans/standard-8c32g500/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-8c32g500" +id: 1bca5bdf-0bdc-406b-b3d0-865bdec9184c +description: "clickhouse standard-8c32g500 plan: Disk 500Gi ,vCPUs 8 , RAM 32G " +displayName: "standard-8c32g500" +bindable: true +maximum_polling_duration: 1800 \ No newline at end of file diff --git a/addons/clickhouse/24/plans/standard-8c32g500/values.yaml b/addons/clickhouse/24/plans/standard-8c32g500/values.yaml new file mode 100644 index 00000000..3d1c8a1e --- /dev/null +++ b/addons/clickhouse/24/plans/standard-8c32g500/values.yaml @@ -0,0 +1,23 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-clickhouse-cluster-standard-8c32g500 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +resources: + limits: + cpu: 8000m + memory: 32Gi + requests: + cpu: 8000m + memory: 32Gi + +persistence: + size: 500Gi \ No newline at end of file From 258b2a48f23faad2a601a7063cc8941c5e6ff9b8 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 4 Jul 2024 15:09:12 +0800 Subject: [PATCH 104/122] chore(fluentbit): add java_multiline --- .../fluentbit/2/chart/fluentbit/values.yaml | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/addons/fluentbit/2/chart/fluentbit/values.yaml b/addons/fluentbit/2/chart/fluentbit/values.yaml index c19117a5..8779aa78 100644 --- a/addons/fluentbit/2/chart/fluentbit/values.yaml +++ b/addons/fluentbit/2/chart/fluentbit/values.yaml @@ -195,12 +195,13 @@ daemonset: call append_tag code function append_tag(tag, timestamp, record) new_record = record local namespace, pod_name, container_name, container_id = string.match(tag, "kubernetes%.([^%.]+)%.([^%.]+)%.([^%.]+)%.(.+)") if namespace and pod_name and container_name and container_id then new_record["pod_name"] = pod_name new_record["namespace"] = namespace new_record["container_name"] = container_name new_record["container_id"] = container_id end return 1, timestamp, new_record end - # [FILTER] - # name multiline - # match kubernetes.* - # multiline.parser python_multiline,java_multiline,go_multiline - # multiline.key_content log - # buffer on + [FILTER] + name multiline + match kubernetes.* + multiline.parser python_multiline,java_multiline,go_multiline + multiline.key_content log + buffer on + ## https://docs.fluentbit.io/manual/pipeline/outputs outputs: | [OUTPUT] @@ -241,10 +242,11 @@ daemonset: Type regex Flush_Timeout 1000 key_content log - Rule "start_state" "/^Exception in thread /" "cont" - Rule "start_state" "/^java\./" "cont" - Rule "cont" "/^\s+at /" "cont" - Rule "cont" "/^Caused by: /" "cont" + Rule "start_state" "/^\d{4}-\d{2}-\d{2}/" "cont" + Rule "cont" "/^\s+at /" "cont" + Rule "cont" "/^[a-z]/" "cont" + Rule "cont" "/^[A-Z]/" "cont" + Rule "cont" "/^\s+/" "cont" [MULTILINE_PARSER] Name go_multiline From 0684b66c3f9387413913a6e4233fd9acfc823ecc Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 8 Jul 2024 08:50:54 +0800 Subject: [PATCH 105/122] chore(fluentbit): optimize java_multiline --- addons/fluentbit/2/chart/fluentbit/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/fluentbit/2/chart/fluentbit/values.yaml b/addons/fluentbit/2/chart/fluentbit/values.yaml index 8779aa78..ae35e42b 100644 --- a/addons/fluentbit/2/chart/fluentbit/values.yaml +++ b/addons/fluentbit/2/chart/fluentbit/values.yaml @@ -245,7 +245,7 @@ daemonset: Rule "start_state" "/^\d{4}-\d{2}-\d{2}/" "cont" Rule "cont" "/^\s+at /" "cont" Rule "cont" "/^[a-z]/" "cont" - Rule "cont" "/^[A-Z]/" "cont" + Rule "cont" "/^Caused by:/" "cont" Rule "cont" "/^\s+/" "cont" [MULTILINE_PARSER] From 4e64db6c8a76ba9074df0edf3e68ac98204ae4c5 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 10 Jul 2024 09:03:45 +0800 Subject: [PATCH 106/122] chore(fluentbit): add plans --- addons/fluentbit/2/plans/standard-1000m/values.yaml | 2 +- addons/fluentbit/2/plans/standard-200m/values.yaml | 2 +- addons/fluentbit/2/plans/standard-500m/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/addons/fluentbit/2/plans/standard-1000m/values.yaml b/addons/fluentbit/2/plans/standard-1000m/values.yaml index a1d9a39f..24d90b7d 100644 --- a/addons/fluentbit/2/plans/standard-1000m/values.yaml +++ b/addons/fluentbit/2/plans/standard-1000m/values.yaml @@ -1,6 +1,6 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: hb-fluentbit-standard-5 +fullnameOverride: hb-fluentbit-standard-1000m ## Fluentbit® containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ diff --git a/addons/fluentbit/2/plans/standard-200m/values.yaml b/addons/fluentbit/2/plans/standard-200m/values.yaml index 75711b02..88f7e0bb 100644 --- a/addons/fluentbit/2/plans/standard-200m/values.yaml +++ b/addons/fluentbit/2/plans/standard-200m/values.yaml @@ -1,6 +1,6 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: hb-fluentbit-standard-5 +fullnameOverride: hb-fluentbit-standard-200m ## Fluentbit® containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ diff --git a/addons/fluentbit/2/plans/standard-500m/values.yaml b/addons/fluentbit/2/plans/standard-500m/values.yaml index 45231abd..3d351ba8 100644 --- a/addons/fluentbit/2/plans/standard-500m/values.yaml +++ b/addons/fluentbit/2/plans/standard-500m/values.yaml @@ -1,6 +1,6 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: hb-fluentbit-standard-5 +fullnameOverride: hb-fluentbit-standard-500m ## Fluentbit® containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ From 7aa0ec00a9998aeb0c441bcd1dadaa879dfe1018 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 30 Jul 2024 10:24:32 +0800 Subject: [PATCH 107/122] chore(fluentbit):add plans --- addons/fluentbit/2/plans/standard-1000m/meta.yaml | 2 +- addons/fluentbit/2/plans/standard-200m/meta.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/addons/fluentbit/2/plans/standard-1000m/meta.yaml b/addons/fluentbit/2/plans/standard-1000m/meta.yaml index fb546c4f..7e076852 100644 --- a/addons/fluentbit/2/plans/standard-1000m/meta.yaml +++ b/addons/fluentbit/2/plans/standard-1000m/meta.yaml @@ -1,6 +1,6 @@ name: "standard-1000m" id: ac2300db-f5ac-413e-a663-dd13da2034b0 -description: "Fluentbit standard-100m plan: vCPUs 1000m, RAM 1G" +description: "Fluentbit standard-1000m plan: vCPUs 1000m, RAM 1G" displayName: "standard-1000m" bindable: true maximum_polling_duration: 1800 diff --git a/addons/fluentbit/2/plans/standard-200m/meta.yaml b/addons/fluentbit/2/plans/standard-200m/meta.yaml index fed6fd15..2061ce90 100644 --- a/addons/fluentbit/2/plans/standard-200m/meta.yaml +++ b/addons/fluentbit/2/plans/standard-200m/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-5" +name: "standard-200m" id: 1b3968b6-ea84-4f34-b1d9-b51e65d01b1c -description: "Fluentbit standard-5 plan: vCPUs 100m, RAM 128M" -displayName: "standard-5" +description: "Fluentbit standard-200m plan: vCPUs 200m, RAM 128M" +displayName: "standard-200m" bindable: true maximum_polling_duration: 1800 From bc151935e66234079db5ccced48344ae3c078992 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 30 Jul 2024 11:27:03 +0800 Subject: [PATCH 108/122] megre(addons) --- addons/fluentbit/2/plans/standard-1000m/meta.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/addons/fluentbit/2/plans/standard-1000m/meta.yaml b/addons/fluentbit/2/plans/standard-1000m/meta.yaml index 50af71b2..7e076852 100644 --- a/addons/fluentbit/2/plans/standard-1000m/meta.yaml +++ b/addons/fluentbit/2/plans/standard-1000m/meta.yaml @@ -1,10 +1,6 @@ name: "standard-1000m" id: ac2300db-f5ac-413e-a663-dd13da2034b0 -<<<<<<< HEAD description: "Fluentbit standard-1000m plan: vCPUs 1000m, RAM 1G" -======= -description: "Fluentbit standard-100m plan: vCPUs 1000m, RAM 1G" ->>>>>>> ad5012ff6d6a918f761d03fc082781f8a8e170de displayName: "standard-1000m" bindable: true maximum_polling_duration: 1800 From bb9727a99f04aeea92f74c5ce6cd347758d1f9ce Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 30 Jul 2024 14:29:00 +0800 Subject: [PATCH 109/122] chore(mysql-cluster): add router resources limits --- .../chart/mysql-cluster/templates/cluster/cronjob.yaml | 2 +- .../8.0/plans/standard-16c64g400/values.yaml | 10 +++++++++- .../8.0/plans/standard-32c128g800/values.yaml | 10 +++++++++- .../8.0/plans/standard-4c16g100/values.yaml | 8 ++++++++ .../8.0/plans/standard-8c32g200/values.yaml | 8 ++++++++ 5 files changed, 35 insertions(+), 3 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml index 0947721d..87bba064 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/cronjob.yaml @@ -66,7 +66,7 @@ spec: endpoint=os.getenv('AWS_ENDPOINT_URL') bucket_name=os.getenv('AWS_BUCKET_NAME') - util.dump_instance(now_str, {'s3BucketName': bucket_name, 's3EndpointOverride': endpoint, 'threads': 1, 'compatibility': ['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] ,'excludeSchemas': ['mysql_innodb_cluster_metadata','sys','information_schema','performance_schema','mondb'],'compatibility':['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] }) + util.dump_instance(now_str, {'s3BucketName': bucket_name, 's3EndpointOverride': endpoint, 'threads': 1, 'maxRate': '8M', 'compatibility': ['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] ,'excludeSchemas': ['mysql_innodb_cluster_metadata','sys','information_schema','performance_schema','mondb'],'compatibility':['strip_restricted_grants', 'strip_definers', 'ignore_missing_pks'] }) " > /tmp/dump_instance.py mysqlsh --uri=${MYSQL_ROOT_USER}@${MYSQL_HOST}:${MYSQL_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} --py < /tmp/dump_instance.py diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml index 2cc0d06e..6871d366 100644 --- a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml @@ -20,7 +20,15 @@ primary: requests: cpu: 16000m memory: 64Gi - + +router: + resources: + limits: + cpu: 1600m + memory: 2Gi + requests: + cpu: 1600m + memory: 2Gi ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml index 82a515d7..1818b84a 100644 --- a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml @@ -20,7 +20,15 @@ primary: requests: cpu: 32000m memory: 128Gi - + +router: + resources: + limits: + cpu: 3200m + memory: 4Gi + requests: + cpu: 3200m + memory: 4Gi ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml index 1c6b865b..da0cbee1 100644 --- a/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml @@ -21,6 +21,14 @@ primary: cpu: 4000m memory: 16Gi +router: + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 500m + memory: 512Mi ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml index baf7e8a9..8ad37aa4 100644 --- a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml @@ -21,6 +21,14 @@ primary: cpu: 8000m memory: 32Gi +router: + resources: + limits: + cpu: 800m + memory: 1024Mi + requests: + cpu: 800m + memory: 1024Mi ## @section Persistence parameters From 8fcc8ea940edf80fc584769cc6b5a46201fae641 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 30 Jul 2024 16:28:34 +0800 Subject: [PATCH 110/122] chore(mysql-cluster): add metrics collects --- addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index bf95d6bf..876e51cb 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -1104,8 +1104,14 @@ metrics: ## - --collect.heartbeat.database ## - --collect.heartbeat.table ## + + extraArgs: - primary: [] + primary: + - --collect.info_schema.processlist + - --collect.perf_schema.replication_group_members + - --collect.perf_schema.replication_group_member_stats + - --collect.perf_schema.replication_applier_status_by_worker secondary: [] ## Mysqld Prometheus exporter resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ From 5ed42816684606a2bfe58903005c5a338779c00e Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 1 Aug 2024 09:49:51 +0800 Subject: [PATCH 111/122] chore(prometheus): scrape mysql metrics with params --- .../prometheus/templates/_scrape_config.tpl | 73 +++++++++++++++++++ .../prometheus/2/chart/prometheus/values.yaml | 2 + 2 files changed, 75 insertions(+) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index cba7ac84..261b68d6 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -132,6 +132,10 @@ relabel_configs: - source_labels: [__meta_kubernetes_pod_node_name] action: replace target_label: node + - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] + separator: ; + regex: mysql + action: drop {{- end -}} {{- define "addons.kubernetes-service-endpoints-slow" -}} @@ -175,6 +179,10 @@ relabel_configs: - source_labels: [__meta_kubernetes_pod_node_name] action: replace target_label: node + - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] + separator: ; + regex: mysql + action: drop {{- end -}} {{- define "addons.kubernetes-pods" -}} @@ -228,6 +236,10 @@ relabel_configs: - source_labels: [__meta_kubernetes_pod_node_name] action: replace target_label: node + - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] + separator: ; + regex: mysql + action: drop {{- end -}} {{- define "addons.kubernetes-pods-slow" -}} @@ -280,4 +292,65 @@ relabel_configs: - source_labels: [__meta_kubernetes_pod_node_name] action: replace target_label: node + - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] + separator: ; + regex: mysql + action: drop +{{- end -}} + +{{- define "addons.mysql-metrics" -}} +honor_labels: true +kubernetes_sd_configs: + - role: endpoints + namespaces: + own_namespace: true + names: + - {{ include "common.names.namespace" .context }} +params: + collect[]: + - informationSchema.processlist + - performanceSchema.replication_group_members + - performanceSchema.replication_group_member_stats + - performanceSchema.replication_applier_status_by_worker + +relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node + - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] + separator: ; + regex: mysql + action: keep {{- end -}} \ No newline at end of file diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index c18a66fa..d93277a7 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -649,6 +649,8 @@ server: {{- include "addons.kubernetes-pods" (dict "context" $) | nindent 4 }} - job_name: kubernetes-pods-slow {{- include "addons.kubernetes-pods-slow" (dict "context" $) | nindent 4 }} + - job_name: mysql-metrics + {{- include "addons.mysql-metrics" (dict "context" $) | nindent 4 }} {{- end }} {{ $scheme := .Values.drycc.scheme }} From bd6434545ea420f7504f8c78d468f8d3c35c5a1b Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 2 Aug 2024 11:42:14 +0800 Subject: [PATCH 112/122] chore(prometheus): modify mysql scrape params --- .../prometheus/2/chart/prometheus/templates/_scrape_config.tpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index 261b68d6..ab64d3c6 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -312,6 +312,8 @@ params: - performanceSchema.replication_group_members - performanceSchema.replication_group_member_stats - performanceSchema.replication_applier_status_by_worker + - auto_increment.columns + - binlog_size relabel_configs: - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] From 4226cd550e61da02c7c4dcc58b01880cddd19848 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 2 Aug 2024 14:29:22 +0800 Subject: [PATCH 113/122] chore(fluentbit): add gateway multiline --- addons/fluentbit/2/chart/fluentbit/values.yaml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/addons/fluentbit/2/chart/fluentbit/values.yaml b/addons/fluentbit/2/chart/fluentbit/values.yaml index ae35e42b..844a93a9 100644 --- a/addons/fluentbit/2/chart/fluentbit/values.yaml +++ b/addons/fluentbit/2/chart/fluentbit/values.yaml @@ -198,7 +198,7 @@ daemonset: [FILTER] name multiline match kubernetes.* - multiline.parser python_multiline,java_multiline,go_multiline + multiline.parser python_multiline,java_multiline,go_multiline,gateway_multiline multiline.key_content log buffer on @@ -247,6 +247,7 @@ daemonset: Rule "cont" "/^[a-z]/" "cont" Rule "cont" "/^Caused by:/" "cont" Rule "cont" "/^\s+/" "cont" + Rule "cont" "/^(?!\d{4}-\d{2}-\d{2})/" "cont" [MULTILINE_PARSER] Name go_multiline @@ -257,6 +258,14 @@ daemonset: Rule "cont" "/^\s+/" "cont" Rule "cont" "/^goroutine /" "cont" + [MULTILINE_PARSER] + Name gateway_multiline + Type regex + Flush_Timeout 1000 + key_content log + Rule "start_state" "/^\[\d{4}-\d{2}-\d{2}/" "cont" + Rule "cont" "/^(?!\[\d{4}-\d{2}-\d{2})/" "cont" + ## @section deployment Parameters ## From 9454a3423436b3f4d2ccc9f962563ab1edf2ed35 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 14 Aug 2024 14:40:49 +0800 Subject: [PATCH 114/122] chore(clickhouse): add timezone --- addons/clickhouse/24/chart/clickhouse/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml index 4b6737ad..6f9bc87e 100644 --- a/addons/clickhouse/24/chart/clickhouse/values.yaml +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -271,6 +271,7 @@ keeper: ## defaultConfigurationOverrides: | + Asia/Shanghai From 24b036f39d54150d43c3716fecdf96aedba3ca77 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 14 Aug 2024 16:38:58 +0800 Subject: [PATCH 115/122] chore(fluentbit): add multiline config --- .../24/chart/clickhouse/values.yaml | 8 +++++- .../fluentbit/2/chart/fluentbit/values.yaml | 28 ++++++++----------- addons/fluentbit/2/meta.yaml | 6 ++++ 3 files changed, 24 insertions(+), 18 deletions(-) diff --git a/addons/clickhouse/24/chart/clickhouse/values.yaml b/addons/clickhouse/24/chart/clickhouse/values.yaml index 6f9bc87e..d14ffc82 100644 --- a/addons/clickhouse/24/chart/clickhouse/values.yaml +++ b/addons/clickhouse/24/chart/clickhouse/values.yaml @@ -206,7 +206,13 @@ resourcesPreset: "small" ## cpu: 3 ## memory: 1024Mi ## -resources: {} +resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enabled ClickHouse pods' Security Context diff --git a/addons/fluentbit/2/chart/fluentbit/values.yaml b/addons/fluentbit/2/chart/fluentbit/values.yaml index 77826998..1a52a920 100644 --- a/addons/fluentbit/2/chart/fluentbit/values.yaml +++ b/addons/fluentbit/2/chart/fluentbit/values.yaml @@ -165,6 +165,7 @@ daemonset: flush: 1 ## https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/configuration-file config: + multilines : python_multiline,java_multiline,go_multiline,gateway_multiline service: | [SERVICE] Flush {{ .Values.daemonset.flush }} @@ -198,7 +199,7 @@ daemonset: [FILTER] name multiline match kubernetes.* - multiline.parser python_multiline,java_multiline,go_multiline,gateway_multiline + multiline.parser {{ .Values.daemonset.config.multilines }} multiline.key_content log buffer on @@ -257,6 +258,15 @@ daemonset: Rule "start_state" "/^panic: /" "cont" Rule "cont" "/^\s+/" "cont" Rule "cont" "/^goroutine /" "cont" + + [MULTILINE_PARSER] + Name gateway_multiline + Type regex + Flush_Timeout 1000 + key_content log + Rule "start_state" "/^\[\d{4}-\d{2}-\d{2}/" "cont" + Rule "cont" "/^(?!\[\d{4}-\d{2}-\d{2})/" "cont" + ## @param daemonset.extraEnvVars Array with extra environment variables to add to daemonset nodes ## e.g: ## extraEnvVars: @@ -271,22 +281,6 @@ daemonset: ## extraEnvVarsSecret: "" - [MULTILINE_PARSER] - Name gateway_multiline - Type regex - Flush_Timeout 1000 - key_content log - Rule "start_state" "/^\[\d{4}-\d{2}-\d{2}/" "cont" - Rule "cont" "/^(?!\[\d{4}-\d{2}-\d{2})/" "cont" - - [MULTILINE_PARSER] - Name gateway_multiline - Type regex - Flush_Timeout 1000 - key_content log - Rule "start_state" "/^\[\d{4}-\d{2}-\d{2}/" "cont" - Rule "cont" "/^(?!\[\d{4}-\d{2}-\d{2})/" "cont" - ## @section deployment Parameters ## diff --git a/addons/fluentbit/2/meta.yaml b/addons/fluentbit/2/meta.yaml index 137edce7..ca1598cf 100644 --- a/addons/fluentbit/2/meta.yaml +++ b/addons/fluentbit/2/meta.yaml @@ -21,4 +21,10 @@ allow_parameters: - name: "daemonset.config.outputs" required: true description: "destinations for your data: databases, cloud services and more" +- name: "daemonset.config.multilines" + equired: false + description: "destinations multilines" +- name: "daemonset.config.parsers" + equired: false + description: "destinations parsers" archive: false From 8351affc0906dec60dbb8b29f52751f5f20cfbde Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 11 Sep 2024 16:50:12 +0800 Subject: [PATCH 116/122] chore(postgresql-cluster): add postgresql-logicalbackup --- .../postgresql-cluster/templates/_helpers.tpl | 10 +++ .../templates/cm-backup.yaml | 1 - .../templates/cm-logicalbackup .yaml | 19 +++++ ...cm -postgresql.yaml => cm-postgresql.yaml} | 0 .../templates/logicalbackup-cronjob.yaml | 69 +++++++++++++++++++ .../15/chart/postgresql-cluster/values.yaml | 58 ++++++++++++++++ addons/postgresql-cluster/15/meta.yaml | 3 + 7 files changed, 159 insertions(+), 1 deletion(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-logicalbackup .yaml rename addons/postgresql-cluster/15/chart/postgresql-cluster/templates/{cm -postgresql.yaml => cm-postgresql.yaml} (100%) create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/logicalbackup-cronjob.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index bb67a496..d5876632 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -52,6 +52,16 @@ Return true if a cronjob object should be created for Postgresql HA patroni ## T {{- end -}} {{- end -}} +{{/* +Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature +*/}} +{{- define "patroni.createLogicalBackupCronJob" -}} +{{- if and .Values.logicalbackup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + {{/* Return true if a configmap object should be created for Postgresql HA patroni */}} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml index 62cb7596..fdc62197 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml @@ -14,4 +14,3 @@ metadata: data: backup.env: |- {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} - diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-logicalbackup .yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-logicalbackup .yaml new file mode 100644 index 00000000..8de61100 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-logicalbackup .yaml @@ -0,0 +1,19 @@ +{{- if (include "patroni.createLogicalBackupCronJob" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-logicalbackup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + logicalbackup.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.logicalbackupScript "context" $ ) | nindent 4 }} + +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-postgresql.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-postgresql.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/logicalbackup-cronjob.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/logicalbackup-cronjob.yaml new file mode 100644 index 00000000..071b9bd9 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/logicalbackup-cronjob.yaml @@ -0,0 +1,69 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- if (include "patroni.createLogicalBackupCronJob" .) }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "patroni.fullname" . }}-logicalbackup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + schedule: "{{ .Values.logicalbackup.scheduleCronJob }}" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ .Chart.Name }}-logicalbackup + image: "{{ .Values.logicalbackupImages.repository }}:{{ .Values.logicalbackupImages.tag }}" + imagePullPolicy: {{ .Values.logicalbackupImages.pullPolicy | quote }} + command: + - /usr/bin/env + - bash + - -c + - | + sh /opt/drycc/logicalbackup/logicalbackup.sh + env: + - name: PGHOST + value: {{ include "patroni.fullname" . }}-repl + - name: PGPORT + value: "5432" + - name: PGUSER + value: postgres + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: MINIO_BUCKET + value: {{ .Values.logicalbackup.minio.bucket }} + - name: MINIO_HOST + value: {{ .Values.logicalbackup.minio.endpoint }} + - name: MINIO_ACCESS_KEY + value: {{ .Values.logicalbackup.minio.access_key }} + - name: MINIO_SECRET_KEY + value: {{ .Values.logicalbackup.minio.secret_key }} + + volumeMounts: + - mountPath: "/opt/drycc/logicalbackup/" + name: logicalbackup-config + + volumes: + - name: logicalbackup-config + configMap: + name: {{ template "common.names.fullname" . }}-logicalbackup +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 6e70ea24..13582f6c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -13,6 +13,12 @@ image: # IfNotPresent , Always pullPolicy: 'IfNotPresent' +logicalbackupImages: + repository: registry.drycc.cc/drycc-addons/postgresql-logicalbackup + tag: 15 + # IfNotPresent , Always + pullPolicy: 'IfNotPresent' + # Credentials used by Patroni , passwd # https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql # https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst @@ -147,6 +153,42 @@ backupEnv: | export AWS_S3_FORCE_PATH_STYLE={{ .Values.backup.s3.awsS3ForcePathStyle | quote }} export AWS_REGION={{ .Values.backup.s3.awsRegion | quote }} +logicalbackupScript: | + #!/bin/bash + + # PostgreSQL 设置 + # POSTGRES_USER="postgres" + # POSTGRES_HOST="127.0.0.1" + + # MinIO 设置 + # MINIO_BUCKET="pgbackup" + # MINIO_HOST="http://localhost:9000" + # MINIO_ACCESS_KEY="admin123" + # MINIO_SECRET_KEY="admin123" + + # 设置 MinIO 客户端别名 + mc alias set myminio $MINIO_HOST $MINIO_ACCESS_KEY $MINIO_SECRET_KEY + + # 创建以当前日期和时间命名的备份目录 + BACKUP_DIR="$(date +%Y%m%d%H%M)" + MINIO_PATH="myminio/$MINIO_BUCKET/$BACKUP_DIR" + + # 备份全局对象 + echo "Backing up global objects to $MINIO_PATH/roles_globals.sql.gz" + pg_dumpall -g -U "$POSTGRES_USER" -h "$POSTGRES_HOST" | pigz | mc pipe "$MINIO_PATH/roles_globals.sql.gz" + + # 获取所有非模板数据库的列表 + DATABASES=$(psql -U "$POSTGRES_USER" -h "$POSTGRES_HOST" -t -c "SELECT datname FROM pg_database WHERE datistemplate = false;") + + # 为每个数据库执行备份 + for DB in $DATABASES; do + echo "Backing up $DB to $MINIO_PATH/$DB.sql.gz" + pg_dump -U "$POSTGRES_USER" -h "$POSTGRES_HOST" "$DB" | pigz | mc pipe "$MINIO_PATH/$DB.sql.gz" + done + + echo "Backup process completed!" + + postgresql: config: |- log_min_duration_statement = 1000 @@ -255,6 +297,19 @@ metrics: requests: cpu: 100m memory: 512Mi + +logicalbackup: + enabled: false + scheduleCronJob: "22 0 * * 0" + minio: + used: true + buckect: "s3://xx" + access_key: "" + secret_key: "" + endpoint: "http://xxxx:9000" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 + backup: # Specifies whether Wal-G should be enabled enabled: false @@ -279,6 +334,9 @@ backup: awsS3ForcePathStyle: "true" awsRegion: dx-1 +logicalBackup: + enabled: false + ## persistentVolumeClaimRetentionPolicy ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention ## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index 0da415d6..44f38ea7 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -24,4 +24,7 @@ allow_parameters: - name: "backup" required: false description: "Whether to use S3 for backup your data. default false . ps: Make sure there is a available S3 " +- name: "logicalbackup" + required: false + description: "Whether to use S3 for logical backup your data. default false . ps: Make sure there is a available S3 " archive: false \ No newline at end of file From 1de88ce9e690f4bb61f3c706d28178a2c50406f9 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 11 Sep 2024 17:30:33 +0800 Subject: [PATCH 117/122] fix(prometheus): scrape mysql --- .../2/chart/prometheus/templates/_scrape_config.tpl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index 9fefe75c..7bfe50c1 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -133,9 +133,9 @@ relabel_configs: action: replace target_label: node - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] - separator: ; - regex: mysql - action: drop + separator: ; + regex: mysql + action: drop {{- end -}} {{- define "addons.kubernetes-service-endpoints-slow" -}} @@ -180,9 +180,9 @@ relabel_configs: action: replace target_label: node - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] - separator: ; - regex: mysql - action: drop + separator: ; + regex: mysql + action: drop {{- end -}} {{- define "addons.kubernetes-pods" -}} From 7d6fbc438374064b18b3966b682630e38eb29d8c Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 12 Sep 2024 09:06:28 +0800 Subject: [PATCH 118/122] chore(addons): modify plans requests --- addons/mongodb/7.0/plans/standard-16c64g400/values.yaml | 4 ++-- addons/mongodb/7.0/plans/standard-32c128g800/values.yaml | 4 ++-- addons/mongodb/7.0/plans/standard-8c32g200/values.yaml | 4 ++-- addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml | 4 ++-- .../mysql-cluster/8.0/plans/standard-32c128g800/values.yaml | 4 ++-- addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml | 4 ++-- .../15/plans/standard-16c64g400/values.yaml | 4 ++-- .../15/plans/standard-32c128g800/values.yaml | 4 ++-- .../15/plans/standard-32c64g4000/values.yaml | 4 ++-- .../postgresql-cluster/15/plans/standard-8c32g200/values.yaml | 4 ++-- 10 files changed, 20 insertions(+), 20 deletions(-) diff --git a/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml b/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml index 7e5e03a0..9ef94dff 100644 --- a/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml +++ b/addons/mongodb/7.0/plans/standard-16c64g400/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 16000m memory: 64Gi requests: - cpu: 16000m - memory: 64Gi + cpu: 8000m + memory: 32Gi persistence: size: 400Gi diff --git a/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml b/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml index c5074501..4c339766 100644 --- a/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml +++ b/addons/mongodb/7.0/plans/standard-32c128g800/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 32000m memory: 128Gi requests: - cpu: 32000m - memory: 128Gi + cpu: 16000m + memory: 64Gi persistence: size: 800Gi diff --git a/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml b/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml index 16158f0f..442f087d 100644 --- a/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml +++ b/addons/mongodb/7.0/plans/standard-8c32g200/values.yaml @@ -16,8 +16,8 @@ resources: cpu: 8000m memory: 32Gi requests: - cpu: 8000m - memory: 32Gi + cpu: 4000m + memory: 16Gi persistence: size: 200Gi diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml index 6871d366..78f05cfe 100644 --- a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml @@ -18,8 +18,8 @@ primary: cpu: 16000m memory: 64Gi requests: - cpu: 16000m - memory: 64Gi + cpu: 8000m + memory: 32Gi router: resources: diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml index 1818b84a..ead2abb1 100644 --- a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml @@ -18,8 +18,8 @@ primary: cpu: 32000m memory: 128Gi requests: - cpu: 32000m - memory: 128Gi + cpu: 16000m + memory: 64Gi router: resources: diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml index 8ad37aa4..2b3d28e7 100644 --- a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml @@ -18,8 +18,8 @@ primary: cpu: 8000m memory: 32Gi requests: - cpu: 8000m - memory: 32Gi + cpu: 4000m + memory: 16Gi router: resources: diff --git a/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml index fe3f5cbf..a14f012e 100644 --- a/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-16c64g400/values.yaml @@ -67,8 +67,8 @@ resources: memory: 64Gi hugepages-2Mi: 40Mi requests: - cpu: 16000m - memory: 64Gi + cpu: 8000m + memory: 32Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml index d9c9501e..c0ed7230 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c128g800/values.yaml @@ -67,8 +67,8 @@ resources: memory: 128Gi hugepages-2Mi: 80Mi requests: - cpu: 32000m - memory: 128Gi + cpu: 16000m + memory: 64Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml index b4a6a7ee..2c9a48e3 100644 --- a/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-32c64g4000/values.yaml @@ -67,8 +67,8 @@ resources: memory: 64Gi hugepages-2Mi: 80Mi requests: - cpu: 32000m - memory: 64Gi + cpu: 16000m + memory: 32Gi persistentVolume: enabled: true diff --git a/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml index 3d129faa..08d777be 100644 --- a/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-8c32g200/values.yaml @@ -67,8 +67,8 @@ resources: memory: 32Gi hugepages-2Mi: 60Mi requests: - cpu: 8000m - memory: 32Gi + cpu: 4000m + memory: 16Gi persistentVolume: enabled: true From f631bc3ffe7256c85e9b70cd6e1b8cdd61385bdb Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 14 Oct 2024 15:49:22 +0800 Subject: [PATCH 119/122] fix(mysql-cluster): router limits --- .../8.0/plans/standard-16c64g400/values.yaml | 18 +++++++++--------- .../8.0/plans/standard-32c128g800/values.yaml | 17 ++++++++--------- .../8.0/plans/standard-4c16g100/values.yaml | 18 +++++++++--------- .../8.0/plans/standard-8c32g200/values.yaml | 18 +++++++++--------- 4 files changed, 35 insertions(+), 36 deletions(-) diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml index 78f05cfe..f346d776 100644 --- a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml @@ -21,15 +21,6 @@ primary: cpu: 8000m memory: 32Gi -router: - resources: - limits: - cpu: 1600m - memory: 2Gi - requests: - cpu: 1600m - memory: 2Gi - ## @section Persistence parameters ## Enable persistence using Persistent Volume Claims @@ -67,3 +58,12 @@ router: ## app: my-app ## selector: {} + +router: + resources: + limits: + cpu: 1600m + memory: 2Gi + requests: + cpu: 1600m + memory: 2Gi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml index ead2abb1..c25affff 100644 --- a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml @@ -21,15 +21,6 @@ primary: cpu: 16000m memory: 64Gi -router: - resources: - limits: - cpu: 3200m - memory: 4Gi - requests: - cpu: 3200m - memory: 4Gi - ## @section Persistence parameters ## Enable persistence using Persistent Volume Claims @@ -67,3 +58,11 @@ router: ## app: my-app ## selector: {} +router: + resources: + limits: + cpu: 3200m + memory: 4Gi + requests: + cpu: 3200m + memory: 4Gi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml index da0cbee1..68412b31 100644 --- a/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-4c16g100/values.yaml @@ -21,15 +21,6 @@ primary: cpu: 4000m memory: 16Gi -router: - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 500m - memory: 512Mi - ## @section Persistence parameters ## Enable persistence using Persistent Volume Claims @@ -67,3 +58,12 @@ router: ## app: my-app ## selector: {} + +router: + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 500m + memory: 512Mi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml index 2b3d28e7..4061331e 100644 --- a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml @@ -20,15 +20,6 @@ primary: requests: cpu: 4000m memory: 16Gi - -router: - resources: - limits: - cpu: 800m - memory: 1024Mi - requests: - cpu: 800m - memory: 1024Mi ## @section Persistence parameters @@ -67,3 +58,12 @@ router: ## app: my-app ## selector: {} + +router: + resources: + limits: + cpu: 800m + memory: 1024Mi + requests: + cpu: 800m + memory: 1024Mi \ No newline at end of file From 86f877e15f9ee6ff6f056884c1fe8fdf487c07aa Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 14 Oct 2024 18:12:30 +0800 Subject: [PATCH 120/122] fix(mysql-cluster): router limits --- .../8.0/plans/standard-16c64g400/values.yaml | 12 ------------ .../8.0/plans/standard-32c128g800/values.yaml | 12 ------------ .../8.0/plans/standard-8c32g200/values.yaml | 12 ------------ 3 files changed, 36 deletions(-) diff --git a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml index 2faf05c2..f346d776 100644 --- a/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-16c64g400/values.yaml @@ -20,18 +20,6 @@ primary: requests: cpu: 8000m memory: 32Gi -<<<<<<< HEAD -======= - -router: - resources: - limits: - cpu: 1600m - memory: 2Gi - requests: - cpu: 1600m - memory: 2Gi ->>>>>>> f6c0e1df94a939481eea0c5348f8b611e035180b ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml index ed50c098..c25affff 100644 --- a/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-32c128g800/values.yaml @@ -20,18 +20,6 @@ primary: requests: cpu: 16000m memory: 64Gi -<<<<<<< HEAD -======= - -router: - resources: - limits: - cpu: 3200m - memory: 4Gi - requests: - cpu: 3200m - memory: 4Gi ->>>>>>> f6c0e1df94a939481eea0c5348f8b611e035180b ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml index a545ed67..4061331e 100644 --- a/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-8c32g200/values.yaml @@ -20,18 +20,6 @@ primary: requests: cpu: 4000m memory: 16Gi -<<<<<<< HEAD -======= - -router: - resources: - limits: - cpu: 800m - memory: 1024Mi - requests: - cpu: 800m - memory: 1024Mi ->>>>>>> f6c0e1df94a939481eea0c5348f8b611e035180b ## @section Persistence parameters From 6fad48789b0273c10d0d96b0419635b4136e1638 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 16 Oct 2024 16:52:55 +0800 Subject: [PATCH 121/122] fix(mysql-cluster): remove metrics probe --- addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 01eb06e9..f0eb3a45 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -1112,6 +1112,9 @@ metrics: - --collect.perf_schema.replication_group_members - --collect.perf_schema.replication_group_member_stats - --collect.perf_schema.replication_applier_status_by_worker + - --collect.auto_increment.columns + - --collect.binlog_size + - --collect.engine_innodb_status secondary: [] ## Mysqld Prometheus exporter resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ @@ -1158,7 +1161,7 @@ metrics: ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: - enabled: true + enabled: false initialDelaySeconds: 120 periodSeconds: 10 timeoutSeconds: 10 @@ -1174,7 +1177,7 @@ metrics: ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: - enabled: true + enabled: false initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 10 From 12ef7d704f7151854d14e97586cf84d67267c286 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 21 Oct 2024 18:01:40 +0800 Subject: [PATCH 122/122] chore(mysql-cluster): optimisation metrics --- addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index f0eb3a45..34a406b2 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -1112,9 +1112,7 @@ metrics: - --collect.perf_schema.replication_group_members - --collect.perf_schema.replication_group_member_stats - --collect.perf_schema.replication_applier_status_by_worker - - --collect.auto_increment.columns - - --collect.binlog_size - - --collect.engine_innodb_status + secondary: [] ## Mysqld Prometheus exporter resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/