Merge branch 'master' into dexAnnotations
This commit is contained in:
commit
4358a10e2e
77 changed files with 16185 additions and 17524 deletions
|
@ -1,2 +1,4 @@
|
|||
chart-repos:
|
||||
- argo=https://argoproj.github.io/argo-helm
|
||||
- minio=https://helm.min.io/
|
||||
- dandydeveloper=https://dandydeveloper.github.io/charts/
|
||||
|
|
|
@ -2,23 +2,26 @@ version: 2.1
|
|||
jobs:
|
||||
lint:
|
||||
docker:
|
||||
- image: gcr.io/kubernetes-charts-ci/test-image:v3.1.0
|
||||
- image: quay.io/helmpack/chart-testing:v3.3.1
|
||||
steps:
|
||||
- checkout
|
||||
- run: helm repo add stable https://charts.helm.sh/stable
|
||||
- run: ct lint --config .circleci/chart-testing.yaml --lint-conf .circleci/lintconf.yaml
|
||||
# Technically this only needs to be run on master, but it's good to have it run on every PR
|
||||
# so that it is regularly tested.
|
||||
publish:
|
||||
docker:
|
||||
# We just need an image with `helm` on it. Handily we know of one already.
|
||||
- image: gcr.io/kubernetes-charts-ci/test-image:v3.1.0
|
||||
- image: quay.io/helmpack/chart-testing:v3.3.1
|
||||
steps:
|
||||
# install the additional keys needed to push to Github. Alex Collins owns these keys.
|
||||
# install the additional keys needed to push to GitHub. Alex Collins owns these keys.
|
||||
- add_ssh_keys
|
||||
- run: git config --global user.email "nobody@circleci.com"
|
||||
- run: git config --global user.name "Circle CI Build"
|
||||
- checkout
|
||||
- run: helm init --client-only
|
||||
- run: helm repo add stable https://charts.helm.sh/stable
|
||||
- run: helm repo add minio https://helm.min.io/
|
||||
- run: helm repo add dandydeveloper https://dandydeveloper.github.io/charts/
|
||||
# Only actually publish charts on master.
|
||||
- run: |
|
||||
set -x
|
||||
|
@ -35,4 +38,4 @@ workflows:
|
|||
- lint
|
||||
- publish:
|
||||
requires:
|
||||
- lint
|
||||
- lint
|
||||
|
|
4
.github/pull_request_template.md
vendored
4
.github/pull_request_template.md
vendored
|
@ -1,9 +1,9 @@
|
|||
Checklist:
|
||||
|
||||
* [ ] I have update the chart version in `Chart.yaml` following Semantic Versioning.
|
||||
* [ ] I have updated the chart version in `Chart.yaml` following Semantic Versioning.
|
||||
* [ ] Any new values are backwards compatible and/or have sensible default.
|
||||
* [ ] I have followed the testing instructions in the [contributing guide](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md).
|
||||
* [ ] I have signed the CLA and the build is green.
|
||||
* [ ] I will test my changes again once merged to master and published.
|
||||
|
||||
Changes are automatically published when merged to `master`. They are not published on branches.
|
||||
Changes are automatically published when merged to `master`. They are not published on branches.
|
||||
|
|
17
.github/stale.yaml
vendored
Normal file
17
.github/stale.yaml
vendored
Normal file
|
@ -0,0 +1,17 @@
|
|||
# Number of days of inactivity before an issue becomes stale
|
||||
daysUntilStale: 60
|
||||
# Number of days of inactivity before a stale issue is closed
|
||||
daysUntilClose: 7
|
||||
# Issues with these labels will never be considered stale
|
||||
exemptLabels:
|
||||
- pinned
|
||||
- security
|
||||
# Label to use when marking an issue as stale
|
||||
staleLabel: wontfix
|
||||
# Comment to post when marking an issue as stale. Set to `false` to disable
|
||||
markComment: >
|
||||
This issue has been automatically marked as stale because it has not had
|
||||
recent activity. It will be closed if no further activity occurs. Thank you
|
||||
for your contributions.
|
||||
# Comment to post when closing a stale issue. Set to `false` to disable
|
||||
closeComment: false
|
|
@ -1,13 +1,13 @@
|
|||
# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
|
||||
|
||||
# Argo Workflows
|
||||
/charts/argo @benjaminws @stefansedich @paguos
|
||||
/charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand
|
||||
|
||||
# Argo CD
|
||||
/charts/argo-cd @seanson @spencergilbert
|
||||
/charts/argo-cd @seanson @spencergilbert @davidkarlsen @mr-sour @yann-soubeyrand
|
||||
|
||||
# Argo Events
|
||||
/charts/argo-events @jbehling
|
||||
/charts/argo-events @jbehling @VaibhavPage
|
||||
|
||||
# Argo Rollouts
|
||||
/charts/argo-rollouts @cabrinha
|
||||
|
|
|
@ -76,7 +76,7 @@ Please ensure chart version changes adhere to semantic versioning standards:
|
|||
|
||||
## Testing Charts
|
||||
|
||||
As part of the Continous Intergration system we run Helm's [Chart Testing](https://github.com/helm/chart-testing) tool.
|
||||
As part of the Continuous Integration system we run Helm's [Chart Testing](https://github.com/helm/chart-testing) tool.
|
||||
|
||||
The checks for this tool are stricter than the standard Helm requirements, where fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames.
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
apiVersion: v1
|
||||
appVersion: 1.7.6
|
||||
appVersion: 1.8.4
|
||||
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
|
||||
name: argo-cd
|
||||
version: 2.12.0
|
||||
version: 2.14.4
|
||||
home: https://github.com/argoproj/argo-helm
|
||||
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
|
||||
keywords:
|
||||
|
|
|
@ -20,7 +20,7 @@ The application controller is now available as a `StatefulSet` when the `control
|
|||
|
||||
### 1.8.7 to 2.x.x
|
||||
|
||||
`controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are now arrays of strings intead of a map
|
||||
`controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are now arrays of strings instead of a map
|
||||
|
||||
What was
|
||||
```yaml
|
||||
|
@ -54,11 +54,11 @@ NAME: my-release
|
|||
...
|
||||
```
|
||||
|
||||
### Helm v3 Compatability
|
||||
### Helm v3 Compatibility
|
||||
|
||||
Requires chart version 1.5.2 or newer.
|
||||
|
||||
Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistant webhooks.
|
||||
Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks.
|
||||
|
||||
## Chart Values
|
||||
|
||||
|
@ -66,7 +66,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
|
|||
|-----|------|---------|
|
||||
| global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` |
|
||||
| global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` |
|
||||
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.7.6"` |
|
||||
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.8.4"` |
|
||||
| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) |
|
||||
| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` |
|
||||
| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
|
||||
|
@ -129,7 +129,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
|
|||
| controller.service.annotations | Controller service annotations. | `{}` |
|
||||
| controller.service.labels | Controller service labels. | `{}` |
|
||||
| controller.service.port | Controller service port. | `8082` |
|
||||
| controler.serviceAccount.annotations | Controller service account annotations | `{}` |
|
||||
| controller.serviceAccount.annotations | Controller service account annotations | `{}` |
|
||||
| controller.serviceAccount.create | Create a service account for the controller | `true` |
|
||||
| controller.serviceAccount.name | Service account name. | `"argocd-application-controller"` |
|
||||
| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
|
||||
|
@ -224,6 +224,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
|
|||
| server.ingressGrpc.tls | Ingress TLS configuration for dedicated [gRPC-ingress] | `[]` |
|
||||
| server.route.enabled | Enable a OpenShift route for the server | `false` |
|
||||
| server.route.hostname | Hostname of OpenShift route | `""` |
|
||||
| server.lifecycle | PostStart and PreStop hooks configuration | `{}` |
|
||||
| server.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
|
||||
| server.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
|
||||
| server.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
|
||||
|
@ -257,6 +258,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
|
|||
| server.service.servicePortHttpName | Server service http port name, can be used to route traffic via istio | `http` |
|
||||
| server.service.servicePortHttpsName | Server service https port name, can be used to route traffic via istio | `https` |
|
||||
| server.service.loadBalancerSourceRanges | Source IP ranges to allow access to service from. | `[]` |
|
||||
| server.service.externalIPs | Server service external IPs. | `[]` |
|
||||
| server.service.type | Server service type | `"ClusterIP"` |
|
||||
| server.serviceAccount.annotations | Server service account annotations | `{}` |
|
||||
| server.serviceAccount.create | Create server service account | `true` |
|
||||
|
@ -336,4 +338,4 @@ through `xxx.extraArgs`
|
|||
| redis-ha.haproxy.metrics.enabled | HAProxy enable prometheus metric scraping | `true` |
|
||||
| redis-ha.image.tag | Redis tag | `"5.0.8-alpine"` |
|
||||
|
||||
[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/
|
||||
[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
apiVersion: v1
|
||||
appVersion: 5.0.6
|
||||
description: Highly available Kubernetes implementation of Redis
|
||||
engine: gotpl
|
||||
home: http://redis.io/
|
||||
icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png
|
||||
keywords:
|
||||
- redis
|
||||
- keyvalue
|
||||
- database
|
||||
maintainers:
|
||||
- email: salimsalaues@gmail.com
|
||||
name: ssalaues
|
||||
- email: aaron.layfield@gmail.com
|
||||
name: dandydeveloper
|
||||
name: redis-ha
|
||||
sources:
|
||||
- https://redis.io/download
|
||||
- https://github.com/scality/Zenko/tree/development/1.0/kubernetes/zenko/charts/redis-ha
|
||||
- https://github.com/oliver006/redis_exporter
|
||||
version: 4.4.2
|
|
@ -1,6 +0,0 @@
|
|||
approvers:
|
||||
- ssalaues
|
||||
- dandydeveloper
|
||||
reviewers:
|
||||
- ssalaues
|
||||
- dandydeveloper
|
|
@ -1,230 +0,0 @@
|
|||
# Redis
|
||||
|
||||
[Redis](http://redis.io/) is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs.
|
||||
|
||||
## TL;DR;
|
||||
|
||||
```bash
|
||||
$ helm install stable/redis-ha
|
||||
```
|
||||
|
||||
By default this chart install 3 pods total:
|
||||
* one pod containing a redis master and sentinel container (optional prometheus metrics exporter sidecar available)
|
||||
* two pods each containing a redis slave and sentinel containers (optional prometheus metrics exporter sidecars available)
|
||||
|
||||
## Introduction
|
||||
|
||||
This chart bootstraps a [Redis](https://redis.io) highly available master/slave statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.8+ with Beta APIs enabled
|
||||
- PV provisioner support in the underlying infrastructure
|
||||
|
||||
## Upgrading the Chart
|
||||
|
||||
Please note that there have been a number of changes simplifying the redis management strategy (for better failover and elections) in the 3.x version of this chart. These changes allow the use of official [redis](https://hub.docker.com/_/redis/) images that do not require special RBAC or ServiceAccount roles. As a result when upgrading from version >=2.0.1 to >=3.0.0 of this chart, `Role`, `RoleBinding`, and `ServiceAccount` resources should be deleted manually.
|
||||
|
||||
### Upgrading the chart from 3.x to 4.x
|
||||
|
||||
Starting from version `4.x` HAProxy sidecar prometheus-exporter removed and replaced by the embedded [HAProxy metrics endpoint](https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter), as a result when upgrading from version 3.x to 4.x section `haproxy.exporter` should be removed and the `haproxy.metrics` need to be configured for fit your needs.
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install the chart
|
||||
|
||||
```bash
|
||||
$ helm install stable/redis-ha
|
||||
```
|
||||
|
||||
The command deploys Redis on the Kubernetes cluster in the default configuration. By default this chart install one master pod containing redis master container and sentinel container along with 2 redis slave pods each containing their own sentinel sidecars. The [configuration](#configuration) section lists the parameters that can be configured during installation.
|
||||
|
||||
> **Tip**: List all releases using `helm list`
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To uninstall/delete the deployment:
|
||||
|
||||
```bash
|
||||
$ helm delete <chart-name>
|
||||
```
|
||||
|
||||
The command removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
## Configuration
|
||||
|
||||
The following table lists the configurable parameters of the Redis chart and their default values.
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|:--------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------|
|
||||
| `image` | Redis image | `redis` |
|
||||
| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | [] |
|
||||
| `tag` | Redis tag | `5.0.6-alpine` |
|
||||
| `replicas` | Number of redis master/slave pods | `3` |
|
||||
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
|
||||
| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the redis-ha.fullname template |
|
||||
| `rbac.create` | Create and use RBAC resources | `true` |
|
||||
| `redis.port` | Port to access the redis service | `6379` |
|
||||
| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `mymaster` |
|
||||
| `redis.config` | Any valid redis config options in this section will be applied to each server (see below) | see values.yaml |
|
||||
| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored | `` |
|
||||
| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | `{}` |
|
||||
| `sentinel.port` | Port to access the sentinel service | `26379` |
|
||||
| `sentinel.quorum` | Minimum number of servers necessary to maintain quorum | `2` |
|
||||
| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | see values.yaml |
|
||||
| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored | `` |
|
||||
| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | `{}` |
|
||||
| `init.resources` | CPU/Memory for init Container node resource requests/limits | `{}` |
|
||||
| `auth` | Enables or disables redis AUTH (Requires `redisPassword` to be set) | `false` |
|
||||
| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) | `` |
|
||||
| `authKey` | The key holding the redis password in an existing secret. | `auth` |
|
||||
| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) | `` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `tolerations` | Toleration labels for pod assignment | `[]` |
|
||||
| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. | `true` |
|
||||
| `additionalAffinities` | Additional affinities to add to the Redis server pods. | `{}` |
|
||||
| `securityContext` | Security context to be added to the Redis server pods. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` |
|
||||
| `affinity` | Override all other affinity settings with a string. | `""` |
|
||||
| `persistentVolume.size` | Size for the volume | 10Gi |
|
||||
| `persistentVolume.annotations` | Annotations for the volume | `{}` |
|
||||
| `persistentVolume.reclaimPolicy` | Method used to reclaim an obsoleted volume. `Delete` or `Retain` | `""` |
|
||||
| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | `{}` |
|
||||
| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | `false` |
|
||||
| `exporter.image` | Exporter image | `oliver006/redis_exporter` |
|
||||
| `exporter.tag` | Exporter tag | `v0.31.0` |
|
||||
| `exporter.port` | Exporter port | `9121` |
|
||||
| `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` |
|
||||
| `exporter.extraArgs` | Additional args for the exporter | `{}` |
|
||||
| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | |
|
||||
| `exporter.serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` |
|
||||
| `exporter.serviceMonitor.namespace` | Namespace the service monitor is created in | `default` |
|
||||
| `exporter.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` |
|
||||
| `exporter.serviceMonitor.telemetryPath` | Path to redis-exporter telemetry-path | `/metrics` |
|
||||
| `exporter.serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` |
|
||||
| `exporter.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` |
|
||||
| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | `false` |
|
||||
| `haproxy.replicas` | Number of HAProxy instances | `3` |
|
||||
| `haproxy.image.repository`| HAProxy Image Repository | `haproxy` |
|
||||
| `haproxy.image.tag` | HAProxy Image Tag | `2.0.1` |
|
||||
| `haproxy.image.pullPolicy`| HAProxy Image PullPolicy | `IfNotPresent` |
|
||||
| `haproxy.imagePullSecrets`| Reference to one or more secrets to be used when pulling haproxy images | [] |
|
||||
| `haproxy.annotations` | HAProxy template annotations | `{}` |
|
||||
| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten | `` |
|
||||
| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg | `` |
|
||||
| `haproxy.resources` | HAProxy resources | `{}` |
|
||||
| `haproxy.emptyDir` | Configuration of `emptyDir` | `{}` |
|
||||
| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | `ClusterIP` |
|
||||
| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | not set |
|
||||
| `haproxy.service.annotations` | HAProxy service annotations | `{}` |
|
||||
| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | `false` |
|
||||
| `haproxy.hapreadport.enable` | Enable a read only port for redis slaves | `false` |
|
||||
| `haproxy.hapreadport.port` | Haproxy port for read only redis slaves | `6380` |
|
||||
| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | `false` |
|
||||
| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | `9101` |
|
||||
| `haproxy.metrics.portName` | HAProxy metrics scraping port name | `exporter-port` |
|
||||
| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping port | `/metrics` |
|
||||
| `haproxy.metrics.serviceMonitor.enabled` | Use servicemonitor from prometheus operator for HAProxy metrics | `false` |
|
||||
| `haproxy.metrics.serviceMonitor.namespace` | Namespace the service monitor for HAProxy metrics is created in | `default` |
|
||||
| `haproxy.metrics.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` |
|
||||
| `haproxy.metrics.serviceMonitor.telemetryPath` | Path to HAProxy metrics telemetry-path | `/metrics` |
|
||||
| `haproxy.metrics.serviceMonitor.labels` | Labels for the HAProxy metrics servicemonitor passed to Prometheus Operator | `{}` |
|
||||
| `haproxy.metrics.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` |
|
||||
| `haproxy.init.resources` | Extra init resources | `{}` |
|
||||
| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | `4s` |
|
||||
| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | `30s` |
|
||||
| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | `30s` |
|
||||
| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | `2s` |
|
||||
| `haproxy.priorityClassName` | priorityClassName for `haproxy` deployment | not set |
|
||||
| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` |
|
||||
| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | `true` |
|
||||
| `haproxy.affinity` | Override all other haproxy affinity settings with a string. | `""` |
|
||||
| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy server pods. | `{}` |
|
||||
| `podDisruptionBudget` | Pod Disruption Budget rules | `{}` |
|
||||
| `priorityClassName` | priorityClassName for `redis-ha-statefulset` | not set |
|
||||
| `hostPath.path` | Use this path on the host for data storage | not set |
|
||||
| `hostPath.chown` | Run an init-container as root to set ownership on the hostPath | `true` |
|
||||
| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | `false` |
|
||||
| `sysctlImage.command` | sysctlImage command to execute | [] |
|
||||
| `sysctlImage.registry` | sysctlImage Init container registry | `docker.io` |
|
||||
| `sysctlImage.repository` | sysctlImage Init container name | `busybox` |
|
||||
| `sysctlImage.tag` | sysctlImage Init container tag | `1.31.1` |
|
||||
| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `Always` |
|
||||
| `sysctlImage.mountHostSys`| Mount the host `/sys` folder to `/host-sys` | `false` |
|
||||
| `sysctlImage.resources` | sysctlImage resources | `{}` |
|
||||
| `schedulerName` | Alternate scheduler name | `nil` |
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
|
||||
|
||||
```bash
|
||||
$ helm install \
|
||||
--set image=redis \
|
||||
--set tag=5.0.5-alpine \
|
||||
stable/redis-ha
|
||||
```
|
||||
|
||||
The above command sets the Redis server within `default` namespace.
|
||||
|
||||
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
|
||||
|
||||
```bash
|
||||
$ helm install -f values.yaml stable/redis-ha
|
||||
```
|
||||
|
||||
> **Tip**: You can use the default [values.yaml](values.yaml)
|
||||
|
||||
## Custom Redis and Sentinel config options
|
||||
|
||||
This chart allows for most redis or sentinel config options to be passed as a key value pair through the `values.yaml` under `redis.config` and `sentinel.config`. See links below for all available options.
|
||||
|
||||
[Example redis.conf](http://download.redis.io/redis-stable/redis.conf)
|
||||
[Example sentinel.conf](http://download.redis.io/redis-stable/sentinel.conf)
|
||||
|
||||
For example `repl-timeout 60` would be added to the `redis.config` section of the `values.yaml` as:
|
||||
|
||||
```yml
|
||||
repl-timeout: "60"
|
||||
```
|
||||
|
||||
Note:
|
||||
|
||||
1. Some config options should be renamed by redis version,e.g.:
|
||||
|
||||
```
|
||||
# In redis 5.x,see https://raw.githubusercontent.com/antirez/redis/5.0/redis.conf
|
||||
min-replicas-to-write: 1
|
||||
min-replicas-max-lag: 5
|
||||
|
||||
# In redis 4.x and redis 3.x,see https://raw.githubusercontent.com/antirez/redis/4.0/redis.conf and https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf
|
||||
min-slaves-to-write 1
|
||||
min-slaves-max-lag 5
|
||||
```
|
||||
|
||||
Sentinel options supported must be in the the `sentinel <option> <master-group-name> <value>` format. For example, `sentinel down-after-milliseconds 30000` would be added to the `sentinel.config` section of the `values.yaml` as:
|
||||
|
||||
```yml
|
||||
down-after-milliseconds: 30000
|
||||
```
|
||||
|
||||
If more control is needed from either the redis or sentinel config then an entire config can be defined under `redis.customConfig` or `sentinel.customConfig`. Please note that these values will override any configuration options under their respective section. For example, if you define `sentinel.customConfig` then the `sentinel.config` is ignored.
|
||||
|
||||
## Host Kernel Settings
|
||||
Redis may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages.
|
||||
To do so, you can set up a privileged initContainer with the `sysctlImage` config values, for example:
|
||||
```
|
||||
sysctlImage:
|
||||
enabled: true
|
||||
mountHostSys: true
|
||||
command:
|
||||
- /bin/sh
|
||||
- -xc
|
||||
- |-
|
||||
sysctl -w net.core.somaxconn=10000
|
||||
echo never > /host-sys/kernel/mm/transparent_hugepage/enabled
|
||||
```
|
||||
|
||||
## HAProxy startup
|
||||
|
||||
When HAProxy is enabled, it will attempt to connect to each announce-service of each redis replica instance in its init container before starting.
|
||||
It will fail if announce-service IP is not available fast enough (10 seconds max by announce-service).
|
||||
A such case could happen if the orchestator is pending the nomination of redis pods.
|
||||
Risk is limited because announce-service is using `publishNotReadyAddresses: true`, although, in such case, HAProxy pod will be rescheduled afterward by the orchestrator.
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
## Enable HAProxy to manage Load Balancing
|
||||
haproxy:
|
||||
enabled: true
|
||||
annotations:
|
||||
any.domain/key: "value"
|
||||
serviceAccount:
|
||||
create: true
|
||||
metrics:
|
||||
enabled: true
|
|
@ -1,25 +0,0 @@
|
|||
Redis can be accessed via port {{ .Values.redis.port }} and Sentinel can be accessed via port {{ .Values.sentinel.port }} on the following DNS name from within your cluster:
|
||||
{{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
|
||||
|
||||
To connect to your Redis server:
|
||||
|
||||
{{- if .Values.auth }}
|
||||
1. To retrieve the redis password:
|
||||
echo $(kubectl get secret {{ template "redis-ha.fullname" . }} -o "jsonpath={.data['auth']}" | base64 --decode)
|
||||
|
||||
2. Connect to the Redis master pod that you can use as a client. By default the {{ template "redis-ha.fullname" . }}-server-0 pod is configured as the master:
|
||||
|
||||
kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 sh -n {{ .Release.Namespace }}
|
||||
|
||||
3. Connect using the Redis CLI (inside container):
|
||||
|
||||
redis-cli -a <REDIS-PASS-FROM-SECRET>
|
||||
{{- else }}
|
||||
1. Run a Redis pod that you can use as a client:
|
||||
|
||||
kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 sh -n {{ .Release.Namespace }}
|
||||
|
||||
2. Connect using the Redis CLI:
|
||||
|
||||
redis-cli -h {{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
|
||||
{{- end }}
|
|
@ -1,275 +0,0 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{- define "config-redis.conf" }}
|
||||
{{- if .Values.redis.customConfig }}
|
||||
{{ tpl .Values.redis.customConfig . | indent 4 }}
|
||||
{{- else }}
|
||||
dir "/data"
|
||||
port {{ .Values.redis.port }}
|
||||
{{- range $key, $value := .Values.redis.config }}
|
||||
{{ $key }} {{ $value }}
|
||||
{{- end }}
|
||||
{{- if .Values.auth }}
|
||||
requirepass replace-default-auth
|
||||
masterauth replace-default-auth
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "config-sentinel.conf" }}
|
||||
{{- if .Values.sentinel.customConfig }}
|
||||
{{ tpl .Values.sentinel.customConfig . | indent 4 }}
|
||||
{{- else }}
|
||||
dir "/data"
|
||||
{{- range $key, $value := .Values.sentinel.config }}
|
||||
{{- if eq "maxclients" $key }}
|
||||
{{ $key }} {{ $value }}
|
||||
{{- else }}
|
||||
sentinel {{ $key }} {{ template "redis-ha.masterGroupName" $ }} {{ $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.auth }}
|
||||
sentinel auth-pass {{ template "redis-ha.masterGroupName" . }} replace-default-auth
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "config-init.sh" }}
|
||||
HOSTNAME="$(hostname)"
|
||||
INDEX="${HOSTNAME##*-}"
|
||||
MASTER="$(redis-cli -h {{ template "redis-ha.fullname" . }} -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ template "redis-ha.masterGroupName" . }} | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
|
||||
MASTER_GROUP="{{ template "redis-ha.masterGroupName" . }}"
|
||||
QUORUM="{{ .Values.sentinel.quorum }}"
|
||||
REDIS_CONF=/data/conf/redis.conf
|
||||
REDIS_PORT={{ .Values.redis.port }}
|
||||
SENTINEL_CONF=/data/conf/sentinel.conf
|
||||
SENTINEL_PORT={{ .Values.sentinel.port }}
|
||||
SERVICE={{ template "redis-ha.fullname" . }}
|
||||
set -eu
|
||||
|
||||
sentinel_update() {
|
||||
echo "Updating sentinel config with master $MASTER"
|
||||
eval MY_SENTINEL_ID="\${SENTINEL_ID_$INDEX}"
|
||||
sed -i "1s/^/sentinel myid $MY_SENTINEL_ID\\n/" "$SENTINEL_CONF"
|
||||
sed -i "2s/^/sentinel monitor $MASTER_GROUP $1 $REDIS_PORT $QUORUM \\n/" "$SENTINEL_CONF"
|
||||
echo "sentinel announce-ip $ANNOUNCE_IP" >> $SENTINEL_CONF
|
||||
echo "sentinel announce-port $SENTINEL_PORT" >> $SENTINEL_CONF
|
||||
}
|
||||
|
||||
redis_update() {
|
||||
echo "Updating redis config"
|
||||
echo "slaveof $1 $REDIS_PORT" >> "$REDIS_CONF"
|
||||
echo "slave-announce-ip $ANNOUNCE_IP" >> $REDIS_CONF
|
||||
echo "slave-announce-port $REDIS_PORT" >> $REDIS_CONF
|
||||
}
|
||||
|
||||
copy_config() {
|
||||
cp /readonly-config/redis.conf "$REDIS_CONF"
|
||||
cp /readonly-config/sentinel.conf "$SENTINEL_CONF"
|
||||
}
|
||||
|
||||
setup_defaults() {
|
||||
echo "Setting up defaults"
|
||||
if [ "$INDEX" = "0" ]; then
|
||||
echo "Setting this pod as the default master"
|
||||
redis_update "$ANNOUNCE_IP"
|
||||
sentinel_update "$ANNOUNCE_IP"
|
||||
sed -i "s/^.*slaveof.*//" "$REDIS_CONF"
|
||||
else
|
||||
DEFAULT_MASTER="$(getent hosts "$SERVICE-announce-0" | awk '{ print $1 }')"
|
||||
if [ -z "$DEFAULT_MASTER" ]; then
|
||||
echo "Unable to resolve host"
|
||||
exit 1
|
||||
fi
|
||||
echo "Setting default slave config.."
|
||||
redis_update "$DEFAULT_MASTER"
|
||||
sentinel_update "$DEFAULT_MASTER"
|
||||
fi
|
||||
}
|
||||
|
||||
find_master() {
|
||||
echo "Attempting to find master"
|
||||
if [ "$(redis-cli -h "$MASTER"{{ if .Values.auth }} -a "$AUTH"{{ end }} ping)" != "PONG" ]; then
|
||||
echo "Can't ping master, attempting to force failover"
|
||||
if redis-cli -h "$SERVICE" -p "$SENTINEL_PORT" sentinel failover "$MASTER_GROUP" | grep -q 'NOGOODSLAVE' ; then
|
||||
setup_defaults
|
||||
return 0
|
||||
fi
|
||||
sleep 10
|
||||
MASTER="$(redis-cli -h $SERVICE -p $SENTINEL_PORT sentinel get-master-addr-by-name $MASTER_GROUP | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
|
||||
if [ "$MASTER" ]; then
|
||||
sentinel_update "$MASTER"
|
||||
redis_update "$MASTER"
|
||||
else
|
||||
echo "Could not failover, exiting..."
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "Found reachable master, updating config"
|
||||
sentinel_update "$MASTER"
|
||||
redis_update "$MASTER"
|
||||
fi
|
||||
}
|
||||
|
||||
mkdir -p /data/conf/
|
||||
|
||||
echo "Initializing config.."
|
||||
copy_config
|
||||
|
||||
ANNOUNCE_IP=$(getent hosts "$SERVICE-announce-$INDEX" | awk '{ print $1 }')
|
||||
if [ -z "$ANNOUNCE_IP" ]; then
|
||||
"Could not resolve the announce ip for this pod"
|
||||
exit 1
|
||||
elif [ "$MASTER" ]; then
|
||||
find_master
|
||||
else
|
||||
setup_defaults
|
||||
fi
|
||||
|
||||
if [ "${AUTH:-}" ]; then
|
||||
echo "Setting auth values"
|
||||
ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g');
|
||||
sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "$REDIS_CONF" "$SENTINEL_CONF"
|
||||
fi
|
||||
|
||||
echo "Ready..."
|
||||
{{- end }}
|
||||
|
||||
{{- define "config-haproxy.cfg" }}
|
||||
{{- if .Values.haproxy.customConfig }}
|
||||
{{ .Values.haproxy.customConfig | indent 4}}
|
||||
{{- else }}
|
||||
defaults REDIS
|
||||
mode tcp
|
||||
timeout connect {{ .Values.haproxy.timeout.connect }}
|
||||
timeout server {{ .Values.haproxy.timeout.server }}
|
||||
timeout client {{ .Values.haproxy.timeout.client }}
|
||||
timeout check {{ .Values.haproxy.timeout.check }}
|
||||
|
||||
listen health_check_http_url
|
||||
bind :8888
|
||||
mode http
|
||||
monitor-uri /healthz
|
||||
option dontlognull
|
||||
|
||||
{{- $root := . }}
|
||||
{{- $fullName := include "redis-ha.fullname" . }}
|
||||
{{- $replicas := int (toString .Values.replicas) }}
|
||||
{{- $masterGroupName := include "redis-ha.masterGroupName" . }}
|
||||
{{- range $i := until $replicas }}
|
||||
# Check Sentinel and whether they are nominated master
|
||||
backend check_if_redis_is_master_{{ $i }}
|
||||
mode tcp
|
||||
option tcp-check
|
||||
tcp-check connect
|
||||
{{- if $root.auth }}
|
||||
tcp-check send AUTH\ {{ $root.redisPassword }}\r\n
|
||||
tcp-check expect string +OK
|
||||
{{- end }}
|
||||
tcp-check send PING\r\n
|
||||
tcp-check expect string +PONG
|
||||
tcp-check send SENTINEL\ get-master-addr-by-name\ {{ $masterGroupName }}\r\n
|
||||
tcp-check expect string REPLACE_ANNOUNCE{{ $i }}
|
||||
tcp-check send QUIT\r\n
|
||||
tcp-check expect string +OK
|
||||
{{- range $i := until $replicas }}
|
||||
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:26379 check inter 1s
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
# decide redis backend to use
|
||||
#master
|
||||
frontend ft_redis_master
|
||||
bind *:{{ $root.Values.redis.port }}
|
||||
use_backend bk_redis_master
|
||||
{{- if .Values.haproxy.readOnly.enabled }}
|
||||
#slave
|
||||
frontend ft_redis_slave
|
||||
bind *:{{ .Values.haproxy.readOnly.port }}
|
||||
use_backend bk_redis_slave
|
||||
{{- end }}
|
||||
# Check all redis servers to see if they think they are master
|
||||
backend bk_redis_master
|
||||
{{- if .Values.haproxy.stickyBalancing }}
|
||||
balance source
|
||||
hash-type consistent
|
||||
{{- end }}
|
||||
mode tcp
|
||||
option tcp-check
|
||||
tcp-check connect
|
||||
{{- if .Values.auth }}
|
||||
tcp-check send AUTH\ REPLACE_AUTH_SECRET\r\n
|
||||
tcp-check expect string +OK
|
||||
{{- end }}
|
||||
tcp-check send PING\r\n
|
||||
tcp-check expect string +PONG
|
||||
tcp-check send info\ replication\r\n
|
||||
tcp-check expect string role:master
|
||||
tcp-check send QUIT\r\n
|
||||
tcp-check expect string +OK
|
||||
{{- range $i := until $replicas }}
|
||||
use-server R{{ $i }} if { srv_is_up(R{{ $i }}) } { nbsrv(check_if_redis_is_master_{{ $i }}) ge 2 }
|
||||
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter 1s fall 1 rise 1
|
||||
{{- end }}
|
||||
{{- if .Values.haproxy.readOnly.enabled }}
|
||||
backend bk_redis_slave
|
||||
{{- if .Values.haproxy.stickyBalancing }}
|
||||
balance source
|
||||
hash-type consistent
|
||||
{{- end }}
|
||||
mode tcp
|
||||
option tcp-check
|
||||
tcp-check connect
|
||||
{{- if .Values.auth }}
|
||||
tcp-check send AUTH\ REPLACE_AUTH_SECRET\r\n
|
||||
tcp-check expect string +OK
|
||||
{{- end }}
|
||||
tcp-check send PING\r\n
|
||||
tcp-check expect string +PONG
|
||||
tcp-check send info\ replication\r\n
|
||||
tcp-check expect string role:slave
|
||||
tcp-check send QUIT\r\n
|
||||
tcp-check expect string +OK
|
||||
{{- range $i := until $replicas }}
|
||||
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter 1s fall 1 rise 1
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.haproxy.metrics.enabled }}
|
||||
frontend metrics
|
||||
mode http
|
||||
bind *:{{ .Values.haproxy.metrics.port }}
|
||||
option http-use-htx
|
||||
http-request use-service prometheus-exporter if { path {{ .Values.haproxy.metrics.scrapePath }} }
|
||||
{{- end }}
|
||||
{{- if .Values.haproxy.extraConfig }}
|
||||
# Additional configuration
|
||||
{{ .Values.haproxy.extraConfig | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{- define "config-haproxy_init.sh" }}
|
||||
HAPROXY_CONF=/data/haproxy.cfg
|
||||
cp /readonly/haproxy.cfg "$HAPROXY_CONF"
|
||||
{{- $fullName := include "redis-ha.fullname" . }}
|
||||
{{- $replicas := int (toString .Values.replicas) }}
|
||||
{{- range $i := until $replicas }}
|
||||
for loop in $(seq 1 10); do
|
||||
getent hosts {{ $fullName }}-announce-{{ $i }} && break
|
||||
echo "Waiting for service {{ $fullName }}-announce-{{ $i }} to be ready ($loop) ..." && sleep 1
|
||||
done
|
||||
ANNOUNCE_IP{{ $i }}=$(getent hosts "{{ $fullName }}-announce-{{ $i }}" | awk '{ print $1 }')
|
||||
if [ -z "$ANNOUNCE_IP{{ $i }}" ]; then
|
||||
echo "Could not resolve the announce ip for {{ $fullName }}-announce-{{ $i }}"
|
||||
exit 1
|
||||
fi
|
||||
sed -i "s/REPLACE_ANNOUNCE{{ $i }}/$ANNOUNCE_IP{{ $i }}/" "$HAPROXY_CONF"
|
||||
|
||||
if [ "${AUTH:-}" ]; then
|
||||
echo "Setting auth values"
|
||||
ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g');
|
||||
sed -i "s/REPLACE_AUTH_SECRET/${ESCAPED_AUTH}/" "$HAPROXY_CONF"
|
||||
fi
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,83 +0,0 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "redis-ha.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "redis-ha.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Return sysctl image
|
||||
*/}}
|
||||
{{- define "redis.sysctl.image" -}}
|
||||
{{- $registryName := default "docker.io" .Values.sysctlImage.registry -}}
|
||||
{{- $tag := default "latest" .Values.sysctlImage.tag | toString -}}
|
||||
{{- printf "%s/%s:%s" $registryName .Values.sysctlImage.repository $tag -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- /*
|
||||
Credit: @technosophos
|
||||
https://github.com/technosophos/common-chart/
|
||||
labels.standard prints the standard Helm labels.
|
||||
The standard labels are frequently used in metadata.
|
||||
*/ -}}
|
||||
{{- define "labels.standard" -}}
|
||||
app: {{ template "redis-ha.name" . }}
|
||||
heritage: {{ .Release.Service | quote }}
|
||||
release: {{ .Release.Name | quote }}
|
||||
chart: {{ template "chartref" . }}
|
||||
{{- end -}}
|
||||
|
||||
{{- /*
|
||||
Credit: @technosophos
|
||||
https://github.com/technosophos/common-chart/
|
||||
chartref prints a chart name and version.
|
||||
It does minimal escaping for use in Kubernetes labels.
|
||||
Example output:
|
||||
zookeeper-1.2.3
|
||||
wordpress-3.2.1_20170219
|
||||
*/ -}}
|
||||
{{- define "chartref" -}}
|
||||
{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "redis-ha.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "redis-ha.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "redis-ha.masterGroupName" -}}
|
||||
{{- $masterGroupName := tpl ( .Values.redis.masterGroupName | default "") . -}}
|
||||
{{- $validMasterGroupName := regexMatch "^[\\w-\\.]+$" $masterGroupName -}}
|
||||
{{- if $validMasterGroupName -}}
|
||||
{{ $masterGroupName }}
|
||||
{{- else -}}
|
||||
{{ required "A valid .Values.redis.masterGroupName entry is required (matching ^[\\w-\\.]+$)" ""}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,12 +0,0 @@
|
|||
{{- if and .Values.auth (not .Values.existingSecret) -}}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ template "redis-ha.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "labels.standard" . | indent 4 }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{ .Values.authKey }}: {{ .Values.redisPassword | b64enc | quote }}
|
||||
{{- end -}}
|
|
@ -1,41 +0,0 @@
|
|||
{{- $fullName := include "redis-ha.fullname" . }}
|
||||
{{- $namespace := .Release.Namespace -}}
|
||||
{{- $replicas := int (toString .Values.replicas) }}
|
||||
{{- $root := . }}
|
||||
{{- range $i := until $replicas }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ $fullName }}-announce-{{ $i }}
|
||||
namespace: {{ $namespace }}
|
||||
labels:
|
||||
{{ include "labels.standard" $root | indent 4 }}
|
||||
annotations:
|
||||
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
|
||||
{{- if $root.Values.serviceAnnotations }}
|
||||
{{ toYaml $root.Values.serviceAnnotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
publishNotReadyAddresses: true
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: server
|
||||
port: {{ $root.Values.redis.port }}
|
||||
protocol: TCP
|
||||
targetPort: redis
|
||||
- name: sentinel
|
||||
port: {{ $root.Values.sentinel.port }}
|
||||
protocol: TCP
|
||||
targetPort: sentinel
|
||||
{{- if $root.Values.exporter.enabled }}
|
||||
- name: exporter
|
||||
port: {{ $root.Values.exporter.port }}
|
||||
protocol: TCP
|
||||
targetPort: exporter-port
|
||||
{{- end }}
|
||||
selector:
|
||||
release: {{ $root.Release.Name }}
|
||||
app: {{ include "redis-ha.name" $root }}
|
||||
"statefulset.kubernetes.io/pod-name": {{ $fullName }}-server-{{ $i }}
|
||||
{{- end }}
|
|
@ -1,25 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "redis-ha.fullname" . }}-configmap
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app: {{ template "redis-ha.fullname" . }}
|
||||
data:
|
||||
redis.conf: |
|
||||
{{- include "config-redis.conf" . }}
|
||||
|
||||
sentinel.conf: |
|
||||
{{- include "config-sentinel.conf" . }}
|
||||
|
||||
init.sh: |
|
||||
{{- include "config-init.sh" . }}
|
||||
{{ if .Values.haproxy.enabled }}
|
||||
haproxy.cfg: |-
|
||||
{{- include "config-haproxy.cfg" . }}
|
||||
{{- end }}
|
||||
haproxy_init.sh: |
|
||||
{{- include "config-haproxy_init.sh" . }}
|
|
@ -1,11 +0,0 @@
|
|||
{{- if .Values.exporter.script }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "labels.standard" . | indent 4 }}
|
||||
data:
|
||||
script: {{ toYaml .Values.exporter.script | indent 2 }}
|
||||
{{- end }}
|
|
@ -1,15 +0,0 @@
|
|||
{{- if .Values.podDisruptionBudget -}}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "redis-ha.fullname" . }}-pdb
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "labels.standard" . | indent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
release: {{ .Release.Name }}
|
||||
app: {{ template "redis-ha.name" . }}
|
||||
{{ toYaml .Values.podDisruptionBudget | indent 2 }}
|
||||
{{- end -}}
|
|
@ -1,19 +0,0 @@
|
|||
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ template "redis-ha.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app: {{ template "redis-ha.fullname" . }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- endpoints
|
||||
verbs:
|
||||
- get
|
||||
{{- end }}
|
|
@ -1,19 +0,0 @@
|
|||
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ template "redis-ha.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app: {{ template "redis-ha.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "redis-ha.serviceAccountName" . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ template "redis-ha.fullname" . }}
|
||||
{{- end }}
|
|
@ -1,35 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "redis-ha.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "labels.standard" . | indent 4 }}
|
||||
{{- if and ( .Values.exporter.enabled ) ( .Values.exporter.serviceMonitor.enabled ) }}
|
||||
servicemonitor: enabled
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{- if .Values.serviceAnnotations }}
|
||||
{{ toYaml .Values.serviceAnnotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
clusterIP: None
|
||||
ports:
|
||||
- name: server
|
||||
port: {{ .Values.redis.port }}
|
||||
protocol: TCP
|
||||
targetPort: redis
|
||||
- name: sentinel
|
||||
port: {{ .Values.sentinel.port }}
|
||||
protocol: TCP
|
||||
targetPort: sentinel
|
||||
{{- if .Values.exporter.enabled }}
|
||||
- name: exporter-port
|
||||
port: {{ .Values.exporter.port }}
|
||||
protocol: TCP
|
||||
targetPort: exporter-port
|
||||
{{- end }}
|
||||
selector:
|
||||
release: {{ .Release.Name }}
|
||||
app: {{ template "redis-ha.name" . }}
|
|
@ -1,12 +0,0 @@
|
|||
{{- if .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "redis-ha.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app: {{ template "redis-ha.fullname" . }}
|
||||
{{- end }}
|
|
@ -1,35 +0,0 @@
|
|||
{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.exporter.serviceMonitor.enabled ) ( .Values.exporter.enabled ) }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
{{- if .Values.exporter.serviceMonitor.labels }}
|
||||
labels:
|
||||
{{ toYaml .Values.exporter.serviceMonitor.labels | indent 4}}
|
||||
{{- end }}
|
||||
name: {{ template "redis-ha.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- if .Values.exporter.serviceMonitor.namespace }}
|
||||
namespace: {{ .Values.exporter.serviceMonitor.namespace }}
|
||||
{{- end }}
|
||||
spec:
|
||||
endpoints:
|
||||
- targetPort: {{ .Values.exporter.port }}
|
||||
{{- if .Values.exporter.serviceMonitor.interval }}
|
||||
interval: {{ .Values.exporter.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.exporter.serviceMonitor.telemetryPath }}
|
||||
path: {{ .Values.exporter.serviceMonitor.telemetryPath }}
|
||||
{{- end }}
|
||||
{{- if .Values.exporter.serviceMonitor.timeout }}
|
||||
scrapeTimeout: {{ .Values.exporter.serviceMonitor.timeout }}
|
||||
{{- end }}
|
||||
jobLabel: {{ template "redis-ha.fullname" . }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "redis-ha.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
servicemonitor: enabled
|
||||
{{- end }}
|
|
@ -1,319 +0,0 @@
|
|||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ template "redis-ha.fullname" . }}-server
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ template "redis-ha.fullname" . }}: replica
|
||||
{{ include "labels.standard" . | indent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
release: {{ .Release.Name }}
|
||||
app: {{ template "redis-ha.name" . }}
|
||||
serviceName: {{ template "redis-ha.fullname" . }}
|
||||
replicas: {{ .Values.replicas }}
|
||||
podManagementPolicy: OrderedReady
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/init-config: {{ print (include "config-redis.conf" .) (include "config-init.sh" .) | sha256sum }}
|
||||
{{- if .Values.podAnnotations }}
|
||||
{{ toYaml .Values.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.exporter.enabled }}
|
||||
prometheus.io/port: "{{ .Values.exporter.port }}"
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/path: {{ .Values.exporter.scrapePath }}
|
||||
{{- end }}
|
||||
labels:
|
||||
release: {{ .Release.Name }}
|
||||
app: {{ template "redis-ha.name" . }}
|
||||
{{ template "redis-ha.fullname" . }}: replica
|
||||
{{- range $key, $value := .Values.labels }}
|
||||
{{ $key }}: {{ $value }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.schedulerName }}
|
||||
schedulerName: "{{ .Values.schedulerName }}"
|
||||
{{- end }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
affinity:
|
||||
{{- if .Values.affinity }}
|
||||
{{- with .Values.affinity }}
|
||||
{{ tpl . $ | indent 8 }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{- if .Values.additionalAffinities }}
|
||||
{{ toYaml .Values.additionalAffinities | indent 8 }}
|
||||
{{- end }}
|
||||
podAntiAffinity:
|
||||
{{- if .Values.hardAntiAffinity }}
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app: {{ template "redis-ha.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{ template "redis-ha.fullname" . }}: replica
|
||||
topologyKey: kubernetes.io/hostname
|
||||
{{- else }}
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app: {{ template "redis-ha.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{ template "redis-ha.fullname" . }}: replica
|
||||
topologyKey: kubernetes.io/hostname
|
||||
{{- end }}
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
podAffinityTerm:
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app: {{ template "redis-ha.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{ template "redis-ha.fullname" . }}: replica
|
||||
topologyKey: failure-domain.beta.kubernetes.io/zone
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.securityContext | indent 8 }}
|
||||
serviceAccountName: {{ template "redis-ha.serviceAccountName" . }}
|
||||
initContainers:
|
||||
{{- if .Values.sysctlImage.enabled }}
|
||||
- name: init-sysctl
|
||||
image: {{ template "redis.sysctl.image" . }}
|
||||
imagePullPolicy: {{ .Values.sysctlImage.pullPolicy }}
|
||||
resources:
|
||||
{{ toYaml .Values.sysctlImage.resources | indent 10 }}
|
||||
{{- if .Values.sysctlImage.mountHostSys }}
|
||||
volumeMounts:
|
||||
- name: host-sys
|
||||
mountPath: /host-sys
|
||||
{{- end }}
|
||||
command:
|
||||
{{ toYaml .Values.sysctlImage.command | indent 10 }}
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
privileged: true
|
||||
runAsUser: 0
|
||||
{{- end }}
|
||||
{{- if and .Values.hostPath.path .Values.hostPath.chown }}
|
||||
- name: hostpath-chown
|
||||
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
command:
|
||||
- chown
|
||||
- "{{ .Values.securityContext.runAsUser }}"
|
||||
- /data
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
{{- end }}
|
||||
- name: config-init
|
||||
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
resources:
|
||||
{{ toYaml .Values.init.resources | indent 10 }}
|
||||
command:
|
||||
- sh
|
||||
args:
|
||||
- /readonly-config/init.sh
|
||||
env:
|
||||
{{- $replicas := int (toString .Values.replicas) -}}
|
||||
{{- range $i := until $replicas }}
|
||||
- name: SENTINEL_ID_{{ $i }}
|
||||
value: {{ printf "%s\n%s\nindex: %d" (include "redis-ha.name" $) ($.Release.Name) $i | sha1sum }}
|
||||
{{ end -}}
|
||||
{{- if .Values.auth }}
|
||||
- name: AUTH
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- if .Values.existingSecret }}
|
||||
name: {{ .Values.existingSecret }}
|
||||
{{- else }}
|
||||
name: {{ template "redis-ha.fullname" . }}
|
||||
{{- end }}
|
||||
key: {{ .Values.authKey }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /readonly-config
|
||||
readOnly: true
|
||||
- name: data
|
||||
mountPath: /data
|
||||
containers:
|
||||
- name: redis
|
||||
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
command:
|
||||
- redis-server
|
||||
args:
|
||||
- /data/conf/redis.conf
|
||||
env:
|
||||
{{- if .Values.auth }}
|
||||
- name: AUTH
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- if .Values.existingSecret }}
|
||||
name: {{ .Values.existingSecret }}
|
||||
{{- else }}
|
||||
name: {{ template "redis-ha.fullname" . }}
|
||||
{{- end }}
|
||||
key: {{ .Values.authKey }}
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.redis.port }}
|
||||
initialDelaySeconds: 15
|
||||
resources:
|
||||
{{ toYaml .Values.redis.resources | indent 10 }}
|
||||
ports:
|
||||
- name: redis
|
||||
containerPort: {{ .Values.redis.port }}
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: data
|
||||
- name: sentinel
|
||||
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
command:
|
||||
- redis-sentinel
|
||||
args:
|
||||
- /data/conf/sentinel.conf
|
||||
{{- if .Values.auth }}
|
||||
env:
|
||||
- name: AUTH
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- if .Values.existingSecret }}
|
||||
name: {{ .Values.existingSecret }}
|
||||
{{- else }}
|
||||
name: {{ template "redis-ha.fullname" . }}
|
||||
{{- end }}
|
||||
key: {{ .Values.authKey }}
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.sentinel.port }}
|
||||
initialDelaySeconds: 15
|
||||
resources:
|
||||
{{ toYaml .Values.sentinel.resources | indent 10 }}
|
||||
ports:
|
||||
- name: sentinel
|
||||
containerPort: {{ .Values.sentinel.port }}
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: data
|
||||
{{- if .Values.exporter.enabled }}
|
||||
- name: redis-exporter
|
||||
image: "{{ .Values.exporter.image }}:{{ .Values.exporter.tag }}"
|
||||
imagePullPolicy: {{ .Values.exporter.pullPolicy }}
|
||||
args:
|
||||
{{- range $key, $value := .Values.exporter.extraArgs }}
|
||||
- --{{ $key }}={{ $value }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: REDIS_ADDR
|
||||
value: redis://localhost:{{ .Values.redis.port }}
|
||||
{{- if .Values.auth }}
|
||||
- name: REDIS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- if .Values.existingSecret }}
|
||||
name: {{ .Values.existingSecret }}
|
||||
{{- else }}
|
||||
name: {{ template "redis-ha.fullname" . }}
|
||||
{{- end }}
|
||||
key: {{ .Values.authKey }}
|
||||
{{- end }}
|
||||
{{- if .Values.exporter.script }}
|
||||
- name: REDIS_EXPORTER_SCRIPT
|
||||
value: /script/script.lua
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.exporter.scrapePath }}
|
||||
port: {{ .Values.exporter.port }}
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 15
|
||||
resources:
|
||||
{{ toYaml .Values.exporter.resources | indent 10 }}
|
||||
ports:
|
||||
- name: exporter-port
|
||||
containerPort: {{ .Values.exporter.port }}
|
||||
{{- if .Values.exporter.script }}
|
||||
volumeMounts:
|
||||
- mountPath: /script
|
||||
name: script-mount
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: {{ .Values.priorityClassName }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: {{ template "redis-ha.fullname" . }}-configmap
|
||||
{{- if .Values.sysctlImage.mountHostSys }}
|
||||
- name: host-sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
{{- end }}
|
||||
{{- if .Values.exporter.script }}
|
||||
- name: script-mount
|
||||
configMap:
|
||||
name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap
|
||||
items:
|
||||
- key: script
|
||||
path: script.lua
|
||||
{{- end }}
|
||||
{{- if .Values.persistentVolume.enabled }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.persistentVolume.annotations }}
|
||||
{{ $key }}: {{ $value }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{- range .Values.persistentVolume.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistentVolume.size | quote }}
|
||||
{{- if .Values.persistentVolume.storageClass }}
|
||||
{{- if (eq "-" .Values.persistentVolume.storageClass) }}
|
||||
storageClassName: ""
|
||||
{{- else }}
|
||||
storageClassName: "{{ .Values.persistentVolume.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.persistentVolume.reclaimPolicy }}
|
||||
persistentVolumeReclaimPolicy: "{{ .Values.persistentVolume.reclaimPolicy }}"
|
||||
{{- end }}
|
||||
{{- else if .Values.hostPath.path }}
|
||||
- name: data
|
||||
hostPath:
|
||||
path: {{ tpl .Values.hostPath.path .}}
|
||||
{{- else }}
|
||||
- name: data
|
||||
emptyDir:
|
||||
{{ toYaml .Values.emptyDir | indent 10 }}
|
||||
{{- end }}
|
|
@ -1,151 +0,0 @@
|
|||
{{- if .Values.haproxy.enabled }}
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: {{ template "redis-ha.fullname" . }}-haproxy
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "labels.standard" . | indent 4 }}
|
||||
spec:
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
revisionHistoryLimit: 1
|
||||
replicas: {{ .Values.haproxy.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "redis-ha.name" . }}-haproxy
|
||||
release: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ template "redis-ha.fullname" . }}-haproxy
|
||||
labels:
|
||||
app: {{ template "redis-ha.name" . }}-haproxy
|
||||
release: {{ .Release.Name }}
|
||||
annotations:
|
||||
{{- if .Values.haproxy.metrics.enabled }}
|
||||
prometheus.io/port: "{{ .Values.haproxy.metrics.port }}"
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/path: "{{ .Values.haproxy.metrics.scrapePath }}"
|
||||
{{- end }}
|
||||
checksum/config: {{ print (include "config-haproxy.cfg" .) (include "config-haproxy_init.sh" .) | sha256sum }}
|
||||
{{- if .Values.haproxy.annotations }}
|
||||
{{ toYaml .Values.haproxy.annotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
# Needed when using unmodified rbac-setup.yml
|
||||
{{ if .Values.haproxy.serviceAccount.create }}
|
||||
serviceAccountName: {{ template "redis-ha.serviceAccountName" . }}-haproxy
|
||||
{{ end }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.nodeSelector | indent 8 }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.tolerations | indent 8 }}
|
||||
affinity:
|
||||
{{- if .Values.haproxy.affinity }}
|
||||
{{- with .Values.haproxy.affinity }}
|
||||
{{ tpl . $ | indent 8 }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{- if .Values.haproxy.additionalAffinities }}
|
||||
{{ toYaml .Values.haproxy.additionalAffinities | indent 8 }}
|
||||
{{- end }}
|
||||
podAntiAffinity:
|
||||
{{- if .Values.haproxy.hardAntiAffinity }}
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app: {{ template "redis-ha.name" . }}-haproxy
|
||||
release: {{ .Release.Name }}
|
||||
topologyKey: kubernetes.io/hostname
|
||||
{{- else }}
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app: {{ template "redis-ha.name" . }}-haproxy
|
||||
release: {{ .Release.Name }}
|
||||
topologyKey: kubernetes.io/hostname
|
||||
{{- end }}
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
podAffinityTerm:
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app: {{ template "redis-ha.name" . }}-haproxy
|
||||
release: {{ .Release.Name }}
|
||||
topologyKey: failure-domain.beta.kubernetes.io/zone
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: config-init
|
||||
image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }}
|
||||
imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }}
|
||||
resources:
|
||||
{{ toYaml .Values.haproxy.init.resources | indent 10 }}
|
||||
command:
|
||||
- sh
|
||||
args:
|
||||
- /readonly/haproxy_init.sh
|
||||
{{- if .Values.auth }}
|
||||
env:
|
||||
- name: AUTH
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- if .Values.existingSecret }}
|
||||
name: {{ .Values.existingSecret }}
|
||||
{{- else }}
|
||||
name: {{ template "redis-ha.fullname" . }}
|
||||
{{- end }}
|
||||
key: {{ .Values.authKey }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /readonly
|
||||
readOnly: true
|
||||
- name: data
|
||||
mountPath: /data
|
||||
{{- if .Values.haproxy.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.haproxy.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.haproxy.securityContext | indent 8 }}
|
||||
containers:
|
||||
- name: haproxy
|
||||
image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }}
|
||||
imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8888
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 3
|
||||
ports:
|
||||
- name: redis
|
||||
containerPort: {{ default "6379" .Values.redis.port }}
|
||||
{{- if .Values.haproxy.readOnly.enabled }}
|
||||
- name: readonlyport
|
||||
containerPort: {{ default "6380" .Values.haproxy.readOnly.port }}
|
||||
{{- end }}
|
||||
{{- if .Values.haproxy.metrics.enabled }}
|
||||
- name: metrics-port
|
||||
containerPort: {{ default "9101" .Values.haproxy.metrics.port }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.haproxy.resources | indent 10 }}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /usr/local/etc/haproxy
|
||||
- name: shared-socket
|
||||
mountPath: /run/haproxy
|
||||
{{- if .Values.haproxy.priorityClassName }}
|
||||
priorityClassName: {{ .Values.haproxy.priorityClassName }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
name: {{ template "redis-ha.fullname" . }}-configmap
|
||||
- name: shared-socket
|
||||
emptyDir:
|
||||
{{ toYaml .Values.haproxy.emptyDir | indent 10 }}
|
||||
- name: data
|
||||
emptyDir:
|
||||
{{ toYaml .Values.haproxy.emptyDir | indent 10 }}
|
||||
{{- end }}
|
|
@ -1,42 +0,0 @@
|
|||
{{- if .Values.haproxy.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "redis-ha.fullname" . }}-haproxy
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "labels.standard" . | indent 4 }}
|
||||
component: {{ template "redis-ha.fullname" . }}-haproxy
|
||||
annotations:
|
||||
{{- if .Values.haproxy.service.annotations }}
|
||||
{{ toYaml .Values.haproxy.service.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ default "ClusterIP" .Values.haproxy.service.type }}
|
||||
{{- if and (eq .Values.haproxy.service.type "LoadBalancer") .Values.haproxy.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.haproxy.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: haproxy
|
||||
port: {{ .Values.redis.port }}
|
||||
protocol: TCP
|
||||
targetPort: redis
|
||||
{{- if and (eq .Values.haproxy.service.type "NodePort") .Values.haproxy.service.nodePort }}
|
||||
nodePort: {{ .Values.haproxy.service.nodePort }}
|
||||
{{- end }}
|
||||
{{- if .Values.haproxy.readOnly.enabled }}
|
||||
- name: haproxyreadonly
|
||||
port: {{ .Values.haproxy.readOnly.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.haproxy.readOnly.port }}
|
||||
{{- end }}
|
||||
{{- if .Values.haproxy.metrics.enabled }}
|
||||
- name: {{ .Values.haproxy.metrics.portName }}
|
||||
port: {{ .Values.haproxy.metrics.port }}
|
||||
protocol: TCP
|
||||
targetPort: metrics-port
|
||||
{{- end }}
|
||||
selector:
|
||||
release: {{ .Release.Name }}
|
||||
app: {{ template "redis-ha.name" . }}-haproxy
|
||||
{{- end }}
|
|
@ -1,12 +0,0 @@
|
|||
{{- if and .Values.haproxy.serviceAccount.create .Values.haproxy.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "redis-ha.serviceAccountName" . }}-haproxy
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app: {{ template "redis-ha.fullname" . }}
|
||||
{{- end }}
|
|
@ -1,34 +0,0 @@
|
|||
{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.haproxy.metrics.serviceMonitor.enabled ) ( .Values.haproxy.metrics.enabled ) }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
{{- with .Values.haproxy.metrics.serviceMonitor.labels }}
|
||||
labels: {{ toYaml . | nindent 4}}
|
||||
{{- end }}
|
||||
name: {{ template "redis-ha.fullname" . }}-haproxy
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- if .Values.haproxy.metrics.serviceMonitor.namespace }}
|
||||
namespace: {{ .Values.haproxy.metrics.serviceMonitor.namespace }}
|
||||
{{- end }}
|
||||
spec:
|
||||
endpoints:
|
||||
- targetPort: {{ .Values.haproxy.metrics.port }}
|
||||
{{- if .Values.haproxy.metrics.serviceMonitor.interval }}
|
||||
interval: {{ .Values.haproxy.metrics.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.haproxy.metrics.serviceMonitor.telemetryPath }}
|
||||
path: {{ .Values.haproxy.metrics.serviceMonitor.telemetryPath }}
|
||||
{{- end }}
|
||||
{{- if .Values.haproxy.metrics.serviceMonitor.timeout }}
|
||||
scrapeTimeout: {{ .Values.haproxy.metrics.serviceMonitor.timeout }}
|
||||
{{- end }}
|
||||
jobLabel: {{ template "redis-ha.fullname" . }}-haproxy
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "redis-ha.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
component: {{ template "redis-ha.fullname" . }}-haproxy
|
||||
{{- end }}
|
|
@ -1,27 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: {{ template "redis-ha.fullname" . }}-configmap-test
|
||||
labels:
|
||||
{{ include "labels.standard" . | indent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": test-success
|
||||
spec:
|
||||
containers:
|
||||
- name: check-init
|
||||
image: koalaman/shellcheck:v0.5.0
|
||||
args:
|
||||
- --shell=sh
|
||||
- /readonly-config/init.sh
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /readonly-config
|
||||
readOnly: true
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }}
|
||||
{{- end }}
|
||||
restartPolicy: Never
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: {{ template "redis-ha.fullname" . }}-configmap
|
|
@ -1,20 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: {{ template "redis-ha.fullname" . }}-service-test
|
||||
labels:
|
||||
{{ include "labels.standard" . | indent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": test-success
|
||||
spec:
|
||||
containers:
|
||||
- name: "{{ .Release.Name }}-service-test"
|
||||
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- redis-cli -h {{ template "redis-ha.fullname" . }} -p {{ .Values.redis.port }} info server
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }}
|
||||
{{- end }}
|
||||
restartPolicy: Never
|
|
@ -1,362 +0,0 @@
|
|||
## Configure resource requests and limits
|
||||
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
||||
##
|
||||
image:
|
||||
repository: redis
|
||||
tag: 5.0.6-alpine
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
## Reference to one or more secrets to be used when pulling images
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
## This imagePullSecrets is only for redis images
|
||||
##
|
||||
imagePullSecrets: []
|
||||
# - name: "image-pull-secret"
|
||||
|
||||
## replicas number for each component
|
||||
replicas: 3
|
||||
|
||||
## Kubernetes priorityClass name for the redis-ha-server pod
|
||||
# priorityClassName: ""
|
||||
|
||||
## Custom labels for the redis pod
|
||||
labels: {}
|
||||
|
||||
## Pods Service Account
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
||||
serviceAccount:
|
||||
## Specifies whether a ServiceAccount should be created
|
||||
##
|
||||
create: true
|
||||
## The name of the ServiceAccount to use.
|
||||
## If not set and create is true, a name is generated using the redis-ha.fullname template
|
||||
# name:
|
||||
|
||||
## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master.
|
||||
## Recommend for externally exposed Redis clusters.
|
||||
## ref: https://cbonte.github.io/haproxy-dconv/1.9/intro.html
|
||||
haproxy:
|
||||
enabled: false
|
||||
# Enable if you want a dedicated port in haproxy for redis-slaves
|
||||
readOnly:
|
||||
enabled: false
|
||||
port: 6380
|
||||
replicas: 3
|
||||
image:
|
||||
repository: haproxy
|
||||
tag: 2.0.4
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
## Reference to one or more secrets to be used when pulling images
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
##
|
||||
imagePullSecrets: []
|
||||
# - name: "image-pull-secret"
|
||||
|
||||
annotations: {}
|
||||
resources: {}
|
||||
emptyDir: {}
|
||||
## Enable sticky sessions to Redis nodes via HAProxy
|
||||
## Very useful for long-living connections as in case of Sentry for example
|
||||
stickyBalancing: false
|
||||
## Kubernetes priorityClass name for the haproxy pod
|
||||
# priorityClassName: ""
|
||||
## Service type for HAProxy
|
||||
##
|
||||
service:
|
||||
type: ClusterIP
|
||||
loadBalancerIP:
|
||||
annotations: {}
|
||||
serviceAccount:
|
||||
create: true
|
||||
## Official HAProxy embedded prometheus metrics settings.
|
||||
## Ref: https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter
|
||||
##
|
||||
metrics:
|
||||
enabled: false
|
||||
# prometheus port & scrape path
|
||||
port: 9101
|
||||
portName: exporter-port
|
||||
scrapePath: /metrics
|
||||
|
||||
serviceMonitor:
|
||||
# When set true then use a ServiceMonitor to configure scraping
|
||||
enabled: false
|
||||
# Set the namespace the ServiceMonitor should be deployed
|
||||
# namespace: monitoring
|
||||
# Set how frequently Prometheus should scrape
|
||||
# interval: 30s
|
||||
# Set path to redis-exporter telemtery-path
|
||||
# telemetryPath: /metrics
|
||||
# Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
|
||||
# labels: {}
|
||||
# Set timeout for scrape
|
||||
# timeout: 10s
|
||||
init:
|
||||
resources: {}
|
||||
timeout:
|
||||
connect: 4s
|
||||
server: 30s
|
||||
client: 30s
|
||||
check: 2s
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
fsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
|
||||
## Whether the haproxy pods should be forced to run on separate nodes.
|
||||
hardAntiAffinity: true
|
||||
|
||||
## Additional affinities to add to the haproxy pods.
|
||||
additionalAffinities: {}
|
||||
|
||||
## Override all other affinity settings for the haproxy pods with a string.
|
||||
affinity: |
|
||||
|
||||
## Custom config-haproxy.cfg files used to override default settings. If this file is
|
||||
## specified then the config-haproxy.cfg above will be ignored.
|
||||
# customConfig: |-
|
||||
# Define configuration here
|
||||
## Place any additional configuration section to add to the default config-haproxy.cfg
|
||||
# extraConfig: |-
|
||||
# Define configuration here
|
||||
|
||||
|
||||
## Role Based Access
|
||||
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
|
||||
##
|
||||
rbac:
|
||||
create: true
|
||||
|
||||
sysctlImage:
|
||||
enabled: false
|
||||
command: []
|
||||
registry: docker.io
|
||||
repository: busybox
|
||||
tag: 1.31.1
|
||||
pullPolicy: Always
|
||||
mountHostSys: false
|
||||
resources: {}
|
||||
|
||||
## Use an alternate scheduler, e.g. "stork".
|
||||
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
||||
##
|
||||
# schedulerName:
|
||||
|
||||
## Redis specific configuration options
|
||||
redis:
|
||||
port: 6379
|
||||
masterGroupName: "mymaster" # must match ^[\\w-\\.]+$) and can be templated
|
||||
config:
|
||||
## Additional redis conf options can be added below
|
||||
## For all available options see http://download.redis.io/redis-stable/redis.conf
|
||||
min-replicas-to-write: 1
|
||||
min-replicas-max-lag: 5 # Value in seconds
|
||||
maxmemory: "0" # Max memory to use for each redis instance. Default is unlimited.
|
||||
maxmemory-policy: "volatile-lru" # Max memory policy to use for each redis instance. Default is volatile-lru.
|
||||
# Determines if scheduled RDB backups are created. Default is false.
|
||||
# Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication.
|
||||
save: "900 1"
|
||||
# When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false.
|
||||
repl-diskless-sync: "yes"
|
||||
rdbcompression: "yes"
|
||||
rdbchecksum: "yes"
|
||||
|
||||
|
||||
## Custom redis.conf files used to override default settings. If this file is
|
||||
## specified then the redis.config above will be ignored.
|
||||
# customConfig: |-
|
||||
# Define configuration here
|
||||
|
||||
resources: {}
|
||||
# requests:
|
||||
# memory: 200Mi
|
||||
# cpu: 100m
|
||||
# limits:
|
||||
# memory: 700Mi
|
||||
|
||||
## Sentinel specific configuration options
|
||||
sentinel:
|
||||
port: 26379
|
||||
quorum: 2
|
||||
config:
|
||||
## Additional sentinel conf options can be added below. Only options that
|
||||
## are expressed in the format simialar to 'sentinel xxx mymaster xxx' will
|
||||
## be properly templated expect maxclients option.
|
||||
## For available options see http://download.redis.io/redis-stable/sentinel.conf
|
||||
down-after-milliseconds: 10000
|
||||
## Failover timeout value in milliseconds
|
||||
failover-timeout: 180000
|
||||
parallel-syncs: 5
|
||||
maxclients: 10000
|
||||
|
||||
## Custom sentinel.conf files used to override default settings. If this file is
|
||||
## specified then the sentinel.config above will be ignored.
|
||||
# customConfig: |-
|
||||
# Define configuration here
|
||||
|
||||
resources: {}
|
||||
# requests:
|
||||
# memory: 200Mi
|
||||
# cpu: 100m
|
||||
# limits:
|
||||
# memory: 200Mi
|
||||
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
fsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
|
||||
## Node labels, affinity, and tolerations for pod assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
nodeSelector: {}
|
||||
|
||||
## Whether the Redis server pods should be forced to run on separate nodes.
|
||||
## This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred.
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature
|
||||
##
|
||||
hardAntiAffinity: true
|
||||
|
||||
## Additional affinities to add to the Redis server pods.
|
||||
##
|
||||
## Example:
|
||||
## nodeAffinity:
|
||||
## preferredDuringSchedulingIgnoredDuringExecution:
|
||||
## - weight: 50
|
||||
## preference:
|
||||
## matchExpressions:
|
||||
## - key: spot
|
||||
## operator: NotIn
|
||||
## values:
|
||||
## - "true"
|
||||
##
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
##
|
||||
additionalAffinities: {}
|
||||
|
||||
## Override all other affinity settings for the Redis server pods with a string.
|
||||
##
|
||||
## Example:
|
||||
## affinity: |
|
||||
## podAntiAffinity:
|
||||
## requiredDuringSchedulingIgnoredDuringExecution:
|
||||
## - labelSelector:
|
||||
## matchLabels:
|
||||
## app: {{ template "redis-ha.name" . }}
|
||||
## release: {{ .Release.Name }}
|
||||
## topologyKey: kubernetes.io/hostname
|
||||
## preferredDuringSchedulingIgnoredDuringExecution:
|
||||
## - weight: 100
|
||||
## podAffinityTerm:
|
||||
## labelSelector:
|
||||
## matchLabels:
|
||||
## app: {{ template "redis-ha.name" . }}
|
||||
## release: {{ .Release.Name }}
|
||||
## topologyKey: failure-domain.beta.kubernetes.io/zone
|
||||
##
|
||||
affinity: |
|
||||
|
||||
# Prometheus exporter specific configuration options
|
||||
exporter:
|
||||
enabled: false
|
||||
image: oliver006/redis_exporter
|
||||
tag: v1.3.2
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# prometheus port & scrape path
|
||||
port: 9121
|
||||
scrapePath: /metrics
|
||||
|
||||
# cpu/memory resource limits/requests
|
||||
resources: {}
|
||||
|
||||
# Additional args for redis exporter
|
||||
extraArgs: {}
|
||||
|
||||
# Used to mount a LUA-Script via config map and use it for metrics-collection
|
||||
# script: |
|
||||
# -- Example script copied from: https://github.com/oliver006/redis_exporter/blob/master/contrib/sample_collect_script.lua
|
||||
# -- Example collect script for -script option
|
||||
# -- This returns a Lua table with alternating keys and values.
|
||||
# -- Both keys and values must be strings, similar to a HGETALL result.
|
||||
# -- More info about Redis Lua scripting: https://redis.io/commands/eval
|
||||
#
|
||||
# local result = {}
|
||||
#
|
||||
# -- Add all keys and values from some hash in db 5
|
||||
# redis.call("SELECT", 5)
|
||||
# local r = redis.call("HGETALL", "some-hash-with-stats")
|
||||
# if r ~= nil then
|
||||
# for _,v in ipairs(r) do
|
||||
# table.insert(result, v) -- alternating keys and values
|
||||
# end
|
||||
# end
|
||||
#
|
||||
# -- Set foo to 42
|
||||
# table.insert(result, "foo")
|
||||
# table.insert(result, "42") -- note the string, use tostring() if needed
|
||||
#
|
||||
# return result
|
||||
|
||||
serviceMonitor:
|
||||
# When set true then use a ServiceMonitor to configure scraping
|
||||
enabled: false
|
||||
# Set the namespace the ServiceMonitor should be deployed
|
||||
# namespace: monitoring
|
||||
# Set how frequently Prometheus should scrape
|
||||
# interval: 30s
|
||||
# Set path to redis-exporter telemtery-path
|
||||
# telemetryPath: /metrics
|
||||
# Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
|
||||
# labels: {}
|
||||
# Set timeout for scrape
|
||||
# timeout: 10s
|
||||
|
||||
podDisruptionBudget: {}
|
||||
# maxUnavailable: 1
|
||||
# minAvailable: 1
|
||||
|
||||
## Configures redis with AUTH (requirepass & masterauth conf params)
|
||||
auth: false
|
||||
# redisPassword:
|
||||
|
||||
## Use existing secret containing key `authKey` (ignores redisPassword)
|
||||
# existingSecret:
|
||||
|
||||
## Defines the key holding the redis password in existing secret.
|
||||
authKey: auth
|
||||
|
||||
persistentVolume:
|
||||
enabled: true
|
||||
## redis-ha data Persistent Volume Storage Class
|
||||
## If defined, storageClassName: <storageClass>
|
||||
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
||||
## If undefined (the default) or set to null, no storageClassName spec is
|
||||
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
||||
## GKE, AWS & OpenStack)
|
||||
##
|
||||
# storageClass: "-"
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
size: 10Gi
|
||||
annotations: {}
|
||||
# reclaimPolicy per https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reclaiming
|
||||
reclaimPolicy: ""
|
||||
init:
|
||||
resources: {}
|
||||
|
||||
# To use a hostPath for data, set persistentVolume.enabled to false
|
||||
# and define hostPath.path.
|
||||
# Warning: this might overwrite existing folders on the host system!
|
||||
hostPath:
|
||||
## path is evaluated as template so placeholders are replaced
|
||||
# path: "/data/{{ .Release.Name }}"
|
||||
|
||||
# if chown is true, an init-container with root permissions is launched to
|
||||
# change the owner of the hostPath folder to the user defined in the
|
||||
# security context
|
||||
chown: true
|
||||
|
||||
emptyDir: {}
|
File diff suppressed because it is too large
Load diff
|
@ -1,4 +1,4 @@
|
|||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
labels:
|
||||
|
@ -18,214 +18,213 @@ spec:
|
|||
- appprojs
|
||||
singular: appproject
|
||||
scope: Namespaced
|
||||
validation:
|
||||
openAPIV3Schema:
|
||||
description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: AppProjectSpec is the specification of an AppProject
|
||||
properties:
|
||||
clusterResourceBlacklist:
|
||||
description: ClusterResourceBlacklist contains list of blacklisted cluster level resources
|
||||
items:
|
||||
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
required:
|
||||
- group
|
||||
- kind
|
||||
type: object
|
||||
type: array
|
||||
clusterResourceWhitelist:
|
||||
description: ClusterResourceWhitelist contains list of whitelisted cluster level resources
|
||||
items:
|
||||
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
required:
|
||||
- group
|
||||
- kind
|
||||
type: object
|
||||
type: array
|
||||
description:
|
||||
description: Description contains optional project description
|
||||
type: string
|
||||
destinations:
|
||||
description: Destinations contains list of destinations available for deployment
|
||||
items:
|
||||
description: ApplicationDestination contains deployment destination information
|
||||
properties:
|
||||
name:
|
||||
description: Name of the destination cluster which can be used instead of server (url) field
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace overrides the environment namespace value in the ksonnet app.yaml
|
||||
type: string
|
||||
server:
|
||||
description: Server overrides the environment server value in the ksonnet app.yaml
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
namespaceResourceBlacklist:
|
||||
description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources
|
||||
items:
|
||||
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
required:
|
||||
- group
|
||||
- kind
|
||||
type: object
|
||||
type: array
|
||||
namespaceResourceWhitelist:
|
||||
description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources
|
||||
items:
|
||||
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
required:
|
||||
- group
|
||||
- kind
|
||||
type: object
|
||||
type: array
|
||||
orphanedResources:
|
||||
description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
|
||||
properties:
|
||||
ignore:
|
||||
items:
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
warn:
|
||||
description: Warn indicates if warning condition should be created for apps which have orphaned resources
|
||||
type: boolean
|
||||
type: object
|
||||
roles:
|
||||
description: Roles are user defined RBAC roles associated with this project
|
||||
items:
|
||||
description: ProjectRole represents a role that has access to a project
|
||||
properties:
|
||||
description:
|
||||
description: Description is a description of the role
|
||||
type: string
|
||||
groups:
|
||||
description: Groups are a list of OIDC group claims bound to this role
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
jwtTokens:
|
||||
description: JWTTokens are a list of generated JWT tokens bound to this role
|
||||
items:
|
||||
description: JWTToken holds the issuedAt and expiresAt values of a token
|
||||
properties:
|
||||
exp:
|
||||
format: int64
|
||||
type: integer
|
||||
iat:
|
||||
format: int64
|
||||
type: integer
|
||||
id:
|
||||
type: string
|
||||
required:
|
||||
- iat
|
||||
type: object
|
||||
type: array
|
||||
name:
|
||||
description: Name is a name for this role
|
||||
type: string
|
||||
policies:
|
||||
description: Policies Stores a list of casbin formated strings that define access policies for the role in the project
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
signatureKeys:
|
||||
description: List of PGP key IDs that commits to be synced to must be signed with
|
||||
items:
|
||||
description: SignatureKey is the specification of a key required to verify commit signatures with
|
||||
properties:
|
||||
keyID:
|
||||
description: The ID of the key in hexadecimal notation
|
||||
type: string
|
||||
required:
|
||||
- keyID
|
||||
type: object
|
||||
type: array
|
||||
sourceRepos:
|
||||
description: SourceRepos contains list of repository URLs which can be used for deployment
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
syncWindows:
|
||||
description: SyncWindows controls when syncs can be run for apps in this project
|
||||
items:
|
||||
description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps
|
||||
properties:
|
||||
applications:
|
||||
description: Applications contains a list of applications that the window will apply to
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
clusters:
|
||||
description: Clusters contains a list of clusters that the window will apply to
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
duration:
|
||||
description: Duration is the amount of time the sync window will be open
|
||||
type: string
|
||||
kind:
|
||||
description: Kind defines if the window allows or blocks syncs
|
||||
type: string
|
||||
manualSync:
|
||||
description: ManualSync enables manual syncs when they would otherwise be blocked
|
||||
type: boolean
|
||||
namespaces:
|
||||
description: Namespaces contains a list of namespaces that the window will apply to
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
schedule:
|
||||
description: Schedule is the time the window will begin, specified in cron format
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
version: v1alpha1
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
storage: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: AppProjectSpec is the specification of an AppProject
|
||||
properties:
|
||||
clusterResourceBlacklist:
|
||||
description: ClusterResourceBlacklist contains list of blacklisted cluster level resources
|
||||
items:
|
||||
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
required:
|
||||
- group
|
||||
- kind
|
||||
type: object
|
||||
type: array
|
||||
clusterResourceWhitelist:
|
||||
description: ClusterResourceWhitelist contains list of whitelisted cluster level resources
|
||||
items:
|
||||
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
required:
|
||||
- group
|
||||
- kind
|
||||
type: object
|
||||
type: array
|
||||
description:
|
||||
description: Description contains optional project description
|
||||
type: string
|
||||
destinations:
|
||||
description: Destinations contains list of destinations available for deployment
|
||||
items:
|
||||
description: ApplicationDestination contains deployment destination information
|
||||
properties:
|
||||
name:
|
||||
description: Name of the destination cluster which can be used instead of server (url) field
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace overrides the environment namespace value in the ksonnet app.yaml
|
||||
type: string
|
||||
server:
|
||||
description: Server overrides the environment server value in the ksonnet app.yaml
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
namespaceResourceBlacklist:
|
||||
description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources
|
||||
items:
|
||||
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
required:
|
||||
- group
|
||||
- kind
|
||||
type: object
|
||||
type: array
|
||||
namespaceResourceWhitelist:
|
||||
description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources
|
||||
items:
|
||||
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
required:
|
||||
- group
|
||||
- kind
|
||||
type: object
|
||||
type: array
|
||||
orphanedResources:
|
||||
description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
|
||||
properties:
|
||||
ignore:
|
||||
items:
|
||||
properties:
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
warn:
|
||||
description: Warn indicates if warning condition should be created for apps which have orphaned resources
|
||||
type: boolean
|
||||
type: object
|
||||
roles:
|
||||
description: Roles are user defined RBAC roles associated with this project
|
||||
items:
|
||||
description: ProjectRole represents a role that has access to a project
|
||||
properties:
|
||||
description:
|
||||
description: Description is a description of the role
|
||||
type: string
|
||||
groups:
|
||||
description: Groups are a list of OIDC group claims bound to this role
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
jwtTokens:
|
||||
description: JWTTokens are a list of generated JWT tokens bound to this role
|
||||
items:
|
||||
description: JWTToken holds the issuedAt and expiresAt values of a token
|
||||
properties:
|
||||
exp:
|
||||
format: int64
|
||||
type: integer
|
||||
iat:
|
||||
format: int64
|
||||
type: integer
|
||||
id:
|
||||
type: string
|
||||
required:
|
||||
- iat
|
||||
type: object
|
||||
type: array
|
||||
name:
|
||||
description: Name is a name for this role
|
||||
type: string
|
||||
policies:
|
||||
description: Policies Stores a list of casbin formated strings that define access policies for the role in the project
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
signatureKeys:
|
||||
description: List of PGP key IDs that commits to be synced to must be signed with
|
||||
items:
|
||||
description: SignatureKey is the specification of a key required to verify commit signatures with
|
||||
properties:
|
||||
keyID:
|
||||
description: The ID of the key in hexadecimal notation
|
||||
type: string
|
||||
required:
|
||||
- keyID
|
||||
type: object
|
||||
type: array
|
||||
sourceRepos:
|
||||
description: SourceRepos contains list of repository URLs which can be used for deployment
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
syncWindows:
|
||||
description: SyncWindows controls when syncs can be run for apps in this project
|
||||
items:
|
||||
description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps
|
||||
properties:
|
||||
applications:
|
||||
description: Applications contains a list of applications that the window will apply to
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
clusters:
|
||||
description: Clusters contains a list of clusters that the window will apply to
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
duration:
|
||||
description: Duration is the amount of time the sync window will be open
|
||||
type: string
|
||||
kind:
|
||||
description: Kind defines if the window allows or blocks syncs
|
||||
type: string
|
||||
manualSync:
|
||||
description: ManualSync enables manual syncs when they would otherwise be blocked
|
||||
type: boolean
|
||||
namespaces:
|
||||
description: Namespaces contains a list of namespaces that the window will apply to
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
schedule:
|
||||
description: Schedule is the time the window will begin, specified in cron format
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- name: redis-ha
|
||||
repository: https://kubernetes-charts.storage.googleapis.com
|
||||
version: 4.4.2
|
||||
digest: sha256:70fdd035c3aa3b7185882f12a73143c58ab32f04262dda2cf34a2b1a52116d96
|
||||
generated: "2020-03-29T14:37:59.349371452+01:00"
|
||||
repository: https://dandydeveloper.github.io/charts/
|
||||
version: 4.10.1
|
||||
digest: sha256:e1e0526ad009ecc065df937b48c4e0e5877e5194242c7888b1dc4467775f2663
|
||||
generated: "2020-12-14T14:00:30.830130403+01:00"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
dependencies:
|
||||
- name: redis-ha
|
||||
version: 4.4.2
|
||||
repository: https://kubernetes-charts.storage.googleapis.com
|
||||
condition: redis-ha.enabled
|
||||
version: 4.10.1
|
||||
repository: https://dandydeveloper.github.io/charts/
|
||||
condition: redis-ha.enabled
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
{{- if .Values.server.rbacConfigCreate }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
|
@ -18,4 +19,5 @@ metadata:
|
|||
{{- if .Values.server.rbacConfig }}
|
||||
data:
|
||||
{{- toYaml .Values.server.rbacConfig | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -120,6 +120,10 @@ spec:
|
|||
failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
|
||||
resources:
|
||||
{{- toYaml .Values.server.resources | nindent 10 }}
|
||||
{{- if .Values.server.lifecycle }}
|
||||
lifecycle:
|
||||
{{- toYaml .Values.server.lifecycle | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.extraContainers }}
|
||||
{{- toYaml .Values.server.extraContainers | nindent 6 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -36,6 +36,9 @@ spec:
|
|||
{{- if .Values.server.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.server.service.loadBalancerIP | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.service.externalIPs }}
|
||||
externalIPs: {{ .Values.server.service.externalIPs }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }}
|
||||
|
|
|
@ -10,7 +10,7 @@ metadata:
|
|||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/part-of: argocd
|
||||
app.kubernetes.io/component: {{ .Values.dex.name }}
|
||||
app.kubernetes.io/version: {{ .Values.dex.image.tag }}
|
||||
app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
|
@ -31,7 +31,7 @@ spec:
|
|||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/part-of: argocd
|
||||
app.kubernetes.io/component: {{ .Values.dex.name }}
|
||||
app.kubernetes.io/version: {{ .Values.dex.image.tag }}
|
||||
app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }}
|
||||
{{- if .Values.dex.podLabels }}
|
||||
{{- toYaml .Values.dex.podLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -11,7 +11,7 @@ metadata:
|
|||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/part-of: argocd
|
||||
app.kubernetes.io/component: {{ .Values.redis.name }}
|
||||
app.kubernetes.io/version: {{ .Values.redis.image.tag }}
|
||||
app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
|
@ -31,7 +31,7 @@ spec:
|
|||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/part-of: argocd
|
||||
app.kubernetes.io/component: {{ .Values.redis.name }}
|
||||
app.kubernetes.io/version: {{ .Values.redis.image.tag }}
|
||||
app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }}
|
||||
{{- if .Values.redis.podLabels }}
|
||||
{{- toYaml .Values.redis.podLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -10,7 +10,7 @@ installCRDs: true
|
|||
global:
|
||||
image:
|
||||
repository: argoproj/argocd
|
||||
tag: v1.7.6
|
||||
tag: v1.8.4
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext: {}
|
||||
# runAsUser: 999
|
||||
|
@ -28,7 +28,7 @@ controller:
|
|||
|
||||
image:
|
||||
repository: # argoproj/argocd
|
||||
tag: # v1.7.6
|
||||
tag: # v1.7.11
|
||||
imagePullPolicy: # IfNotPresent
|
||||
|
||||
# If changing the number of replicas you must pass the number as ARGOCD_CONTROLLER_REPLICAS as an environment variable
|
||||
|
@ -160,7 +160,7 @@ controller:
|
|||
# resolved for this cloud to continue to maintain state.
|
||||
# - alert: ArgoAppNotSynced
|
||||
# expr: |
|
||||
# argocd_app_sync_status{sync_status!="Synced"} == 1
|
||||
# argocd_app_info{sync_status!="Synced"} == 1
|
||||
# for: 12h
|
||||
# labels:
|
||||
# severity: warning
|
||||
|
@ -195,7 +195,7 @@ dex:
|
|||
|
||||
image:
|
||||
repository: quay.io/dexidp/dex
|
||||
tag: v2.22.0
|
||||
tag: v2.26.0
|
||||
imagePullPolicy: IfNotPresent
|
||||
initImage:
|
||||
repository:
|
||||
|
@ -269,7 +269,7 @@ redis:
|
|||
|
||||
image:
|
||||
repository: redis
|
||||
tag: 5.0.8
|
||||
tag: 5.0.10-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
|
||||
containerPort: 6379
|
||||
|
@ -356,7 +356,7 @@ server:
|
|||
|
||||
image:
|
||||
repository: # argoproj/argocd
|
||||
tag: # v1.7.6
|
||||
tag: # v1.7.11
|
||||
imagePullPolicy: # IfNotPresent
|
||||
|
||||
## Additional command line arguments to pass to argocd-server
|
||||
|
@ -368,6 +368,10 @@ server:
|
|||
##
|
||||
env: []
|
||||
|
||||
## Specify postStart and preStop lifecycle hooks for your argo-cd-server container
|
||||
##
|
||||
lifecycle: {}
|
||||
|
||||
## Argo server log format: text|json
|
||||
logFormat: text
|
||||
## Argo server log level
|
||||
|
@ -449,6 +453,7 @@ server:
|
|||
namedTargetPort: true
|
||||
loadBalancerIP: ""
|
||||
loadBalancerSourceRanges: []
|
||||
externalIPs: []
|
||||
|
||||
## Server metrics service configuration
|
||||
metrics:
|
||||
|
@ -546,7 +551,7 @@ server:
|
|||
# name: secret-name
|
||||
# key: sshPrivateKey
|
||||
# - type: helm
|
||||
# url: https://kubernetes-charts.storage.googleapis.com
|
||||
# url: https://charts.helm.sh/stable
|
||||
# name: stable
|
||||
# - type: helm
|
||||
# url: https://argoproj.github.io/argo-helm
|
||||
|
@ -593,6 +598,10 @@ server:
|
|||
## Annotations to be added to ArgoCD rbac ConfigMap
|
||||
rbacConfigAnnotations: {}
|
||||
|
||||
# Boolean determining whether or not to create the configmap. If false, it is expected tthe configmap will be created
|
||||
# by something else. ArgoCD will not work if there is no configMap created with the name above.
|
||||
rbacConfigCreate: true
|
||||
|
||||
## Not well tested and not well supported on release v1.0.0.
|
||||
## Applications
|
||||
## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/
|
||||
|
@ -708,7 +717,7 @@ repoServer:
|
|||
|
||||
image:
|
||||
repository: # argoproj/argocd
|
||||
tag: # v1.7.6
|
||||
tag: # v1.7.11
|
||||
imagePullPolicy: # IfNotPresent
|
||||
|
||||
## Additional command line arguments to pass to argocd-repo-server
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
apiVersion: v1
|
||||
appVersion: "0.9.1"
|
||||
appVersion: "0.10.2"
|
||||
description: A Helm chart for Argo Rollouts
|
||||
name: argo-rollouts
|
||||
version: 0.3.10
|
||||
version: 0.4.2
|
||||
icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
|
||||
home: https://github.com/argoproj/argo-helm
|
||||
maintainers:
|
||||
|
|
|
@ -2,7 +2,7 @@ Argo Rollouts Chart
|
|||
=============
|
||||
A Helm chart for Argo Rollouts, progressive delivery for Kubernetes.
|
||||
|
||||
Current chart version is `0.3.7`
|
||||
Current chart version is `0.4.0`
|
||||
|
||||
Source code can be found [here](https://github.com/argoproj/argo-rollouts)
|
||||
|
||||
|
@ -33,7 +33,7 @@ $ helm install --name my-release argo/argo-rollouts
|
|||
| controller.component | string | `"rollouts-controller"` | |
|
||||
| controller.image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| controller.image.repository | string | `"argoproj/argo-rollouts"` | |
|
||||
| controller.image.tag | string | `"v0.8.0"` | |
|
||||
| controller.image.tag | string | `"v0.10.2"` | |
|
||||
| controller.name | string | `"argo-rollouts"` | |
|
||||
| controller.resources | Resource limits and requests for the controller pods. | `{}` |
|
||||
| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
|
||||
|
|
|
@ -13,8 +13,10 @@ rules:
|
|||
- argoproj.io
|
||||
resources:
|
||||
- rollouts
|
||||
- rollouts/scale
|
||||
- experiments
|
||||
- analysistemplates
|
||||
- clusteranalysistemplates
|
||||
- analysisruns
|
||||
verbs:
|
||||
- get
|
||||
|
@ -36,8 +38,11 @@ rules:
|
|||
- argoproj.io
|
||||
resources:
|
||||
- rollouts
|
||||
- rollouts/scale
|
||||
- rollouts/status
|
||||
- experiments
|
||||
- analysistemplates
|
||||
- clusteranalysistemplates
|
||||
- analysisruns
|
||||
verbs:
|
||||
- create
|
||||
|
@ -64,8 +69,11 @@ rules:
|
|||
- argoproj.io
|
||||
resources:
|
||||
- rollouts
|
||||
- rollouts/scale
|
||||
- rollouts/status
|
||||
- experiments
|
||||
- analysistemplates
|
||||
- clusteranalysistemplates
|
||||
- analysisruns
|
||||
verbs:
|
||||
- create
|
||||
|
|
|
@ -8,6 +8,43 @@ metadata:
|
|||
app.kubernetes.io/name: {{ .Release.Name }}-clusterrole
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- rollouts
|
||||
- rollouts/status
|
||||
- rollouts/finalizers
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- analysisruns
|
||||
- analysisruns/finalizers
|
||||
- experiments
|
||||
- experiments/finalizers
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- analysistemplates
|
||||
- clusteranalysistemplates
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
# replicaset access needed for managing ReplicaSets
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
|
@ -20,6 +57,7 @@ rules:
|
|||
- update
|
||||
- patch
|
||||
- delete
|
||||
# services patch needed to update selector of canary/stable/active/preview services
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
|
@ -29,59 +67,52 @@ rules:
|
|||
- list
|
||||
- watch
|
||||
- patch
|
||||
# secret read access to run analysis templates which reference secrets
|
||||
- apiGroups:
|
||||
- ""
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- rollouts
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
# pod list/update needed for updating ephemeral data
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- list
|
||||
- update
|
||||
# pods eviction needed for restart
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods/eviction
|
||||
verbs:
|
||||
- create
|
||||
# event write needed for emitting events
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
# ingress patch needed for managing ingress annotations, create needed for nginx canary
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
- networking.k8s.io
|
||||
- extensions
|
||||
resources:
|
||||
- rollouts/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- analysisruns
|
||||
- experiments
|
||||
- ingresses
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- analysisruns/finalizers
|
||||
- experiments/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- analysistemplates
|
||||
- clusteranalysistemplates
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
# job access needed for analysis template job metrics
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
|
@ -94,24 +125,7 @@ rules:
|
|||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- extensions
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- patch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
# virtualservice access needed for using the Istio provider
|
||||
- apiGroups:
|
||||
- networking.istio.io
|
||||
resources:
|
||||
|
@ -121,6 +135,7 @@ rules:
|
|||
- get
|
||||
- update
|
||||
- list
|
||||
# trafficsplit access needed for using the SMI provider
|
||||
- apiGroups:
|
||||
- split.smi-spec.io
|
||||
resources:
|
||||
|
@ -131,17 +146,4 @@ rules:
|
|||
- get
|
||||
- update
|
||||
- patch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- list
|
||||
- delete
|
||||
- apiGroups:
|
||||
- "*"
|
||||
resources:
|
||||
- "*/finalizers"
|
||||
verbs:
|
||||
- "*"
|
||||
{{- end }}
|
||||
|
|
|
@ -30,14 +30,13 @@ spec:
|
|||
{{- end }}
|
||||
serviceAccountName: {{ .Values.serviceAccount.name }}
|
||||
containers:
|
||||
- command:
|
||||
- "/bin/rollouts-controller"
|
||||
image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
|
||||
- image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
|
||||
{{- if not .Values.clusterInstall }}
|
||||
args:
|
||||
- --namespaced
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
|
||||
name: {{ .Values.controller.name }}
|
||||
volumeMounts:
|
||||
- name: tmp
|
||||
mountPath: /tmp
|
||||
resources:
|
||||
{{- toYaml .Values.controller.resources | nindent 10 }}
|
||||
{{- if .Values.controller.nodeSelector }}
|
||||
|
@ -52,8 +51,5 @@ spec:
|
|||
affinity:
|
||||
{{- toYaml .Values.controller.affinity | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: tmp
|
||||
emptyDir: {}
|
||||
strategy:
|
||||
type: Recreate
|
||||
|
|
|
@ -7,6 +7,43 @@ metadata:
|
|||
app.kubernetes.io/name: {{ .Release.Name }}-role
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- rollouts
|
||||
- rollouts/status
|
||||
- rollouts/finalizers
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- analysisruns
|
||||
- analysisruns/finalizers
|
||||
- experiments
|
||||
- experiments/finalizers
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- analysistemplates
|
||||
- clusteranalysistemplates
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
# replicaset access needed for managing ReplicaSets
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
|
@ -19,6 +56,7 @@ rules:
|
|||
- update
|
||||
- patch
|
||||
- delete
|
||||
# services patch needed to update selector of canary/stable/active/preview services
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
|
@ -28,59 +66,52 @@ rules:
|
|||
- list
|
||||
- watch
|
||||
- patch
|
||||
# secret read access to run analysis templates which reference secrets
|
||||
- apiGroups:
|
||||
- ""
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- rollouts
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
# pod list/update needed for updating ephemeral data
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- list
|
||||
- update
|
||||
# pods eviction needed for restart
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods/eviction
|
||||
verbs:
|
||||
- create
|
||||
# event write needed for emitting events
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
# ingress patch needed for managing ingress annotations, create needed for nginx canary
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
- networking.k8s.io
|
||||
- extensions
|
||||
resources:
|
||||
- rollouts/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- analysisruns
|
||||
- experiments
|
||||
- ingresses
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- analysisruns/finalizers
|
||||
- experiments/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- analysistemplates
|
||||
- clusteranalysistemplates
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
# job access needed for analysis template job metrics
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
|
@ -93,28 +124,24 @@ rules:
|
|||
- update
|
||||
- patch
|
||||
- delete
|
||||
# virtualservice access needed for using the Istio provider
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- networking.istio.io
|
||||
resources:
|
||||
- ingresses
|
||||
- virtualservices
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- patch
|
||||
- get
|
||||
- update
|
||||
- list
|
||||
# trafficsplit access needed for using the SMI provider
|
||||
- apiGroups:
|
||||
- ""
|
||||
- split.smi-spec.io
|
||||
resources:
|
||||
- events
|
||||
- trafficsplits
|
||||
verbs:
|
||||
- create
|
||||
- watch
|
||||
- get
|
||||
- update
|
||||
- patch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- list
|
||||
- delete
|
||||
|
|
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
@ -13,7 +13,7 @@ controller:
|
|||
affinity: {}
|
||||
image:
|
||||
repository: argoproj/argo-rollouts
|
||||
tag: v0.9.1
|
||||
tag: v0.10.2
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
resources: {}
|
||||
|
|
6
charts/argo/Chart.lock
Normal file
6
charts/argo/Chart.lock
Normal file
|
@ -0,0 +1,6 @@
|
|||
dependencies:
|
||||
- name: minio
|
||||
repository: https://helm.min.io/
|
||||
version: 8.0.9
|
||||
digest: sha256:0f43ad0a4b4e9af47615ef3da85054712eb28f154418d96b7b974a095cc19260
|
||||
generated: "2021-01-13T15:31:40.823086-08:00"
|
|
@ -1,8 +1,8 @@
|
|||
apiVersion: v2
|
||||
appVersion: v2.11.7
|
||||
appVersion: v2.12.5
|
||||
description: A Helm chart for Argo Workflows
|
||||
name: argo
|
||||
version: 0.14.0
|
||||
version: 0.16.1
|
||||
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
|
||||
home: https://github.com/argoproj/argo-helm
|
||||
maintainers:
|
||||
|
@ -10,3 +10,8 @@ maintainers:
|
|||
- name: alexmt
|
||||
- name: jessesuen
|
||||
- name: benjaminws
|
||||
dependencies:
|
||||
- name: minio
|
||||
version: 8.0.9
|
||||
repository: https://helm.min.io/
|
||||
condition: minio.install
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
dependencies:
|
||||
- name: minio
|
||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||
version: 5.0.6
|
||||
digest: sha256:373b459c6232e9fd4dd86fa0af01e024372f686a0cdfbfed69d3cd41859e8ad4
|
||||
generated: "2020-02-06T00:16:52.211425292Z"
|
|
@ -1,5 +0,0 @@
|
|||
dependencies:
|
||||
- name: minio
|
||||
version: 5.0.6
|
||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||
condition: minio.install
|
|
@ -1,5 +1,5 @@
|
|||
{{- if .Values.installCRD }}
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: clusterworkflowtemplates.argoproj.io
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{{- if .Values.installCRD }}
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: cronworkflows.argoproj.io
|
||||
|
@ -16,4 +16,4 @@ spec:
|
|||
- cwf
|
||||
scope: Namespaced
|
||||
version: v1alpha1
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
{{- if .Values.server.enabled }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
{{- else }}
|
||||
kind: ClusterRole
|
||||
{{- end }}
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name }}
|
||||
rules:
|
||||
|
@ -24,20 +28,46 @@ rules:
|
|||
- list
|
||||
- watch
|
||||
- delete
|
||||
{{- if .Values.server.sso }}
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
resourceNames:
|
||||
- sso
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- create
|
||||
{{- end}}
|
||||
{{- if .Values.server.sso }}
|
||||
{{- if .Values.server.sso.rbac }}
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- serviceaccounts
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
{{- with .Values.server.rbac.secretWhitelist }}
|
||||
{{- if .Values.server.sso }}
|
||||
{{- if .Values.server.sso.rbac }}
|
||||
{{- with .Values.server.sso.rbac.secretWhitelist }}
|
||||
resourceNames: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- apiGroups:
|
||||
- ""
|
||||
|
@ -81,7 +111,11 @@ rules:
|
|||
- delete
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
{{- else }}
|
||||
kind: ClusterRole
|
||||
{{- end }}
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-template
|
||||
rules:
|
||||
|
|
|
@ -2,16 +2,18 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name}}
|
||||
{{ else }}
|
||||
kind: ClusterRoleBinding
|
||||
{{- end }}
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name}}
|
||||
{{- end }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
{{ else }}
|
||||
kind: ClusterRole
|
||||
{{- end }}
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name}}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
|
@ -19,12 +21,20 @@ subjects:
|
|||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: RoleBinding
|
||||
{{ else }}
|
||||
kind: ClusterRoleBinding
|
||||
{{- end }}
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
{{ else }}
|
||||
kind: ClusterRole
|
||||
{{- end }}
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
|
|
|
@ -14,6 +14,9 @@ metadata:
|
|||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- range $key, $value := .Values.server.ingress.labels }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.server.ingress.annotations }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
{{- if .Values.createAggregateRoles }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
{{ else }}
|
||||
kind: ClusterRole
|
||||
{{- end }}
|
||||
metadata:
|
||||
annotations:
|
||||
helm.sh/hook: pre-install
|
||||
|
@ -26,7 +30,11 @@ rules:
|
|||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
{{ else }}
|
||||
kind: ClusterRole
|
||||
{{- end }}
|
||||
metadata:
|
||||
annotations:
|
||||
helm.sh/hook: pre-install
|
||||
|
@ -57,7 +65,11 @@ rules:
|
|||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
{{ else }}
|
||||
kind: ClusterRole
|
||||
{{- end }}
|
||||
metadata:
|
||||
annotations:
|
||||
helm.sh/hook: pre-install
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
{{- else }}
|
||||
kind: ClusterRole
|
||||
{{- end }}
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}
|
||||
rules:
|
||||
|
@ -106,9 +110,32 @@ rules:
|
|||
verbs:
|
||||
- get
|
||||
{{- end}}
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
resourceNames:
|
||||
- workflow-controller
|
||||
- workflow-controller-lease
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
{{- else }}
|
||||
kind: ClusterRole
|
||||
{{- end }}
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
|
||||
rules:
|
||||
|
|
|
@ -8,7 +8,11 @@ metadata:
|
|||
name: {{ .Release.Name }}-{{ .Values.controller.name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
{{ else }}
|
||||
kind: ClusterRole
|
||||
{{- end }}
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
|
@ -27,12 +31,20 @@ subjects:
|
|||
{{- end }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: RoleBinding
|
||||
{{ else }}
|
||||
kind: ClusterRoleBinding
|
||||
{{- end }}
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
{{ else }}
|
||||
kind: ClusterRole
|
||||
{{- end }}
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{{- if .Values.installCRD }}
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: workflows.argoproj.io
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{{- if .Values.installCRD }}
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: workflowtemplates.argoproj.io
|
||||
|
|
|
@ -7,7 +7,7 @@ images:
|
|||
# Secrets with credentials to pull images from a private registry
|
||||
pullSecrets: []
|
||||
# - name: argo-pull-secret
|
||||
tag: v2.11.7
|
||||
tag: v2.12.5
|
||||
|
||||
crdVersion: v1alpha1
|
||||
installCRD: true
|
||||
|
@ -167,9 +167,6 @@ server:
|
|||
serviceType: ClusterIP
|
||||
servicePort: 2746
|
||||
# servicePortName: http
|
||||
rbac:
|
||||
# When present, restricts secrets the server can read to a given list.
|
||||
secretWhitelist: []
|
||||
serviceAccount: argo-server
|
||||
# Whether to create the service account with the name specified in
|
||||
# server.serviceAccount and bind it to the server role.
|
||||
|
@ -229,6 +226,11 @@ server:
|
|||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
|
||||
## Labels to be added to the web ingress.
|
||||
##
|
||||
# labels:
|
||||
# use-cloudflare-solver: "true"
|
||||
|
||||
## Hostnames.
|
||||
## Must be provided if Ingress is enabled.
|
||||
##
|
||||
|
@ -252,7 +254,7 @@ server:
|
|||
enableEditing: true
|
||||
sso:
|
||||
## SSO configuration when SSO is specified as a server auth mode.
|
||||
## All the values are requied. SSO is activated by adding --auth-mode=sso
|
||||
## All the values are required. SSO is activated by adding --auth-mode=sso
|
||||
## to the server command line.
|
||||
#
|
||||
## The root URL of the OIDC identity provider.
|
||||
|
@ -267,6 +269,18 @@ server:
|
|||
# key: client-secret
|
||||
## The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
|
||||
# redirectUrl: https://argo/oauth2/callback
|
||||
# rbac:
|
||||
# enabled: true
|
||||
## When present, restricts secrets the server can read to a given list.
|
||||
## You can use it to restrict the server to only be able to access the
|
||||
## service account token secrets that are associated with service accounts
|
||||
## used for authorization.
|
||||
# secretWhitelist: []
|
||||
## Scopes requested from the SSO ID provider. The 'groups' scope requests
|
||||
## group membership information, which is usually used for authorization
|
||||
## decisions.
|
||||
# scopes:
|
||||
# - groups
|
||||
|
||||
# Influences the creation of the ConfigMap for the workflow-controller itself.
|
||||
useDefaultArtifactRepo: false
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
apiVersion: v2
|
||||
appVersion: 0.7.0
|
||||
appVersion: 1.0.1
|
||||
description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD.
|
||||
name: argocd-notifications
|
||||
type: application
|
||||
version: 1.0.11
|
||||
version: 1.0.14
|
||||
home: https://github.com/argoproj/argo-helm
|
||||
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
|
||||
keywords:
|
||||
|
|
|
@ -28,8 +28,9 @@ spec:
|
|||
resources:
|
||||
{{- toYaml .Values.bots.slack.resources | nindent 12 }}
|
||||
command:
|
||||
- /app/argocd-notifications
|
||||
- /app/argocd-notifications-backend
|
||||
- bot
|
||||
workingDir: /app
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: http
|
||||
|
|
|
@ -5,12 +5,18 @@ metadata:
|
|||
labels:
|
||||
{{- include "argocd-notifications.labels" . | nindent 4 }}
|
||||
data:
|
||||
config.yaml: |
|
||||
context:
|
||||
argocdUrl: {{ .Values.argocdUrl | quote }}
|
||||
subscriptions:
|
||||
{{- toYaml .Values.subscriptions | nindent 6 }}
|
||||
templates:
|
||||
{{- toYaml .Values.templates | nindent 6 }}
|
||||
triggers:
|
||||
{{- toYaml .Values.triggers | nindent 6 }}
|
||||
context: |
|
||||
argocdUrl: {{ .Values.argocdUrl | quote }}
|
||||
{{- with .Values.notifiers }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.subscriptions }}
|
||||
subscriptions: |
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.templates }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.triggers }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
|
@ -26,6 +26,8 @@ spec:
|
|||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "argocd-notifications.serviceAccountName" . }}
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
containers:
|
||||
- name: {{ include "argocd-notifications.name" . }}-controller
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
|
@ -33,7 +35,7 @@ spec:
|
|||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
command:
|
||||
- /app/argocd-notifications
|
||||
- /app/argocd-notifications-backend
|
||||
- controller
|
||||
- --loglevel={{ .Values.logLevel }}
|
||||
{{- if .Values.metrics.enabled }}
|
||||
|
@ -42,12 +44,16 @@ spec:
|
|||
{{- range .Values.extraArgs }}
|
||||
- {{ . | squote }}
|
||||
{{- end }}
|
||||
workingDir: /app
|
||||
ports:
|
||||
{{- if .Values.metrics.enabled }}
|
||||
- containerPort: {{ .Values.metrics.port }}
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
{{- with .Values.extraEnv }}
|
||||
env: {{ toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
|
|
|
@ -7,33 +7,7 @@ metadata:
|
|||
{{- include "argocd-notifications.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
notifiers.yaml: |
|
||||
{{- if .Values.secret.notifiers.slack.enabled }}
|
||||
slack:
|
||||
token: {{ .Values.secret.notifiers.slack.token }}
|
||||
username: {{ .Values.secret.notifiers.slack.username }}
|
||||
icon: {{ .Values.secret.notifiers.slack.icon | quote }}
|
||||
signingSecret: {{ .Values.secret.notifiers.slack.signingSecret }}
|
||||
{{- with .Values.secret.items }}
|
||||
{{ toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.secret.notifiers.grafana.enabled }}
|
||||
grafana:
|
||||
apiUrl: {{ .Values.secret.notifiers.grafana.apiUrl }}
|
||||
apiKey: {{ .Values.secret.notifiers.grafana.apiKey }}
|
||||
{{- end }}
|
||||
{{- if .Values.secret.notifiers.webhooks }}
|
||||
webhook:
|
||||
{{- range $k, $v := .Values.secret.notifiers.webhooks }}
|
||||
- name: {{ $k }}
|
||||
{{- $v | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.secret.notifiers.email.enabled }}
|
||||
email:
|
||||
host: {{ .Values.secret.notifiers.email.host | quote }}
|
||||
port: {{ .Values.secret.notifiers.email.port }}
|
||||
insecure_skip_verify: {{ .Values.secret.notifiers.email.insecure_skip_verify }}
|
||||
username: {{ .Values.secret.notifiers.email.username | quote }}
|
||||
password: {{ .Values.secret.notifiers.email.password | quote }}
|
||||
from: {{ .Values.secret.notifiers.email.from | quote }}
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
|
|
|
@ -7,7 +7,7 @@ fullnameOverride: ""
|
|||
|
||||
image:
|
||||
repository: argoprojlabs/argocd-notifications
|
||||
tag: v0.7.0
|
||||
tag: v1.0.1
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
imagePullSecrets: []
|
||||
|
@ -23,69 +23,22 @@ secret:
|
|||
# Whether helm chart creates controller secret
|
||||
create: true
|
||||
|
||||
notifiers:
|
||||
# For more information: https://argoproj-labs.github.io/argocd-notifications/services/overview/
|
||||
items:
|
||||
# Generic key:value pairs to be inserted into the secret
|
||||
# Can be used for templates, notification services etc. Some examples given below.
|
||||
# For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/
|
||||
|
||||
slack:
|
||||
# For more information: https://argoproj-labs.github.io/argocd-notifications/services/slack/
|
||||
# slack-token:
|
||||
# # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/slack/
|
||||
|
||||
# Specifies whether Slack notifier should be configured
|
||||
enabled: false
|
||||
# OAuth Access Token
|
||||
token:
|
||||
# Optional override username
|
||||
username:
|
||||
# Optional override icon
|
||||
icon:
|
||||
# Optional override signingSecret: https://argoproj-labs.github.io/argocd-notifications/recipients/slack-bot/
|
||||
signingSecret:
|
||||
# grafana-apiKey:
|
||||
# # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/grafana/
|
||||
|
||||
grafana:
|
||||
# For more information: https://argoproj-labs.github.io/argocd-notifications/services/grafana/
|
||||
# webhooks-github-token:
|
||||
|
||||
# Specifies whether Grafana notifier should be configured
|
||||
enabled: false
|
||||
# Grafana api endpoint; for example: https://grafana.example.com/api
|
||||
apiUrl:
|
||||
# Grafana api key
|
||||
apiKey:
|
||||
|
||||
webhooks: {}
|
||||
# For more information: https://argoproj-labs.github.io/argocd-notifications/services/webhook/
|
||||
# mywebhook:
|
||||
# url: http://example.com
|
||||
# headers:
|
||||
# - name: headerName
|
||||
# value: headerValue
|
||||
# basicAuth:
|
||||
# username: username
|
||||
# password: mypassword
|
||||
# mywebhook2:
|
||||
# url: http://example.com
|
||||
# headers:
|
||||
# - name: headerName
|
||||
# value: headerValue
|
||||
# basicAuth:
|
||||
# username: username
|
||||
# password: mypassword
|
||||
|
||||
email:
|
||||
# For more information: https://argoproj-labs.github.io/argocd-notifications/services/overview/
|
||||
|
||||
# Specifies whether email notifier should be configured
|
||||
enabled: false
|
||||
# SMTP endpoint
|
||||
host:
|
||||
# SMTP port
|
||||
port:
|
||||
# enable/disable check on TLS certificate
|
||||
insecure_skip_verify:
|
||||
# SMTP username
|
||||
username:
|
||||
# SMTP password
|
||||
password:
|
||||
# email address in from field
|
||||
from:
|
||||
# email-username:
|
||||
# email-password:
|
||||
# For more information: https://argocd-notifications.readthedocs.io/en/stable/services/email/
|
||||
|
||||
logLevel: info
|
||||
|
||||
|
@ -101,6 +54,15 @@ metrics:
|
|||
# interval: 30s
|
||||
# scrapeTimeout: 10s
|
||||
|
||||
# Additional container environment variables
|
||||
extraEnv: []
|
||||
|
||||
notifiers:
|
||||
# For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/
|
||||
|
||||
service.slack: |
|
||||
token: $slack-token
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
resources: {}
|
||||
|
@ -119,82 +81,253 @@ serviceAccount:
|
|||
# If not set and create is true, a name is generated using the fullname template
|
||||
name: argocd-notifications-controller
|
||||
|
||||
subscriptions: []
|
||||
# Assignment of recipients by notification channel to triggers in several forms:
|
||||
#
|
||||
# global subscription for all type of notifications
|
||||
# - recipients:
|
||||
# - slack:test1
|
||||
# - webhook:github
|
||||
#
|
||||
# subscription for on-sync-status-unknown trigger notifications
|
||||
# - recipients:
|
||||
# - slack:test2
|
||||
# - email:test@gmail.com
|
||||
# trigger: on-sync-status-unknown
|
||||
#
|
||||
# global subscription restricted to applications with matching labels only
|
||||
# - recipients:
|
||||
# - slack:test3
|
||||
# selector: test=true
|
||||
#
|
||||
# For more information: https://argoproj-labs.github.io/argocd-notifications/triggers_and_templates/
|
||||
subscriptions:
|
||||
# For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/
|
||||
|
||||
templates: []
|
||||
# The notification template is used to generate the notification content. The template is leveraging html/template
|
||||
# golang package and allow to define notification title and body. The template is meant to be reusable and can be
|
||||
# referenced by multiple triggers.
|
||||
#
|
||||
# Add your custom template
|
||||
# - name: my-custom-template
|
||||
# title: Hello {{.app.metadata.name}}
|
||||
# body: |
|
||||
# # subscription for on-sync-status-unknown trigger notifications
|
||||
# - recipients:
|
||||
# - slack:test2
|
||||
# - email:test@gmail.com
|
||||
# triggers:
|
||||
# - on-sync-status-unknown
|
||||
# # subscription restricted to applications with matching labels only
|
||||
# - recipients:
|
||||
# - slack:test3
|
||||
# selector: test=true
|
||||
# triggers:
|
||||
# - on-sync-status-unknown
|
||||
|
||||
templates:
|
||||
# For more information: https://argocd-notifications.readthedocs.io/en/stable/templates/
|
||||
|
||||
# template.app-deployed: |
|
||||
# email:
|
||||
# subject: New version of an application {{.app.metadata.name}} is up and running.
|
||||
# message: |
|
||||
# {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests.
|
||||
# slack:
|
||||
# attachments: |
|
||||
# [{
|
||||
# "title": "{{ .app.metadata.name}}",
|
||||
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
|
||||
# "color": "#18be52",
|
||||
# "fields": [
|
||||
# {
|
||||
# "title": "Sync Status",
|
||||
# "value": "{{.app.status.sync.status}}",
|
||||
# "short": true
|
||||
# },
|
||||
# {
|
||||
# "title": "Repository",
|
||||
# "value": "{{.app.spec.source.repoURL}}",
|
||||
# "short": true
|
||||
# },
|
||||
# {
|
||||
# "title": "Revision",
|
||||
# "value": "{{.app.status.sync.revision}}",
|
||||
# "short": true
|
||||
# }
|
||||
# {{range $index, $c := .app.status.conditions}}
|
||||
# {{if not $index}},{{end}}
|
||||
# {{if $index}},{{end}}
|
||||
# {
|
||||
# "title": "{{$c.type}}",
|
||||
# "value": "{{$c.message}}",
|
||||
# "short": true
|
||||
# }
|
||||
# {{end}}
|
||||
# ]
|
||||
# }]
|
||||
# template.app-health-degraded: |
|
||||
# email:
|
||||
# subject: Application {{.app.metadata.name}} has degraded.
|
||||
# message: |
|
||||
# {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded.
|
||||
# Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
|
||||
#
|
||||
# Override one field in built-in template
|
||||
# - name: on-sync-succeeded
|
||||
# title: Application {{.app.metadata.name}} sync status is {{.app.status.sync.status}}
|
||||
#
|
||||
# For more information: https://argoproj-labs.github.io/argocd-notifications/triggers_and_templates/
|
||||
# slack:
|
||||
# attachments: |-
|
||||
# [{
|
||||
# "title": "{{ .app.metadata.name}}",
|
||||
# "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
|
||||
# "color": "#f4c030",
|
||||
# "fields": [
|
||||
# {
|
||||
# "title": "Sync Status",
|
||||
# "value": "{{.app.status.sync.status}}",
|
||||
# "short": true
|
||||
# },
|
||||
# {
|
||||
# "title": "Repository",
|
||||
# "value": "{{.app.spec.source.repoURL}}",
|
||||
# "short": true
|
||||
# }
|
||||
# {{range $index, $c := .app.status.conditions}}
|
||||
# {{if not $index}},{{end}}
|
||||
# {{if $index}},{{end}}
|
||||
# {
|
||||
# "title": "{{$c.type}}",
|
||||
# "value": "{{$c.message}}",
|
||||
# "short": true
|
||||
# }
|
||||
# {{end}}
|
||||
# ]
|
||||
# }]
|
||||
# template.app-sync-failed: |
|
||||
# email:
|
||||
# subject: Failed to sync application {{.app.metadata.name}}.
|
||||
# message: |
|
||||
# {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}
|
||||
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
|
||||
# slack:
|
||||
# attachments: |-
|
||||
# [{
|
||||
# "title": "{{ .app.metadata.name}}",
|
||||
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
|
||||
# "color": "#E96D76",
|
||||
# "fields": [
|
||||
# {
|
||||
# "title": "Sync Status",
|
||||
# "value": "{{.app.status.sync.status}}",
|
||||
# "short": true
|
||||
# },
|
||||
# {
|
||||
# "title": "Repository",
|
||||
# "value": "{{.app.spec.source.repoURL}}",
|
||||
# "short": true
|
||||
# }
|
||||
# {{range $index, $c := .app.status.conditions}}
|
||||
# {{if not $index}},{{end}}
|
||||
# {{if $index}},{{end}}
|
||||
# {
|
||||
# "title": "{{$c.type}}",
|
||||
# "value": "{{$c.message}}",
|
||||
# "short": true
|
||||
# }
|
||||
# {{end}}
|
||||
# ]
|
||||
# }]
|
||||
# template.app-sync-running: |
|
||||
# email:
|
||||
# subject: Start syncing application {{.app.metadata.name}}.
|
||||
# message: |
|
||||
# The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}.
|
||||
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
|
||||
# slack:
|
||||
# attachments: |-
|
||||
# [{
|
||||
# "title": "{{ .app.metadata.name}}",
|
||||
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
|
||||
# "color": "#0DADEA",
|
||||
# "fields": [
|
||||
# {
|
||||
# "title": "Sync Status",
|
||||
# "value": "{{.app.status.sync.status}}",
|
||||
# "short": true
|
||||
# },
|
||||
# {
|
||||
# "title": "Repository",
|
||||
# "value": "{{.app.spec.source.repoURL}}",
|
||||
# "short": true
|
||||
# }
|
||||
# {{range $index, $c := .app.status.conditions}}
|
||||
# {{if not $index}},{{end}}
|
||||
# {{if $index}},{{end}}
|
||||
# {
|
||||
# "title": "{{$c.type}}",
|
||||
# "value": "{{$c.message}}",
|
||||
# "short": true
|
||||
# }
|
||||
# {{end}}
|
||||
# ]
|
||||
# }]
|
||||
# template.app-sync-status-unknown: |
|
||||
# email:
|
||||
# subject: Application {{.app.metadata.name}} sync status is 'Unknown'
|
||||
# message: |
|
||||
# {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'.
|
||||
# Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
|
||||
# {{if ne .serviceType "slack"}}
|
||||
# {{range $c := .app.status.conditions}}
|
||||
# * {{$c.message}}
|
||||
# {{end}}
|
||||
# {{end}}
|
||||
# slack:
|
||||
# attachments: |-
|
||||
# [{
|
||||
# "title": "{{ .app.metadata.name}}",
|
||||
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
|
||||
# "color": "#E96D76",
|
||||
# "fields": [
|
||||
# {
|
||||
# "title": "Sync Status",
|
||||
# "value": "{{.app.status.sync.status}}",
|
||||
# "short": true
|
||||
# },
|
||||
# {
|
||||
# "title": "Repository",
|
||||
# "value": "{{.app.spec.source.repoURL}}",
|
||||
# "short": true
|
||||
# }
|
||||
# {{range $index, $c := .app.status.conditions}}
|
||||
# {{if not $index}},{{end}}
|
||||
# {{if $index}},{{end}}
|
||||
# {
|
||||
# "title": "{{$c.type}}",
|
||||
# "value": "{{$c.message}}",
|
||||
# "short": true
|
||||
# }
|
||||
# {{end}}
|
||||
# ]
|
||||
# }]
|
||||
# template.app-sync-succeeded: |
|
||||
# email:
|
||||
# subject: Application {{.app.metadata.name}} has been successfully synced.
|
||||
# message: |
|
||||
# {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}.
|
||||
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
|
||||
# slack:
|
||||
# attachments: "[{\n \"title\": \"{{ .app.metadata.name}}\",\n \"title_link\":\"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}\",\n \"color\": \"#18be52\",\n \"fields\": [\n {\n \"title\": \"Sync Status\",\n \"value\": \"{{.app.status.sync.status}}\",\n \"short\": true\n },\n {\n \"title\": \"Repository\",\n \"value\": \"{{.app.spec.source.repoURL}}\",\n \"short\": true\n }\n {{range $index, $c := .app.status.conditions}}\n {{if not $index}},{{end}}\n {{if $index}},{{end}}\n {\n \"title\": \"{{$c.type}}\",\n \"value\": \"{{$c.message}}\",\n \"short\": true\n }\n {{end}}\n ]\n}] "
|
||||
|
||||
|
||||
tolerations: []
|
||||
|
||||
triggers:
|
||||
# The condition when the notification should be sent. The definition includes name, condition and notification template reference.
|
||||
#
|
||||
# Enable built-in triggers:
|
||||
#
|
||||
# Application has degraded
|
||||
# - name: on-health-degraded
|
||||
# enabled: true
|
||||
#
|
||||
# Application syncing has failed
|
||||
# - name: on-sync-failed
|
||||
# enabled: true
|
||||
#
|
||||
# Application is being synced
|
||||
# - name: on-sync-running
|
||||
# enabled: true
|
||||
#
|
||||
# Application status is 'Unknown'
|
||||
# - name: on-sync-status-unknown
|
||||
# enabled: true
|
||||
#
|
||||
# Application syncing has succeeded
|
||||
# - name: on-sync-succeeded
|
||||
# enabled: true
|
||||
#
|
||||
#
|
||||
# Or define your custom triggers:
|
||||
#
|
||||
# - name: my-custom-trigger
|
||||
# condition: app.status.sync.status == 'Unknown'
|
||||
# template: my-custom-template
|
||||
#
|
||||
# For more information: https://argoproj-labs.github.io/argocd-notifications/triggers_and_templates/
|
||||
# For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/
|
||||
|
||||
# trigger.on-deployed: |
|
||||
# - description: Application is synced and healthy. Triggered once per commit.
|
||||
# oncePer: app.status.sync.revision
|
||||
# send:
|
||||
# - app-deployed
|
||||
# when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
|
||||
# trigger.on-health-degraded: |
|
||||
# - description: Application has degraded
|
||||
# send:
|
||||
# - app-health-degraded
|
||||
# when: app.status.health.status == 'Degraded'
|
||||
# trigger.on-sync-failed: |
|
||||
# - description: Application syncing has failed
|
||||
# send:
|
||||
# - app-sync-failed
|
||||
# when: app.status.operationState.phase in ['Error', 'Failed']
|
||||
# trigger.on-sync-running: |
|
||||
# - description: Application is being synced
|
||||
# send:
|
||||
# - app-sync-running
|
||||
# when: app.status.operationState.phase in ['Running']
|
||||
# trigger.on-sync-status-unknown: |
|
||||
# - description: Application status is 'Unknown'
|
||||
# send:
|
||||
# - app-sync-status-unknown
|
||||
# when: app.status.sync.status == 'Unknown'
|
||||
# trigger.on-sync-succeeded: |
|
||||
# - description: Application syncing has succeeded
|
||||
# send:
|
||||
# - app-sync-succeeded
|
||||
# when: app.status.operationState.phase in ['Succeeded']
|
||||
|
||||
bots:
|
||||
# For more information: https://argoproj-labs.github.io/argocd-notifications/recipients/bot/
|
||||
# For more information: https://argocd-notifications.readthedocs.io/en/stable/bots/overview/
|
||||
slack:
|
||||
# You have to set secret.notifiers.slack.signingSecret
|
||||
enabled: false
|
||||
|
@ -204,7 +337,7 @@ bots:
|
|||
|
||||
image:
|
||||
repository: argoprojlabs/argocd-notifications
|
||||
tag: v0.7.0
|
||||
tag: v1.0.1
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
imagePullSecrets: []
|
||||
|
|
|
@ -6,7 +6,6 @@ GIT_PUSH=${GIT_PUSH:-false}
|
|||
|
||||
rm -rf $SRCROOT/output && git clone -b gh-pages git@github.com:argoproj/argo-helm.git $SRCROOT/output
|
||||
|
||||
helm repo add stable https://kubernetes-charts.storage.googleapis.com
|
||||
helm repo add argoproj https://argoproj.github.io/argo-helm
|
||||
|
||||
for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d);
|
||||
|
@ -17,15 +16,15 @@ do
|
|||
|
||||
if [ $(helm dep list $dir 2>/dev/null| wc -l) -gt 1 ]
|
||||
then
|
||||
echo "Processing chart dependencies"
|
||||
helm --debug dep build $dir
|
||||
# Bug with Helm subcharts with hyphen on them
|
||||
# https://github.com/argoproj/argo-helm/pull/270#issuecomment-608695684
|
||||
if [ "$name" == "argo-cd" ]
|
||||
then
|
||||
echo "Restore ArgoCD RedisHA subchart"
|
||||
git checkout $dir
|
||||
tar -C $dir/charts -xf $dir/charts/redis-ha-*.tgz
|
||||
fi
|
||||
echo "Processing chart dependencies"
|
||||
helm --debug dep build $dir
|
||||
fi
|
||||
|
||||
echo "Processing $dir"
|
||||
|
|
Loading…
Reference in a new issue