mirror of
https://github.com/jlengrand/engine.git
synced 2026-03-10 08:11:21 +00:00
464 lines
15 KiB
YAML
464 lines
15 KiB
YAML
## Bitnami Redis image version
|
|
## ref: https://hub.docker.com/r/bitnami/redis/tags/
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/redis
|
|
## Bitnami Redis image tag
|
|
## ref: https://github.com/bitnami/bitnami-docker-redis#supported-tags-and-respective-dockerfile-links
|
|
##
|
|
tag: "{{ version }}"
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## String to partially override redis.fullname template (will maintain the release name)
|
|
##
|
|
nameOverride: '{{ sanitized_name }}'
|
|
|
|
## String to fully override redis.fullname template
|
|
##
|
|
fullnameOverride: '{{ sanitized_name }}'
|
|
|
|
## Cluster settings
|
|
cluster:
|
|
enabled: false
|
|
slaveCount: 3
|
|
|
|
## Use redis sentinel in the redis pod. This will disable the master and slave services and
|
|
## create one redis service with ports to the sentinel and the redis instances
|
|
sentinel:
|
|
enabled: false
|
|
## Require password authentication on the sentinel itself
|
|
## ref: https://redis.io/topics/sentinel
|
|
usePassword: true
|
|
## Bitnami Redis Sentintel image version
|
|
## ref: https://hub.docker.com/r/bitnami/redis-sentinel/tags/
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/redis-sentinel
|
|
## Bitnami Redis image tag
|
|
## ref: https://github.com/bitnami/bitnami-docker-redis-sentinel#supported-tags-and-respective-dockerfile-links
|
|
##
|
|
tag: {{ version }}
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
masterSet: mymaster
|
|
initialCheckTimeout: 5
|
|
quorum: 2
|
|
downAfterMilliseconds: 60000
|
|
failoverTimeout: 18000
|
|
parallelSyncs: 1
|
|
port: 26379
|
|
## Additional Redis configuration for the sentinel nodes
|
|
## ref: https://redis.io/topics/config
|
|
##
|
|
configmap:
|
|
## Enable or disable static sentinel IDs for each replicas
|
|
## If disabled each sentinel will generate a random id at startup
|
|
## If enabled, each replicas will have a constant ID on each start-up
|
|
##
|
|
staticID: false
|
|
## Configure extra options for Redis Sentinel liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 1
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
customLivenessProbe: {}
|
|
customReadinessProbe: {}
|
|
## Redis Sentinel resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
# resources:
|
|
# requests:
|
|
# memory: 256Mi
|
|
# cpu: 100m
|
|
## Redis Sentinel Service properties
|
|
service:
|
|
## Redis Sentinel Service type
|
|
type: ClusterIP
|
|
sentinelPort: 26379
|
|
redisPort: 6379
|
|
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# sentinelNodePort:
|
|
# redisNodePort:
|
|
|
|
## Provide any additional annotations which may be required. This can be used to
|
|
## set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
annotations: {}
|
|
labels:
|
|
envId: {{ environment_id }}
|
|
databaseId: {{ id }}
|
|
databaseLongId: {{ long_id }}
|
|
envLongId: {{ environment_long_id }}
|
|
projectLongId: {{ project_long_id }}
|
|
loadBalancerIP:
|
|
|
|
networkPolicy:
|
|
## Specifies whether a NetworkPolicy should be created
|
|
##
|
|
enabled: false
|
|
|
|
## The Policy model to apply. When set to false, only pods with the correct
|
|
## client label will have network access to the port Redis is listening
|
|
## on. When true, Redis will accept connections from any source
|
|
## (with the correct destination port).
|
|
##
|
|
allowExternal: true
|
|
|
|
## Allow connections from other namespaces. Just set label for namespace and set label for pods (optional).
|
|
##
|
|
ingressNSMatchLabels: {}
|
|
ingressNSPodMatchLabels: {}
|
|
|
|
|
|
rbac:
|
|
## Specifies whether RBAC resources should be created
|
|
##
|
|
create: true
|
|
|
|
role:
|
|
## Rules to create. It follows the role specification
|
|
# rules:
|
|
# - apiGroups:
|
|
# - extensions
|
|
# resources:
|
|
# - podsecuritypolicies
|
|
# verbs:
|
|
# - use
|
|
# resourceNames:
|
|
# - gce.unprivileged
|
|
rules: []
|
|
|
|
## Redis password (both master and slave)
|
|
## Defaults to a random 10-character alphanumeric string if not set and usePassword is true
|
|
## ref: https://github.com/bitnami/bitnami-docker-redis#setting-the-server-password-on-first-run
|
|
##
|
|
password: '{{ database_password }}'
|
|
## Use existing secret (ignores previous password)
|
|
# existingSecret:
|
|
## Password key to be retrieved from Redis secret
|
|
##
|
|
# existingSecretPasswordKey:
|
|
|
|
## Mount secrets as files instead of environment variables
|
|
usePasswordFile: false
|
|
|
|
## Persist data to a persistent volume (Redis Master)
|
|
persistence:
|
|
## A manually managed Persistent Volume and Claim
|
|
## Requires persistence.enabled: true
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
existingClaim:
|
|
|
|
# Redis port
|
|
redisPort: 6379
|
|
|
|
##
|
|
## TLS configuration
|
|
##
|
|
tls:
|
|
# Enable TLS traffic
|
|
enabled: false
|
|
#
|
|
# Whether to require clients to authenticate or not.
|
|
authClients: true
|
|
#
|
|
# Name of the Secret that contains the certificates
|
|
certificatesSecret:
|
|
#
|
|
# Certificate filename
|
|
certFilename:
|
|
#
|
|
# Certificate Key filename
|
|
certKeyFilename:
|
|
#
|
|
# CA Certificate filename
|
|
certCAFilename:
|
|
#
|
|
# File containing DH params (in order to support DH based ciphers)
|
|
# dhParamsFilename:
|
|
|
|
##
|
|
## Redis Master parameters
|
|
##
|
|
master:
|
|
## Redis command arguments
|
|
##
|
|
## Can be used to specify command line arguments, for example:
|
|
## Note `exec` is prepended to command
|
|
##
|
|
command: "/run.sh"
|
|
## Additional commands to run prior to starting Redis
|
|
##
|
|
preExecCmds: ""
|
|
## Additional Redis configuration for the master nodes
|
|
## ref: https://redis.io/topics/config
|
|
##
|
|
configmap:
|
|
## Redis additional command line flags
|
|
##
|
|
## Can be used to specify command line flags, for example:
|
|
## extraFlags:
|
|
## - "--maxmemory-policy volatile-ttl"
|
|
## - "--repl-backlog-size 1024mb"
|
|
extraFlags: []
|
|
## Comma-separated list of Redis commands to disable
|
|
##
|
|
## Can be used to disable Redis commands for security reasons.
|
|
## Commands will be completely disabled by renaming each to an empty string.
|
|
## ref: https://redis.io/topics/security#disabling-of-specific-commands
|
|
##
|
|
disableCommands:
|
|
- FLUSHDB
|
|
- FLUSHALL
|
|
|
|
## Redis Master additional pod labels and annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
podLabels:
|
|
envId: {{ environment_id }}
|
|
databaseId: {{ id }}
|
|
databaseLongId: {{ long_id }}
|
|
envLongId: {{ environment_long_id }}
|
|
projectLongId: {{ project_long_id }}
|
|
podAnnotations: {}
|
|
|
|
## Redis Master resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
# resources:
|
|
# requests:
|
|
# memory: 256Mi
|
|
# cpu: 100m
|
|
## Use an alternate scheduler, e.g. "stork".
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
# schedulerName:
|
|
|
|
# Enable shared process namespace in a pod.
|
|
# If set to false (default), each container will run in separate namespace, redis will have PID=1.
|
|
# If set to true, the /pause will run as init process and will reap any zombie PIDs,
|
|
# for example, generated by a custom exec probe running longer than a probe timeoutSeconds.
|
|
# Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.
|
|
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
|
|
shareProcessNamespace: false
|
|
## Configure extra options for Redis Master liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 1
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
|
|
## Configure custom probes for images other images like
|
|
## rhscl/redis-32-rhel7 rhscl/redis-5-rhel7
|
|
## Only used if readinessProbe.enabled: false / livenessProbe.enabled: false
|
|
##
|
|
# customLivenessProbe:
|
|
# tcpSocket:
|
|
# port: 6379
|
|
# initialDelaySeconds: 10
|
|
# periodSeconds: 5
|
|
# customReadinessProbe:
|
|
# initialDelaySeconds: 30
|
|
# periodSeconds: 10
|
|
# timeoutSeconds: 5
|
|
# exec:
|
|
# command:
|
|
# - "container-entrypoint"
|
|
# - "bash"
|
|
# - "-c"
|
|
# - "redis-cli set liveness-probe \"`date`\" | grep OK"
|
|
customLivenessProbe: {}
|
|
customReadinessProbe: {}
|
|
|
|
## Redis Master Node selectors and tolerations for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
|
|
##
|
|
# nodeSelector: {"beta.kubernetes.io/arch": "amd64"}
|
|
# tolerations: []
|
|
## Redis Master pod/node affinity/anti-affinity
|
|
##
|
|
affinity: {}
|
|
|
|
## Redis Master Service properties
|
|
service:
|
|
## Redis Master Service type
|
|
type: {% if publicly_accessible -%} LoadBalancer {% else -%} ClusterIP {% endif %}
|
|
port: 6379
|
|
name: {{ service_name }}
|
|
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
|
|
## Provide any additional annotations which may be required. This can be used to
|
|
## set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
{% if publicly_accessible -%}
|
|
annotations:
|
|
service.beta.kubernetes.io/scw-loadbalancer-forward-port-algorithm: "leastconn"
|
|
service.beta.kubernetes.io/scw-loadbalancer-protocol-http: "false"
|
|
service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v1: "false"
|
|
service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: "false"
|
|
service.beta.kubernetes.io/scw-loadbalancer-health-check-type: tcp
|
|
service.beta.kubernetes.io/scw-loadbalancer-use-hostname: "false"
|
|
external-dns.alpha.kubernetes.io/hostname: "{{ fqdn }}"
|
|
external-dns.alpha.kubernetes.io/ttl: "300"
|
|
{% endif %}
|
|
labels:
|
|
envId: {{ environment_id }}
|
|
databaseId: {{ id }}
|
|
databaseLongId: {{ long_id }}
|
|
envLongId: {{ environment_long_id }}
|
|
projectLongId: {{ project_long_id }}
|
|
loadBalancerIP:
|
|
# loadBalancerSourceRanges: ["10.0.0.0/8"]
|
|
|
|
## Enable persistence using Persistent Volume Claims
|
|
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
##
|
|
persistence:
|
|
enabled: true
|
|
## The path the volume will be mounted at, useful when using different
|
|
## Redis images.
|
|
path: /data
|
|
## The subdirectory of the volume to mount to, useful in dev environments
|
|
## and one PV for multiple services.
|
|
subPath: ""
|
|
## redis data Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
## GKE, AWS & OpenStack)
|
|
##
|
|
storageClass: {{ database_disk_type }}
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
size: {{ database_disk_size_in_gib }}Gi
|
|
## Persistent Volume selectors
|
|
## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector
|
|
matchLabels: {}
|
|
matchExpressions: {}
|
|
|
|
## Update strategy, can be set to RollingUpdate or onDelete by default.
|
|
## https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets
|
|
statefulset:
|
|
labels:
|
|
envId: {{ environment_id }}
|
|
databaseId: {{ id }}
|
|
databaseLongId: {{ long_id }}
|
|
envLongId: {{ environment_long_id }}
|
|
projectLongId: {{ project_long_id }}
|
|
updateStrategy: RollingUpdate
|
|
## Partition update strategy
|
|
## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions
|
|
# rollingUpdatePartition:
|
|
|
|
## Redis Master pod priorityClassName
|
|
##
|
|
priorityClassName: ''
|
|
|
|
## An array to add extra env vars
|
|
## For example:
|
|
## extraEnvVars:
|
|
## - name: name
|
|
## value: value
|
|
## - name: other_name
|
|
## valueFrom:
|
|
## fieldRef:
|
|
## fieldPath: fieldPath
|
|
##
|
|
extraEnvVars: []
|
|
|
|
## ConfigMap with extra env vars:
|
|
##
|
|
extraEnvVarsCM: []
|
|
|
|
## Secret with extra env vars:
|
|
##
|
|
extraEnvVarsSecret: []
|
|
|
|
##
|
|
## Init containers parameters:
|
|
## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
|
|
##
|
|
volumePermissions:
|
|
enabled: true
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/minideb
|
|
tag: buster
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
resources: {}
|
|
# resources:
|
|
# requests:
|
|
# memory: 128Mi
|
|
# cpu: 100m
|
|
|
|
## Init container Security Context
|
|
## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
|
|
## and not the below volumePermissions.securityContext.runAsUser
|
|
## When runAsUser is set to special value "auto", init container will try to chwon the
|
|
## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
|
|
## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed).
|
|
## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with
|
|
## podSecurityContext.enabled=false,containerSecurityContext.enabled=false
|
|
##
|
|
securityContext:
|
|
runAsUser: 0
|
|
|