UNCLASSIFIED

Skip to content

GitLab

Commit 74512f88 authored by bhearn's avatar bhearn
Browse files

update redis dep

parent 4cfc9c82
Expand all Show whitespace changes
Inline Side-by-side
Showing with 835 additions and 696 deletions
CHANGELOG.md
View file @ 74512f88
...@@ -3,6 +3,12 @@ ...@@ -3,6 +3,12 @@
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
--- ---
## [1.12.15-bb.1]
### Changed
- Updated Redis dependency to 14.1.0-bb.0
### UPGRADE NOTICE
- A clean upgrade job will run which requires complete deletion of the previous redis instance, which means downtime can be expected for Anchore Enterprise UI users. Multiple values were changed and shifted around - most importantly `anchore-ui-redis.password` is now `anchore-ui-redis.auth.password`. By default your old password (whatever is in the secret) will be used and will override any values specified
## [1.12.15-bb.0] ## [1.12.15-bb.0]
### Changed ### Changed
- Updated docs for BB documentation standards - Updated docs for BB documentation standards
......
chart/Chart.lock
View file @ 74512f88
...@@ -7,9 +7,9 @@ dependencies: ...@@ -7,9 +7,9 @@ dependencies:
version: 1.0.1 version: 1.0.1
- name: redis - name: redis
repository: file://./deps/redis repository: file://./deps/redis
version: 12.8.3-bb.0 version: 14.1.0-bb.0
- name: bb-test-lib - name: bb-test-lib
repository: oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates repository: oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates
version: 0.4.0 version: 0.4.0
digest: sha256:cdf6e2694ba10c26845caffc96343262185f697595fdcb658c1c6e9796ddb029 digest: sha256:95fc02eb4c73428f58530043f2ccea983eb2de36c3e2bed6566deaff6552285c
generated: "2021-05-11T11:23:19.071211-04:00" generated: "2021-06-11T14:51:29.578969-04:00"
chart/Chart.yaml
View file @ 74512f88
apiVersion: v2 apiVersion: v2
name: anchore-engine name: anchore-engine
version: 1.12.15-bb.0 version: 1.12.15-bb.1
appVersion: 0.9.4 appVersion: 0.9.4
description: Anchore container analysis and policy evaluation engine service description: Anchore container analysis and policy evaluation engine service
keywords: keywords:
...@@ -33,7 +33,7 @@ dependencies: ...@@ -33,7 +33,7 @@ dependencies:
condition: anchore-feeds-db.enabled,anchoreEnterpriseGlobal.enabled condition: anchore-feeds-db.enabled,anchoreEnterpriseGlobal.enabled
alias: anchore-feeds-db alias: anchore-feeds-db
- name: redis - name: redis
version: "12.8.3-bb.0" version: "14.1.0-bb.0"
repository: "file://./deps/redis" repository: "file://./deps/redis"
condition: anchore-ui-redis.enabled,anchoreEnterpriseGlobal.enabled condition: anchore-ui-redis.enabled,anchoreEnterpriseGlobal.enabled
alias: anchore-ui-redis alias: anchore-ui-redis
......
chart/deps/redis/Chart.lock
View file @ 74512f88
dependencies: dependencies:
- name: common - name: common
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 1.4.1 version: 1.5.2
digest: sha256:81be4c0ebd0a81952423b24268e82697231b8c07991ee60b23b950ff1db003a2 digest: sha256:7b5a8ece9b57d70ef47eb7ed27e6f66b059fb0fc1f2ca59a15bb495e32366690
generated: "2021-02-24T06:54:40.099558726Z" generated: "2021-06-07T12:05:28.337668-06:00"
chart/deps/redis/Chart.yaml
View file @ 74512f88
annotations: annotations:
category: Database category: Database
apiVersion: v2 apiVersion: v2
appVersion: 6.0.12 appVersion: 6.2.2
dependencies: dependencies:
- name: common - name: common
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
...@@ -25,4 +25,4 @@ name: redis ...@@ -25,4 +25,4 @@ name: redis
sources: sources:
- https://github.com/bitnami/bitnami-docker-redis - https://github.com/bitnami/bitnami-docker-redis
- http://redis.io/ - http://redis.io/
version: 12.8.3-bb.0 version: 14.1.0-bb.0
chart/deps/redis/Kptfile
View file @ 74512f88
...@@ -5,7 +5,7 @@ metadata: ...@@ -5,7 +5,7 @@ metadata:
upstream: upstream:
type: git type: git
git: git:
commit: ba3a0e31485ed629e379487ceff44ff4863e28ef commit: 424349e5f1d571a2dbddf8c6c0621db120986c1f
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/redis repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/redis
directory: /chart directory: /chart
ref: main ref: 14.1.0-bb.0
chart/deps/redis/README.md
View file @ 74512f88
This diff is collapsed.
chart/deps/redis/ci/extra-flags-values.yaml
View file @ 74512f88
...@@ -3,9 +3,10 @@ master: ...@@ -3,9 +3,10 @@ master:
- --maxmemory-policy allkeys-lru - --maxmemory-policy allkeys-lru
persistence: persistence:
enabled: false enabled: false
slave: replica:
extraFlags: extraFlags:
- --maxmemory-policy allkeys-lru - --maxmemory-policy allkeys-lru
persistence: persistence:
enabled: false enabled: false
usePassword: false auth:
enabled: false
chart/deps/redis/ci/sentinel-values.yaml 0 → 100644
View file @ 74512f88
sentinel:
enabled: true
metrics:
enabled: true
sentinel:
enabled: true
chart/deps/redis/templates/NOTES.txt
View file @ 74512f88
** Please be patient while the chart is being deployed ** ** Please be patient while the chart is being deployed **
{{- if contains .Values.master.service.type "LoadBalancer" }} {{- if contains .Values.master.service.type "LoadBalancer" }}
{{- if not .Values.usePassword }} {{- if not .Values.auth.enabled }}
{{ if and (not .Values.networkPolicy.enabled) (.Values.networkPolicy.allowExternal) }} {{ if and (not .Values.networkPolicy.enabled) (.Values.networkPolicy.allowExternal) }}
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
WARNING WARNING
By specifying "master.service.type=LoadBalancer" and "usePassword=false" you have By specifying "master.service.type=LoadBalancer" and "auth.enabled=false" you have
most likely exposed the Redis(TM) service externally without any authentication most likely exposed the Redis(TM) service externally without any authentication
mechanism. mechanism.
For security reasons, we strongly suggest that you switch to "ClusterIP" or For security reasons, we strongly suggest that you switch to "ClusterIP" or
"NodePort". As alternative, you can also switch to "usePassword=true" "NodePort". As alternative, you can also switch to "auth.enabled=true"
providing a valid password on "password" parameter. providing a valid password on "password" parameter.
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
...@@ -20,117 +20,128 @@ ...@@ -20,117 +20,128 @@
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if and .Values.sentinel.enabled (not .Values.cluster.enabled)}} {{- if eq .Values.architecture "replication" }}
-------------------------------------------------------------------------------
WARNING
Using redis sentinel without a cluster is not supported. A single pod with
standalone redis has been deployed.
To deploy redis sentinel, please use the values "cluster.enabled=true" and
"sentinel.enabled=true".
-------------------------------------------------------------------------------
{{- end }}
{{- if .Values.cluster.enabled }}
{{- if .Values.sentinel.enabled }} {{- if .Values.sentinel.enabled }}
Redis(TM) can be accessed via port {{ .Values.sentinel.service.redisPort }} on the following DNS name from within your cluster:
{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read only operations Redis(TM) can be accessed via port {{ .Values.sentinel.service.port }} on the following DNS name from within your cluster:
{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read only operations
For read/write operations, first access the Redis(TM) Sentinel cluster, which is available in port {{ .Values.sentinel.service.sentinelPort }} using the same domain name above. For read/write operations, first access the Redis(TM) Sentinel cluster, which is available in port {{ .Values.sentinel.service.sentinelPort }} using the same domain name above.
{{- else }} {{- else }}
Redis(TM) can be accessed via port {{ .Values.redisPort }} on the following DNS names from within your cluster:
{{ template "redis.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read/write operations Redis(TM) can be accessed on the following DNS names from within your cluster:
{{ template "redis.fullname" . }}-slave.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read-only operations
{{- end }} {{ printf "%s-master.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read/write operations (port {{ .Values.master.service.port }})
{{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.port }})
{{- end }}
{{- else }} {{- else }}
Redis(TM) can be accessed via port {{ .Values.redisPort }} on the following DNS name from within your cluster:
{{ template "redis.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} Redis(TM) can be accessed via port {{ .Values.master.service.port }} on the following DNS name from within your cluster:
{{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
{{- end }} {{- end }}
{{ if .Values.usePassword }} {{ if .Values.auth.enabled }}
To get your password run: To get your password run:
export REDIS_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 --decode) export REDIS_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 --decode)
{{- end }} {{- end }}
To connect to your Redis(TM) server: To connect to your Redis(TM) server:
1. Run a Redis(TM) pod that you can use as a client: 1. Run a Redis(TM) pod that you can use as a client:
kubectl run --namespace {{ .Release.Namespace }} redis-client --restart='Never' {{ if .Values.auth.enabled }} --env REDIS_PASSWORD=$REDIS_PASSWORD {{ end }} --image {{ template "redis.image" . }} --command -- sleep infinity
{{- if .Values.tls.enabled }} {{- if .Values.tls.enabled }}
kubectl run --namespace {{ .Release.Namespace }} {{ template "redis.fullname" . }}-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image {{ template "redis.image" . }} --command -- sleep infinity
Copy your TLS certificates to the pod: Copy your TLS certificates to the pod:
kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.cert {{ template "redis.fullname" . }}-client:/tmp/client.cert kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.cert redis-client:/tmp/client.cert
kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.key {{ template "redis.fullname" . }}-client:/tmp/client.key kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.key redis-client:/tmp/client.key
kubectl cp --namespace {{ .Release.Namespace }} /path/to/CA.cert {{ template "redis.fullname" . }}-client:/tmp/CA.cert kubectl cp --namespace {{ .Release.Namespace }} /path/to/CA.cert redis-client:/tmp/CA.cert
{{- end }}
Use the following command to attach to the pod: Use the following command to attach to the pod:
kubectl exec --tty -i {{ template "redis.fullname" . }}-client \ kubectl exec --tty -i redis-client \
{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "redis.fullname" . }}-client=true" \{{- end }} {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }}
--namespace {{ .Release.Namespace }} -- bash --namespace {{ .Release.Namespace }} -- bash
{{- else }}
kubectl run --namespace {{ .Release.Namespace }} {{ template "redis.fullname" . }}-client --rm --tty -i --restart='Never' \
{{ if .Values.usePassword }} --env REDIS_PASSWORD=$REDIS_PASSWORD \{{ end }}
{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "redis.fullname" . }}-client=true" \{{- end }}
--image {{ template "redis.image" . }} -- bash
{{- end }}
2. Connect using the Redis(TM) CLI: 2. Connect using the Redis(TM) CLI:
{{- if .Values.cluster.enabled }} {{- if eq .Values.architecture "replication" }}
{{- if .Values.sentinel.enabled }} {{- if .Values.sentinel.enabled }}
redis-cli -h {{ template "redis.fullname" . }} -p {{ .Values.sentinel.service.redisPort }}{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Read only operations redis-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.port }}{{ if .Values.auth.enabled }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Read only operations
redis-cli -h {{ template "redis.fullname" . }} -p {{ .Values.sentinel.service.sentinelPort }}{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Sentinel access redis-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.sentinelPort }}{{ if .Values.auth.enabled }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Sentinel access
{{- else }} {{- else }}
redis-cli -h {{ template "redis.fullname" . }}-master{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} redis-cli -h {{ printf "%s-master" (include "common.names.fullname" .) }}{{ if .Values.auth.enabled }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
redis-cli -h {{ template "redis.fullname" . }}-slave{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} redis-cli -h {{ printf "%s-replicas" (include "common.names.fullname" .) }}{{ if .Values.auth.enabled }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- end }} {{- end }}
{{- else }} {{- else }}
redis-cli -h {{ template "redis.fullname" . }}-master{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} redis-cli -h {{ template "common.names.fullname" . }}-master{{ if .Values.auth.enabled }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- end }} {{- end }}
{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
Note: Since NetworkPolicy is enabled, only pods with label
{{ template "redis.fullname" . }}-client=true" Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to redis.
will be able to connect to redis.
{{- else -}} {{- else }}
To connect to your database from outside the cluster execute the following commands: To connect to your database from outside the cluster execute the following commands:
{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }}
{{- if contains "NodePort" .Values.sentinel.service.type }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})
redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.auth.enabled }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- else if contains "LoadBalancer" .Values.sentinel.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
redis-cli -h $SERVICE_IP -p {{ .Values.sentinel.service.port }} {{- if .Values.auth.enabled }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- else if contains "ClusterIP" .Values.sentinel.service.type }}
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.port }}:{{ .Values.sentinel.service.port }} &
redis-cli -h 127.0.0.1 -p {{ .Values.sentinel.service.port }} {{- if .Values.auth.enabled }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- end }}
{{- else }}
{{- if contains "NodePort" .Values.master.service.type }} {{- if contains "NodePort" .Values.master.service.type }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "redis.fullname" . }}-master) export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-master" (include "common.names.fullname" .) }})
redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.auth.enabled }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- else if contains "LoadBalancer" .Values.master.service.type }} {{- else if contains "LoadBalancer" .Values.master.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available. NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "redis.fullname" . }}' Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "redis.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ printf "%s-master" (include "common.names.fullname" .) }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
redis-cli -h $SERVICE_IP -p {{ .Values.master.service.port }} {{- if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} redis-cli -h $SERVICE_IP -p {{ .Values.master.service.port }} {{- if .Values.auth.enabled }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- else if contains "ClusterIP" .Values.master.service.type }} {{- else if contains "ClusterIP" .Values.master.service.type }}
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "redis.fullname" . }}-master {{ .Values.redisPort }}:{{ .Values.redisPort }} & kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-master" (include "common.names.fullname" .) }} {{ .Values.master.service.port }}:{{ .Values.master.service.port }} &
redis-cli -h 127.0.0.1 -p {{ .Values.redisPort }} {{- if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} redis-cli -h 127.0.0.1 -p {{ .Values.master.service.port }} {{- if .Values.auth.enabled }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{ include "redis.checkRollingTags" . }} {{- end }}
{{- include "redis.checkRollingTags" . }}
{{- include "redis.validateValues" . }} {{- include "redis.validateValues" . }}
chart/deps/redis/templates/_helpers.tpl
View file @ 74512f88
{{/* vim: set filetype=mustache: */}} {{/* vim: set filetype=mustache: */}}
{{/* {{/*
Expand the name of the chart. Return the proper Redis image name
*/}} */}}
{{- define "redis.name" -}} {{- define "redis.image" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}} {{- end -}}
{{/* {{/*
Expand the chart plus release name (used by the chart label) Return the proper Redis Sentinel image name
*/}} */}}
{{- define "redis.chart" -}} {{- define "redis.sentinel.image" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version -}} {{ include "common.images.image" (dict "imageRoot" .Values.sentinel.image "global" .Values.global) }}
{{- end -}} {{- end -}}
{{/* {{/*
Create a default fully qualified app name. Return the proper image name (for the metrics image)
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}} */}}
{{- define "redis.fullname" -}} {{- define "redis.metrics.image" -}}
{{- if .Values.fullnameOverride -}} {{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
Return the appropriate apiVersion for networkpolicy. Return the proper image name (for the metrics image)
*/}} */}}
{{- define "networkPolicy.apiVersion" -}} {{- define "redis.metrics.sentinel.image" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} {{ include "common.images.image" (dict "imageRoot" .Values.metrics.sentinel.image "global" .Values.global) }}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
Return the appropriate apiGroup for PodSecurityPolicy. Return the proper image name (for the init container volume-permissions image)
*/}} */}}
{{- define "podSecurityPolicy.apiGroup" -}} {{- define "redis.volumePermissions.image" -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} {{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- print "policy" -}}
{{- else -}}
{{- print "extensions" -}}
{{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
Return the appropriate apiVersion for PodSecurityPolicy. Return sysctl image
*/}} */}}
{{- define "podSecurityPolicy.apiVersion" -}} {{- define "redis.sysctl.image" -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} {{ include "common.images.image" (dict "imageRoot" .Values.sysctl.image "global" .Values.global) }}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
Return the proper Redis(TM) image name Return the proper Docker Image Registry Secret Names
*/}} */}}
{{- define "redis.image" -}} {{- define "redis.imagePullSecrets" -}}
{{- $registryName := .Values.image.registry -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $tag := .Values.image.tag | toString -}}
{{/* {{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope, Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option Also, we can not use a single if because lazy evaluation is not an option
*/}} */}}
{{- if .Values.global }} {{- if .Values.global }}
{{- if .Values.global.imageRegistry }} {{- if .Values.global.imagePullSecrets }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} imagePullSecrets:
{{- else -}} {{- range .Values.global.imagePullSecrets }}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} {{- $credType := typeOf . -}}
{{- end -}} {{ if eq $credType "map[string]interface {}" }}
{{- else -}} - name: {{ get . "name" }}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} {{ else }}
- name: {{ . }}
{{ end }}
{{- end }}
{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.metrics.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.sysctlImage.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.volumePermissions.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.metrics.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.sysctlImage.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.volumePermissions.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
Return the proper Redis(TM) Sentinel image name Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "sentinel.image" -}}
{{- $registryName := .Values.sentinel.image.registry -}}
{{- $repositoryName := .Values.sentinel.image.repository -}}
{{- $tag := .Values.sentinel.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}} */}}
{{- if .Values.global }} {{- define "networkPolicy.apiVersion" -}}
{{- if .Values.global.imageRegistry }} {{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} {{- print "extensions/v1beta1" -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}} {{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} {{- print "networking.k8s.io/v1" -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
Return the proper image name (for the metrics image) Return the appropriate apiGroup for PodSecurityPolicy.
*/}}
{{- define "redis.metrics.image" -}}
{{- $registryName := .Values.metrics.image.registry -}}
{{- $repositoryName := .Values.metrics.image.repository -}}
{{- $tag := .Values.metrics.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}} */}}
{{- if .Values.global }} {{- define "podSecurityPolicy.apiGroup" -}}
{{- if .Values.global.imageRegistry }} {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} {{- print "policy" -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}} {{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} {{- print "extensions" -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
Return the proper image name (for the init container volume-permissions image) Return the appropriate apiVersion for PodSecurityPolicy.
*/}}
{{- define "redis.volumePermissions.image" -}}
{{- $registryName := .Values.volumePermissions.image.registry -}}
{{- $repositoryName := .Values.volumePermissions.image.repository -}}
{{- $tag := .Values.volumePermissions.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}} */}}
{{- if .Values.global }} {{- define "podSecurityPolicy.apiVersion" -}}
{{- if .Values.global.imageRegistry }} {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} {{- print "policy/v1beta1" -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}} {{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} {{- print "extensions/v1beta1" -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
...@@ -191,202 +162,78 @@ Create the name of the service account to use ...@@ -191,202 +162,78 @@ Create the name of the service account to use
*/}} */}}
{{- define "redis.serviceAccountName" -}} {{- define "redis.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}} {{- if .Values.serviceAccount.create -}}
{{ default (include "redis.fullname" .) .Values.serviceAccount.name }} {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}} {{- else -}}
{{ default "default" .Values.serviceAccount.name }} {{ default "default" .Values.serviceAccount.name }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
Get the password secret. Return the configuration configmap name
*/}} */}}
{{- define "redis.secretName" -}} {{- define "redis.configmapName" -}}
{{- if .Values.existingSecret -}} {{- if .Values.existingConfigmap -}}
{{- printf "%s" .Values.existingSecret -}} {{- printf "%s" (tpl .Values.existingConfigmap $) -}}
{{- else -}} {{- else -}}
{{- printf "%s" (include "redis.fullname" .) -}} {{- printf "%s-configuration" (include "common.names.fullname" .) -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
Get the password key to be retrieved from Redis(TM) secret. Return true if a configmap object should be created
*/}} */}}
{{- define "redis.secretPasswordKey" -}} {{- define "redis.createConfigmap" -}}
{{- if and .Values.existingSecret .Values.existingSecretPasswordKey -}} {{- if empty .Values.existingConfigmap }}
{{- printf "%s" .Values.existingSecretPasswordKey -}} {{- true -}}
{{- else -}}
{{- printf "redis-password" -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
Return Redis(TM) password Get the password secret.
*/}} */}}
{{- define "redis.password" -}} {{- define "redis.secretName" -}}
{{- if not (empty .Values.global.redis.password) }} {{- if .Values.auth.existingSecret -}}
{{- .Values.global.redis.password -}} {{- printf "%s" .Values.auth.existingSecret -}}
{{- else if not (empty .Values.password) -}}
{{- .Values.password -}}
{{- else -}} {{- else -}}
{{- randAlphaNum 10 -}} {{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
Return sysctl image Get the password key to be retrieved from Redis(TM) secret.
*/}}
{{- define "redis.sysctl.image" -}}
{{- $registryName := default "docker.io" .Values.sysctlImage.registry -}}
{{- $repositoryName := .Values.sysctlImage.repository -}}
{{- $tag := default "buster" .Values.sysctlImage.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}} */}}
{{- if .Values.global }} {{- define "redis.secretPasswordKey" -}}
{{- if .Values.global.imageRegistry }} {{- if and .Values.auth.existingSecret .Values.auth.existingSecretPasswordKey -}}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} {{- printf "%s" .Values.auth.existingSecretPasswordKey -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}} {{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} {{- printf "redis-password" -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
Return the proper Docker Image Registry Secret Names Return Redis(TM) password
*/}}
{{- define "redis.imagePullSecrets" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
Also, we can not use a single if because lazy evaluation is not an option
*/}} */}}
{{- if .Values.global }} {{- define "redis.password" -}}
{{- if .Values.global.imagePullSecrets }} {{- $secretName := include "redis.secretName" . -}}
imagePullSecrets: {{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName ) -}}
{{- range .Values.global.imagePullSecrets }} {{- if $secret -}}
{{- $credType := typeOf . -}} {{- with $secret -}}
{{ if eq $credType "map[string]interface {}" }} {{- get .data "redis-password" | b64dec -}}
- name: {{ get . "name" }}
{{ else }}
- name: {{ . }}
{{ end }}
{{- end }}
{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.metrics.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.sysctlImage.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.volumePermissions.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}} {{- end -}}
{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets }} {{- else if not (empty .Values.global.redis.password) }}
imagePullSecrets: {{- .Values.global.redis.password -}}
{{- range .Values.image.pullSecrets }} {{- else if not (empty .Values.auth.password) -}}
- name: {{ . }} {{- .Values.auth.password -}}
{{- end }} {{- else -}}
{{- range .Values.metrics.image.pullSecrets }} {{- randAlphaNum 10 -}}
- name: {{ . }}
{{- end }}
{{- range .Values.sysctlImage.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.volumePermissions.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/* Check if there are rolling tags in the images */}} {{/* Check if there are rolling tags in the images */}}
{{- define "redis.checkRollingTags" -}} {{- define "redis.checkRollingTags" -}}
{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} {{- include "common.warnings.rollingTag" .Values.image }}
WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. {{- include "common.warnings.rollingTag" .Values.sentinel.image }}
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ {{- include "common.warnings.rollingTag" .Values.metrics.image }}
{{- end }}
{{- if and (contains "bitnami/" .Values.sentinel.image.repository) (not (.Values.sentinel.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .Values.sentinel.image.repository }}:{{ .Values.sentinel.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}
{{- end -}}
{{/*
Return the proper Storage Class for master
*/}}
{{- define "redis.master.storageClass" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
*/}}
{{- if .Values.global -}}
{{- if .Values.global.storageClass -}}
{{- if (eq "-" .Values.global.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.global.storageClass -}}
{{- end -}}
{{- else -}}
{{- if .Values.master.persistence.storageClass -}}
{{- if (eq "-" .Values.master.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.master.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- if .Values.master.persistence.storageClass -}}
{{- if (eq "-" .Values.master.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.master.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper Storage Class for slave
*/}}
{{- define "redis.slave.storageClass" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
*/}}
{{- if .Values.global -}}
{{- if .Values.global.storageClass -}}
{{- if (eq "-" .Values.global.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.global.storageClass -}}
{{- end -}}
{{- else -}}
{{- if .Values.slave.persistence.storageClass -}}
{{- if (eq "-" .Values.slave.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.slave.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- if .Values.slave.persistence.storageClass -}}
{{- if (eq "-" .Values.slave.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.slave.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
...@@ -395,6 +242,7 @@ Compile all warnings into a single message, and call fail. ...@@ -395,6 +242,7 @@ Compile all warnings into a single message, and call fail.
{{- define "redis.validateValues" -}} {{- define "redis.validateValues" -}}
{{- $messages := list -}} {{- $messages := list -}}
{{- $messages := append $messages (include "redis.validateValues.spreadConstraints" .) -}} {{- $messages := append $messages (include "redis.validateValues.spreadConstraints" .) -}}
{{- $messages := append $messages (include "redis.validateValues.architecture" .) -}}
{{- $messages := without $messages "" -}} {{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}} {{- $message := join "\n" $messages -}}
...@@ -405,22 +253,24 @@ Compile all warnings into a single message, and call fail. ...@@ -405,22 +253,24 @@ Compile all warnings into a single message, and call fail.
{{/* Validate values of Redis(TM) - spreadConstrainsts K8s version */}} {{/* Validate values of Redis(TM) - spreadConstrainsts K8s version */}}
{{- define "redis.validateValues.spreadConstraints" -}} {{- define "redis.validateValues.spreadConstraints" -}}
{{- if and (semverCompare "<1.16-0" .Capabilities.KubeVersion.GitVersion) .Values.slave.spreadConstraints -}} {{- if and (semverCompare "<1.16-0" .Capabilities.KubeVersion.GitVersion) .Values.replica.spreadConstraints -}}
redis: spreadConstraints redis: spreadConstraints
Pod Topology Spread Constraints are only available on K8s >= 1.16 Pod Topology Spread Constraints are only available on K8s >= 1.16
Find more information at https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ Find more information at https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/* {{/* Validate values of Redis(TM) - must provide a valid architecture */}}
Renders a value that contains template. {{- define "redis.validateValues.architecture" -}}
Usage: {{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replication") -}}
{{ include "redis.tplValue" (dict "value" .Values.path.to.the.Value "context" $) }} redis: architecture
*/}} Invalid architecture selected. Valid values are "standalone" and
{{- define "redis.tplValue" -}} "replication". Please set a valid architecture (--set architecture="xxxx")
{{- if typeIs "string" .value }} {{- end -}}
{{- tpl .value .context }} {{- if and .Values.sentinel.enabled (not (eq .Values.architecture "replication")) }}
{{- else }} redis: architecture
{{- tpl (.value | toYaml) .context }} Using redis sentinel on standalone mode is not supported.
{{- end }} To deploy redis sentinel, please select the "replication" mode
(--set "architecture=replication,sentinel.enabled=true")
{{- end -}}
{{- end -}} {{- end -}}
chart/deps/redis/templates/bigbang/redis-upgrade.yaml 0 → 100644
View file @ 74512f88
{{- if .Values.cleanUpgrade.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: redis-upgrade-sa
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "-10"
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: redis-upgrade-role
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "-10"
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
rules:
- apiGroups: ["apps"]
resources: ["statefulsets"]
verbs: ["get", "list", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: redis-upgrade-role-binding
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "-10"
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: redis-upgrade-role
subjects:
- kind: ServiceAccount
name: redis-upgrade-sa
namespace: {{ .Release.Namespace }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: redis-clean-upgrade
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation
spec:
template:
metadata:
name: redis-clean-upgrade
annotations:
sidecar.istio.io/inject: 'false'
spec:
serviceAccountName: redis-upgrade-sa
imagePullSecrets:
{{- if .Values.global.imagePullSecrets }}
{{- range .Values.global.imagePullSecrets }}
{{- $credType := typeOf . -}}
{{- if eq $credType "map[string]interface {}" }}
- name: {{ get . "name" }}
{{- else }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end }}
restartPolicy: OnFailure
containers:
- name: redis-clean-upgrade
image: "registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:13.9.0"
command:
- /bin/sh
- -c
- |
set -e
if [[ $(kubectl get statefulset -l app={{ include "common.names.name" . }} -n {{ .Release.Namespace }} 2> /dev/null | wc -l) -gt 0 ]]; then
kubectl delete statefulset -n {{ .Release.Namespace }} -l app={{ include "common.names.name" . }}
echo "Statefulsets cleaned up."
else
echo "No statefulsets to clean up."
fi
if [[ $(kubectl get pvc -l app={{ include "common.names.name" . }} -n {{ .Release.Namespace }} 2> /dev/null | wc -l) -gt 0 ]]; then
kubectl delete pvc -n {{ .Release.Namespace }} -l app={{ include "common.names.name" . }}
echo "PVCs cleaned up."
else
echo "No PVCs to clean up."
fi
echo "Done with upgrade steps."
{{- end }}
chart/deps/redis/templates/configmap.yaml
View file @ 74512f88
{{- if (include "redis.createConfigmap" .) }}
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: {{ template "redis.fullname" . }} name: {{ printf "%s-configuration" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ .Release.Namespace | quote }}
labels: labels: {{- include "common.labels.standard" . | nindent 4 }}
app: {{ template "redis.name" . }} {{- if .Values.commonLabels }}
chart: {{ template "redis.chart" . }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
heritage: {{ .Release.Service }} {{- end }}
release: {{ .Release.Name }} {{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data: data:
redis.conf: |- redis.conf: |-
{{- if .Values.configmap }} # User-supplied common configuration:
# User-supplied configuration: {{- if .Values.commonConfiguration }}
{{- tpl .Values.configmap . | nindent 4 }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonConfiguration "context" $ ) | nindent 4 }}
{{- end }} {{- end }}
# End of common configuration
master.conf: |- master.conf: |-
dir {{ .Values.master.persistence.path }} dir {{ .Values.master.persistence.path }}
{{- if .Values.master.configmap }}
# User-supplied master configuration: # User-supplied master configuration:
{{- tpl .Values.master.configmap . | nindent 4 }} {{- if .Values.master.configuration }}
{{- end }} {{- include "common.tplvalues.render" ( dict "value" .Values.master.configuration "context" $ ) | nindent 4 }}
{{- if .Values.master.disableCommands }} {{- end }}
{{- range .Values.master.disableCommands }} {{- if .Values.master.disableCommands }}
{{- range .Values.master.disableCommands }}
rename-command {{ . }} "" rename-command {{ . }} ""
{{- end }} {{- end }}
{{- end }} {{- end }}
# End of master configuration
replica.conf: |- replica.conf: |-
dir {{ .Values.slave.persistence.path }} dir {{ .Values.replica.persistence.path }}
slave-read-only yes slave-read-only yes
{{- if .Values.slave.configmap }} # User-supplied replica configuration:
# User-supplied slave configuration: {{- if .Values.replica.configuration }}
{{- tpl .Values.slave.configmap . | nindent 4 }} {{- include "common.tplvalues.render" ( dict "value" .Values.replica.configuration "context" $ ) | nindent 4 }}
{{- end }} {{- end }}
{{- if .Values.slave.disableCommands }} {{- if .Values.replica.disableCommands }}
{{- range .Values.slave.disableCommands }} {{- range .Values.replica.disableCommands }}
rename-command {{ . }} "" rename-command {{ . }} ""
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.sentinel.enabled }} # End of replica configuration
{{- if .Values.sentinel.enabled }}
sentinel.conf: |- sentinel.conf: |-
dir "/tmp" dir "/tmp"
bind 0.0.0.0 bind 0.0.0.0
port {{ .Values.sentinel.port }} port {{ .Values.sentinel.containerPort }}
sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "redis.fullname" . }}-node-0.{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{ .Values.redisPort }} {{ .Values.sentinel.quorum }} sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "common.names.fullname" . }}-node-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{ .Values.sentinel.service.port }} {{ .Values.sentinel.quorum }}
sentinel down-after-milliseconds {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.downAfterMilliseconds }} sentinel down-after-milliseconds {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.downAfterMilliseconds }}
sentinel failover-timeout {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.failoverTimeout }} sentinel failover-timeout {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.failoverTimeout }}
sentinel parallel-syncs {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.parallelSyncs }} sentinel parallel-syncs {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.parallelSyncs }}
{{- if .Values.sentinel.configmap }}
# User-supplied sentinel configuration: # User-supplied sentinel configuration:
{{- tpl .Values.sentinel.configmap . | nindent 4 }} {{- if .Values.sentinel.configuration }}
{{- end }} {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.configuration "context" $ ) | nindent 4 }}
{{- end }}
# End of sentinel configuration
{{- end }}
{{- end }} {{- end }}
chart/deps/redis/templates/extra-list.yaml 0 → 100644
View file @ 74512f88
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED