From 93ae4c71900e17671e5764e105fd8b2d39655243 Mon Sep 17 00:00:00 2001 From: Gerard Nguyen Date: Tue, 8 Apr 2025 23:27:33 +1000 Subject: [PATCH 01/10] wip --- applications/n8n/ai/helmfile-task.md | 10 + applications/n8n/charts/helmfile.yaml | 27 + applications/n8n/charts/n8n/Chart.lock | 6 + applications/n8n/charts/n8n/Chart.yaml | 37 + applications/n8n/charts/n8n/LICENSE | 201 ++ applications/n8n/charts/n8n/README.md | 835 +++++++ .../n8n/charts/n8n/charts/valkey/.helmignore | 25 + .../n8n/charts/n8n/charts/valkey/Chart.lock | 6 + .../n8n/charts/n8n/charts/valkey/Chart.yaml | 39 + .../n8n/charts/n8n/charts/valkey/README.md | 1083 +++++++++ .../charts/valkey/charts/common/.helmignore | 26 + .../charts/valkey/charts/common/Chart.yaml | 23 + .../n8n/charts/valkey/charts/common/README.md | 235 ++ .../charts/common/templates/_affinities.tpl | 155 ++ .../charts/common/templates/_capabilities.tpl | 253 ++ .../common/templates/_compatibility.tpl | 46 + .../charts/common/templates/_errors.tpl | 85 + .../charts/common/templates/_images.tpl | 115 + .../charts/common/templates/_ingress.tpl | 73 + .../charts/common/templates/_labels.tpl | 46 + .../valkey/charts/common/templates/_names.tpl | 71 + .../charts/common/templates/_resources.tpl | 50 + .../charts/common/templates/_secrets.tpl | 192 ++ .../charts/common/templates/_storage.tpl | 21 + .../charts/common/templates/_tplvalues.tpl | 52 + .../valkey/charts/common/templates/_utils.tpl | 77 + .../charts/common/templates/_warnings.tpl | 109 + .../templates/validations/_cassandra.tpl | 51 + .../common/templates/validations/_mariadb.tpl | 108 + .../common/templates/validations/_mongodb.tpl | 67 + .../common/templates/validations/_mysql.tpl | 67 + .../templates/validations/_postgresql.tpl | 105 + .../common/templates/validations/_redis.tpl | 48 + .../templates/validations/_validations.tpl | 51 + .../charts/valkey/charts/common/values.yaml | 8 + .../n8n/charts/valkey/templates/NOTES.txt | 214 ++ .../n8n/charts/valkey/templates/_helpers.tpl | 298 +++ .../charts/valkey/templates/configmap.yaml | 65 + .../charts/valkey/templates/extra-list.yaml | 9 + .../charts/valkey/templates/headless-svc.yaml | 36 + .../valkey/templates/health-configmap.yaml | 194 ++ .../charts/valkey/templates/metrics-svc.yaml | 45 + .../valkey/templates/networkpolicy.yaml | 109 + .../charts/valkey/templates/podmonitor.yaml | 82 + .../valkey/templates/primary/application.yaml | 520 ++++ .../charts/valkey/templates/primary/pdb.yaml | 28 + .../charts/valkey/templates/primary/psp.yaml | 48 + .../charts/valkey/templates/primary/pvc.yaml | 34 + .../valkey/templates/primary/service.yaml | 63 + .../templates/primary/serviceaccount.yaml | 19 + .../valkey/templates/prometheusrule.yaml | 24 + .../templates/replicas/application.yaml | 535 +++++ .../charts/valkey/templates/replicas/hpa.yaml | 50 + .../charts/valkey/templates/replicas/pdb.yaml | 28 + .../valkey/templates/replicas/service.yaml | 60 + .../templates/replicas/serviceaccount.yaml | 19 + .../charts/valkey/templates/replicas/vpa.yaml | 45 + .../n8n/charts/valkey/templates/role.yaml | 35 + .../charts/valkey/templates/rolebinding.yaml | 24 + .../valkey/templates/scripts-configmap.yaml | 792 ++++++ .../valkey/templates/secret-svcbind.yaml | 38 + .../n8n/charts/valkey/templates/secret.yaml | 26 + .../charts/valkey/templates/sentinel/hpa.yaml | 50 + .../templates/sentinel/node-services.yaml | 68 + .../charts/valkey/templates/sentinel/pdb.yaml | 27 + .../templates/sentinel/ports-configmap.yaml | 103 + .../valkey/templates/sentinel/service.yaml | 162 ++ .../templates/sentinel/statefulset.yaml | 807 +++++++ .../charts/valkey/templates/sentinel/vpa.yaml | 58 + .../valkey/templates/serviceaccount.yaml | 19 + .../valkey/templates/servicemonitor.yaml | 83 + .../charts/valkey/templates/tls-secret.yaml | 32 + .../n8n/charts/valkey/values.schema.json | 163 ++ .../n8n/charts/n8n/charts/valkey/values.yaml | 2137 +++++++++++++++++ .../n8n/charts/n8n/templates/NOTES.txt | 22 + .../n8n/charts/n8n/templates/_helpers.tpl | 105 + .../n8n/templates/configmap.webhook.yaml | 10 + .../n8n/templates/configmap.worker.yaml | 10 + .../n8n/charts/n8n/templates/configmap.yaml | 10 + .../n8n/templates/deployment.webhook.yaml | 143 ++ .../n8n/templates/deployment.worker.yaml | 139 ++ .../n8n/charts/n8n/templates/deployment.yaml | 123 + .../charts/n8n/templates/extraManifests.yaml | 49 + .../n8n/charts/n8n/templates/hpa.yaml | 32 + .../n8n/charts/n8n/templates/ingress.yaml | 73 + .../n8n/charts/n8n/templates/pvc.yaml | 29 + .../charts/n8n/templates/secret.webhook.yaml | 12 + .../charts/n8n/templates/secret.worker.yaml | 12 + .../n8n/charts/n8n/templates/secret.yaml | 12 + .../charts/n8n/templates/service.webhook.yaml | 22 + .../n8n/charts/n8n/templates/service.yaml | 20 + .../charts/n8n/templates/serviceaccount.yaml | 12 + .../n8n/templates/tests/test-connection.yaml | 19 + applications/n8n/charts/n8n/values.yaml | 679 ++++++ applications/n8n/docs/workflow.md | 38 + 95 files changed, 13123 insertions(+) create mode 100644 applications/n8n/ai/helmfile-task.md create mode 100644 applications/n8n/charts/helmfile.yaml create mode 100644 applications/n8n/charts/n8n/Chart.lock create mode 100644 applications/n8n/charts/n8n/Chart.yaml create mode 100644 applications/n8n/charts/n8n/LICENSE create mode 100644 applications/n8n/charts/n8n/README.md create mode 100644 applications/n8n/charts/n8n/charts/valkey/.helmignore create mode 100644 applications/n8n/charts/n8n/charts/valkey/Chart.lock create mode 100644 applications/n8n/charts/n8n/charts/valkey/Chart.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/README.md create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/.helmignore create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/Chart.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/README.md create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_affinities.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_capabilities.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_compatibility.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_errors.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_images.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_ingress.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_labels.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_names.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_resources.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_secrets.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_storage.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_tplvalues.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_utils.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_warnings.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_cassandra.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mariadb.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mongodb.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mysql.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_postgresql.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_redis.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_validations.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/values.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/NOTES.txt create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/_helpers.tpl create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/configmap.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/extra-list.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/headless-svc.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/health-configmap.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/metrics-svc.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/networkpolicy.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/podmonitor.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/primary/application.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/primary/pdb.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/primary/psp.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/primary/pvc.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/primary/service.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/primary/serviceaccount.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/prometheusrule.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/replicas/application.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/replicas/hpa.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/replicas/pdb.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/replicas/service.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/replicas/serviceaccount.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/replicas/vpa.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/role.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/rolebinding.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/scripts-configmap.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/secret-svcbind.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/secret.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/sentinel/hpa.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/sentinel/node-services.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/sentinel/pdb.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/sentinel/ports-configmap.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/sentinel/service.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/sentinel/statefulset.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/sentinel/vpa.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/serviceaccount.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/servicemonitor.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/tls-secret.yaml create mode 100644 applications/n8n/charts/n8n/charts/valkey/values.schema.json create mode 100644 applications/n8n/charts/n8n/charts/valkey/values.yaml create mode 100644 applications/n8n/charts/n8n/templates/NOTES.txt create mode 100644 applications/n8n/charts/n8n/templates/_helpers.tpl create mode 100644 applications/n8n/charts/n8n/templates/configmap.webhook.yaml create mode 100644 applications/n8n/charts/n8n/templates/configmap.worker.yaml create mode 100644 applications/n8n/charts/n8n/templates/configmap.yaml create mode 100644 applications/n8n/charts/n8n/templates/deployment.webhook.yaml create mode 100644 applications/n8n/charts/n8n/templates/deployment.worker.yaml create mode 100644 applications/n8n/charts/n8n/templates/deployment.yaml create mode 100644 applications/n8n/charts/n8n/templates/extraManifests.yaml create mode 100644 applications/n8n/charts/n8n/templates/hpa.yaml create mode 100644 applications/n8n/charts/n8n/templates/ingress.yaml create mode 100644 applications/n8n/charts/n8n/templates/pvc.yaml create mode 100644 applications/n8n/charts/n8n/templates/secret.webhook.yaml create mode 100644 applications/n8n/charts/n8n/templates/secret.worker.yaml create mode 100644 applications/n8n/charts/n8n/templates/secret.yaml create mode 100644 applications/n8n/charts/n8n/templates/service.webhook.yaml create mode 100644 applications/n8n/charts/n8n/templates/service.yaml create mode 100644 applications/n8n/charts/n8n/templates/serviceaccount.yaml create mode 100644 applications/n8n/charts/n8n/templates/tests/test-connection.yaml create mode 100644 applications/n8n/charts/n8n/values.yaml create mode 100644 applications/n8n/docs/workflow.md diff --git a/applications/n8n/ai/helmfile-task.md b/applications/n8n/ai/helmfile-task.md new file mode 100644 index 00000000..7614e8b9 --- /dev/null +++ b/applications/n8n/ai/helmfile-task.md @@ -0,0 +1,10 @@ +# Task +- write a Helmfile to `./applications/n8n/charts/helmfile.yaml` that will install these charts in order: CloudNativePG --> Nginx Ingress Controller --> local n8n chart in charts/n8n +- leave the values empty to be populated later +- use this `helmDefaults` + +```yaml +helmDefaults: + wait: true + timeout: 66 +``` \ No newline at end of file diff --git a/applications/n8n/charts/helmfile.yaml b/applications/n8n/charts/helmfile.yaml new file mode 100644 index 00000000..1790a0d9 --- /dev/null +++ b/applications/n8n/charts/helmfile.yaml @@ -0,0 +1,27 @@ +helmDefaults: + wait: true + timeout: 66 + +repositories: + - name: cloudnative-pg + url: https://cloudnative-pg.github.io/charts + - name: ingress-nginx + url: https://kubernetes.github.io/ingress-nginx + +releases: + - name: cloudnative-pg + namespace: n8n + chart: cloudnative-pg/cloudnative-pg + version: 0.20.5 + values: [] + + - name: ingress-nginx + namespace: n8n + chart: ingress-nginx/ingress-nginx + version: 4.7.1 + values: [] + + - name: n8n + namespace: n8n + chart: ./n8n + values: [] \ No newline at end of file diff --git a/applications/n8n/charts/n8n/Chart.lock b/applications/n8n/charts/n8n/Chart.lock new file mode 100644 index 00000000..f4f47366 --- /dev/null +++ b/applications/n8n/charts/n8n/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: valkey + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.4.7 +digest: sha256:22d7881004c028611a742708c08e2f2861a54b1134f9c2d74b451a75ba1968a8 +generated: "2025-03-31T11:55:46.320432+01:00" diff --git a/applications/n8n/charts/n8n/Chart.yaml b/applications/n8n/charts/n8n/Chart.yaml new file mode 100644 index 00000000..a5de0468 --- /dev/null +++ b/applications/n8n/charts/n8n/Chart.yaml @@ -0,0 +1,37 @@ +annotations: + artifacthub.io/changes: | + - kind: fixed + description: "fix https://github.com/8gears/n8n-helm-chart/issues/176" + artifacthub.io/prerelease: "false" +apiVersion: v2 +appVersion: 1.85.1 +dependencies: +- condition: valkey.enabled + name: valkey + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.4.7 +description: Helm Chart for deploying n8n on Kubernetes, a fair-code workflow automation + platform with native AI capabilities for technical teams. Easily automate tasks + across different services. +home: https://github.com/8gears/n8n-helm-chart +icon: https://avatars1.githubusercontent.com/u/45487711?s=200&v=4 +keywords: +- Workflow Automation +- Workflow +- iPaaS +- integration-framework +- low-code-plattform +- low-code +maintainers: +- email: contact@8gears.com + name: 8gears + url: https://github.com/8gears +- email: _@8gears.com + name: n8n + url: https://github.com/n8n-io +name: n8n +sources: +- https://github.com/n8n-io/n8n +- https://n8n.io/ +type: application +version: 1.0.6 diff --git a/applications/n8n/charts/n8n/LICENSE b/applications/n8n/charts/n8n/LICENSE new file mode 100644 index 00000000..261eeb9e --- /dev/null +++ b/applications/n8n/charts/n8n/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/applications/n8n/charts/n8n/README.md b/applications/n8n/charts/n8n/README.md new file mode 100644 index 00000000..a0e8946e --- /dev/null +++ b/applications/n8n/charts/n8n/README.md @@ -0,0 +1,835 @@ +[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/n8n)](https://artifacthub.io/packages/helm/open-8gears/n8n) + +> [!NOTE] +> The n8n Helm chart is growing in popularity. +> We're looking for additional passionate maintainers and contributors +> to improve and maintain this chart, governance, development, documentation and CI/CD workflows. +> If you're interested in making a difference, +> [join the discussion](https://github.com/8gears/n8n-helm-chart/discussions/90). + +> [!WARNING] +> Version 1.0.0 of this Chart includes breaking changes and is not backwards compatible with previous versions. +> Please review the migration guide below before upgrading. +> + + +# n8n Helm Chart for Kubernetes + +[n8n](https://github.com/n8n-io/n8n) is an extendable workflow automation tool. + + + +The Helm chart source code location is [github.com/8gears/n8n-helm-chart](https://github.com/8gears/n8n-helm-chart) + +## Requirements + +Before you start, make sure you have the following tools ready: + +- Helm >= 3.8 +- external Postgres DB or embedded SQLite (SQLite is bundled with n8n) +- Helmfile (Optional) + +## Overview + +The `values.yaml` file is divided into a multiple n8n and Kubernetes specific sections. + +1. Global and chart wide values, like the image repository, image tag, etc. +2. Ingress, (default is nginx, but you can change it to your own ingress controller) +3. Main n8n app configuration + Kubernetes specific settings +4. Worker related settings + Kubernetes specific settings +5. Webhook related settings + Kubernetes specific settings +6. Raw Resources to pass through your own manifests like GatewayAPI, ServiceMonitor etc. +7. Redis related settings + Kubernetes specific settings + +## Setting Configuration Values and Environment Variables + +These n8n specific settings should be added to `main.config:` or `main.secret:` in the `values.yaml` file. + +See the [example](#examples) section and other example in the `/examples` directory of this repo. + +> [!IMPORTANT] +> The YAML nodes `config` and `secret` in the values.yaml are transformed 1:1 into ENV variables. + +```yaml +main: + config: + n8n: + encryption_key: "my_secret" # ==> turns into ENV: N8N_ENCRYPTION_KEY=my_secret + db: + type: postgresdb # ==> turns into ENV: DB_TYPE=postgresdb + postgresdb: + host: 192.168.0.52 # ==> turns into ENV: DB_POSTGRESDB_HOST=192.168.0.52 + node: + function_allow_builtin: "*" # ==> turns into ENV: NODE_FUNCTION_ALLOW_BUILTIN="*" +``` + +Consult the [n8n Environment Variables Documentation]( https://docs.n8n.io/hosting/configuration/environment-variables/) + +You decide what should go into `secret` and what should be a `config`. +There is no restriction, mix and match as you like. + +# Installation + +Install chart + +```shell +helm install my-n8n oci://8gears.container-registry.com/library/n8n --version 1.0.0 +``` + +# Examples + +A typical example of a config in combination with a secret. +You can find various other examples in the `examples` directory of this repository. + +```yaml +#small deployment with nodeport for local testing or small deployments +main: + config: + n8n: + hide_usage_page: true + secret: + n8n: + encryption_key: "" + resources: + limits: + memory: 2048Mi + requests: + memory: 512Mi + service: + type: NodePort + port: 5678 +``` + +# Values File + +## N8N Specific Config Section + +Every possible n8n config value can be set, +even if it is not mentioned in the excerpt below. +Treat the n8n provided configuration documentation as the source of truth, +this Charts just forwards everything down to the n8n pods. + +```yaml + +image: + repository: n8nio/n8n + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" +imagePullSecrets: [] + +# The Name to use for the chart. Will be the prefix of all resources aka. The Chart.Name (default is 'n8n') +nameOverride: +# Override the full name of the deployment. When empty, the name will be "{release-name}-{chart-name}" or the value of nameOverride if specified +fullnameOverride: + +# Add entries to a pod's /etc/hosts file, mapping custom IP addresses to hostnames. +hostAliases: [] + #- ip: 8.8.8.8 + # hostnames: +# - service-example.local +# +# Ingress +# +ingress: + enabled: false + annotations: {} + # define a custom ingress class Name, like "traefik" or "nginx" + className: "" + hosts: + - host: workflow.example.com + paths: [] + tls: + - hosts: + - workflow.example.com + secretName: host-domain-cert + +# the main (n8n) application related configuration + Kubernetes specific settings +# The config: {} dictionary is converted to environmental variables in the ConfigMap. +main: + # See https://docs.n8n.io/hosting/configuration/environment-variables/ for all values. + config: {} + # n8n: + # db: + # type: postgresdb + # postgresdb: + # host: 192.168.0.52 + + # Dictionary for secrets, unlike config:, the values here will end up in the secret file. + # The YAML entry db.postgresdb.password: my_secret is transformed DB_POSTGRESDB_password=bXlfc2VjcmV0 + # See https://docs.n8n.io/hosting/configuration/environment-variables/ + secret: {} + # n8n: + # if you run n8n stateless, you should provide an encryption key here. + # encryption_key: + # + # database: + # postgresdb: + # password: 'big secret' + + # Extra environmental variables, so you can reference other configmaps and secrets into n8n as env vars. + extraEnv: + # N8N_DB_POSTGRESDB_NAME: + # valueFrom: + # secretKeyRef: + # name: db-app + # key: dbname + # + # N8n Kubernetes specific settings + # + persistence: + # If true, use a Persistent Volume Claim, If false, use emptyDir + enabled: false + # what type volume, possible options are [existing, emptyDir, dynamic] dynamic for Dynamic Volume Provisioning, existing for using an existing Claim + type: emptyDir + # Persistent Volume Storage Class + # If defined, storageClassName: + # If set to "-", storageClassName: "", which disables dynamic provisioning + # If undefined (the default) or set to null, no storageClassName spec is + # set, choosing the default provisioner. (gp2 on AWS, standard on + # GKE, AWS & OpenStack) + # + # storageClass: "-" + # PVC annotations + # + # If you need this annotation include it under `values.yml` file and pvc.yml template will add it. + # This is not maintained at Helm v3 anymore. + # https://github.com/8gears/n8n-helm-chart/issues/8 + # + # annotations: + # helm.sh/resource-policy: keep + # Persistent Volume Access Mode + # + accessModes: + - ReadWriteOnce + # Persistent Volume size + size: 1Gi + # Use an existing PVC + # existingClaim: + + extraVolumes: [] + # - name: db-ca-cert + # secret: + # secretName: db-ca + # items: + # - key: ca.crt + # path: ca.crt + + extraVolumeMounts: [] + # - name: db-ca-cert + # mountPath: /etc/ssl/certs/postgresql + # readOnly: true + + + # Number of desired pods. More than one pod is supported in n8n enterprise. + replicaCount: 1 + + # here you can specify the deployment strategy as Recreate or RollingUpdate with optional maxSurge and maxUnavailable + # If these options are not set, default values are 25% + # deploymentStrategy: + # type: Recreate | RollingUpdate + # maxSurge: "50%" + # maxUnavailable: "50%" + + deploymentStrategy: + type: "Recreate" + # maxSurge: "50%" + # maxUnavailable: "50%" + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + # Annotations to be implemented on the main service deployment + deploymentAnnotations: {} + # Labels to be implemented on the main service deployment + deploymentLabels: {} + # Annotations to be implemented on the main service pod + podAnnotations: {} + # Labels to be implemented on the main service pod + podLabels: {} + + podSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + # here you can specify lifecycle hooks - it can be used e.g., to easily add packages to the container without building + # your own docker image + # see https://github.com/8gears/n8n-helm-chart/pull/30 + lifecycle: {} + + # here's the sample configuration to add mysql-client to the container + # lifecycle: + # postStart: + # exec: + # command: ["/bin/sh", "-c", "apk add mysql-client"] + + # here you can override a command for main container + # it may be used to override a starting script (e.g., to resolve issues like https://github.com/n8n-io/n8n/issues/6412) or run additional preparation steps (e.g., installing additional software) + command: [] + + # sample configuration that overrides starting script and solves above issue (also it runs n8n as root, so be careful): + # command: + # - tini + # - -- + # - /bin/sh + # - -c + # - chmod o+rx /root; chown -R node /root/.n8n || true; chown -R node /root/.n8n; ln -s /root/.n8n /home/node; chown -R node /home/node || true; node /usr/local/bin/n8n + + # here you can override the livenessProbe for the main container + # it may be used to increase the timeout for the livenessProbe (e.g., to resolve issues like + + livenessProbe: + httpGet: + path: /healthz + port: http + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + + # here you can override the readinessProbe for the main container + # it may be used to increase the timeout for the readinessProbe (e.g., to resolve issues like + + readinessProbe: + httpGet: + path: /healthz + port: http + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + + # List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. + # See https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + initContainers: [] + # - name: init-data-dir + # image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + # command: [ "/bin/sh", "-c", "mkdir -p /home/node/.n8n/" ] + # volumeMounts: + # - name: data + # mountPath: /home/node/.n8n + + + service: + annotations: {} + # -- Service types allow you to specify what kind of Service you want. + # E.g., ClusterIP, NodePort, LoadBalancer, ExternalName + type: ClusterIP + # -- Service port + port: 80 + + resources: {} + # We usually recommend not specifying default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + tolerations: [] + affinity: {} + +# # # # # # # # # # # # # # # # +# +# Worker related settings +# +worker: + enabled: false + + # additional (to main) config for worker + config: {} + + # additional (to main) config for worker + secret: {} + + # Extra environmental variables, so you can reference other configmaps and secrets into n8n as env vars. + extraEnv: {} + + # Define the number of jobs a worker can run in parallel by using the concurrency flag. Default is 10 + concurrency: 10 + + # + # Worker Kubernetes specific settings + # + persistence: + # If true, use a Persistent Volume Claim, If false, use emptyDir + enabled: false + # what type volume, possible options are [existing, emptyDir, dynamic] dynamic for Dynamic Volume Provisioning, existing for using an existing Claim + type: emptyDir + # Persistent Volume Storage Class + # If defined, storageClassName: + # If set to "-", storageClassName: "", which disables dynamic provisioning + # If undefined (the default) or set to null, no storageClassName spec is + # set, choosing the default provisioner. (gp2 on AWS, standard on + # GKE, AWS & OpenStack) + # + # storageClass: "-" + # PVC annotations + # + # If you need this annotation include it under `values.yml` file and pvc.yml template will add it. + # This is not maintained at Helm v3 anymore. + # https://github.com/8gears/n8n-helm-chart/issues/8 + # + # annotations: + # helm.sh/resource-policy: keep + # Persistent Volume Access Mode + accessModes: + - ReadWriteOnce + # Persistent Volume size + size: 1Gi + # Use an existing PVC + # existingClaim: + + # Number of desired pods. + replicaCount: 1 + + # here you can specify the deployment strategy as Recreate or RollingUpdate with optional maxSurge and maxUnavailable + # If these options are not set, default values are 25% + # deploymentStrategy: + # type: RollingUpdate + # maxSurge: "50%" + # maxUnavailable: "50%" + + deploymentStrategy: + type: "Recreate" + # maxSurge: "50%" + # maxUnavailable: "50%" + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + # Annotations to be implemented on the worker deployment + deploymentAnnotations: {} + # Labels to be implemented on the worker deployment + deploymentLabels: {} + # Annotations to be implemented on the worker pod + podAnnotations: {} + # Labels to be implemented on the worker pod + podLabels: {} + + podSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + # here you can specify lifecycle hooks - it can be used e.g., to easily add packages to the container without building + # your own docker image + # see https://github.com/8gears/n8n-helm-chart/pull/30 + lifecycle: {} + + # here's the sample configuration to add mysql-client to the container + # lifecycle: + # postStart: + # exec: + # command: ["/bin/sh", "-c", "apk add mysql-client"] + + # here you can override a command for worker container + # it may be used to override a starting script (e.g., to resolve issues like https://github.com/n8n-io/n8n/issues/6412) or + # run additional preparation steps (e.g., installing additional software) + command: [] + + # sample configuration that overrides starting script and solves above issue (also it runs n8n as root, so be careful): + # command: + # - tini + # - -- + # - /bin/sh + # - -c + # - chmod o+rx /root; chown -R node /root/.n8n || true; chown -R node /root/.n8n; ln -s /root/.n8n /home/node; chown -R node /home/node || true; node /usr/local/bin/n8n + + # command args + commandArgs: [] + + # here you can override the livenessProbe for the main container + # it may be used to increase the timeout for the livenessProbe (e.g., to resolve issues like + livenessProbe: + httpGet: + path: /healthz + port: http + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + + # here you can override the readinessProbe for the main container + # it may be used to increase the timeout for the readinessProbe (e.g., to resolve issues like + + readinessProbe: + httpGet: + path: /healthz + port: http + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + + # List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. + # See https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + initContainers: [] + + service: + annotations: {} + # -- Service types allow you to specify what kind of Service you want. + # E.g., ClusterIP, NodePort, LoadBalancer, ExternalName + type: ClusterIP + # -- Service port + port: 80 + + resources: {} + # We usually recommend not specifying default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + tolerations: [] + affinity: {} + +# Webhook related settings +# With .Values.scaling.webhook.enabled=true you disable Webhooks from the main process, but you enable the processing on a different Webhook instance. +# See https://github.com/8gears/n8n-helm-chart/issues/39#issuecomment-1579991754 for the full explanation. +# Webhook processes rely on Valkey/Redis too. +webhook: + enabled: false + # additional (to main) config for webhook + config: {} + # additional (to main) config for webhook + secret: {} + + # Extra environmental variables, so you can reference other configmaps and secrets into n8n as env vars. + extraEnv: {} + # WEBHOOK_URL: + # value: "http://webhook.domain.tld" + + + # + # Webhook Kubernetes specific settings + # + persistence: + # If true, use a Persistent Volume Claim, If false, use emptyDir + enabled: false + # what type volume, possible options are [existing, emptyDir, dynamic] dynamic for Dynamic Volume Provisioning, existing for using an existing Claim + type: emptyDir + # Persistent Volume Storage Class + # If defined, storageClassName: + # If set to "-", storageClassName: "", which disables dynamic provisioning + # If undefined (the default) or set to null, no storageClassName spec is + # set, choosing the default provisioner. (gp2 on AWS, standard on + # GKE, AWS & OpenStack) + # + # storageClass: "-" + # PVC annotations + # + # If you need this annotation include it under `values.yml` file and pvc.yml template will add it. + # This is not maintained at Helm v3 anymore. + # https://github.com/8gears/n8n-helm-chart/issues/8 + # + # annotations: + # helm.sh/resource-policy: keep + # Persistent Volume Access Mode + # + accessModes: + - ReadWriteOnce + # Persistent Volume size + # + size: 1Gi + # Use an existing PVC + # + # existingClaim: + + # Number of desired pods. + replicaCount: 1 + + # here you can specify the deployment strategy as Recreate or RollingUpdate with optional maxSurge and maxUnavailable + # If these options are not set, default values are 25% + # deploymentStrategy: + # type: RollingUpdate + # maxSurge: "50%" + # maxUnavailable: "50%" + + deploymentStrategy: + type: "Recreate" + + nameOverride: "" + fullnameOverride: "" + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + # Annotations to be implemented on the webhook deployment + deploymentAnnotations: {} + # Labels to be implemented on the webhook deployment + deploymentLabels: {} + # Annotations to be implemented on the webhook pod + podAnnotations: {} + # Labels to be implemented on the webhook pod + podLabels: {} + + podSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + # here you can specify lifecycle hooks - it can be used e.g., to easily add packages to the container without building + # your own docker image + # see https://github.com/8gears/n8n-helm-chart/pull/30 + lifecycle: {} + + # here's the sample configuration to add mysql-client to the container + # lifecycle: + # postStart: + # exec: + # command: ["/bin/sh", "-c", "apk add mysql-client"] + + # here you can override a command for main container + # it may be used to override a starting script (e.g., to resolve issues like https://github.com/n8n-io/n8n/issues/6412) or + # run additional preparation steps (e.g., installing additional software) + command: [] + + # sample configuration that overrides starting script and solves above issue (also it runs n8n as root, so be careful): + # command: + # - tini + # - -- + # - /bin/sh + # - -c + # - chmod o+rx /root; chown -R node /root/.n8n || true; chown -R node /root/.n8n; ln -s /root/.n8n /home/node; chown -R node /home/node || true; node /usr/local/bin/n8n + # Command Arguments + commandArgs: [] + + # here you can override the livenessProbe for the main container + # it may be used to increase the timeout for the livenessProbe (e.g., to resolve issues like + + livenessProbe: + httpGet: + path: /healthz + port: http + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + + # here you can override the readinessProbe for the main container + # it may be used to increase the timeout for the readinessProbe (e.g., to resolve issues like + + readinessProbe: + httpGet: + path: /healthz + port: http + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + + # List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. + # See https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + initContainers: [] + + service: + annotations: {} + # -- Service types allow you to specify what kind of Service you want. + # E.g., ClusterIP, NodePort, LoadBalancer, ExternalName + type: ClusterIP + # -- Service port + port: 80 + + resources: {} + # We usually recommend not specifying default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + +# +# User defined supplementary K8s manifests +# + +# Takes a list of Kubernetes manifests and merges each resource with a default metadata.labels map and +# installs the result. +# Use this to add any arbitrary Kubernetes manifests alongside this chart instead of kubectl and scripts. +extraManifests: [] +# - apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: example-config +# data: +# example.property.1: "value1" +# example.property.2: "value2" +# As an alternative to the above, you can also use a string as the value of the data field. +# - | +# apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: example-config-string +# data: +# example.property.1: "value1" +# example.property.2: "value2" + +# String extraManifests supports using variables directly within a string manifest. +# Templates are rendered using the context defined in the values.yaml file, enabling dynamic and flexible content customization. +extraTemplateManifests: [] +# - | +# apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: my-config +# stringData: +# image_name: {{ .Values.image.repository }} + +# Bitnami Valkey configuration +# https://artifacthub.io/packages/helm/bitnami/valkey +valkey: + enabled: false + #architecture: standalone + # + #primary: + # persistence: + # enabled: false + # existingClaim: "" + # size: 2Gi +``` +## Migration Guide to Version 1.0.0 + +This version includes a complete redesign of the chart to better accommodate n8n configuration options. +Key changes include: +- Values restructured under `.Values.main`, `.Values.worker`, and `.Values.webhook` +- Updated deployment configurations +- New Redis integration requirements + + +## Scaling and Advanced Configuration Options + +n8n provides a **queue-mode**, where the workload is shared between multiple +instances of the same n8n installation. +This provides a shared load over multiple instances and limited high +availability, because the controller instance remains as Single-Point-Of-Failure. + +With the help of an internal/external redis server and by using the excellent +BullMQ, the tasks can be shared over different instances, which also can run on +different hosts. + +[See docs about this Queue-Mode](https://docs.n8n.io/hosting/scaling/queue-mode/) + +To enable this mode within this helm chart, you simply should +set `scaling.enable` to true. +This chart is configured to spawn two worker instances. + +```yaml +scaling: + enabled: true +``` + +You can define to spawn more workers, by set scaling.worker.replicaCount to a higher +number. +Also, it is possible to define your own external redis server. + +```yaml +scaling: + enabled: true + redis: + host: "redis-hostname" + password: "redis-password-if-set" +``` + +If you want to use the internal redis server, set `redis.enable = true`. By +default, no redis server is spawned. + +At last scaling option is it possible to create dedicated webhook instances, +which only process the webhooks. +If you set `scaling.webhook.enabled=true`, then webhook processing on the main +instance is disabled and by default a single webhook instance is started. + +## Chart Release Workflow + +1. Update the `Chart.yaml` with the new version numbers for the chart and/or app. +2. In `Chart.yaml`update/replace the content of the `artifacthub.io/changes` section. See Artifacthub [annotation referene](https://artifacthub.io/docs/topics/annotations/helm/) +3. In GitHub create a new release with the the chart version number as the tag and a title. diff --git a/applications/n8n/charts/n8n/charts/valkey/.helmignore b/applications/n8n/charts/n8n/charts/valkey/.helmignore new file mode 100644 index 00000000..207983f3 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# img folder +img/ +# Changelog +CHANGELOG.md diff --git a/applications/n8n/charts/n8n/charts/valkey/Chart.lock b/applications/n8n/charts/n8n/charts/valkey/Chart.lock new file mode 100644 index 00000000..fe3c55d8 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.30.0 +digest: sha256:46afdf79eae69065904d430f03f7e5b79a148afed20aa45ee83ba88adc036169 +generated: "2025-02-20T08:10:35.25400622Z" diff --git a/applications/n8n/charts/n8n/charts/valkey/Chart.yaml b/applications/n8n/charts/n8n/charts/valkey/Chart.yaml new file mode 100644 index 00000000..2b87c3e6 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/Chart.yaml @@ -0,0 +1,39 @@ +annotations: + category: Database + images: | + - name: kubectl + image: docker.io/bitnami/kubectl:1.32.3-debian-12-r1 + - name: os-shell + image: docker.io/bitnami/os-shell:12-debian-12-r40 + - name: redis-exporter + image: docker.io/bitnami/redis-exporter:1.69.0-debian-12-r1 + - name: valkey + image: docker.io/bitnami/valkey:8.0.2-debian-12-r6 + - name: valkey-sentinel + image: docker.io/bitnami/valkey-sentinel:8.0.2-debian-12-r6 + licenses: Apache-2.0 + tanzuCategory: service +apiVersion: v2 +appVersion: 8.0.2 +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x +description: Valkey is an open source (BSD) high-performance key/value datastore that + supports a variety workloads such as caching, message queues, and can act as a primary + database. +home: https://bitnami.com +icon: https://dyltqmyl993wv.cloudfront.net/assets/stacks/valkey/img/valkey-stack-220x234.png +keywords: +- valkey +- keyvalue +- database +maintainers: +- name: Broadcom, Inc. All Rights Reserved. + url: https://github.com/bitnami/charts +name: valkey +sources: +- https://github.com/bitnami/charts/tree/main/bitnami/valkey +version: 2.4.7 diff --git a/applications/n8n/charts/n8n/charts/valkey/README.md b/applications/n8n/charts/n8n/charts/valkey/README.md new file mode 100644 index 00000000..f4f3e1f1 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/README.md @@ -0,0 +1,1083 @@ + + +# Bitnami package for Valkey + +Valkey is an open source (BSD) high-performance key/value datastore that supports a variety workloads such as caching, message queues, and can act as a primary database. + +[Overview of Valkey](https://valkey.io/) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +helm install my-release oci://registry-1.docker.io/bitnamicharts/valkey +``` + +Looking to use Valkey in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Introduction + +This chart bootstraps a [Valkey](https://github.com/bitnami/containers/tree/main/bitnami/valkey) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/valkey +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The command deploys Valkey on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Configuration and installation details + +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcesPreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + +### Update credentials + +The Bitnami Valkey chart, when upgrading, reuses the secret previously rendered by the chart or the one specified in `auth.existingSecret`. To update credentials, use one of the following: + +- Run `helm upgrade` specifying a new password in `auth.password` +- Run `helm upgrade` specifying a new secret in `auth.existingSecret` + +### Prometheus metrics + +This chart can be integrated with Prometheus by setting `metrics.enabled` to `true`. This will deploy a sidecar container with [redis_exporter](https://github.com/oliver006/redis_exporter) in all pods and a `metrics` service, which can be configured under the `metrics.service` section. This `metrics` service will have the necessary annotations to be automatically scraped by Prometheus. + +#### Prometheus requirements + +It is necessary to have a working installation of Prometheus or Prometheus Operator for the integration to work. Install the [Bitnami Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/prometheus) or the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) to easily have a working Prometheus in your cluster. + +#### Integration with Prometheus Operator + +The chart can deploy `ServiceMonitor` objects for integration with Prometheus Operator installations. To do so, set the value `metrics.serviceMonitor.enabled=true`. Ensure that the Prometheus Operator `CustomResourceDefinitions` are installed in the cluster or it will fail with the following error: + +```text +no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1" +``` + +Install the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) for having the necessary CRDs and the Prometheus Operator. + +### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Use a different Valkey version + +To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. + +### Bootstrapping with an External Cluster + +This chart is equipped with the ability to bring online a set of Pods that connect to an existing Valkey deployment that lies outside of Kubernetes. This effectively creates a hybrid Valkey Deployment where both Pods in Kubernetes and Instances such as Virtual Machines can partake in a single Valkey Deployment. This is helpful in situations where one may be migrating Valkey from Virtual Machines into Kubernetes, for example. To take advantage of this, use the following as an example configuration: + +```yaml +replica: + externalPrimary: + enabled: true + host: external-valkey-0.internal +sentinel: + externalPrimary: + enabled: true + host: external-valkey-0.internal +``` + +:warning: This is currently limited to clusters in which Sentinel and Valkey run on the same node! :warning: + +Please also note that the external sentinel must be listening on port `26379`, and this is currently not configurable. + +Once the Kubernetes Valkey Deployment is online and confirmed to be working with the existing cluster, the configuration can then be removed and the cluster will remain connected. + +### External DNS + +This chart is equipped to allow leveraging the ExternalDNS project. Doing so will enable ExternalDNS to publish the FQDN for each instance, in the format of `..`. +Example, when using the following configuration: + +```yaml +useExternalDNS: + enabled: true + suffix: prod.example.org + additionalAnnotations: + ttl: 10 +``` + +On a cluster where the name of the Helm release is `a`, the hostname of a Pod is generated as: `a-valkey-node-0.a-valkey.prod.example.org`. The IP of that FQDN will match that of the associated Pod. This modifies the following parameters of the Valkey/Sentinel configuration using this new FQDN: + +- `replica-announce-ip` +- `known-sentinel` +- `known-replica` +- `announce-ip` + +:warning: This requires a working installation of `external-dns` to be fully functional. :warning: + +See the [official ExternalDNS documentation](https://github.com/kubernetes-sigs/external-dns) for additional configuration options. + +### Cluster topologies + +#### Default: Primary-Replicas + +When installing the chart with `architecture=replication`, it will deploy a Valkey primary StatefulSet and a Valkey replicas StatefulSet. The replicas will be read-replicas of the primary. Two services will be exposed: + +- Valkey Primary service: Points to the primary, where read-write operations can be performed +- Valkey Replicas service: Points to the replicas, where only read operations are allowed by default. + +In case the primary crashes, the replicas will wait until the primary node is respawned again by the Kubernetes Controller Manager. + +#### Standalone + +When installing the chart with `architecture=standalone`, it will deploy a standalone Valkey StatefulSet. A single service will be exposed: + +- Valkey Primary service: Points to the primary, where read-write operations can be performed + +#### Primary-Replicas with Sentinel + +When installing the chart with `architecture=replication` and `sentinel.enabled=true`, it will deploy a Valkey primary StatefulSet (only one primary allowed) and a Valkey replicas StatefulSet. In this case, the pods will contain an extra container with Valkey Sentinel. This container will form a cluster of Valkey Sentinel nodes, which will promote a new primary in case the actual one fails. + +On graceful termination of the Valkey primary pod, a failover of the primary is initiated to promote a new primary. The Valkey Sentinel container in this pod will wait for the failover to occur before terminating. If `sentinel.valkeyShutdownWaitFailover=true` is set (the default), the Valkey container will wait for the failover as well before terminating. This increases availability for reads during failover, but may cause stale reads until all clients have switched to the new primary. + +In addition to this, only one service is exposed: + +- Valkey service: Exposes port 6379 for Valkey read-only operations and port 26379 for accessing Valkey Sentinel. + +For read-only operations, access the service using port 6379. For write operations, it's necessary to access the Valkey Sentinel cluster and query the current primary using the command below (using valkey-cli or similar): + +```console +SENTINEL get-primary-addr-by-name +``` + +This command will return the address of the current primary, which can be accessed from inside the cluster. + +In case the current primary crashes, the Sentinel containers will elect a new primary node. + +`primary.replicaCount` greater than `1` is not designed for use when `sentinel.enabled=true`. + +### Multiple primary nodes (experimental) + +When `primary.replicaCount` is greater than `1`, special care must be taken to create a consistent setup. + +An example of use case is the creation of a redundant set of standalone primary nodes or primary-replicas per Kubernetes node where you must ensure: + +- No more than `1` primary can be deployed per Kubernetes node +- Replicas and writers can only see the single primary of their own Kubernetes node + +One way of achieving this is by setting `primary.service.internalTrafficPolicy=Local` in combination with a `primary.affinity.podAntiAffinity` spec to never schedule more than one primary per Kubernetes node. + +It's recommended to only change `primary.replicaCount` if you know what you are doing. +`primary.replicaCount` greater than `1` is not designed for use when `sentinel.enabled=true`. + +### Using a password file + +To use a password file for Valkey you need to create a secret containing the password and then deploy the chart using that secret. Follow these instructions: + +- Create the secret with the password. It is important that the file with the password must be called `valkey-password`. + +```console +kubectl create secret generic valkey-password-secret --from-file=valkey-password.yaml +``` + +- Deploy the Helm Chart using the secret name as parameter: + +```text +usePassword=true +usePasswordFile=true +existingSecret=valkey-password-secret +sentinels.enabled=true +metrics.enabled=true +``` + +### Securing traffic using TLS + +TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the cluster: + +- `tls.enabled`: Enable TLS support. Defaults to `false` +- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults. +- `tls.certFilename`: Certificate filename. No defaults. +- `tls.certKeyFilename`: Certificate key filename. No defaults. +- `tls.certCAFilename`: CA Certificate filename. No defaults. + +For example: + +First, create the secret with the certificates files: + +```console +kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem +``` + +Then, use the following parameters: + +```console +tls.enabled="true" +tls.existingSecret="certificates-tls-secret" +tls.certFilename="cert.pem" +tls.certKeyFilename="cert.key" +tls.certCAFilename="ca.pem" +``` + +### Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9121) is exposed in the service. Metrics can be scraped from within the cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). If metrics are to be scraped from outside the cluster, the Kubernetes API proxy can be utilized to access the endpoint. + +If you have enabled TLS by specifying `tls.enabled=true` you also need to specify TLS option to the metrics exporter. You can do that via `metrics.extraArgs`. You can find the metrics exporter CLI flags for TLS [here](https://github.com/oliver006/valkey_exporter#command-line-flags). For example: + +You can either specify `metrics.extraArgs.skip-tls-verification=true` to skip TLS verification or providing the following values under `metrics.extraArgs` for TLS client authentication: + +```console +tls-client-key-file +tls-client-cert-file +tls-ca-cert-file +``` + +### Deploy a custom metrics script in the sidecar + +A custom Lua script can be added to the `redis-exporter` sidecar by way of the `metrics.extraArgs.script` parameter. The pathname of the script must exist on the container, or the `redis_exporter` process (and therefore the whole pod) will refuse to start. The script can be provided to the sidecar containers via the `metrics.extraVolumes` and `metrics.extraVolumeMounts` parameters: + +```yaml +metrics: + extraVolumeMounts: + - name: '{{ printf "%s-metrics-script-file" (include "common.names.fullname" .) }}' + mountPath: '{{ printf "/mnt/%s/" (include "common.names.name" .) }}' + readOnly: true + extraVolumes: + - name: '{{ printf "%s-metrics-script-file" (include "common.names.fullname" .) }}' + configMap: + name: '{{ printf "%s-metrics-script" (include "common.names.fullname" .) }}' + extraArgs: + script: '{{ printf "/mnt/%s/my_custom_metrics.lua" (include "common.names.name" .) }}' +``` + +Then deploy the script into the correct location via `extraDeploy`: + +```yaml +extraDeploy: + - apiVersion: v1 + kind: ConfigMap + metadata: + name: '{{ printf "%s-metrics-script" (include "common.names.fullname" .) }}' + data: + my_custom_metrics.lua: | + -- LUA SCRIPT CODE HERE, e.g., + return {'bitnami_makes_the_best_charts', '1'} +``` + +### Host Kernel Settings + +Valkey may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages. To do so, you can set `securityContext.sysctls` which will configure `sysctls` for primary and replica pods. Example: + +```yaml +securityContext: + sysctls: + - name: net.core.somaxconn + value: "10000" +``` + +Note that this will not disable transparent huge tables. + +### Backup and restore + +To backup and restore Valkey deployments on Kubernetes, you will need to create a snapshot of the data in the source cluster, and later restore it in a new cluster with the new parameters. Follow the instructions below: + +#### Step 1: Backup the deployment + +- Connect to one of the nodes and start the Valkey CLI tool. Then, run the commands below: + + ```text + $ kubectl exec -it my-release-primary-0 bash + $ valkey-cli + 127.0.0.1:6379> auth your_current_valkey_password + OK + 127.0.0.1:6379> save + OK + ``` + +- Copy the dump file from the Valkey node: + + ```console + kubectl cp my-release-primary-0:/data/dump.rdb dump.rdb -c valkey + ``` + +#### Step 2: Restore the data on the destination cluster + +To restore the data in a new cluster, you will need to create a PVC and then upload the *dump.rdb* file to the new volume. + +Follow the following steps: + +- In the [*values.yaml*](https://github.com/bitnami/charts/blob/main/bitnami/valkey/values.yaml) file set the *appendonly* parameter to *no*. You can skip this step if it is already configured as *no* + + ```yaml + commonConfiguration: |- + # Enable AOF https://valkey.io/topics/persistence#append-only-file + appendonly no + # Disable RDB persistence, AOF persistence already enabled. + save "" + ``` + + > *Note that the `Enable AOF` comment belongs to the original config file and what you're actually doing is disabling it. This change will only be neccessary for the temporal cluster you're creating to upload the dump.* + +- Start the new cluster to create the PVCs. Use the command below as an example: + + ```console + helm install new-valkey -f values.yaml . --set cluster.enabled=true --set cluster.replicaCount=3 + ``` + +- Now that the PVC were created, stop it and copy the *dump.rdp* file on the persisted data by using a helping pod. + + ```text + $ helm delete new-valkey + + $ kubectl run --generator=run-pod/v1 -i --rm --tty volpod --overrides=' + { + "apiVersion": "v1", + "kind": "Pod", + "metadata": { + "name": "valkeyvolpod" + }, + "spec": { + "containers": [{ + "command": [ + "tail", + "-f", + "/dev/null" + ], + "image": "bitnami/os-shell", + "name": "mycontainer", + "volumeMounts": [{ + "mountPath": "/mnt", + "name": "valkeydata" + }] + }], + "restartPolicy": "Never", + "volumes": [{ + "name": "valkeydata", + "persistentVolumeClaim": { + "claimName": "valkey-data-new-valkey-primary-0" + } + }] + } + }' --image="bitnami/os-shell" + + $ kubectl cp dump.rdb valkeyvolpod:/mnt/dump.rdb + $ kubectl delete pod volpod + ``` + +- Restart the cluster: + + > **INFO:** The *appendonly* parameter can be safely restored to your desired value. + + ```console + helm install new-valkey -f values.yaml . --set cluster.enabled=true --set cluster.replicaCount=3 + ``` + +### NetworkPolicy + +To enable network policy for Valkey, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +With NetworkPolicy enabled, only pods with the generated client label will be able to connect to Valkey. This label will be displayed in the output after a successful install. + +With `networkPolicy.ingressNSMatchLabels` pods from other namespaces can connect to Valkey. Set `networkPolicy.ingressNSPodMatchLabels` to match pod labels in matched namespace. For example, for a namespace labeled `valkey=external` and pods in that namespace labeled `valkey-client=true` the fields should be set: + +```yaml +networkPolicy: + enabled: true + ingressNSMatchLabels: + valkey: external + ingressNSPodMatchLabels: + valkey-client: true +``` + +#### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Persistence + +By default, the chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at the `/data` path. The volume is created using dynamic volume provisioning. If a Persistent Volume Claim already exists, specify it during installation. + +### Existing PersistentVolumeClaim + +1. Create the PersistentVolume +2. Create the PersistentVolumeClaim +3. Install the chart + +```console +helm install my-release --set primary.persistence.existingClaim=PVC_NAME oci://REGISTRY_NAME/REPOSITORY_NAME/valkey +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | +| `global.valkey.password` | Global Valkey password (overrides `auth.password`) | `""` | +| `global.security.allowInsecureImages` | Allows skipping image verification | `false` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | + +### Common parameters + +| Name | Description | Value | +| ------------------------- | -------------------------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `apiVersions` | Override Kubernetes API versions reported by .Capabilities | `[]` | +| `nameOverride` | String to partially override common.names.fullname | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `secretAnnotations` | Annotations to add to secret | `{}` | +| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `useHostnames` | Use hostnames internally when announcing replication. If false, the hostname will be resolved to an IP address | `true` | +| `nameResolutionThreshold` | Failure threshold for internal hostnames resolution | `5` | +| `nameResolutionTimeout` | Timeout seconds between probes for internal hostnames resolution | `5` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + +### Valkey Image parameters + +| Name | Description | Value | +| ------------------- | ------------------------------------------------------------------------------------------------------ | ------------------------ | +| `image.registry` | Valkey image registry | `REGISTRY_NAME` | +| `image.repository` | Valkey image repository | `REPOSITORY_NAME/valkey` | +| `image.digest` | Valkey image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Valkey image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Valkey image pull secrets | `[]` | +| `image.debug` | Enable image debug mode | `false` | + +### Valkey common configuration parameters + +| Name | Description | Value | +| -------------------------------- | --------------------------------------------------------------------------------- | ------------- | +| `architecture` | Valkey architecture. Allowed values: `standalone` or `replication` | `replication` | +| `auth.enabled` | Enable password authentication | `true` | +| `auth.sentinel` | Enable password authentication on sentinels too | `true` | +| `auth.password` | Valkey password | `""` | +| `auth.existingSecret` | The name of an existing secret with Valkey credentials | `""` | +| `auth.existingSecretPasswordKey` | Password key to be retrieved from existing secret | `""` | +| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `true` | +| `auth.usePasswordFileFromSecret` | Mount password file from secret | `true` | +| `commonConfiguration` | Common configuration to be added into the ConfigMap | `""` | +| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for Valkey nodes | `""` | + +### Valkey primary configuration parameters + +| Name | Description | Value | +| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `primary.replicaCount` | Number of Valkey primary instances to deploy (experimental, requires additional configuration) | `1` | +| `primary.configuration` | Configuration for Valkey primary nodes | `""` | +| `primary.disableCommands` | Array with Valkey commands to disable on primary nodes | `["FLUSHDB","FLUSHALL"]` | +| `primary.command` | Override default container command (useful when using custom images) | `[]` | +| `primary.args` | Override default container args (useful when using custom images) | `[]` | +| `primary.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` | +| `primary.preExecCmds` | Additional commands to run prior to starting Valkey primary | `[]` | +| `primary.extraFlags` | Array with additional command line flags for Valkey primary | `[]` | +| `primary.extraEnvVars` | Array with extra environment variables to add to Valkey primary nodes | `[]` | +| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Valkey primary nodes | `""` | +| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Valkey primary nodes | `""` | +| `primary.containerPorts.valkey` | Container port to open on Valkey primary nodes | `6379` | +| `primary.startupProbe.enabled` | Enable startupProbe on Valkey primary nodes | `false` | +| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `20` | +| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `primary.livenessProbe.enabled` | Enable livenessProbe on Valkey primary nodes | `true` | +| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | +| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `primary.readinessProbe.enabled` | Enable readinessProbe on Valkey primary nodes | `true` | +| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | +| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `primary.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `primary.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `primary.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `nano` | +| `primary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `primary.podSecurityContext.enabled` | Enabled Valkey primary pods' Security Context | `true` | +| `primary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `primary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `primary.podSecurityContext.fsGroup` | Set Valkey primary pod's Security Context fsGroup | `1001` | +| `primary.containerSecurityContext.enabled` | Enabled Valkey primary containers' Security Context | `true` | +| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `primary.containerSecurityContext.runAsUser` | Set Valkey primary containers' Security Context runAsUser | `1001` | +| `primary.containerSecurityContext.runAsGroup` | Set Valkey primary containers' Security Context runAsGroup | `1001` | +| `primary.containerSecurityContext.runAsNonRoot` | Set Valkey primary containers' Security Context runAsNonRoot | `true` | +| `primary.containerSecurityContext.allowPrivilegeEscalation` | Is it possible to escalate Valkey pod(s) privileges | `false` | +| `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | +| `primary.containerSecurityContext.seccompProfile.type` | Set Valkey primary containers' Security Context seccompProfile | `RuntimeDefault` | +| `primary.containerSecurityContext.capabilities.drop` | Set Valkey primary containers' Security Context capabilities to drop | `["ALL"]` | +| `primary.kind` | Use either Deployment, StatefulSet (default) or DaemonSet | `StatefulSet` | +| `primary.schedulerName` | Alternate scheduler for Valkey primary pods | `""` | +| `primary.updateStrategy.type` | Valkey primary statefulset strategy type | `RollingUpdate` | +| `primary.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | +| `primary.priorityClassName` | Valkey primary pods' priorityClassName | `""` | +| `primary.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `primary.hostAliases` | Valkey primary pods host aliases | `[]` | +| `primary.podLabels` | Extra labels for Valkey primary pods | `{}` | +| `primary.podAnnotations` | Annotations for Valkey primary pods | `{}` | +| `primary.shareProcessNamespace` | Share a single process namespace between all of the containers in Valkey primary pods | `false` | +| `primary.podAffinityPreset` | Pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `primary.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.nodeAffinityPreset.key` | Node label key to match. Ignored if `primary.affinity` is set | `""` | +| `primary.nodeAffinityPreset.values` | Node label values to match. Ignored if `primary.affinity` is set | `[]` | +| `primary.affinity` | Affinity for Valkey primary pods assignment | `{}` | +| `primary.nodeSelector` | Node labels for Valkey primary pods assignment | `{}` | +| `primary.tolerations` | Tolerations for Valkey primary pods assignment | `[]` | +| `primary.topologySpreadConstraints` | Spread Constraints for Valkey primary pod assignment | `[]` | +| `primary.dnsPolicy` | DNS Policy for Valkey primary pod | `""` | +| `primary.dnsConfig` | DNS Configuration for Valkey primary pod | `{}` | +| `primary.lifecycleHooks` | for the Valkey primary container(s) to automate configuration before or after startup | `{}` | +| `primary.extraVolumes` | Optionally specify extra list of additional volumes for the Valkey primary pod(s) | `[]` | +| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Valkey primary container(s) | `[]` | +| `primary.sidecars` | Add additional sidecar containers to the Valkey primary pod(s) | `[]` | +| `primary.initContainers` | Add additional init containers to the Valkey primary pod(s) | `[]` | +| `primary.persistence.enabled` | Enable persistence on Valkey primary nodes using Persistent Volume Claims | `true` | +| `primary.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `primary.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | +| `primary.persistence.path` | The path the volume will be mounted at on Valkey primary containers | `/data` | +| `primary.persistence.subPath` | The subdirectory of the volume to mount on Valkey primary containers | `""` | +| `primary.persistence.subPathExpr` | Used to construct the subPath subdirectory of the volume to mount on Valkey primary containers | `""` | +| `primary.persistence.storageClass` | Persistent Volume storage class | `""` | +| `primary.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | +| `primary.persistence.size` | Persistent Volume size | `8Gi` | +| `primary.persistence.annotations` | Additional custom annotations for the PVC | `{}` | +| `primary.persistence.labels` | Additional custom labels for the PVC | `{}` | +| `primary.persistence.selector` | Additional labels to match for the PVC | `{}` | +| `primary.persistence.dataSource` | Custom PVC data source | `{}` | +| `primary.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | +| `primary.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | +| `primary.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | +| `primary.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | +| `primary.service.type` | Valkey primary service type | `ClusterIP` | +| `primary.service.ports.valkey` | Valkey primary service port | `6379` | +| `primary.service.nodePorts.valkey` | Node port for Valkey primary | `""` | +| `primary.service.externalTrafficPolicy` | Valkey primary service external traffic policy | `Cluster` | +| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `primary.service.internalTrafficPolicy` | Valkey primary service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster` | +| `primary.service.clusterIP` | Valkey primary service Cluster IP | `""` | +| `primary.service.loadBalancerIP` | Valkey primary service Load Balancer IP | `""` | +| `primary.service.loadBalancerClass` | primary service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | +| `primary.service.loadBalancerSourceRanges` | Valkey primary service Load Balancer sources | `[]` | +| `primary.service.externalIPs` | Valkey primary service External IPs | `[]` | +| `primary.service.annotations` | Additional custom annotations for Valkey primary service | `{}` | +| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `primary.terminationGracePeriodSeconds` | Integer setting the termination grace period for the valkey-primary pods | `30` | +| `primary.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `primary.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `primary.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` | +| `primary.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `primary.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `{}` | +| `primary.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `primary.pdb.minAvailable` and `primary.pdb.maxUnavailable` are empty. | `{}` | + +### Valkey replicas configuration parameters + +| Name | Description | Value | +| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `replica.kind` | Use either DaemonSet or StatefulSet (default) | `StatefulSet` | +| `replica.replicaCount` | Number of Valkey replicas to deploy | `3` | +| `replica.configuration` | Configuration for Valkey replicas nodes | `""` | +| `replica.disableCommands` | Array with Valkey commands to disable on replicas nodes | `["FLUSHDB","FLUSHALL"]` | +| `replica.command` | Override default container command (useful when using custom images) | `[]` | +| `replica.args` | Override default container args (useful when using custom images) | `[]` | +| `replica.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` | +| `replica.preExecCmds` | Additional commands to run prior to starting Valkey replicas | `[]` | +| `replica.extraFlags` | Array with additional command line flags for Valkey replicas | `[]` | +| `replica.extraEnvVars` | Array with extra environment variables to add to Valkey replicas nodes | `[]` | +| `replica.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Valkey replicas nodes | `""` | +| `replica.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Valkey replicas nodes | `""` | +| `replica.externalPrimary.enabled` | Use external primary for bootstrapping | `false` | +| `replica.externalPrimary.host` | External primary host to bootstrap from | `""` | +| `replica.externalPrimary.port` | Port for Valkey service external primary host | `6379` | +| `replica.containerPorts.valkey` | Container port to open on Valkey replicas nodes | `6379` | +| `replica.startupProbe.enabled` | Enable startupProbe on Valkey replicas nodes | `true` | +| `replica.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `replica.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `replica.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `replica.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` | +| `replica.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `replica.livenessProbe.enabled` | Enable livenessProbe on Valkey replicas nodes | `true` | +| `replica.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | +| `replica.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `replica.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `replica.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `replica.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `replica.readinessProbe.enabled` | Enable readinessProbe on Valkey replicas nodes | `true` | +| `replica.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | +| `replica.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `replica.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `replica.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `replica.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `replica.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `replica.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `replica.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `replica.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production). | `nano` | +| `replica.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `replica.podSecurityContext.enabled` | Enabled Valkey replicas pods' Security Context | `true` | +| `replica.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `replica.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `replica.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `replica.podSecurityContext.fsGroup` | Set Valkey replicas pod's Security Context fsGroup | `1001` | +| `replica.containerSecurityContext.enabled` | Enabled Valkey replicas containers' Security Context | `true` | +| `replica.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `replica.containerSecurityContext.runAsUser` | Set Valkey replicas containers' Security Context runAsUser | `1001` | +| `replica.containerSecurityContext.runAsGroup` | Set Valkey replicas containers' Security Context runAsGroup | `1001` | +| `replica.containerSecurityContext.runAsNonRoot` | Set Valkey replicas containers' Security Context runAsNonRoot | `true` | +| `replica.containerSecurityContext.allowPrivilegeEscalation` | Set Valkey replicas pod's Security Context allowPrivilegeEscalation | `false` | +| `replica.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | +| `replica.containerSecurityContext.seccompProfile.type` | Set Valkey replicas containers' Security Context seccompProfile | `RuntimeDefault` | +| `replica.containerSecurityContext.capabilities.drop` | Set Valkey replicas containers' Security Context capabilities to drop | `["ALL"]` | +| `replica.schedulerName` | Alternate scheduler for Valkey replicas pods | `""` | +| `replica.updateStrategy.type` | Valkey replicas statefulset strategy type | `RollingUpdate` | +| `replica.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | +| `replica.priorityClassName` | Valkey replicas pods' priorityClassName | `""` | +| `replica.podManagementPolicy` | podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods | `""` | +| `replica.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `replica.hostAliases` | Valkey replicas pods host aliases | `[]` | +| `replica.podLabels` | Extra labels for Valkey replicas pods | `{}` | +| `replica.podAnnotations` | Annotations for Valkey replicas pods | `{}` | +| `replica.shareProcessNamespace` | Share a single process namespace between all of the containers in Valkey replicas pods | `false` | +| `replica.podAffinityPreset` | Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `replica.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `replica.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `replica.nodeAffinityPreset.key` | Node label key to match. Ignored if `replica.affinity` is set | `""` | +| `replica.nodeAffinityPreset.values` | Node label values to match. Ignored if `replica.affinity` is set | `[]` | +| `replica.affinity` | Affinity for Valkey replicas pods assignment | `{}` | +| `replica.nodeSelector` | Node labels for Valkey replicas pods assignment | `{}` | +| `replica.tolerations` | Tolerations for Valkey replicas pods assignment | `[]` | +| `replica.topologySpreadConstraints` | Spread Constraints for Valkey replicas pod assignment | `[]` | +| `replica.dnsPolicy` | DNS Policy for Valkey replica pods | `""` | +| `replica.dnsConfig` | DNS Configuration for Valkey replica pods | `{}` | +| `replica.lifecycleHooks` | for the Valkey replica container(s) to automate configuration before or after startup | `{}` | +| `replica.extraVolumes` | Optionally specify extra list of additional volumes for the Valkey replicas pod(s) | `[]` | +| `replica.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Valkey replicas container(s) | `[]` | +| `replica.sidecars` | Add additional sidecar containers to the Valkey replicas pod(s) | `[]` | +| `replica.initContainers` | Add additional init containers to the Valkey replicas pod(s) | `[]` | +| `replica.persistence.enabled` | Enable persistence on Valkey replicas nodes using Persistent Volume Claims | `true` | +| `replica.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `replica.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | +| `replica.persistence.path` | The path the volume will be mounted at on Valkey replicas containers | `/data` | +| `replica.persistence.subPath` | The subdirectory of the volume to mount on Valkey replicas containers | `""` | +| `replica.persistence.subPathExpr` | Used to construct the subPath subdirectory of the volume to mount on Valkey replicas containers | `""` | +| `replica.persistence.storageClass` | Persistent Volume storage class | `""` | +| `replica.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | +| `replica.persistence.size` | Persistent Volume size | `8Gi` | +| `replica.persistence.annotations` | Additional custom annotations for the PVC | `{}` | +| `replica.persistence.labels` | Additional custom labels for the PVC | `{}` | +| `replica.persistence.selector` | Additional labels to match for the PVC | `{}` | +| `replica.persistence.dataSource` | Custom PVC data source | `{}` | +| `replica.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | +| `replica.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | +| `replica.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | +| `replica.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | +| `replica.service.type` | Valkey replicas service type | `ClusterIP` | +| `replica.service.ports.valkey` | Valkey replicas service port | `6379` | +| `replica.service.nodePorts.valkey` | Node port for Valkey replicas | `""` | +| `replica.service.externalTrafficPolicy` | Valkey replicas service external traffic policy | `Cluster` | +| `replica.service.internalTrafficPolicy` | Valkey replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster` | +| `replica.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `replica.service.clusterIP` | Valkey replicas service Cluster IP | `""` | +| `replica.service.loadBalancerIP` | Valkey replicas service Load Balancer IP | `""` | +| `replica.service.loadBalancerClass` | replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | +| `replica.service.loadBalancerSourceRanges` | Valkey replicas service Load Balancer sources | `[]` | +| `replica.service.annotations` | Additional custom annotations for Valkey replicas service | `{}` | +| `replica.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `replica.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `replica.terminationGracePeriodSeconds` | Integer setting the termination grace period for the valkey-replicas pods | `30` | + +### Autoscaling + +| Name | Description | Value | +| --------------------------------------------- | ---------------------------------------------------------------------------------------------- | ------- | +| `replica.autoscaling.vpa.enabled` | Enable VPA | `false` | +| `replica.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` | +| `replica.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` | +| `replica.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` | +| `replica.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` | + +### VPA update policy + +| Name | Description | Value | +| ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `replica.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | `Auto` | +| `replica.autoscaling.hpa.enabled` | Enable HPA | `false` | +| `replica.autoscaling.hpa.minReplicas` | Minimum number of replicas | `""` | +| `replica.autoscaling.hpa.maxReplicas` | Maximum number of replicas | `""` | +| `replica.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` | +| `replica.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` | +| `replica.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `replica.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `replica.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` | +| `replica.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `replica.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `replica.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `{}` | +| `replica.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `replica.pdb.minAvailable` and `replica.pdb.maxUnavailable` are empty. | `{}` | + +### Valkey Sentinel configuration parameters + +| Name | Description | Value | +| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | +| `sentinel.enabled` | Use Valkey Sentinel on Valkey pods. | `false` | +| `sentinel.image.registry` | Valkey Sentinel image registry | `REGISTRY_NAME` | +| `sentinel.image.repository` | Valkey Sentinel image repository | `REPOSITORY_NAME/valkey-sentinel` | +| `sentinel.image.digest` | Valkey Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `sentinel.image.pullPolicy` | Valkey Sentinel image pull policy | `IfNotPresent` | +| `sentinel.image.pullSecrets` | Valkey Sentinel image pull secrets | `[]` | +| `sentinel.image.debug` | Enable image debug mode | `false` | +| `sentinel.annotations` | Additional custom annotations for Valkey Sentinel resource | `{}` | +| `sentinel.primarySet` | Primary set name | `myprimary` | +| `sentinel.quorum` | Sentinel Quorum | `2` | +| `sentinel.getPrimaryTimeout` | Amount of time to allow before get_sentinel_primary_info() times out. | `90` | +| `sentinel.automateClusterRecovery` | Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. | `false` | +| `sentinel.valkeyShutdownWaitFailover` | Whether the Valkey primary container waits for the failover at shutdown (in addition to the Valkey Sentinel container). | `true` | +| `sentinel.downAfterMilliseconds` | Timeout for detecting a Valkey node is down | `60000` | +| `sentinel.failoverTimeout` | Timeout for performing a election failover | `180000` | +| `sentinel.parallelSyncs` | Number of replicas that can be reconfigured in parallel to use the new primary after a failover | `1` | +| `sentinel.configuration` | Configuration for Valkey Sentinel nodes | `""` | +| `sentinel.command` | Override default container command (useful when using custom images) | `[]` | +| `sentinel.args` | Override default container args (useful when using custom images) | `[]` | +| `sentinel.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` | +| `sentinel.preExecCmds` | Additional commands to run prior to starting Valkey Sentinel | `[]` | +| `sentinel.extraEnvVars` | Array with extra environment variables to add to Valkey Sentinel nodes | `[]` | +| `sentinel.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Valkey Sentinel nodes | `""` | +| `sentinel.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Valkey Sentinel nodes | `""` | +| `sentinel.externalPrimary.enabled` | Use external primary for bootstrapping | `false` | +| `sentinel.externalPrimary.host` | External primary host to bootstrap from | `""` | +| `sentinel.externalPrimary.port` | Port for Valkey service external primary host | `6379` | +| `sentinel.containerPorts.sentinel` | Container port to open on Valkey Sentinel nodes | `26379` | +| `sentinel.startupProbe.enabled` | Enable startupProbe on Valkey Sentinel nodes | `true` | +| `sentinel.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `sentinel.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `sentinel.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `sentinel.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` | +| `sentinel.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `sentinel.livenessProbe.enabled` | Enable livenessProbe on Valkey Sentinel nodes | `true` | +| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | +| `sentinel.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `sentinel.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `sentinel.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `sentinel.readinessProbe.enabled` | Enable readinessProbe on Valkey Sentinel nodes | `true` | +| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | +| `sentinel.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `sentinel.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `sentinel.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `sentinel.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `sentinel.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `sentinel.persistence.enabled` | Enable persistence on Valkey sentinel nodes using Persistent Volume Claims (Experimental) | `false` | +| `sentinel.persistence.storageClass` | Persistent Volume storage class | `""` | +| `sentinel.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | +| `sentinel.persistence.size` | Persistent Volume size | `100Mi` | +| `sentinel.persistence.annotations` | Additional custom annotations for the PVC | `{}` | +| `sentinel.persistence.labels` | Additional custom labels for the PVC | `{}` | +| `sentinel.persistence.selector` | Additional labels to match for the PVC | `{}` | +| `sentinel.persistence.dataSource` | Custom PVC data source | `{}` | +| `sentinel.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `sentinel.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | +| `sentinel.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | +| `sentinel.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | +| `sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | +| `sentinel.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production). | `nano` | +| `sentinel.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `sentinel.containerSecurityContext.enabled` | Enabled Valkey Sentinel containers' Security Context | `true` | +| `sentinel.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `sentinel.containerSecurityContext.runAsUser` | Set Valkey Sentinel containers' Security Context runAsUser | `1001` | +| `sentinel.containerSecurityContext.runAsGroup` | Set Valkey Sentinel containers' Security Context runAsGroup | `1001` | +| `sentinel.containerSecurityContext.runAsNonRoot` | Set Valkey Sentinel containers' Security Context runAsNonRoot | `true` | +| `sentinel.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | +| `sentinel.containerSecurityContext.allowPrivilegeEscalation` | Set Valkey Sentinel containers' Security Context allowPrivilegeEscalation | `false` | +| `sentinel.containerSecurityContext.seccompProfile.type` | Set Valkey Sentinel containers' Security Context seccompProfile | `RuntimeDefault` | +| `sentinel.containerSecurityContext.capabilities.drop` | Set Valkey Sentinel containers' Security Context capabilities to drop | `["ALL"]` | +| `sentinel.lifecycleHooks` | for the Valkey sentinel container(s) to automate configuration before or after startup | `{}` | +| `sentinel.extraVolumes` | Optionally specify extra list of additional volumes for the Valkey Sentinel | `[]` | +| `sentinel.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Valkey Sentinel container(s) | `[]` | +| `sentinel.service.type` | Valkey Sentinel service type | `ClusterIP` | +| `sentinel.service.ports.valkey` | Valkey service port for Valkey | `6379` | +| `sentinel.service.ports.sentinel` | Valkey service port for Valkey Sentinel | `26379` | +| `sentinel.service.nodePorts.valkey` | Node port for Valkey | `""` | +| `sentinel.service.nodePorts.sentinel` | Node port for Sentinel | `""` | +| `sentinel.service.externalTrafficPolicy` | Valkey Sentinel service external traffic policy | `Cluster` | +| `sentinel.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `sentinel.service.clusterIP` | Valkey Sentinel service Cluster IP | `""` | +| `sentinel.service.createPrimary` | Enable primary service pointing to the current primary (experimental) | `false` | +| `sentinel.service.loadBalancerIP` | Valkey Sentinel service Load Balancer IP | `""` | +| `sentinel.service.loadBalancerClass` | sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | +| `sentinel.service.loadBalancerSourceRanges` | Valkey Sentinel service Load Balancer sources | `[]` | +| `sentinel.service.annotations` | Additional custom annotations for Valkey Sentinel service | `{}` | +| `sentinel.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `sentinel.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `sentinel.service.headless.annotations` | Annotations for the headless service. | `{}` | +| `sentinel.terminationGracePeriodSeconds` | Integer setting the termination grace period for the valkey-node pods | `30` | + +### Other Parameters + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.extraEgress` | Add extra egress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.metrics.allowExternal` | Don't require client label for connections for metrics endpoint | `true` | +| `networkPolicy.metrics.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces to metrics endpoint | `{}` | +| `networkPolicy.metrics.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces to metrics endpoint | `{}` | +| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | +| `podSecurityPolicy.enabled` | Enable PodSecurityPolicy's RBAC rules | `false` | +| `rbac.create` | Specifies whether RBAC resources should be created | `false` | +| `rbac.rules` | Custom RBAC rules to set | `[]` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `pdb` | DEPRECATED Please use `primary.pdb` and `replica.pdb` values instead | `{}` | +| `tls.enabled` | Enable TLS traffic | `false` | +| `tls.authClients` | Require clients to authenticate | `true` | +| `tls.autoGenerated` | Enable autogenerated certificates | `false` | +| `tls.existingSecret` | The name of the existing secret that contains the TLS certificates | `""` | +| `tls.certFilename` | Certificate filename | `""` | +| `tls.certKeyFilename` | Certificate Key filename | `""` | +| `tls.certCAFilename` | CA Certificate filename | `""` | +| `tls.dhParamsFilename` | File containing DH params (in order to support DH based ciphers) | `""` | + +### Metrics Parameters + +| Name | Description | Value | +| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | +| `metrics.enabled` | Start a sidecar prometheus exporter to expose Valkey metrics | `false` | +| `metrics.image.registry` | Valkey Exporter image registry | `REGISTRY_NAME` | +| `metrics.image.repository` | Valkey Exporter image repository | `REPOSITORY_NAME/valkey-exporter` | +| `metrics.image.digest` | Valkey Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | Valkey Exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Valkey Exporter image pull secrets | `[]` | +| `metrics.containerPorts.http` | Metrics HTTP container port | `9121` | +| `metrics.startupProbe.enabled` | Enable startupProbe on Valkey replicas nodes | `false` | +| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe on Valkey replicas nodes | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe on Valkey replicas nodes | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `metrics.command` | Override default metrics container init command (useful when using custom images) | `[]` | +| `metrics.valkeyTargetHost` | A way to specify an alternative Valkey hostname | `localhost` | +| `metrics.extraArgs` | Extra arguments for Valkey exporter, for example: | `{}` | +| `metrics.extraEnvVars` | Array with extra environment variables to add to Valkey exporter | `[]` | +| `metrics.containerSecurityContext.enabled` | Enabled Valkey exporter containers' Security Context | `true` | +| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `metrics.containerSecurityContext.runAsUser` | Set Valkey exporter containers' Security Context runAsUser | `1001` | +| `metrics.containerSecurityContext.runAsGroup` | Set Valkey exporter containers' Security Context runAsGroup | `1001` | +| `metrics.containerSecurityContext.runAsNonRoot` | Set Valkey exporter containers' Security Context runAsNonRoot | `true` | +| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set Valkey exporter containers' Security Context allowPrivilegeEscalation | `false` | +| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | +| `metrics.containerSecurityContext.seccompProfile.type` | Set Valkey exporter containers' Security Context seccompProfile | `RuntimeDefault` | +| `metrics.containerSecurityContext.capabilities.drop` | Set Valkey exporter containers' Security Context capabilities to drop | `["ALL"]` | +| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Valkey metrics sidecar | `[]` | +| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Valkey metrics sidecar | `[]` | +| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` | +| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `metrics.podLabels` | Extra labels for Valkey exporter pods | `{}` | +| `metrics.podAnnotations` | Annotations for Valkey exporter pods | `{}` | +| `metrics.service.enabled` | Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor | `true` | +| `metrics.service.type` | Valkey exporter service type | `ClusterIP` | +| `metrics.service.ports.http` | Valkey exporter service port | `9121` | +| `metrics.service.externalTrafficPolicy` | Valkey exporter service external traffic policy | `Cluster` | +| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `metrics.service.loadBalancerIP` | Valkey exporter service Load Balancer IP | `""` | +| `metrics.service.loadBalancerClass` | exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | +| `metrics.service.loadBalancerSourceRanges` | Valkey exporter service Load Balancer sources | `[]` | +| `metrics.service.annotations` | Additional custom annotations for Valkey exporter service | `{}` | +| `metrics.service.clusterIP` | Valkey exporter service Cluster IP | `""` | +| `metrics.serviceMonitor.port` | the service port to scrape metrics from | `http-metrics` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` | +| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.relabelings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` | +| `metrics.serviceMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` | +| `metrics.serviceMonitor.targetLimit` | Limit of how many targets should be scraped | `false` | +| `metrics.serviceMonitor.additionalEndpoints` | Additional endpoints to scrape (e.g sentinel) | `[]` | +| `metrics.podMonitor.port` | the pod port to scrape metrics from | `metrics` | +| `metrics.podMonitor.enabled` | Create PodMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | +| `metrics.podMonitor.namespace` | The namespace in which the PodMonitor will be created | `""` | +| `metrics.podMonitor.interval` | The interval at which metrics should be scraped | `30s` | +| `metrics.podMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | +| `metrics.podMonitor.relabelings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | +| `metrics.podMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | +| `metrics.podMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus | `{}` | +| `metrics.podMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` | +| `metrics.podMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` | +| `metrics.podMonitor.targetLimit` | Limit of how many targets should be scraped | `false` | +| `metrics.podMonitor.additionalEndpoints` | Additional endpoints to scrape (e.g sentinel) | `[]` | +| `metrics.prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` | +| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` | +| `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` | + +### Init Container Parameters + +| Name | Description | Value | +| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------ | +| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | +| `kubectl.image.registry` | Kubectl image registry | `REGISTRY_NAME` | +| `kubectl.image.repository` | Kubectl image repository | `REPOSITORY_NAME/kubectl` | +| `kubectl.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `kubectl.image.pullPolicy` | Kubectl image pull policy | `IfNotPresent` | +| `kubectl.image.pullSecrets` | Kubectl pull secrets | `[]` | +| `kubectl.command` | kubectl command to execute | `["/opt/bitnami/scripts/kubectl-scripts/update-primary-label.sh"]` | +| `kubectl.containerSecurityContext.enabled` | Enabled kubectl containers' Security Context | `true` | +| `kubectl.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `kubectl.containerSecurityContext.runAsUser` | Set kubectl containers' Security Context runAsUser | `1001` | +| `kubectl.containerSecurityContext.runAsGroup` | Set kubectl containers' Security Context runAsGroup | `1001` | +| `kubectl.containerSecurityContext.runAsNonRoot` | Set kubectl containers' Security Context runAsNonRoot | `true` | +| `kubectl.containerSecurityContext.allowPrivilegeEscalation` | Set kubectl containers' Security Context allowPrivilegeEscalation | `false` | +| `kubectl.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | +| `kubectl.containerSecurityContext.seccompProfile.type` | Set kubectl containers' Security Context seccompProfile | `RuntimeDefault` | +| `kubectl.containerSecurityContext.capabilities.drop` | Set kubectl containers' Security Context capabilities to drop | `["ALL"]` | +| `kubectl.resources.limits` | The resources limits for the kubectl containers | `{}` | +| `kubectl.resources.requests` | The requested resources for the kubectl containers | `{}` | + +### useExternalDNS Parameters + +| Name | Description | Value | +| -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | +| `useExternalDNS.enabled` | Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable. | `false` | +| `useExternalDNS.additionalAnnotations` | Extra annotations to be utilized when `external-dns` is enabled. | `{}` | +| `useExternalDNS.annotationKey` | The annotation key utilized when `external-dns` is enabled. Setting this to `false` will disable annotations. | `external-dns.alpha.kubernetes.io/` | +| `useExternalDNS.suffix` | The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. | `""` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + --set auth.password=secretpassword \ + oci://REGISTRY_NAME/REPOSITORY_NAME/valkey +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The above command sets the Valkey server password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/valkey +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/valkey/values.yaml) + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +### To 2.2.0 + +This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850). + +### To 2.0.0 + +This major updates all the references from `master/slave` to `primary/replica` to follow the upstream project strategy: + +- The term *master* has been replaced by the term *primary*. Therefore, parameters prefixed with `master` are now prefixed with `primary`. +- Environment variables previously prefixed as `VALKEY_MASTER` or `VALKEY_SENTINEL_MASTER` use `VALKEY_PRIMARY` and `VALKEY_SENTINEL_PRIMARY` now. + +Consequences: + +Backwards compatibility is not guaranteed. To upgrade to `2.0.0`, install a new release of the Valkey chart, and migrate the data from your previous release. You have 2 alternatives to do so: + +- Create a backup of the database, and restore it on the new release as explained in the [Backup and restore](#backup-and-restore) section. +- Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `valkey`: + +```console +helm install valkey oci://REGISTRY_NAME/REPOSITORY_NAME/valkey --set auth.password=[PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +| Note: you need to substitute the placeholder *[EXISTING_PVC]* with the name of the PVC used on your previous release, and *[PASSWORD]* with the password used in your previous release. + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/.helmignore b/applications/n8n/charts/n8n/charts/valkey/charts/common/.helmignore new file mode 100644 index 00000000..d0e10845 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# img folder +img/ +# Changelog +CHANGELOG.md diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/Chart.yaml b/applications/n8n/charts/n8n/charts/valkey/charts/common/Chart.yaml new file mode 100644 index 00000000..10fc86a4 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure + licenses: Apache-2.0 +apiVersion: v2 +appVersion: 2.30.0 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://bitnami.com +icon: https://dyltqmyl993wv.cloudfront.net/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- name: Broadcom, Inc. All Rights Reserved. + url: https://github.com/bitnami/charts +name: common +sources: +- https://github.com/bitnami/charts/tree/main/bitnami/common +type: library +version: 2.30.0 diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/README.md b/applications/n8n/charts/n8n/charts/valkey/charts/common/README.md new file mode 100644 index 00000000..0e5f6499 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/README.md @@ -0,0 +1,235 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 2.x.x + repository: oci://registry-1.docker.io/bitnamicharts +``` + +```console +helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ + +## Parameters + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy.' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +#### What changes were introduced in this major version? + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +#### Considerations when upgrading to this version + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +#### Useful links + +- +- +- + +## License + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_affinities.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_affinities.tpl new file mode 100644 index 00000000..d387dbe6 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_affinities.tpl @@ -0,0 +1,155 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a topologyKey definition +{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} +*/}} +{{- define "common.affinities.topologyKey" -}} +{{ .topologyKey | default "kubernetes.io/hostname" -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "extraNamespaces" (list "namespace1" "namespace2") "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +{{- $extraNamespaces := default (list) .extraNamespaces -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- if $extraNamespaces }} + namespaces: + - {{ .context.Release.Namespace }} + {{- with $extraNamespaces }} + {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: 1 + {{- range $extraPodAffinityTerms }} + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: {{ .weight | default 1 -}} + {{- end -}} +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "extraNamespaces" (list "namespace1" "namespace2") "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +{{- $extraNamespaces := default (list) .extraNamespaces -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- if $extraNamespaces }} + namespaces: + - {{ .context.Release.Namespace }} + {{- with $extraNamespaces }} + {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- range $extraPodAffinityTerms }} + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- end -}} +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_capabilities.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_capabilities.tpl new file mode 100644 index 00000000..6423fb11 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_capabilities.tpl @@ -0,0 +1,253 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- default (default .Capabilities.KubeVersion.Version .Values.kubeVersion) ((.Values.global).kubeVersion) -}} +{{- end -}} + +{{/* +Return true if the apiVersion is supported +Usage: +{{ include "common.capabilities.apiVersions.has" (dict "version" "batch/v1" "context" $) }} +*/}} +{{- define "common.capabilities.apiVersions.has" -}} +{{- $providedAPIVersions := default .context.Values.apiVersions ((.context.Values.global).apiVersions) -}} +{{- if and (empty $providedAPIVersions) (.context.Capabilities.APIVersions.Has .version) -}} + {{- true -}} +{{- else if has .version $providedAPIVersions -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.7-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for job. +*/}} +{{- define "common.capabilities.job.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if (.Values.ingress).apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.17-0" $kubeVersion) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.10-0" $kubeVersion) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "common.capabilities.hpa.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.11-0" $kubeVersion) -}} +{{- print "autoscaling/v1beta1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} +{{- print "autoscaling/v1beta2" -}} +{{- else -}} +{{- print "autoscaling/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if PodSecurityPolicy is supported +*/}} +{{- define "common.capabilities.psp.supported" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if or (empty $kubeVersion) (semverCompare "<1.25-0" $kubeVersion) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if AdmissionConfiguration is supported +*/}} +{{- define "common.capabilities.admissionConfiguration.supported" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if or (empty $kubeVersion) (not (semverCompare "<1.23-0" $kubeVersion)) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for AdmissionConfiguration. +*/}} +{{- define "common.capabilities.admissionConfiguration.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- print "apiserver.config.k8s.io/v1alpha1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} +{{- print "apiserver.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiserver.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for PodSecurityConfiguration. +*/}} +{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} +{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "pod-security.admission.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_compatibility.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_compatibility.tpl new file mode 100644 index 00000000..19c26dbd --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_compatibility.tpl @@ -0,0 +1,46 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return true if the detected platform is Openshift +Usage: +{{- include "common.compatibility.isOpenshift" . -}} +*/}} +{{- define "common.compatibility.isOpenshift" -}} +{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} +{{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC +Usage: +{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}} +*/}} +{{- define "common.compatibility.renderSecurityContext" -}} +{{- $adaptedContext := .secContext -}} + +{{- if (((.context.Values.global).compatibility).openshift) -}} + {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}} + {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} + {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} + {{- if not .secContext.seLinuxOptions -}} + {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}} + {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{/* Remove empty seLinuxOptions object if global.compatibility.omitEmptySeLinuxOptions is set to true */}} +{{- if and (((.context.Values.global).compatibility).omitEmptySeLinuxOptions) (not .secContext.seLinuxOptions) -}} + {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} +{{- end -}} +{{/* Remove fields that are disregarded when running the container in privileged mode */}} +{{- if $adaptedContext.privileged -}} + {{- $adaptedContext = omit $adaptedContext "capabilities" -}} +{{- end -}} +{{- omit $adaptedContext "enabled" | toYaml -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_errors.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_errors.tpl new file mode 100644 index 00000000..93f3ffc9 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_errors.tpl @@ -0,0 +1,85 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Throw error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} + +{{/* +Throw error when original container images are replaced. +The error can be bypassed by setting the "global.security.allowInsecureImages" to true. In this case, +a warning message will be shown instead. + +Usage: +{{ include "common.errors.insecureImages" (dict "images" (list .Values.path.to.the.imageRoot) "context" $) }} +*/}} +{{- define "common.errors.insecureImages" -}} +{{- $relocatedImages := list -}} +{{- $replacedImages := list -}} +{{- $retaggedImages := list -}} +{{- $globalRegistry := ((.context.Values.global).imageRegistry) -}} +{{- $originalImages := .context.Chart.Annotations.images -}} +{{- range .images -}} + {{- $registryName := default .registry $globalRegistry -}} + {{- $fullImageNameNoTag := printf "%s/%s" $registryName .repository -}} + {{- $fullImageName := printf "%s:%s" $fullImageNameNoTag .tag -}} + {{- if not (contains $fullImageNameNoTag $originalImages) -}} + {{- if not (contains $registryName $originalImages) -}} + {{- $relocatedImages = append $relocatedImages $fullImageName -}} + {{- else if not (contains .repository $originalImages) -}} + {{- $replacedImages = append $replacedImages $fullImageName -}} + {{- end -}} + {{- end -}} + {{- if not (contains (printf "%s:%s" .repository .tag) $originalImages) -}} + {{- $retaggedImages = append $retaggedImages $fullImageName -}} + {{- end -}} +{{- end -}} + +{{- if and (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) (((.context.Values.global).security).allowInsecureImages) -}} + {{- print "\n\nâš  SECURITY WARNING: Verifying original container images was skipped. Please note this Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.\n" -}} +{{- else if (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) -}} + {{- $errorString := "Original containers have been substituted for unrecognized ones. Deploying this chart with non-standard containers is likely to cause degraded security and performance, broken chart features, and missing environment variables." -}} + {{- $errorString = print $errorString "\n\nUnrecognized images:" -}} + {{- range (concat $relocatedImages $replacedImages) -}} + {{- $errorString = print $errorString "\n - " . -}} + {{- end -}} + {{- if or (contains "docker.io/bitnami/" $originalImages) (contains "docker.io/bitnamiprem/" $originalImages) -}} + {{- $errorString = print "\n\nâš  ERROR: " $errorString -}} + {{- $errorString = print $errorString "\n\nIf you are sure you want to proceed with non-standard containers, you can skip container image verification by setting the global parameter 'global.security.allowInsecureImages' to true." -}} + {{- $errorString = print $errorString "\nFurther information can be obtained at https://github.com/bitnami/charts/issues/30850" -}} + {{- print $errorString | fail -}} + {{- else if gt (len $replacedImages) 0 -}} + {{- $errorString = print "\n\nâš  WARNING: " $errorString -}} + {{- print $errorString -}} + {{- end -}} +{{- else if gt (len $retaggedImages) 0 -}} + {{- $warnString := "\n\nâš  WARNING: Original containers have been retagged. Please note this Helm chart was tested, and validated on multiple platforms using a specific set of Tanzu Application Catalog containers. Substituting original image tags could cause unexpected behavior." -}} + {{- $warnString = print $warnString "\n\nRetagged images:" -}} + {{- range $retaggedImages -}} + {{- $warnString = print $warnString "\n - " . -}} + {{- end -}} + {{- print $warnString -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_images.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_images.tpl new file mode 100644 index 00000000..76bb7ce4 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_images.tpl @@ -0,0 +1,115 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name. +If image tag and digest are not defined, termination fallbacks to chart appVersion. +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global "chart" .Chart ) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := default .imageRoot.registry ((.global).imageRegistry) -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $separator := ":" -}} +{{- $termination := .imageRoot.tag | toString -}} + +{{- if not .imageRoot.tag }} + {{- if .chart }} + {{- $termination = .chart.AppVersion | toString -}} + {{- end -}} +{{- end -}} +{{- if .imageRoot.digest }} + {{- $separator = "@" -}} + {{- $termination = .imageRoot.digest | toString -}} +{{- end -}} +{{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} +{{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- range ((.global).imagePullSecrets) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end }} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) -}} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- range (($context.Values.global).imagePullSecrets) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) -}} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) +{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} +*/}} +{{- define "common.images.version" -}} +{{- $imageTag := .imageRoot.tag | toString -}} +{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} +{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} + {{- $version := semver $imageTag -}} + {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} +{{- else -}} + {{- print .chart.AppVersion -}} +{{- end -}} +{{- end -}} + diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_ingress.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_ingress.tpl new file mode 100644 index 00000000..7d2b8798 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_ingress.tpl @@ -0,0 +1,73 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_labels.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_labels.tpl new file mode 100644 index 00000000..0a0cc548 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_labels.tpl @@ -0,0 +1,46 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Kubernetes standard labels +{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} +*/}} +{{- define "common.labels.standard" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} +{{- with .context.Chart.AppVersion -}} +{{- $_ := set $default "app.kubernetes.io/version" . -}} +{{- end -}} +{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Chart.AppVersion }} +app.kubernetes.io/version: {{ . | quote }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector +{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} + +We don't want to loop over custom labels appending them to the selector +since it's very likely that it will break deployments, services, etc. +However, it's important to overwrite the standard labels if the user +overwrote them on metadata.labels fields. +*/}} +{{- define "common.labels.matchLabels" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_names.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_names.tpl new file mode 100644 index 00000000..ba839568 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_names.tpl @@ -0,0 +1,71 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified app name adding the installation's namespace. +*/}} +{{- define "common.names.fullname.namespace" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_resources.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_resources.tpl new file mode 100644 index 00000000..d8a43e1c --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_resources.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a resource request/limit object based on a given preset. +These presets are for basic testing and not meant to be used in production +{{ include "common.resources.preset" (dict "type" "nano") -}} +*/}} +{{- define "common.resources.preset" -}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} +{{- $presets := dict + "nano" (dict + "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") + ) + "micro" (dict + "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") + ) + "small" (dict + "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") + ) + "medium" (dict + "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") + ) + "large" (dict + "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") + ) + "xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") + ) + "2xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") + ) + }} +{{- if hasKey $presets .type -}} +{{- index $presets .type | toYaml -}} +{{- else -}} +{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} +{{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_secrets.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_secrets.tpl new file mode 100644 index 00000000..bfef4697 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_secrets.tpl @@ -0,0 +1,192 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "honorProvidedValues" false "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. + - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted. + - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret. + - honorProvidedValues - Boolean - Optional - Default to false. If set to true, the values in providedValues have higher priority than an existing secret +The order in which this function returns a secret password: + 1. Password provided via the values.yaml if honorProvidedValues = true + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 2. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 3. Password provided via the values.yaml if honorProvidedValues = false + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 4. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key | b64dec }} + {{- else if not (eq .failOnNew false) }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- end }} + +{{- if and $providedPasswordValue .honorProvidedValues }} + {{- $password = $providedPasswordValue | toString }} +{{- end }} + +{{- if not $password }} + {{- if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString }} + {{- else }} + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- if not (eq .failOnNew false) }} + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + {{- end }} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} + {{- else }} + {{- $password = randAlphaNum $passwordLength }} + {{- end }} + {{- end -}} +{{- end -}} +{{- if not .skipB64enc }} +{{- $password = $password | b64enc }} +{{- end -}} +{{- if .skipQuote -}} +{{- printf "%s" $password -}} +{{- else -}} +{{- printf "%s" $password | quote -}} +{{- end -}} +{{- end -}} + +{{/* +Reuses the value from an existing secret, otherwise sets its value to a default value. + +Usage: +{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - context - Context - Required - Parent context. + +*/}} +{{- define "common.secrets.lookup" -}} +{{- $value := "" -}} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} +{{- if and $secretData (hasKey $secretData .key) -}} + {{- $value = index $secretData .key -}} +{{- else if .defaultValue -}} + {{- $value = .defaultValue | toString | b64enc -}} +{{- end -}} +{{- if $value -}} +{{- printf "%s" $value -}} +{{- end -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_storage.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_storage.tpl new file mode 100644 index 00000000..aa75856c --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_storage.tpl @@ -0,0 +1,21 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} +{{- $storageClass := (.global).storageClass | default .persistence.storageClass | default (.global).defaultStorageClass | default "" -}} +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else -}} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_tplvalues.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_tplvalues.tpl new file mode 100644 index 00000000..a04f4c1e --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,52 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template perhaps with scope if the scope is present. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} +*/}} +{{- define "common.tplvalues.render" -}} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl $value .context }} + {{- end }} +{{- else }} + {{- $value }} +{{- end }} +{{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with https://masterminds.github.io/sprig/dicts.html#mergeoverwrite-mustmergeoverwrite +Usage: +{{ include "common.tplvalues.merge-overwrite" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge-overwrite" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | mergeOverwrite $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_utils.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_utils.tpl new file mode 100644 index 00000000..d53c74aa --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_utils.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376). +Usage: +{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} +*/}} +{{- define "common.utils.checksumTemplate" -}} +{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}} +{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_warnings.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_warnings.tpl new file mode 100644 index 00000000..62c44dfc --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_warnings.tpl @@ -0,0 +1,109 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html +{{- end }} +{{- end -}} + +{{/* +Warning about replaced images from the original. +Usage: +{{ include "common.warnings.modifiedImages" (dict "images" (list .Values.path.to.the.imageRoot) "context" $) }} +*/}} +{{- define "common.warnings.modifiedImages" -}} +{{- $affectedImages := list -}} +{{- $printMessage := false -}} +{{- $originalImages := .context.Chart.Annotations.images -}} +{{- range .images -}} + {{- $fullImageName := printf (printf "%s/%s:%s" .registry .repository .tag) -}} + {{- if not (contains $fullImageName $originalImages) }} + {{- $affectedImages = append $affectedImages (printf "%s/%s:%s" .registry .repository .tag) -}} + {{- $printMessage = true -}} + {{- end -}} +{{- end -}} +{{- if $printMessage }} + +âš  SECURITY WARNING: Original containers have been substituted. This Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables. + +Substituted images detected: +{{- range $affectedImages }} + - {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Warning about not setting the resource object in all deployments. +Usage: +{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }} +Example: +{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }} +The list in the example assumes that the following values exist: + - csiProvider.provider.resources + - server.resources + - volumePermissions.resources + - resources +*/}} +{{- define "common.warnings.resources" -}} +{{- $values := .context.Values -}} +{{- $printMessage := false -}} +{{ $affectedSections := list -}} +{{- range .sections -}} + {{- if eq . "" -}} + {{/* Case where the resources section is at the root (one main deployment in the chart) */}} + {{- if not (index $values "resources") -}} + {{- $affectedSections = append $affectedSections "resources" -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else -}} + {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}} + {{- $keys := split "." . -}} + {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}} + {{- $section := $values -}} + {{- range $keys -}} + {{- $section = index $section . -}} + {{- end -}} + {{- if not (index $section "resources") -}} + {{/* If the section has enabled=false or replicaCount=0, do not include it */}} + {{- if and (hasKey $section "enabled") -}} + {{- if index $section "enabled" -}} + {{/* enabled=true */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else if and (hasKey $section "replicaCount") -}} + {{/* We need a casting to int because number 0 is not treated as an int by default */}} + {{- if (gt (index $section "replicaCount" | int) 0) -}} + {{/* replicaCount > 0 */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else -}} + {{/* Default case, add it to the affected sections */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- if $printMessage }} + +WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs: +{{- range $affectedSections }} + - {{ . }} +{{- end }} ++info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +{{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_cassandra.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 00000000..f8fd213b --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,51 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mariadb.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 00000000..6ea8c0f4 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mongodb.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 00000000..e678a6de --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,67 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mysql.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mysql.tpl new file mode 100644 index 00000000..fbb65c33 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mysql.tpl @@ -0,0 +1,67 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mysql. + +Usage: +{{ include "common.mysql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mysql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mysql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.key.auth" -}} + {{- if .subchart -}} + mysql.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_postgresql.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 00000000..51d47162 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,105 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_redis.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_redis.tpl new file mode 100644 index 00000000..9fedfef9 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,48 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + + +{{/* vim: set filetype=mustache: */}} +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_validations.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_validations.tpl new file mode 100644 index 00000000..7cdee617 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,51 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/values.yaml b/applications/n8n/charts/n8n/charts/valkey/charts/common/values.yaml new file mode 100644 index 00000000..de2cac57 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/charts/common/values.yaml @@ -0,0 +1,8 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/NOTES.txt b/applications/n8n/charts/n8n/charts/valkey/templates/NOTES.txt new file mode 100644 index 00000000..9050390b --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/NOTES.txt @@ -0,0 +1,214 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami for more information. + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ include "common.names.namespace" . }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + +For Valkey: + + /opt/bitnami/scripts/valkey/entrypoint.sh /opt/bitnami/scripts/valkey/run.sh + +{{- if .Values.sentinel.enabled }} + +For Valkey Sentinel: + + /opt/bitnami/scripts/valkey-sentinel/entrypoint.sh /opt/bitnami/scripts/valkey-sentinel/run.sh + +{{- end }} +{{- else }} + +{{- if contains .Values.primary.service.type "LoadBalancer" }} +{{- if not .Values.auth.enabled }} +{{ if and (not .Values.networkPolicy.enabled) (.Values.networkPolicy.allowExternal) }} + +------------------------------------------------------------------------------- + WARNING + + By specifying "primary.service.type=LoadBalancer" and "auth.enabled=false" you have + most likely exposed the Valkey service externally without any authentication + mechanism. + + For security reasons, we strongly suggest that you switch to "ClusterIP" or + "NodePort". As alternative, you can also switch to "auth.enabled=true" + providing a valid password on "password" parameter. + +------------------------------------------------------------------------------- +{{- end }} +{{- end }} +{{- end }} + +{{- if and .Values.auth.usePasswordFiles (not .Values.auth.usePasswordFileFromSecret) (or (empty .Values.primary.initContainers) (empty .Values.replica.initContainers)) }} + +------------------------------------------------------------------------------- + WARNING + + By specifying ".Values.auth.usePasswordFiles=true" and ".Values.auth.usePasswordFileFromSecret=false" + Valkey is expecting that the password is mounted as a file in each pod + (by default in /opt/bitnami/valkey/secrets/valkey-password) + + Ensure that you specify the respective initContainers in + both .Values.primary.initContainers and .Values.replica.initContainers + in order to populate the contents of this file. + +------------------------------------------------------------------------------- +{{- end }} + +{{- if eq .Values.architecture "replication" }} +{{- if .Values.sentinel.enabled }} + +Valkey can be accessed via port {{ .Values.sentinel.service.ports.valkey }} on the following DNS name from within your cluster: + + {{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} for read only operations + +For read/write operations, first access the Valkey Sentinel cluster, which is available in port {{ .Values.sentinel.service.ports.sentinel }} using the same domain name above. + +{{- else }} + +Valkey can be accessed on the following DNS names from within your cluster: + + {{ printf "%s-primary.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" . ) .Values.clusterDomain }} for read/write operations (port {{ .Values.primary.service.ports.valkey }}) + {{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" . ) .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.ports.valkey }}) + +{{- end }} +{{- else }} + +Valkey can be accessed via port {{ .Values.primary.service.ports.valkey }} on the following DNS name from within your cluster: + + {{ template "common.names.fullname" . }}-primary.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} + +{{- end }} + +{{ if .Values.auth.enabled }} + +To get your password run: + + export VALKEY_PASSWORD=$(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ include "valkey.secretName" . }} -o jsonpath="{.data.{{ include "valkey.secretPasswordKey" . }}}" | base64 -d) + +{{- end }} + +To connect to your Valkey server: + +1. Run a Valkey pod that you can use as a client: + + kubectl run --namespace {{ include "common.names.namespace" . }} valkey-client --restart='Never' {{ if .Values.auth.enabled }} --env VALKEY_PASSWORD=$VALKEY_PASSWORD {{ end }} --image {{ template "valkey.image" . }} --command -- sleep infinity + +{{- if .Values.tls.enabled }} + + Copy your TLS certificates to the pod: + + kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.cert valkey-client:/tmp/client.cert + kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.key valkey-client:/tmp/client.key + kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/CA.cert valkey-client:/tmp/CA.cert + +{{- end }} + + Use the following command to attach to the pod: + + kubectl exec --tty -i valkey-client \ + {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }} + --namespace {{ include "common.names.namespace" . }} -- bash + +2. Connect using the Valkey CLI: + +{{- if eq .Values.architecture "replication" }} + {{- if .Values.sentinel.enabled }} + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.ports.valkey }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Read only operations + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.ports.sentinel }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Sentinel access + {{- else }} + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h {{ printf "%s-primary" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h {{ printf "%s-replicas" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + {{- end }} +{{- else }} + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h {{ template "common.names.fullname" . }}-primary{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} +{{- end }} + +{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} + +Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to valkey. + +{{- else }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} +{{- if contains "NodePort" .Values.sentinel.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + +{{- else if contains "LoadBalancer" .Values.sentinel.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h $SERVICE_IP -p {{ .Values.sentinel.service.ports.valkey }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + +{{- else if contains "ClusterIP" .Values.sentinel.service.type }} + + kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.ports.valkey }}:{{ .Values.sentinel.service.ports.valkey }} & + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h 127.0.0.1 -p {{ .Values.sentinel.service.ports.valkey }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + +{{- end }} +{{- else }} +{{- if contains "NodePort" .Values.primary.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-primary" (include "common.names.fullname" .) }}) + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + +{{- else if contains "LoadBalancer" .Values.primary.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ printf "%s-primary" (include "common.names.fullname" .) }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h $SERVICE_IP -p {{ .Values.primary.service.ports.valkey }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + +{{- else if contains "ClusterIP" .Values.primary.service.type }} + + kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ printf "%s-primary" (include "common.names.fullname" .) }} {{ .Values.primary.service.ports.valkey }}:{{ .Values.primary.service.ports.valkey }} & + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h 127.0.0.1 -p {{ .Values.primary.service.ports.valkey }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + +{{- end }} +{{- end }} + +{{- end }} +{{- end }} +{{- include "valkey.checkRollingTags" . }} +{{- include "valkey.validateValues" . }} + +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Release.IsUpgrade ) }} +{{- if $.Values.sentinel.service.nodePorts.sentinel }} +No need to upgrade, ports and nodeports have been set from values +{{- else }} +#!#!#!#!#!#!#!# IMPORTANT #!#!#!#!#!#!#!# +YOU NEED TO PERFORM AN UPGRADE FOR THE SERVICES AND WORKLOAD TO BE CREATED +{{- end }} +{{- end }} +{{- $resourceSections := list "metrics" "replica" "sentinel" "volumePermissions" }} +{{- if not (and (eq .Values.architecture "replication") .Values.sentinel.enabled) }} + {{- $resourceSections = append $resourceSections "primary" -}} +{{- end }} +{{- include "common.warnings.resources" (dict "sections" $resourceSections "context" $) }} +{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.kubectl.image) "context" $) }} +{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.kubectl.image) "context" $) }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/_helpers.tpl b/applications/n8n/charts/n8n/charts/valkey/templates/_helpers.tpl new file mode 100644 index 00000000..03598f72 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/_helpers.tpl @@ -0,0 +1,298 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the proper Valkey image name +*/}} +{{- define "valkey.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Valkey Sentinel image name +*/}} +{{- define "valkey.sentinel.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.sentinel.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the metrics image) +*/}} +{{- define "valkey.metrics.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "valkey.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return kubectl image +*/}} +{{- define "valkey.kubectl.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.kubectl.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "valkey.imagePullSecrets" -}} +{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image) "context" $) -}} +{{- end -}} + +{{/* +Return the appropriate apiGroup for PodSecurityPolicy. +*/}} +{{- define "podSecurityPolicy.apiGroup" -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "policy" -}} +{{- else -}} +{{- print "extensions" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS secret object should be created +*/}} +{{- define "valkey.createTlsSecret" -}} +{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret containing Valkey TLS certificates +*/}} +{{- define "valkey.tlsSecretName" -}} +{{- if .Values.tls.existingSecret -}} + {{- printf "%s" (tpl .Values.tls.existingSecret $) -}} +{{- else -}} + {{- printf "%s-crt" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert file. +*/}} +{{- define "valkey.tlsCert" -}} +{{- if (include "valkey.createTlsSecret" . ) -}} + {{- printf "/opt/bitnami/valkey/certs/%s" "tls.crt" -}} +{{- else -}} + {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/valkey/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert key file. +*/}} +{{- define "valkey.tlsCertKey" -}} +{{- if (include "valkey.createTlsSecret" . ) -}} + {{- printf "/opt/bitnami/valkey/certs/%s" "tls.key" -}} +{{- else -}} + {{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/valkey/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "valkey.tlsCACert" -}} +{{- if (include "valkey.createTlsSecret" . ) -}} + {{- printf "/opt/bitnami/valkey/certs/%s" "ca.crt" -}} +{{- else -}} + {{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/valkey/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the DH params file. +*/}} +{{- define "valkey.tlsDHParams" -}} +{{- if .Values.tls.dhParamsFilename -}} +{{- printf "/opt/bitnami/valkey/certs/%s" .Values.tls.dhParamsFilename -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the shared service account to use +*/}} +{{- define "valkey.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the primary service account to use +*/}} +{{- define "valkey.primaryServiceAccountName" -}} +{{- if .Values.primary.serviceAccount.create -}} + {{ default (printf "%s-primary" (include "common.names.fullname" .)) .Values.primary.serviceAccount.name }} +{{- else -}} + {{- if .Values.serviceAccount.create -}} + {{ template "valkey.serviceAccountName" . }} + {{- else -}} + {{ default "default" .Values.primary.serviceAccount.name }} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the replicas service account to use +*/}} +{{- define "valkey.replicaServiceAccountName" -}} +{{- if .Values.replica.serviceAccount.create -}} + {{ default (printf "%s-replica" (include "common.names.fullname" .)) .Values.replica.serviceAccount.name }} +{{- else -}} + {{- if .Values.serviceAccount.create -}} + {{ template "valkey.serviceAccountName" . }} + {{- else -}} + {{ default "default" .Values.replica.serviceAccount.name }} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configuration configmap name +*/}} +{{- define "valkey.configmapName" -}} +{{- if .Values.existingConfigmap -}} + {{- print (tpl .Values.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-configuration" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created +*/}} +{{- define "valkey.createConfigmap" -}} +{{- if empty .Values.existingConfigmap }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "valkey.secretName" -}} +{{- if .Values.auth.existingSecret -}} +{{- print (tpl .Values.auth.existingSecret $) -}} +{{- else -}} +{{- print (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password key to be retrieved from Valkey secret. +*/}} +{{- define "valkey.secretPasswordKey" -}} +{{- if and .Values.auth.existingSecret .Values.auth.existingSecretPasswordKey -}} +{{- print (tpl .Values.auth.existingSecretPasswordKey $) -}} +{{- else -}} +{{- print "valkey-password" -}} +{{- end -}} +{{- end -}} + +{{/* Check if there are rolling tags in the images */}} +{{- define "valkey.checkRollingTags" -}} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.sentinel.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "valkey.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "valkey.validateValues.topologySpreadConstraints" .) -}} +{{- $messages := append $messages (include "valkey.validateValues.architecture" .) -}} +{{- $messages := append $messages (include "valkey.validateValues.podSecurityPolicy.create" .) -}} +{{- $messages := append $messages (include "valkey.validateValues.tls" .) -}} +{{- $messages := append $messages (include "valkey.validateValues.createPrimary" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of Valkey - spreadConstrainsts K8s version */}} +{{- define "valkey.validateValues.topologySpreadConstraints" -}} +{{- if and (semverCompare "<1.16-0" .Capabilities.KubeVersion.GitVersion) .Values.replica.topologySpreadConstraints -}} +valkey: topologySpreadConstraints + Pod Topology Spread Constraints are only available on K8s >= 1.16 + Find more information at https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +{{- end -}} +{{- end -}} + +{{/* Validate values of Valkey - must provide a valid architecture */}} +{{- define "valkey.validateValues.architecture" -}} +{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replication") -}} +valkey: architecture + Invalid architecture selected. Valid values are "standalone" and + "replication". Please set a valid architecture (--set architecture="xxxx") +{{- end -}} +{{- if and .Values.sentinel.enabled (not (eq .Values.architecture "replication")) }} +valkey: architecture + Using valkey sentinel on standalone mode is not supported. + To deploy valkey sentinel, please select the "replication" mode + (--set "architecture=replication,sentinel.enabled=true") +{{- end -}} +{{- end -}} + +{{/* Validate values of Valkey - PodSecurityPolicy create */}} +{{- define "valkey.validateValues.podSecurityPolicy.create" -}} +{{- if and .Values.podSecurityPolicy.create (not .Values.podSecurityPolicy.enabled) }} +valkey: podSecurityPolicy.create + In order to create PodSecurityPolicy, you also need to enable + podSecurityPolicy.enabled field +{{- end -}} +{{- end -}} + +{{/* Validate values of Valkey - TLS enabled */}} +{{- define "valkey.validateValues.tls" -}} +{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) }} +valkey: tls.enabled + In order to enable TLS, you also need to provide + an existing secret containing the TLS certificates or + enable auto-generated certificates. +{{- end -}} +{{- end -}} + +{{/* Validate values of Valkey - primary service enabled */}} +{{- define "valkey.validateValues.createPrimary" -}} +{{- if and .Values.sentinel.service.createPrimary (or (not .Values.rbac.create) (not .Values.replica.automountServiceAccountToken) (not .Values.serviceAccount.create)) }} +valkey: sentinel.service.createPrimary + In order to redirect requests only to the primary pod via the service, you also need to + create rbac and serviceAccount. In addition, you need to enable + replica.automountServiceAccountToken. +{{- end -}} +{{- end -}} + +{{/* Define the suffix utilized for external-dns */}} +{{- define "valkey.externalDNS.suffix" -}} +{{ printf "%s.%s" (include "common.names.fullname" .) .Values.useExternalDNS.suffix }} +{{- end -}} + +{{/* Compile all annotations utilized for external-dns */}} +{{- define "valkey.externalDNS.annotations" -}} +{{- if and .Values.useExternalDNS.enabled .Values.useExternalDNS.annotationKey }} +{{ .Values.useExternalDNS.annotationKey }}hostname: {{ include "valkey.externalDNS.suffix" . }} +{{- range $key, $val := .Values.useExternalDNS.additionalAnnotations }} +{{ $.Values.useExternalDNS.annotationKey }}{{ $key }}: {{ $val | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/configmap.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/configmap.yaml new file mode 100644 index 00000000..ec37c7ef --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/configmap.yaml @@ -0,0 +1,65 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "valkey.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-configuration" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + valkey.conf: |- + # User-supplied common configuration: + {{- if .Values.commonConfiguration }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonConfiguration "context" $ ) | nindent 4 }} + {{- end }} + # End of common configuration + primary.conf: |- + dir {{ .Values.primary.persistence.path }} + # User-supplied primary configuration: + {{- if .Values.primary.configuration }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.configuration "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.disableCommands }} + {{- range .Values.primary.disableCommands }} + rename-command {{ . }} "" + {{- end }} + {{- end }} + # End of primary configuration + replica.conf: |- + dir {{ .Values.replica.persistence.path }} + # User-supplied replica configuration: + {{- if .Values.replica.configuration }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.configuration "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.replica.disableCommands }} + {{- range .Values.replica.disableCommands }} + rename-command {{ . }} "" + {{- end }} + {{- end }} + # End of replica configuration + {{- if .Values.sentinel.enabled }} + sentinel.conf: |- + dir "/tmp" + port {{ .Values.sentinel.containerPorts.sentinel }} + sentinel monitor {{ .Values.sentinel.primarySet }} {{ template "common.names.fullname" . }}-node-0.{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} {{ .Values.sentinel.service.ports.valkey }} {{ .Values.sentinel.quorum }} + sentinel down-after-milliseconds {{ .Values.sentinel.primarySet }} {{ .Values.sentinel.downAfterMilliseconds }} + sentinel failover-timeout {{ .Values.sentinel.primarySet }} {{ .Values.sentinel.failoverTimeout }} + sentinel parallel-syncs {{ .Values.sentinel.primarySet }} {{ .Values.sentinel.parallelSyncs }} + {{- if .Values.sentinel.service.createPrimary}} + sentinel client-reconfig-script {{ .Values.sentinel.primarySet }} /opt/bitnami/scripts/start-scripts/push-primary-label.sh + {{- end }} + # User-supplied sentinel configuration: + {{- if .Values.sentinel.configuration }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.configuration "context" $ ) | nindent 4 }} + {{- end }} + # End of sentinel configuration + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/extra-list.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/extra-list.yaml new file mode 100644 index 00000000..329f5c65 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/extra-list.yaml @@ -0,0 +1,9 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/headless-svc.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/headless-svc.yaml new file mode 100644 index 00000000..16be9aa1 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/headless-svc.yaml @@ -0,0 +1,36 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-headless" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations (include "valkey.externalDNS.annotations" .) }} + annotations: + {{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} + {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} + {{- include "valkey.externalDNS.annotations" . | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + {{- if .Values.sentinel.enabled }} + publishNotReadyAddresses: true + {{- end }} + ports: + - name: tcp-redis + port: {{ if .Values.sentinel.enabled }}{{ .Values.replica.containerPorts.valkey }}{{ else }} {{ .Values.primary.containerPorts.valkey }}{{ end }} + targetPort: redis + {{- if .Values.sentinel.enabled }} + - name: tcp-sentinel + port: {{ .Values.sentinel.containerPorts.sentinel }} + targetPort: valkey-sentinel + {{- end }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/health-configmap.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/health-configmap.yaml new file mode 100644 index 00000000..4a8886c0 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/health-configmap.yaml @@ -0,0 +1,194 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-health" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + ping_readiness_local.sh: |- + #!/bin/bash + + [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")" + [[ -n "$VALKEY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PASSWORD" + response=$( + timeout -s 15 $1 \ + valkey-cli \ + -h localhost \ + {{- if .Values.tls.enabled }} + -p $VALKEY_TLS_PORT \ + --tls \ + --cacert {{ template "valkey.tlsCACert" . }} \ + {{- if .Values.tls.authClients }} + --cert {{ template "valkey.tlsCert" . }} \ + --key {{ template "valkey.tlsCertKey" . }} \ + {{- end }} + {{- else }} + -p $VALKEY_PORT \ + {{- end }} + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_local.sh: |- + #!/bin/bash + + [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")" + [[ -n "$VALKEY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PASSWORD" + response=$( + timeout -s 15 $1 \ + valkey-cli \ + -h localhost \ + {{- if .Values.tls.enabled }} + -p $VALKEY_TLS_PORT \ + --tls \ + --cacert {{ template "valkey.tlsCACert" . }} \ + {{- if .Values.tls.authClients }} + --cert {{ template "valkey.tlsCert" . }} \ + --key {{ template "valkey.tlsCertKey" . }} \ + {{- end }} + {{- else }} + -p $VALKEY_PORT \ + {{- end }} + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then + echo "$response" + exit 1 + fi +{{- if .Values.sentinel.enabled }} + ping_sentinel.sh: |- + #!/bin/bash + + {{- if .Values.auth.sentinel }} + [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")" + [[ -n "$VALKEY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PASSWORD" + {{- end }} + response=$( + timeout -s 15 $1 \ + valkey-cli \ + -h localhost \ + {{- if .Values.tls.enabled }} + -p $VALKEY_SENTINEL_TLS_PORT_NUMBER \ + --tls \ + --cacert "$VALKEY_SENTINEL_TLS_CA_FILE" \ + {{- if .Values.tls.authClients }} + --cert "$VALKEY_SENTINEL_TLS_CERT_FILE" \ + --key "$VALKEY_SENTINEL_TLS_KEY_FILE" \ + {{- end }} + {{- else }} + -p $VALKEY_SENTINEL_PORT \ + {{- end }} + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + parse_sentinels.awk: |- + /ip/ {FOUND_IP=1} + /port/ {FOUND_PORT=1} + /runid/ {FOUND_RUNID=1} + !/ip|port|runid/ { + if (FOUND_IP==1) { + IP=$1; FOUND_IP=0; + } + else if (FOUND_PORT==1) { + PORT=$1; + FOUND_PORT=0; + } else if (FOUND_RUNID==1) { + printf "\nsentinel known-sentinel {{ .Values.sentinel.primarySet }} %s %s %s", IP, PORT, $0; FOUND_RUNID=0; + } + } +{{- end }} + ping_readiness_primary.sh: |- + #!/bin/bash + + [[ -f $VALKEY_PRIMARY_PASSWORD_FILE ]] && export VALKEY_PRIMARY_PASSWORD="$(< "${VALKEY_PRIMARY_PASSWORD_FILE}")" + [[ -n "$VALKEY_PRIMARY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PRIMARY_PASSWORD" + response=$( + timeout -s 15 $1 \ + valkey-cli \ + -h $VALKEY_PRIMARY_HOST \ + -p $VALKEY_PRIMARY_PORT_NUMBER \ + {{- if .Values.tls.enabled }} + --tls \ + --cacert {{ template "valkey.tlsCACert" . }} \ + {{- if .Values.tls.authClients }} + --cert {{ template "valkey.tlsCert" . }} \ + --key {{ template "valkey.tlsCertKey" . }} \ + {{- end }} + {{- end }} + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_primary.sh: |- + #!/bin/bash + + [[ -f $VALKEY_PRIMARY_PASSWORD_FILE ]] && export VALKEY_PRIMARY_PASSWORD="$(< "${VALKEY_PRIMARY_PASSWORD_FILE}")" + [[ -n "$VALKEY_PRIMARY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PRIMARY_PASSWORD" + response=$( + timeout -s 15 $1 \ + valkey-cli \ + -h $VALKEY_PRIMARY_HOST \ + -p $VALKEY_PRIMARY_PORT_NUMBER \ + {{- if .Values.tls.enabled }} + --tls \ + --cacert {{ template "valkey.tlsCACert" . }} \ + {{- if .Values.tls.authClients }} + --cert {{ template "valkey.tlsCert" . }} \ + --key {{ template "valkey.tlsCertKey" . }} \ + {{- end }} + {{- end }} + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then + echo "$response" + exit 1 + fi + ping_readiness_local_and_primary.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? + "$script_dir/ping_readiness_primary.sh" $1 || exit_status=$? + exit $exit_status + ping_liveness_local_and_primary.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? + "$script_dir/ping_liveness_primary.sh" $1 || exit_status=$? + exit $exit_status diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/metrics-svc.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/metrics-svc.yaml new file mode 100644 index 00000000..84721832 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/metrics-svc.yaml @@ -0,0 +1,45 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: valkey + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.metrics.service.type }} + {{- if and .Values.metrics.service.clusterIP (eq .Values.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} + {{- if eq .Values.metrics.service.type "LoadBalancer" }} + externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy }} + {{- end }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerClass }} + loadBalancerClass: {{ .Values.metrics.service.loadBalancerClass }} + {{- end }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.metrics.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.service.ports.http }} + protocol: TCP + targetPort: metrics + {{- if .Values.metrics.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/networkpolicy.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/networkpolicy.yaml new file mode 100644 index 00000000..56a73c10 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/networkpolicy.yaml @@ -0,0 +1,109 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + {{- if eq .Values.architecture "replication" }} + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + # Allow outbound connections to other cluster pods + - ports: + - port: {{ .Values.primary.containerPorts.valkey }} + {{- if .Values.sentinel.enabled }} + - port: {{ .Values.sentinel.containerPorts.sentinel }} + {{- end }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.primary.containerPorts.valkey }} + {{- if .Values.sentinel.enabled }} + - port: {{ .Values.sentinel.containerPorts.sentinel }} + {{- end }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if or .Values.networkPolicy.ingressNSMatchLabels .Values.networkPolicy.ingressNSPodMatchLabels }} + - namespaceSelector: + matchLabels: + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{ else }} + {} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.metrics.enabled }} + # Allow prometheus scrapes for metrics + - ports: + - port: {{ .Values.metrics.containerPorts.http }} + {{- if not .Values.networkPolicy.metrics.allowExternal }} + from: + {{- if or .Values.networkPolicy.metrics.ingressNSMatchLabels .Values.networkPolicy.metrics.ingressNSPodMatchLabels }} + - namespaceSelector: + matchLabels: + {{- if .Values.networkPolicy.metrics.ingressNSMatchLabels }} + {{- range $key, $value := .Values.networkPolicy.metrics.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{ else }} + {} + {{- end }} + {{- if .Values.networkPolicy.metrics.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.metrics.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/podmonitor.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/podmonitor.yaml new file mode 100644 index 00000000..1e7d4143 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/podmonitor.yaml @@ -0,0 +1,82 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.podMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if .Values.metrics.podMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podMetricsEndpoints: + - port: {{ .Values.metrics.podMonitor.port }} + {{- if .Values.metrics.podMonitor.interval }} + interval: {{ .Values.metrics.podMonitor.interval }} + {{- end }} + {{- if .Values.metrics.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.podMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.podMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.podMonitor.honorLabels }} + {{- end }} + {{- with .Values.metrics.podMonitor.relabelings }} + relabelings: {{- toYaml . | nindent 6 }} + {{- end }} + {{- if .Values.metrics.podMonitor.metricRelabelings }} + metricRelabelings: {{- toYaml .Values.metrics.podMonitor.metricRelabelings | nindent 6 }} + {{- end }} + {{- range .Values.metrics.podMonitor.additionalEndpoints }} + - port: {{ .port }} + {{- if .interval }} + interval: {{ .interval }} + {{- end }} + {{- if .path }} + path: {{ .path }} + {{- end }} + {{- if .honorLabels }} + honorLabels: {{ .honorLabels }} + {{- end }} + {{- with .relabelings }} + relabelings: {{- toYaml . | nindent 6 }} + {{- end }} + {{- if .metricRelabelings }} + metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }} + {{- end }} + {{- if .scrapeTimeout }} + scrapeTimeout: {{ .scrapeTimeout }} + {{- end }} + {{- if .params }} + params: + {{- range $key, $value := .params }} + {{ $key }}: + {{- range $value }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.podTargetLabels }} + podTargetLabels: {{- toYaml .Values.metrics.podMonitor.podTargetLabels | nindent 4 }} + {{- end }} + {{- with .Values.metrics.podMonitor.sampleLimit -}} + sampleLimit: {{ . }} + {{- end }} + {{- with .Values.metrics.podMonitor.targetLimit -}} + targetLimit: {{ . }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/primary/application.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/primary/application.yaml new file mode 100644 index 00000000..5083c8e9 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/primary/application.yaml @@ -0,0 +1,520 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if or (eq .Values.primary.kind "DaemonSet") (gt (int64 .Values.primary.replicaCount) 0) -}} +{{- if or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: {{ .Values.primary.kind }} +metadata: + name: {{ printf "%s-primary" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: primary + app.kubernetes.io/part-of: valkey + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not (eq .Values.primary.kind "DaemonSet") }} + replicas: {{ .Values.primary.replicaCount }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: primary + {{- if (eq .Values.primary.kind "StatefulSet") }} + serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} + {{- end }} + {{- if .Values.primary.updateStrategy }} + {{- if (eq .Values.primary.kind "Deployment") }} + strategy: {{- toYaml .Values.primary.updateStrategy | nindent 4 }} + {{- else }} + updateStrategy: {{- toYaml .Values.primary.updateStrategy | nindent 4 }} + {{- end }} + {{- if and .Values.primary.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }} + minReadySeconds: {{ .Values.primary.minReadySeconds }} + {{- end }} + {{- end }} + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: primary + {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} + {{- end }} + annotations: + {{- if (include "valkey.createConfigmap" .) }} + checksum/configmap: {{ pick ( include (print $.Template.BasePath "/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} + {{- end }} + checksum/health: {{ pick ( include (print $.Template.BasePath "/health-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} + checksum/scripts: {{ pick ( include (print $.Template.BasePath "/scripts-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} + checksum/secret: {{ pick ( include (print $.Template.BasePath "/secret.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} + {{- if .Values.primary.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "valkey.imagePullSecrets" . | nindent 6 }} + {{- if .Values.primary.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.primary.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "valkey.primaryServiceAccountName" . }} + automountServiceAccountToken: {{ .Values.primary.automountServiceAccountToken }} + {{- if .Values.primary.priorityClassName }} + priorityClassName: {{ .Values.primary.priorityClassName | quote }} + {{- end }} + {{- if .Values.primary.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.primary.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.primary.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.primary.shareProcessNamespace }} + {{- end }} + {{- if .Values.primary.schedulerName }} + schedulerName: {{ .Values.primary.schedulerName | quote }} + {{- end }} + {{- if .Values.primary.dnsPolicy }} + dnsPolicy: {{ .Values.primary.dnsPolicy }} + {{- end }} + {{- if .Values.primary.dnsConfig }} + dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.primary.dnsConfig "context" $) | nindent 8 }} + {{- end }} + enableServiceLinks: {{ .Values.primary.enableServiceLinks }} + terminationGracePeriodSeconds: {{ .Values.primary.terminationGracePeriodSeconds }} + {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.primary.persistence.enabled .Values.primary.podSecurityContext.enabled .Values.primary.containerSecurityContext.enabled }} + {{- if or .Values.primary.initContainers $needsVolumePermissions }} + initContainers: + {{- if .Values.primary.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if $needsVolumePermissions }} + - name: volume-permissions + image: {{ include "valkey.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.primary.persistence.path }} + {{- else }} + chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} {{ .Values.primary.persistence.path }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: valkey-data + mountPath: {{ .Values.primary.persistence.path }} + {{- if .Values.primary.persistence.subPath }} + subPath: {{ .Values.primary.persistence.subPath }} + {{- else if .Values.primary.persistence.subPathExpr }} + subPathExpr: {{ .Values.primary.persistence.subPathExpr }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: valkey + image: {{ template "valkey.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.primary.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.primary.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.primary.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.primary.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.primary.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.primary.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.primary.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.primary.args "context" $) | nindent 12 }} + {{- else }} + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-primary.sh + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: VALKEY_REPLICATION_MODE + value: primary + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + {{- if .Values.auth.enabled }} + {{- if .Values.auth.usePasswordFiles }} + - name: VALKEY_PASSWORD_FILE + value: "/opt/bitnami/valkey/secrets/valkey-password" + {{- else }} + - name: VALKEY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "valkey.secretName" . }} + key: {{ template "valkey.secretPasswordKey" . }} + {{- end }} + {{- end }} + - name: VALKEY_TLS_ENABLED + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: VALKEY_TLS_PORT + value: {{ .Values.primary.containerPorts.valkey | quote }} + - name: VALKEY_TLS_AUTH_CLIENTS + value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} + - name: VALKEY_TLS_CERT_FILE + value: {{ template "valkey.tlsCert" . }} + - name: VALKEY_TLS_KEY_FILE + value: {{ template "valkey.tlsCertKey" . }} + - name: VALKEY_TLS_CA_FILE + value: {{ template "valkey.tlsCACert" . }} + {{- if .Values.tls.dhParamsFilename }} + - name: VALKEY_TLS_DH_PARAMS_FILE + value: {{ template "valkey.tlsDHParams" . }} + {{- end }} + {{- else }} + - name: VALKEY_PORT + value: {{ .Values.primary.containerPorts.valkey | quote }} + {{- end }} + {{- if .Values.primary.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.primary.extraEnvVarsCM .Values.primary.extraEnvVarsSecret }} + envFrom: + {{- if .Values.primary.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.primary.extraEnvVarsCM }} + {{- end }} + {{- if .Values.primary.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.primary.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: redis + containerPort: {{ .Values.primary.containerPorts.valkey }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.primary.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.primary.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: redis + {{- end }} + {{- if .Values.primary.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.primary.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.primary.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.primary.livenessProbe.periodSeconds }} + # One second longer than command timeout should prevent generation of zombie processes. + timeoutSeconds: {{ add1 .Values.primary.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.primary.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.primary.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh {{ .Values.primary.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.primary.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.primary.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.primary.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.primary.readinessProbe.periodSeconds }} + timeoutSeconds: {{ add1 .Values.primary.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.primary.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.primary.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh {{ .Values.primary.readinessProbe.timeoutSeconds }} + {{- end }} + {{- end }} + {{- if .Values.primary.resources }} + resources: {{- toYaml .Values.primary.resources | nindent 12 }} + {{- else if ne .Values.primary.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.primary.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} + - name: valkey-password + mountPath: /opt/bitnami/valkey/secrets/ + {{- end }} + - name: valkey-data + mountPath: {{ .Values.primary.persistence.path }} + {{- if .Values.primary.persistence.subPath }} + subPath: {{ .Values.primary.persistence.subPath }} + {{- else if .Values.primary.persistence.subPathExpr }} + subPathExpr: {{ .Values.primary.persistence.subPathExpr }} + {{- end }} + - name: config + mountPath: /opt/bitnami/valkey/mounted-etc + - name: empty-dir + mountPath: /opt/bitnami/valkey/etc/ + subPath: app-conf-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if .Values.tls.enabled }} + - name: valkey-certificates + mountPath: /opt/bitnami/valkey/certs + readOnly: true + {{- end }} + {{- if .Values.primary.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "valkey.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -c + - | + {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} + export REDIS_PASSWORD="$(< $REDIS_PASSWORD_FILE)" + {{- end }} + redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: REDIS_ALIAS + value: {{ template "common.names.fullname" . }} + - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS + value: {{ printf ":%v" .Values.metrics.containerPorts.http }} + {{- if .Values.auth.enabled }} + - name: REDIS_USER + value: default + {{- if .Values.auth.usePasswordFiles }} + - name: REDIS_PASSWORD_FILE + value: "/secrets/valkey-password" + {{- else }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "valkey.secretName" . }} + key: {{ template "valkey.secretPasswordKey" . }} + {{- end }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: REDIS_ADDR + value: valkeys://{{ .Values.metrics.valkeyTargetHost }}:{{ .Values.primary.containerPorts.valkey }} + {{- if .Values.tls.authClients }} + - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE + value: {{ template "valkey.tlsCertKey" . }} + - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE + value: {{ template "valkey.tlsCert" . }} + {{- end }} + - name: REDIS_EXPORTER_TLS_CA_CERT_FILE + value: {{ template "valkey.tlsCACert" . }} + {{- end }} + {{- if .Values.metrics.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPorts.http }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- else if ne .Values.metrics.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: app-tmp-dir + {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} + - name: valkey-password + mountPath: /secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: valkey-certificates + mountPath: /opt/bitnami/valkey/certs + readOnly: true + {{- end }} + {{- if .Values.metrics.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.primary.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: start-scripts + configMap: + name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} + defaultMode: 0755 + - name: health + configMap: + name: {{ printf "%s-health" (include "common.names.fullname" .) }} + defaultMode: 0755 + {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} + - name: valkey-password + {{ if .Values.auth.usePasswordFileFromSecret }} + secret: + secretName: {{ template "valkey.secretName" . }} + items: + - key: {{ template "valkey.secretPasswordKey" . }} + path: valkey-password + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: config + configMap: + name: {{ include "valkey.configmapName" . }} + - name: empty-dir + {{- if or .Values.primary.persistence.medium .Values.primary.persistence.sizeLimit }} + emptyDir: + {{- if .Values.primary.persistence.medium }} + medium: {{ .Values.primary.persistence.medium | quote }} + {{- end }} + {{- if .Values.primary.persistence.sizeLimit }} + sizeLimit: {{ .Values.primary.persistence.sizeLimit | quote }} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.tls.enabled }} + - name: valkey-certificates + secret: + secretName: {{ include "valkey.tlsSecretName" . }} + defaultMode: 256 + {{- end }} + {{- if .Values.primary.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if or (not .Values.primary.persistence.enabled) (eq .Values.primary.kind "DaemonSet") }} + - name: valkey-data + {{- if or .Values.primary.persistence.medium .Values.primary.persistence.sizeLimit }} + emptyDir: + {{- if .Values.primary.persistence.medium }} + medium: {{ .Values.primary.persistence.medium | quote }} + {{- end }} + {{- if .Values.primary.persistence.sizeLimit }} + sizeLimit: {{ .Values.primary.persistence.sizeLimit | quote }} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else if .Values.primary.persistence.existingClaim }} + - name: valkey-data + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.primary.persistence.existingClaim .) }} + {{- else if (eq .Values.primary.kind "Deployment") }} + - name: valkey-data + persistentVolumeClaim: + claimName: {{ printf "valkey-data-%s-primary" (include "common.names.fullname" .) }} + {{- else }} + {{- if .Values.primary.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.primary.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.primary.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: valkey-data + {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.persistence.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} + app.kubernetes.io/component: primary + {{- if .Values.primary.persistence.annotations }} + annotations: {{- toYaml .Values.primary.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.primary.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.primary.persistence.size | quote }} + {{- if .Values.primary.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.primary.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.primary.persistence "global" .Values.global) | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/primary/pdb.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/primary/pdb.yaml new file mode 100644 index 00000000..657668da --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/primary/pdb.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- $pdb := coalesce .Values.pdb .Values.primary.pdb }} +{{- if and $pdb.create (gt (int64 .Values.primary.count) 0) (or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled)) }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-primary" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if $pdb.minAvailable }} + minAvailable: {{ $pdb.minAvailable }} + {{- end }} + {{- if or $pdb.maxUnavailable (not $pdb.minAvailable)}} + maxUnavailable: {{ $pdb.maxUnavailable | default 1 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: primary +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/primary/psp.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/primary/psp.yaml new file mode 100644 index 00000000..8d9df8dc --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/primary/psp.yaml @@ -0,0 +1,48 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ printf "%s-primary" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.primary.podSecurityContext.fsGroup }} + max: {{ .Values.primary.podSecurityContext.fsGroup }} + hostIPC: false + hostNetwork: false + hostPID: false + privileged: false + readOnlyRootFilesystem: false + requiredDropCapabilities: + - ALL + runAsUser: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.primary.containerSecurityContext.runAsUser }} + max: {{ .Values.primary.containerSecurityContext.runAsUser }} + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.primary.containerSecurityContext.runAsUser }} + max: {{ .Values.primary.containerSecurityContext.runAsUser }} + volumes: + - 'configMap' + - 'secret' + - 'emptyDir' + - 'persistentVolumeClaim' +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/primary/pvc.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/primary/pvc.yaml new file mode 100644 index 00000000..df17fab0 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/primary/pvc.yaml @@ -0,0 +1,34 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (eq .Values.architecture "standalone") (eq .Values.primary.kind "Deployment") (.Values.primary.persistence.enabled) (not .Values.primary.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ printf "valkey-data-%s-primary" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.persistence.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: primary + app.kubernetes.io/part-of: valkey + {{- if .Values.primary.persistence.annotations }} + annotations: {{- toYaml .Values.primary.persistence.annotations | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.primary.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.primary.persistence.size | quote }} + {{- if .Values.primary.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.primary.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.dataSource "context" $) | nindent 4 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.primary.persistence "global" .Values.global) | nindent 2 }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/primary/service.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/primary/service.yaml new file mode 100644 index 00000000..2e87a1b7 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/primary/service.yaml @@ -0,0 +1,63 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (not .Values.sentinel.enabled) (gt (int64 .Values.primary.replicaCount) 0) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-primary" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: primary + app.kubernetes.io/part-of: valkey + {{- if or .Values.primary.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.primary.service.type }} + {{- if or (eq .Values.primary.service.type "LoadBalancer") (eq .Values.primary.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if (semverCompare ">=1.22-0" (include "common.capabilities.kubeVersion" .)) }} + internalTrafficPolicy: {{ .Values.primary.service.internalTrafficPolicy }} + {{- end }} + {{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.primary.service.type "LoadBalancer") .Values.primary.service.loadBalancerClass }} + loadBalancerClass: {{ .Values.primary.service.loadBalancerClass }} + {{- end }} + {{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ toYaml .Values.primary.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if and .Values.primary.service.clusterIP (eq .Values.primary.service.type "ClusterIP") }} + clusterIP: {{ .Values.primary.service.clusterIP }} + {{- end }} + {{- if .Values.primary.service.sessionAffinity }} + sessionAffinity: {{ .Values.primary.service.sessionAffinity }} + {{- end }} + {{- if .Values.primary.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.primary.service.externalIPs }} + externalIPs: {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.externalIPs "context" $) | nindent 4 }} + {{- end }} + ports: + - name: tcp-redis + port: {{ .Values.primary.service.ports.valkey }} + targetPort: redis + {{- if and (or (eq .Values.primary.service.type "NodePort") (eq .Values.primary.service.type "LoadBalancer")) .Values.primary.service.nodePorts.valkey}} + nodePort: {{ .Values.primary.service.nodePorts.valkey}} + {{- else if eq .Values.primary.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.primary.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: primary +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/primary/serviceaccount.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/primary/serviceaccount.yaml new file mode 100644 index 00000000..5fe059fd --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/primary/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.primary.serviceAccount.create (or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled)) }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.primary.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ template "valkey.primaryServiceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if or .Values.primary.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/prometheusrule.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/prometheusrule.yaml new file mode 100644 index 00000000..c7b320b7 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/prometheusrule.yaml @@ -0,0 +1,24 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "common.names.fullname" . }} + rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/application.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/application.yaml new file mode 100644 index 00000000..b244d5fc --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/application.yaml @@ -0,0 +1,535 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: {{ .Values.replica.kind }} +metadata: + name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: replica + app.kubernetes.io/part-of: valkey + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if and (not (eq .Values.replica.kind "DaemonSet")) (not .Values.replica.autoscaling.enabled) }} + replicas: {{ .Values.replica.replicaCount }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: replica + {{- if (eq .Values.replica.kind "StatefulSet") }} + serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} + {{- end }} + {{- if .Values.replica.updateStrategy }} + updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }} + {{- end }} + {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }} + minReadySeconds: {{ .Values.replica.minReadySeconds }} + {{- end }} + {{- if .Values.replica.podManagementPolicy }} + podManagementPolicy: {{ .Values.replica.podManagementPolicy | quote }} + {{- end }} + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: replica + {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} + {{- end }} + annotations: + {{- if (include "valkey.createConfigmap" .) }} + checksum/configmap: {{ pick ( include (print $.Template.BasePath "/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} + {{- end }} + checksum/health: {{ pick ( include (print $.Template.BasePath "/health-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} + checksum/scripts: {{ pick ( include (print $.Template.BasePath "/scripts-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} + checksum/secret: {{ pick ( include (print $.Template.BasePath "/secret.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} + {{- if .Values.replica.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "valkey.imagePullSecrets" . | nindent 6 }} + {{- if .Values.replica.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "valkey.replicaServiceAccountName" . }} + automountServiceAccountToken: {{ .Values.replica.automountServiceAccountToken }} + {{- if .Values.replica.priorityClassName }} + priorityClassName: {{ .Values.replica.priorityClassName | quote }} + {{- end }} + {{- if .Values.replica.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "replica" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "replica" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.replica.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }} + {{- end }} + {{- if .Values.replica.schedulerName }} + schedulerName: {{ .Values.replica.schedulerName | quote }} + {{- end }} + {{- if .Values.replica.dnsPolicy }} + dnsPolicy: {{ .Values.replica.dnsPolicy }} + {{- end }} + {{- if .Values.replica.dnsConfig }} + dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.dnsConfig "context" $) | nindent 8 }} + {{- end }} + enableServiceLinks: {{ .Values.replica.enableServiceLinks }} + terminationGracePeriodSeconds: {{ .Values.replica.terminationGracePeriodSeconds }} + {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }} + {{- if or .Values.replica.initContainers $needsVolumePermissions }} + initContainers: + {{- if .Values.replica.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if $needsVolumePermissions }} + - name: volume-permissions + image: {{ include "valkey.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }} + {{- else }} + chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: valkey-data + mountPath: {{ .Values.replica.persistence.path }} + {{- if .Values.replica.persistence.subPath }} + subPath: {{ .Values.replica.persistence.subPath }} + {{- else if .Values.replica.persistence.subPathExpr }} + subPathExpr: {{ .Values.replica.persistence.subPathExpr }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: valkey + image: {{ template "valkey.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.replica.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.replica.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.replica.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.replica.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }} + {{- else }} + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-replica.sh + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: VALKEY_REPLICATION_MODE + value: replica + - name: VALKEY_PRIMARY_HOST + {{- if .Values.replica.externalPrimary.enabled }} + value: {{ .Values.replica.externalPrimary.host | quote }} + {{- else if and (eq (int64 .Values.primary.replicaCount) 1) (eq .Values.primary.kind "StatefulSet") }} + value: {{ template "common.names.fullname" . }}-primary-0.{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} + {{- else }} + value: {{ template "common.names.fullname" . }}-primary.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} + {{- end }} + - name: VALKEY_PRIMARY_PORT_NUMBER + {{- if .Values.replica.externalPrimary.enabled }} + value: {{ .Values.replica.externalPrimary.port | quote }} + {{- else }} + value: {{ .Values.primary.containerPorts.valkey | quote }} + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + {{- if .Values.auth.enabled }} + {{- if .Values.auth.usePasswordFiles }} + - name: VALKEY_PASSWORD_FILE + value: "/opt/bitnami/valkey/secrets/valkey-password" + - name: VALKEY_PRIMARY_PASSWORD_FILE + value: "/opt/bitnami/valkey/secrets/valkey-password" + {{- else }} + - name: VALKEY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "valkey.secretName" . }} + key: {{ template "valkey.secretPasswordKey" . }} + - name: VALKEY_PRIMARY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "valkey.secretName" . }} + key: {{ template "valkey.secretPasswordKey" . }} + {{- end }} + {{- end }} + - name: VALKEY_TLS_ENABLED + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: VALKEY_TLS_PORT + value: {{ .Values.replica.containerPorts.valkey | quote }} + - name: VALKEY_TLS_AUTH_CLIENTS + value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} + - name: VALKEY_TLS_CERT_FILE + value: {{ template "valkey.tlsCert" . }} + - name: VALKEY_TLS_KEY_FILE + value: {{ template "valkey.tlsCertKey" . }} + - name: VALKEY_TLS_CA_FILE + value: {{ template "valkey.tlsCACert" . }} + {{- if .Values.tls.dhParamsFilename }} + - name: VALKEY_TLS_DH_PARAMS_FILE + value: {{ template "valkey.tlsDHParams" . }} + {{- end }} + {{- else }} + - name: VALKEY_PORT + value: {{ .Values.replica.containerPorts.valkey | quote }} + {{- end }} + {{- if .Values.replica.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.replica.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }} + envFrom: + {{- if .Values.replica.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.replica.extraEnvVarsCM }} + {{- end }} + {{- if .Values.replica.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.replica.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: redis + containerPort: {{ .Values.replica.containerPorts.valkey }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.replica.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.replica.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.replica.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: redis + {{- end }} + {{- if .Values.replica.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.replica.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }} + timeoutSeconds: {{ add1 .Values.replica.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.replica.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_liveness_local_and_primary.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.replica.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.replica.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }} + timeoutSeconds: {{ add1 .Values.replica.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.replica.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_readiness_local_and_primary.sh {{ .Values.replica.readinessProbe.timeoutSeconds }} + {{- end }} + {{- end }} + {{- if .Values.replica.resources }} + resources: {{- toYaml .Values.replica.resources | nindent 12 }} + {{- else if ne .Values.replica.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.replica.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} + - name: valkey-password + mountPath: /opt/bitnami/valkey/secrets/ + {{- end }} + - name: valkey-data + mountPath: /data + {{- if .Values.replica.persistence.subPath }} + subPath: {{ .Values.replica.persistence.subPath }} + {{- else if .Values.replica.persistence.subPathExpr }} + subPathExpr: {{ .Values.replica.persistence.subPathExpr }} + {{- end }} + - name: config + mountPath: /opt/bitnami/valkey/mounted-etc + - name: empty-dir + mountPath: /opt/bitnami/valkey/etc + subPath: app-conf-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if .Values.tls.enabled }} + - name: valkey-certificates + mountPath: /opt/bitnami/valkey/certs + readOnly: true + {{- end }} + {{- if .Values.replica.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "valkey.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -c + - | + {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} + export REDIS_PASSWORD="$(< $REDIS_PASSWORD_FILE)" + {{- end }} + redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: REDIS_ALIAS + value: {{ template "common.names.fullname" . }} + - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS + value: {{ printf ":%v" .Values.metrics.containerPorts.http }} + {{- if .Values.auth.enabled }} + - name: REDIS_USER + value: default + {{- if .Values.auth.usePasswordFiles }} + - name: REDIS_PASSWORD_FILE + value: "/secrets/valkey-password" + {{- else }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "valkey.secretName" . }} + key: {{ template "valkey.secretPasswordKey" . }} + {{- end }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: REDIS_ADDR + value: valkeys://{{ .Values.metrics.valkeyTargetHost }}:{{ .Values.replica.containerPorts.valkey }} + {{- if .Values.tls.authClients }} + - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE + value: {{ template "valkey.tlsCertKey" . }} + - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE + value: {{ template "valkey.tlsCert" . }} + {{- end }} + - name: REDIS_EXPORTER_TLS_CA_CERT_FILE + value: {{ template "valkey.tlsCACert" . }} + {{- end }} + {{- if .Values.metrics.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPorts.http }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- else if ne .Values.metrics.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} + - name: valkey-password + mountPath: /secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: valkey-certificates + mountPath: /opt/bitnami/valkey/certs + readOnly: true + {{- end }} + {{- if .Values.metrics.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.replica.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: start-scripts + configMap: + name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} + defaultMode: 0755 + - name: health + configMap: + name: {{ printf "%s-health" (include "common.names.fullname" .) }} + defaultMode: 0755 + {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} + - name: valkey-password + {{ if .Values.auth.usePasswordFileFromSecret }} + secret: + secretName: {{ template "valkey.secretName" . }} + items: + - key: {{ template "valkey.secretPasswordKey" . }} + path: valkey-password + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: config + configMap: + name: {{ include "valkey.configmapName" . }} + - name: empty-dir + {{- if or .Values.replica.persistence.medium .Values.replica.persistence.sizeLimit }} + emptyDir: + {{- if .Values.replica.persistence.medium }} + medium: {{ .Values.replica.persistence.medium | quote }} + {{- end }} + {{- if .Values.replica.persistence.sizeLimit }} + sizeLimit: {{ .Values.replica.persistence.sizeLimit | quote }} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.tls.enabled }} + - name: valkey-certificates + secret: + secretName: {{ include "valkey.tlsSecretName" . }} + defaultMode: 256 + {{- end }} + {{- if .Values.replica.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if or (not .Values.replica.persistence.enabled) (not (eq .Values.replica.kind "StatefulSet")) }} + - name: valkey-data + {{- if or .Values.replica.persistence.medium .Values.replica.persistence.sizeLimit }} + emptyDir: + {{- if .Values.replica.persistence.medium }} + medium: {{ .Values.replica.persistence.medium | quote }} + {{- end }} + {{- if .Values.replica.persistence.sizeLimit }} + sizeLimit: {{ .Values.replica.persistence.sizeLimit | quote }} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else if .Values.replica.persistence.existingClaim }} + - name: valkey-data + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.replica.persistence.existingClaim .) }} + {{- else }} + {{- if .Values.replica.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.replica.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.replica.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: valkey-data + {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.persistence.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} + app.kubernetes.io/component: replica + {{- if .Values.replica.persistence.annotations }} + annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.replica.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.replica.persistence.size | quote }} + {{- if .Values.replica.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.replica.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.replica.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/hpa.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/hpa.yaml new file mode 100644 index 00000000..821e1fb8 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/hpa.yaml @@ -0,0 +1,50 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.replica.autoscaling.hpa.enabled (not .Values.sentinel.enabled) }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: replica + app.kubernetes.io/part-of: valkey + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: StatefulSet + name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} + minReplicas: {{ .Values.replica.autoscaling.hpa.minReplicas }} + maxReplicas: {{ .Values.replica.autoscaling.hpa.maxReplicas }} + metrics: + {{- if .Values.replica.autoscaling.hpa.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.replica.autoscaling.hpa.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.replica.autoscaling.hpa.targetCPU }} + {{- end }} + {{- end }} + {{- if .Values.replica.autoscaling.hpa.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.replica.autoscaling.hpa.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.replica.autoscaling.hpa.targetMemory }} + {{- end }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/pdb.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/pdb.yaml new file mode 100644 index 00000000..d7b777b5 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/pdb.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- $pdb := coalesce .Values.pdb .Values.replica.pdb }} +{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) $pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: replica + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if $pdb.minAvailable }} + minAvailable: {{ $pdb.minAvailable }} + {{- end }} + {{- if or $pdb.maxUnavailable (not $pdb.minAvailable) }} + maxUnavailable: {{ $pdb.maxUnavailable | default 1 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: replica +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/service.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/service.yaml new file mode 100644 index 00000000..75d6363d --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/service.yaml @@ -0,0 +1,60 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: replica + app.kubernetes.io/part-of: valkey + {{- if or .Values.replica.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.replica.service.type }} + {{- if or (eq .Values.replica.service.type "LoadBalancer") (eq .Values.replica.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.replica.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if (semverCompare ">=1.22-0" (include "common.capabilities.kubeVersion" .)) }} + internalTrafficPolicy: {{ .Values.replica.service.internalTrafficPolicy }} + {{- end }} + {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.replica.service.type "LoadBalancer") .Values.replica.service.loadBalancerClass }} + loadBalancerClass: {{ .Values.replica.service.loadBalancerClass }} + {{- end }} + {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ toYaml .Values.replica.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if and .Values.replica.service.clusterIP (eq .Values.replica.service.type "ClusterIP") }} + clusterIP: {{ .Values.replica.service.clusterIP }} + {{- end }} + {{- if .Values.replica.service.sessionAffinity }} + sessionAffinity: {{ .Values.replica.service.sessionAffinity }} + {{- end }} + {{- if .Values.replica.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: tcp-redis + port: {{ .Values.replica.service.ports.valkey }} + targetPort: redis + {{- if and (or (eq .Values.replica.service.type "NodePort") (eq .Values.replica.service.type "LoadBalancer")) .Values.replica.service.nodePorts.valkey}} + nodePort: {{ .Values.replica.service.nodePorts.valkey}} + {{- else if eq .Values.replica.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.replica.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.replica.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: replica +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/serviceaccount.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/serviceaccount.yaml new file mode 100644 index 00000000..5693ff0a --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.replica.serviceAccount.create (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.replica.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ template "valkey.replicaServiceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if or .Values.replica.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/vpa.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/vpa.yaml new file mode 100644 index 00000000..702a350a --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/vpa.yaml @@ -0,0 +1,45 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.replica.autoscaling.vpa.enabled (not .Values.sentinel.enabled) }} +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: replica + app.kubernetes.io/part-of: valkey + {{- if or .Values.replica.autoscaling.vpa.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + resourcePolicy: + containerPolicies: + - containerName: valkey + {{- with .Values.replica.autoscaling.vpa.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.replica.autoscaling.vpa.maxAllowed }} + maxAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.replica.autoscaling.vpa.minAllowed }} + minAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + targetRef: + apiVersion: apps/v1 + kind: {{ .Values.replica.kind }} + name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} + {{- if .Values.replica.autoscaling.vpa.updatePolicy }} + updatePolicy: + {{- with .Values.replica.autoscaling.vpa.updatePolicy.updateMode }} + updateMode: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/role.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/role.yaml new file mode 100644 index 00000000..a01ccb5d --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/role.yaml @@ -0,0 +1,35 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + {{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.enabled }} + - apiGroups: + - '{{ template "podSecurityPolicy.apiGroup" . }}' + resources: + - 'podsecuritypolicies' + verbs: + - 'use' + resourceNames: [{{ printf "%s-primary" (include "common.names.fullname" .) }}] + {{- end }} + {{- if and .Values.sentinel.enabled .Values.sentinel.service.createPrimary}} + - apiGroups: [""] + resources: ["pods"] + verbs: ["list", "patch"] + {{- end -}} + {{- if .Values.rbac.rules }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/rolebinding.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/rolebinding.yaml new file mode 100644 index 00000000..1e434e94 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/rolebinding.yaml @@ -0,0 +1,24 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "common.names.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "valkey.serviceAccountName" . }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/scripts-configmap.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/scripts-configmap.yaml new file mode 100644 index 00000000..934d5882 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/scripts-configmap.yaml @@ -0,0 +1,792 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} + start-node.sh: | + #!/bin/bash + + . /opt/bitnami/scripts/libos.sh + . /opt/bitnami/scripts/liblog.sh + . /opt/bitnami/scripts/libvalidations.sh + + get_port() { + hostname="$1" + type="$2" + + port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") + port=${!port_var} + + if [ -z "$port" ]; then + case $type in + "SENTINEL") + echo {{ .Values.sentinel.containerPorts.sentinel }} + ;; + "VALKEY") + echo {{ .Values.primary.containerPorts.valkey }} + ;; + esac + else + echo $port + fi + } + + get_full_hostname() { + hostname="$1" + + {{- if .Values.useExternalDNS.enabled }} + full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}" + {{- else if eq .Values.sentinel.service.type "NodePort" }} + full_hostname="${hostname}.{{- include "common.names.namespace" . }}" + {{- else }} + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + retry_count=0 + until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do + if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then + sleep {{ .Values.nameResolutionTimeout }} + else + error "IP address for ${full_hostname} not found" + exit 1 + fi + ((retry_count++)) + done + {{- end }} + } + + VALKEYPORT=$(get_port "$HOSTNAME" "VALKEY") + + HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" + + if [ -n "$VALKEY_EXTERNAL_PRIMARY_HOST" ]; then + VALKEY_SERVICE="$VALKEY_EXTERNAL_PRIMARY_HOST" + else + VALKEY_SERVICE="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" + fi + + SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "SENTINEL") + validate_quorum() { + if is_boolean_yes "$VALKEY_TLS_ENABLED"; then + quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} sentinel primary {{ .Values.sentinel.primarySet }}" + else + quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT sentinel primary {{ .Values.sentinel.primarySet }}" + fi + info "about to run the command: $quorum_info_command" + eval $quorum_info_command | grep -Fq "s_down" + } + + trigger_manual_failover() { + if is_boolean_yes "$VALKEY_TLS_ENABLED"; then + failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} sentinel failover {{ .Values.sentinel.primarySet }}" + else + failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT sentinel failover {{ .Values.sentinel.primarySet }}" + fi + + info "about to run the command: $failover_command" + eval $failover_command + } + + get_sentinel_primary_info() { + if is_boolean_yes "$VALKEY_TLS_ENABLED"; then + sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getPrimaryTimeout }} valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} sentinel get-primary-addr-by-name {{ .Values.sentinel.primarySet }}" + else + sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getPrimaryTimeout }} valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-primary-addr-by-name {{ .Values.sentinel.primarySet }}" + fi + + info "about to run the command: $sentinel_info_command" + retry_while "eval $sentinel_info_command" 2 5 + } + + {{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }} + useradd valkey + chown -R valkey {{ .Values.replica.persistence.path }} + {{- end }} + + [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")" + [[ -f $VALKEY_PRIMARY_PASSWORD_FILE ]] && export VALKEY_PRIMARY_PASSWORD="$(< "${VALKEY_PRIMARY_PASSWORD_FILE}")" + + # check if there is a primary + primary_in_persisted_conf="$(get_full_hostname "$HOSTNAME")" + primary_port_in_persisted_conf="$VALKEY_PRIMARY_PORT_NUMBER" + primary_in_sentinel="$(get_sentinel_primary_info)" + valkeyRetVal=$? + + if [[ -f /opt/bitnami/valkey-sentinel/etc/sentinel.conf ]]; then + primary_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/valkey-sentinel/etc/sentinel.conf)" + primary_port_in_persisted_conf="$(awk '/monitor/ {print $5}' /opt/bitnami/valkey-sentinel/etc/sentinel.conf)" + info "Found previous primary ${primary_in_persisted_conf}:${primary_port_in_persisted_conf} in /opt/bitnami/valkey-sentinel/etc/sentinel.conf" + debug "$(cat /opt/bitnami/valkey-sentinel/etc/sentinel.conf | grep monitor)" + fi + + if [[ $valkeyRetVal -ne 0 ]]; then + if [[ "$primary_in_persisted_conf" == "$(get_full_hostname "$HOSTNAME")" ]]; then + # Case 1: No active sentinel and in previous sentinel.conf we were the primary --> PRIMARY + info "Configuring the node as primary" + export VALKEY_REPLICATION_MODE="primary" + else + # Case 2: No active sentinel and in previous sentinel.conf we were not primary --> REPLICA + info "Configuring the node as replica" + export VALKEY_REPLICATION_MODE="replica" + VALKEY_PRIMARY_HOST=${primary_in_persisted_conf} + VALKEY_PRIMARY_PORT_NUMBER=${primary_port_in_persisted_conf} + fi + else + # Fetches current primary's host and port + VALKEY_SENTINEL_INFO=($(get_sentinel_primary_info)) + info "Current primary: VALKEY_SENTINEL_INFO=(${VALKEY_SENTINEL_INFO[0]},${VALKEY_SENTINEL_INFO[1]})" + VALKEY_PRIMARY_HOST=${VALKEY_SENTINEL_INFO[0]} + VALKEY_PRIMARY_PORT_NUMBER=${VALKEY_SENTINEL_INFO[1]} + + if [[ "$VALKEY_PRIMARY_HOST" == "$(get_full_hostname "$HOSTNAME")" ]]; then + # Case 3: Active sentinel and primary it is this node --> PRIMARY + info "Configuring the node as primary" + export VALKEY_REPLICATION_MODE="primary" + else + # Case 4: Active sentinel and primary is not this node --> REPLICA + info "Configuring the node as replica" + export VALKEY_REPLICATION_MODE="replica" + + {{- if and .Values.sentinel.automateClusterRecovery (le (int .Values.sentinel.downAfterMilliseconds) 2000) }} + retry_count=1 + while validate_quorum + do + info "sleeping, waiting for Valkey primary to come up" + sleep 1s + if ! ((retry_count % 11)); then + info "Trying to manually failover" + failover_result=$(trigger_manual_failover) + + debug "Failover result: $failover_result" + fi + + ((retry_count+=1)) + done + info "Valkey primary is up now" + {{- end }} + fi + fi + + if [[ -n "$VALKEY_EXTERNAL_PRIMARY_HOST" ]]; then + VALKEY_PRIMARY_HOST="$VALKEY_EXTERNAL_PRIMARY_HOST" + VALKEY_PRIMARY_PORT_NUMBER="${VALKEY_EXTERNAL_PRIMARY_PORT}" + fi + + if [[ -f /opt/bitnami/valkey/mounted-etc/replica.conf ]];then + cp /opt/bitnami/valkey/mounted-etc/replica.conf /opt/bitnami/valkey/etc/replica.conf + fi + + if [[ -f /opt/bitnami/valkey/mounted-etc/valkey.conf ]];then + cp /opt/bitnami/valkey/mounted-etc/valkey.conf /opt/bitnami/valkey/etc/valkey.conf + fi + + echo "" >> /opt/bitnami/valkey/etc/replica.conf + echo "replica-announce-port $VALKEYPORT" >> /opt/bitnami/valkey/etc/replica.conf + echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/valkey/etc/replica.conf + + {{- if .Values.tls.enabled }} + ARGS=("--port" "0") + ARGS+=("--tls-port" "${VALKEY_TLS_PORT}") + ARGS+=("--tls-cert-file" "${VALKEY_TLS_CERT_FILE}") + ARGS+=("--tls-key-file" "${VALKEY_TLS_KEY_FILE}") + ARGS+=("--tls-ca-cert-file" "${VALKEY_TLS_CA_FILE}") + ARGS+=("--tls-auth-clients" "${VALKEY_TLS_AUTH_CLIENTS}") + ARGS+=("--tls-replication" "yes") + {{- if .Values.tls.dhParamsFilename }} + ARGS+=("--tls-dh-params-file" "${VALKEY_TLS_DH_PARAMS_FILE}") + {{- end }} + {{- else }} + ARGS=("--port" "${VALKEY_PORT}") + {{- end }} + + if [[ "$VALKEY_REPLICATION_MODE" = "replica" ]]; then + ARGS+=("--replicaof" "${VALKEY_PRIMARY_HOST}" "${VALKEY_PRIMARY_PORT_NUMBER}") + fi + + {{- if .Values.auth.enabled }} + ARGS+=("--requirepass" "${VALKEY_PASSWORD}") + ARGS+=("--primaryauth" "${VALKEY_PRIMARY_PASSWORD}") + {{- else }} + ARGS+=("--protected-mode" "no") + {{- end }} + ARGS+=("--include" "/opt/bitnami/valkey/etc/replica.conf") + ARGS+=("--include" "/opt/bitnami/valkey/etc/valkey.conf") + {{- if .Values.replica.extraFlags }} + {{- range .Values.replica.extraFlags }} + ARGS+=({{ . | quote }}) + {{- end }} + {{- end }} + + {{- if .Values.replica.preExecCmds }} + {{- .Values.replica.preExecCmds | nindent 4 }} + {{- end }} + + {{- if .Values.replica.command }} + exec {{ .Values.replica.command }} "${ARGS[@]}" + {{- else }} + exec valkey-server "${ARGS[@]}" + {{- end }} + + start-sentinel.sh: | + #!/bin/bash + + . /opt/bitnami/scripts/libos.sh + . /opt/bitnami/scripts/libvalidations.sh + . /opt/bitnami/scripts/libfile.sh + + HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" + VALKEY_SERVICE="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" + + get_port() { + hostname="$1" + type="$2" + + port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") + port=${!port_var} + + if [ -z "$port" ]; then + case $type in + "SENTINEL") + echo {{ .Values.sentinel.containerPorts.sentinel }} + ;; + "VALKEY") + echo {{ .Values.primary.containerPorts.valkey }} + ;; + esac + else + echo $port + fi + } + + get_full_hostname() { + hostname="$1" + + {{- if .Values.useExternalDNS.enabled }} + full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}" + {{- else if eq .Values.sentinel.service.type "NodePort" }} + full_hostname="${hostname}.{{- include "common.names.namespace" . }}" + {{- else }} + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + retry_count=0 + until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do + if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then + sleep {{ .Values.nameResolutionTimeout }} + else + error "IP address for ${full_hostname} not found" + exit 1 + fi + ((retry_count++)) + done + {{- end }} + } + + SERVPORT=$(get_port "$HOSTNAME" "SENTINEL") + VALKEYPORT=$(get_port "$HOSTNAME" "VALKEY") + SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "SENTINEL") + + sentinel_conf_set() { + local -r key="${1:?missing key}" + local value="${2:-}" + + # Sanitize inputs + value="${value//\\/\\\\}" + value="${value//&/\\&}" + value="${value//\?/\\?}" + [[ "$value" = "" ]] && value="\"$value\"" + + replace_in_file "/opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false + } + sentinel_conf_add() { + echo $'\n'"$@" >> "/opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf" + } + host_id() { + echo "$1" | openssl sha1 | awk '{print $2}' + } + get_sentinel_primary_info() { + if is_boolean_yes "$VALKEY_SENTINEL_TLS_ENABLED"; then + sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getPrimaryTimeout }} valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${VALKEY_SENTINEL_TLS_CERT_FILE} --key ${VALKEY_SENTINEL_TLS_KEY_FILE} --cacert ${VALKEY_SENTINEL_TLS_CA_FILE} sentinel get-primary-addr-by-name {{ .Values.sentinel.primarySet }}" + else + sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getPrimaryTimeout }} valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-primary-addr-by-name {{ .Values.sentinel.primarySet }}" + fi + info "about to run the command: $sentinel_info_command" + retry_while "eval $sentinel_info_command" 2 5 + } + + [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")" + + primary_in_persisted_conf="$(get_full_hostname "$HOSTNAME")" + + if [[ -f /opt/bitnami/valkey-sentinel/etc/sentinel.conf ]]; then + primary_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/valkey-sentinel/etc/sentinel.conf)" + info "Found previous primary $primary_in_persisted_conf in /opt/bitnami/valkey-sentinel/etc/sentinel.conf" + debug "$(cat /opt/bitnami/valkey-sentinel/etc/sentinel.conf | grep monitor)" + fi + VALKEY_SENTINEL_INFO=($(get_sentinel_primary_info)) + if [ "$?" -eq "0" ]; then + # current primary's host and port obtained from other Sentinel + info "printing VALKEY_SENTINEL_INFO=(${VALKEY_SENTINEL_INFO[0]},${VALKEY_SENTINEL_INFO[1]})" + VALKEY_PRIMARY_HOST=${VALKEY_SENTINEL_INFO[0]} + VALKEY_PRIMARY_PORT_NUMBER=${VALKEY_SENTINEL_INFO[1]} + else + VALKEY_PRIMARY_HOST="$primary_in_persisted_conf" + VALKEY_PRIMARY_PORT_NUMBER="$VALKEYPORT" + fi + if [[ "$VALKEY_PRIMARY_HOST" == "$(get_full_hostname "$HOSTNAME")" ]]; then + export VALKEY_REPLICATION_MODE="primary" + else + export VALKEY_REPLICATION_MODE="replica" + fi + + {{- if .Values.sentinel.service.createPrimary }} + if [[ "${VALKEY_REPLICATION_MODE}" == "primary" ]]; then + # Add isPrimary label to primary node for primary service + echo "${VALKEY_PRIMARY_HOST/.*}" > /etc/shared/current + fi + {{- end }} + + if [[ -n "$VALKEY_EXTERNAL_PRIMARY_HOST" ]]; then + VALKEY_PRIMARY_HOST="$VALKEY_EXTERNAL_PRIMARY_HOST" + VALKEY_PRIMARY_PORT_NUMBER="${VALKEY_EXTERNAL_PRIMARY_PORT}" + fi + + # To prevent incomplete configuration and as the valkey container accesses /opt/bitnami/valkey-sentinel/etc/sentinel.conf + # as well, prepare the new config in `prepare-sentinel.conf` and move it atomically to the ultimate destination when it is complete. + cp /opt/bitnami/valkey-sentinel/mounted-etc/sentinel.conf /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf + {{- if .Values.auth.enabled }} + printf "\nsentinel auth-pass %s %s" "{{ .Values.sentinel.primarySet }}" "$VALKEY_PASSWORD" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf + {{- if and .Values.auth.enabled .Values.auth.sentinel }} + printf "\nrequirepass %s" "$VALKEY_PASSWORD" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf + {{- end }} + {{- end }} + printf "\nsentinel myid %s" "$(host_id "$HOSTNAME")" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf + + if [[ -z "$VALKEY_PRIMARY_HOST" ]] || [[ -z "$VALKEY_PRIMARY_PORT_NUMBER" ]] + then + # Prevent incorrect configuration to be written to sentinel.conf + error "Valkey primary host is configured incorrectly (host: $VALKEY_PRIMARY_HOST, port: $VALKEY_PRIMARY_PORT_NUMBER)" + exit 1 + fi + + sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.primarySet }} "$VALKEY_PRIMARY_HOST" "$VALKEY_PRIMARY_PORT_NUMBER" {{ .Values.sentinel.quorum }}" + + add_known_sentinel() { + hostname="$1" + ip="$2" + + if [[ -n "$hostname" && -n "$ip" && "$hostname" != "$HOSTNAME" ]]; then + sentinel_conf_add "sentinel known-sentinel {{ .Values.sentinel.primarySet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "SENTINEL") $(host_id "$hostname")" + fi + } + add_known_replica() { + hostname="$1" + ip="$2" + + if [[ -n "$ip" && "$(get_full_hostname "$hostname")" != "$VALKEY_PRIMARY_HOST" ]]; then + sentinel_conf_add "sentinel known-replica {{ .Values.sentinel.primarySet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "VALKEY")" + fi + } + + # Add available hosts on the network as known replicas & sentinels + for node in $(seq 0 $(({{ .Values.replica.replicaCount }}-1))); do + hostname="{{ template "common.names.fullname" . }}-node-$node" + ip="$(getent hosts "$hostname.$HEADLESS_SERVICE" | awk '{ print $1 }')" + add_known_sentinel "$hostname" "$ip" + add_known_replica "$hostname" "$ip" + done + + echo "" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf + {{- if not (contains "sentinel announce-hostnames" .Values.sentinel.configuration) }} + echo "sentinel announce-hostnames yes" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf + {{- end }} + {{- if not (contains "sentinel resolve-hostnames" .Values.sentinel.configuration) }} + echo "sentinel resolve-hostnames yes" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf + {{- end }} + {{- if not (contains "sentinel announce-port" .Values.sentinel.configuration) }} + echo "sentinel announce-port $SERVPORT" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf + {{- end }} + {{- if not (contains "sentinel announce-ip" .Values.sentinel.configuration) }} + echo "sentinel announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf + {{- end }} + + {{- if .Values.tls.enabled }} + ARGS=("--port" "0") + ARGS+=("--tls-port" "${VALKEY_SENTINEL_TLS_PORT_NUMBER}") + ARGS+=("--tls-cert-file" "${VALKEY_SENTINEL_TLS_CERT_FILE}") + ARGS+=("--tls-key-file" "${VALKEY_SENTINEL_TLS_KEY_FILE}") + ARGS+=("--tls-ca-cert-file" "${VALKEY_SENTINEL_TLS_CA_FILE}") + ARGS+=("--tls-replication" "yes") + ARGS+=("--tls-auth-clients" "${VALKEY_SENTINEL_TLS_AUTH_CLIENTS}") + {{- if .Values.tls.dhParamsFilename }} + ARGS+=("--tls-dh-params-file" "${VALKEY_SENTINEL_TLS_DH_PARAMS_FILE}") + {{- end }} + {{- end }} + {{- if .Values.sentinel.preExecCmds }} + {{ .Values.sentinel.preExecCmds | nindent 4 }} + {{- end }} + mv /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf /opt/bitnami/valkey-sentinel/etc/sentinel.conf + exec valkey-server /opt/bitnami/valkey-sentinel/etc/sentinel.conf {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }} --sentinel + prestop-sentinel.sh: | + #!/bin/bash + + . /opt/bitnami/scripts/libvalidations.sh + . /opt/bitnami/scripts/libos.sh + + HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" + + get_full_hostname() { + hostname="$1" + + {{- if .Values.useExternalDNS.enabled }} + full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}" + {{- else if eq .Values.sentinel.service.type "NodePort" }} + full_hostname="${hostname}.{{- include "common.names.namespace" . }}" + {{- else }} + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + retry_count=0 + until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do + if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then + sleep {{ .Values.nameResolutionTimeout }} + else + error "IP address for ${full_hostname} not found" + exit 1 + fi + ((retry_count++)) + done + {{- end }} + } + + run_sentinel_command() { + if is_boolean_yes "$VALKEY_SENTINEL_TLS_ENABLED"; then + valkey-cli -h "$VALKEY_SERVICE" -p "$VALKEY_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$VALKEY_SENTINEL_TLS_CERT_FILE" --key "$VALKEY_SENTINEL_TLS_KEY_FILE" --cacert "$VALKEY_SENTINEL_TLS_CA_FILE" sentinel "$@" + else + valkey-cli -h "$VALKEY_SERVICE" -p "$VALKEY_SENTINEL_PORT" sentinel "$@" + fi + } + sentinel_failover_finished() { + VALKEY_SENTINEL_INFO=($(run_sentinel_command get-primary-addr-by-name "{{ .Values.sentinel.primarySet }}")) + VALKEY_PRIMARY_HOST="${VALKEY_SENTINEL_INFO[0]}" + [[ "$VALKEY_PRIMARY_HOST" != "$(get_full_hostname $HOSTNAME)" ]] + } + + VALKEY_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" + + {{ if .Values.auth.sentinel -}} + # valkey-cli automatically consumes credentials from the REDISCLI_AUTH variable + [[ -n "$VALKEY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PASSWORD" + [[ -f "$VALKEY_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${VALKEY_PASSWORD_FILE}")" + {{- end }} + + if ! sentinel_failover_finished; then + echo "I am the primary pod and you are stopping me. Starting sentinel failover" + if retry_while "sentinel_failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1; then + echo "Primary has been successfuly failed over to a different pod." + exit 0 + else + echo "Primary failover failed" + exit 1 + fi + else + exit 0 + fi + prestop-valkey.sh: | + #!/bin/bash + + . /opt/bitnami/scripts/libvalidations.sh + . /opt/bitnami/scripts/libos.sh + + run_valkey_command() { + if is_boolean_yes "$VALKEY_TLS_ENABLED"; then + valkey-cli -h 127.0.0.1 -p "$VALKEY_TLS_PORT" --tls --cert "$VALKEY_TLS_CERT_FILE" --key "$VALKEY_TLS_KEY_FILE" --cacert "$VALKEY_TLS_CA_FILE" "$@" + else + valkey-cli -h 127.0.0.1 -p "$VALKEY_PORT" "$@" + fi + } + is_primary() { + VALKEY_ROLE=$(run_valkey_command role | head -1) + [[ "$VALKEY_ROLE" == "master" ]] + } + + HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{- include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" + + get_full_hostname() { + hostname="$1" + + {{- if .Values.useExternalDNS.enabled }} + full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}" + {{- else if eq .Values.sentinel.service.type "NodePort" }} + full_hostname="${hostname}.{{- include "common.names.namespace" . }}" + {{- else }} + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + retry_count=0 + until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do + if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then + sleep {{ .Values.nameResolutionTimeout }} + else + error "IP address for ${full_hostname} not found" + exit 1 + fi + ((retry_count++)) + done + {{- end }} + } + + run_sentinel_command() { + if is_boolean_yes "$VALKEY_SENTINEL_TLS_ENABLED"; then + {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} valkey-cli -h "$VALKEY_SERVICE" -p "$VALKEY_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$VALKEY_SENTINEL_TLS_CERT_FILE" --key "$VALKEY_SENTINEL_TLS_KEY_FILE" --cacert "$VALKEY_SENTINEL_TLS_CA_FILE" sentinel "$@" + else + {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} valkey-cli -h "$VALKEY_SERVICE" -p "$VALKEY_SENTINEL_PORT" sentinel "$@" + fi + } + sentinel_failover_finished() { + VALKEY_SENTINEL_INFO=($(run_sentinel_command get-primary-addr-by-name "{{ .Values.sentinel.primarySet }}")) + VALKEY_PRIMARY_HOST="${VALKEY_SENTINEL_INFO[0]}" + [[ "$VALKEY_PRIMARY_HOST" != "$(get_full_hostname $HOSTNAME)" ]] + } + + VALKEY_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" + + # valkey-cli automatically consumes credentials from the REDISCLI_AUTH variable + [[ -n "$VALKEY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PASSWORD" + [[ -f "$VALKEY_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${VALKEY_PASSWORD_FILE}")" + + + if is_primary && ! sentinel_failover_finished; then + echo "I am the primary pod and you are stopping me. Pausing client connections." + # Pausing client write connections to avoid data loss + run_valkey_command CLIENT PAUSE "{{ mul (add 2 (sub .Values.sentinel.terminationGracePeriodSeconds 10)) 1000 }}" WRITE + + echo "Issuing failover" + # if I am the primary, issue a command to failover once + run_sentinel_command failover "{{ .Values.sentinel.primarySet }}" + + {{- if .Values.sentinel.valkeyShutdownWaitFailover }} + echo "Waiting for sentinel to complete failover for up to {{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}s" + retry_while "sentinel_failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1 + {{- end }} + else + exit 0 + fi + + {{- if .Values.sentinel.service.createPrimary}} + push-primary-label.sh: | + #!/bin/bash + # https://download.valkey.io/valkey-stable/sentinel.conf + + echo "${6/.*}" > /etc/shared/current + echo "${4/.*}" > /etc/shared/previous + {{- end }} +{{- else }} + start-primary.sh: | + #!/bin/bash + + [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")" + {{- if and .Values.primary.containerSecurityContext.runAsUser (eq (.Values.primary.containerSecurityContext.runAsUser | int) 0) }} + useradd valkey + chown -R valkey {{ .Values.primary.persistence.path }} + {{- end }} + if [[ -f /opt/bitnami/valkey/mounted-etc/primary.conf ]];then + cp /opt/bitnami/valkey/mounted-etc/primary.conf /opt/bitnami/valkey/etc/primary.conf + fi + if [[ -f /opt/bitnami/valkey/mounted-etc/valkey.conf ]];then + cp /opt/bitnami/valkey/mounted-etc/valkey.conf /opt/bitnami/valkey/etc/valkey.conf + fi + {{- if .Values.tls.enabled }} + ARGS=("--port" "0") + ARGS+=("--tls-port" "${VALKEY_TLS_PORT}") + ARGS+=("--tls-cert-file" "${VALKEY_TLS_CERT_FILE}") + ARGS+=("--tls-key-file" "${VALKEY_TLS_KEY_FILE}") + ARGS+=("--tls-ca-cert-file" "${VALKEY_TLS_CA_FILE}") + ARGS+=("--tls-auth-clients" "${VALKEY_TLS_AUTH_CLIENTS}") + {{- if .Values.tls.dhParamsFilename }} + ARGS+=("--tls-dh-params-file" "${VALKEY_TLS_DH_PARAMS_FILE}") + {{- end }} + {{- else }} + ARGS=("--port" "${VALKEY_PORT}") + {{- end }} + {{- if .Values.auth.enabled }} + ARGS+=("--requirepass" "${VALKEY_PASSWORD}") + ARGS+=("--primaryauth" "${VALKEY_PASSWORD}") + {{- else }} + ARGS+=("--protected-mode" "no") + {{- end }} + ARGS+=("--include" "/opt/bitnami/valkey/etc/valkey.conf") + ARGS+=("--include" "/opt/bitnami/valkey/etc/primary.conf") + {{- if .Values.primary.extraFlags }} + {{- range .Values.primary.extraFlags }} + ARGS+=({{ . | quote }}) + {{- end }} + {{- end }} + {{- if .Values.primary.preExecCmds }} + {{ .Values.primary.preExecCmds | nindent 4 }} + {{- end }} + {{- if .Values.primary.command }} + exec {{ .Values.primary.command }} "${ARGS[@]}" + {{- else }} + exec valkey-server "${ARGS[@]}" + {{- end }} + {{- if eq .Values.architecture "replication" }} + start-replica.sh: | + #!/bin/bash + + get_port() { + hostname="$1" + type="$2" + + port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") + port=${!port_var} + + if [ -z "$port" ]; then + case $type in + "SENTINEL") + echo {{ .Values.sentinel.containerPorts.sentinel }} + ;; + "VALKEY") + echo {{ .Values.primary.containerPorts.valkey }} + ;; + esac + else + echo $port + fi + } + + get_full_hostname() { + hostname="$1" + + {{- if .Values.useExternalDNS.enabled }} + full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}" + {{- else if eq .Values.sentinel.service.type "NodePort" }} + full_hostname="${hostname}.{{- include "common.names.namespace" . }}" + {{- else }} + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + retry_count=0 + until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do + if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then + sleep {{ .Values.nameResolutionTimeout }} + else + error "IP address for ${full_hostname} not found" + exit 1 + fi + ((retry_count++)) + done + {{- end }} + } + + VALKEYPORT=$(get_port "$HOSTNAME" "VALKEY") + HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" + + [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")" + [[ -f $VALKEY_PRIMARY_PASSWORD_FILE ]] && export VALKEY_PRIMARY_PASSWORD="$(< "${VALKEY_PRIMARY_PASSWORD_FILE}")" + {{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }} + useradd valkey + chown -R valkey {{ .Values.replica.persistence.path }} + {{- end }} + if [[ -f /opt/bitnami/valkey/mounted-etc/replica.conf ]];then + cp /opt/bitnami/valkey/mounted-etc/replica.conf /opt/bitnami/valkey/etc/replica.conf + fi + if [[ -f /opt/bitnami/valkey/mounted-etc/valkey.conf ]];then + cp /opt/bitnami/valkey/mounted-etc/valkey.conf /opt/bitnami/valkey/etc/valkey.conf + fi + + echo "" >> /opt/bitnami/valkey/etc/replica.conf + echo "replica-announce-port $VALKEYPORT" >> /opt/bitnami/valkey/etc/replica.conf + echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/valkey/etc/replica.conf + + {{- if .Values.tls.enabled }} + ARGS=("--port" "0") + ARGS+=("--tls-port" "${VALKEY_TLS_PORT}") + ARGS+=("--tls-cert-file" "${VALKEY_TLS_CERT_FILE}") + ARGS+=("--tls-key-file" "${VALKEY_TLS_KEY_FILE}") + ARGS+=("--tls-ca-cert-file" "${VALKEY_TLS_CA_FILE}") + ARGS+=("--tls-auth-clients" "${VALKEY_TLS_AUTH_CLIENTS}") + ARGS+=("--tls-replication" "yes") + {{- if .Values.tls.dhParamsFilename }} + ARGS+=("--tls-dh-params-file" "${VALKEY_TLS_DH_PARAMS_FILE}") + {{- end }} + {{- else }} + ARGS=("--port" "${VALKEY_PORT}") + {{- end }} + ARGS+=("--replicaof" "${VALKEY_PRIMARY_HOST}" "${VALKEY_PRIMARY_PORT_NUMBER}") + {{- if .Values.auth.enabled }} + ARGS+=("--requirepass" "${VALKEY_PASSWORD}") + ARGS+=("--primaryauth" "${VALKEY_PRIMARY_PASSWORD}") + {{- else }} + ARGS+=("--protected-mode" "no") + {{- end }} + ARGS+=("--include" "/opt/bitnami/valkey/etc/valkey.conf") + ARGS+=("--include" "/opt/bitnami/valkey/etc/replica.conf") + {{- if .Values.replica.extraFlags }} + {{- range .Values.replica.extraFlags }} + ARGS+=({{ . | quote }}) + {{- end }} + {{- end }} + {{- if .Values.replica.preExecCmds }} + {{ .Values.replica.preExecCmds | nindent 4 }} + {{- end }} + {{- if .Values.replica.command }} + exec {{ .Values.replica.command }} "${ARGS[@]}" + {{- else }} + exec valkey-server "${ARGS[@]}" + {{- end }} + {{- end }} +{{- end }} +--- +{{- if .Values.sentinel.service.createPrimary}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-kubectl-scripts" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + update-primary-label.sh: | + #!/bin/bash + while true; do + while [ ! -f "/etc/shared/current" ]; do + sleep 1 + done + echo "new primary elected, updating label(s)..." + kubectl label pod --field-selector metadata.name="$(< "/etc/shared/current")" isPrimary="true" --overwrite + if [ -f /etc/shared/previous ]; then + kubectl label pod --field-selector metadata.name="$(< "/etc/shared/previous")" isPrimary="false" --overwrite + fi + rm "/etc/shared/current" "/etc/shared/previous" + done +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/secret-svcbind.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/secret-svcbind.yaml new file mode 100644 index 00000000..5609e04c --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/secret-svcbind.yaml @@ -0,0 +1,38 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.serviceBindings.enabled }} +{{- $host := include "common.names.fullname" . }} +{{- if not .Values.sentinel.enabled }} +{{- $host = printf "%s-primary" (include "common.names.fullname" .) }} +{{- end }} +{{- $port := print .Values.primary.service.ports.valkey }} +{{- if .Values.sentinel.enabled }} +{{- $port = print .Values.sentinel.service.ports.valkey }} +{{- end }} +{{- $password := include "valkey.password" . }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-svcbind + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: servicebinding.io/valkey +data: + provider: {{ print "bitnami" | b64enc | quote }} + type: {{ print "valkey" | b64enc | quote }} + host: {{ print $host | b64enc | quote }} + port: {{ print $port | b64enc | quote }} + password: {{ print $password | b64enc | quote }} + {{- if $password }} + uri: {{ printf "valkey://:%s@%s:%s" $password $host $port | b64enc | quote }} + {{- else }} + uri: {{ printf "valkey://%s:%s" $host $port | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/secret.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/secret.yaml new file mode 100644 index 00000000..9145bf52 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/secret.yaml @@ -0,0 +1,26 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) (or .Values.auth.usePasswordFileFromSecret (not .Values.auth.usePasswordFiles)) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if or .Values.secretAnnotations .Values.commonAnnotations }} + annotations: + {{- if .Values.secretAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.secretAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +type: Opaque +data: + valkey-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "valkey-password" "providedValues" (list "global.valkey.password" "auth.password") "length" 10 "honorProvidedValues" true "context" $) }} +{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/hpa.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/hpa.yaml new file mode 100644 index 00000000..a9f71b98 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/hpa.yaml @@ -0,0 +1,50 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.replica.autoscaling.hpa.enabled .Values.sentinel.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ printf "%s-node" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: replica + app.kubernetes.io/part-of: valkey + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: StatefulSet + name: {{ printf "%s-node" (include "common.names.fullname" .) }} + minReplicas: {{ .Values.replica.autoscaling.hpa.minReplicas }} + maxReplicas: {{ .Values.replica.autoscaling.hpa.maxReplicas }} + metrics: + {{- if .Values.replica.autoscaling.hpa.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.replica.autoscaling.hpa.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.replica.autoscaling.hpa.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.replica.autoscaling.hpa.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.replica.autoscaling.hpa.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.replica.autoscaling.hpa.targetCPU }} + {{- end }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/node-services.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/node-services.yaml new file mode 100644 index 00000000..2ffeb7cb --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/node-services.yaml @@ -0,0 +1,68 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (or .Release.IsUpgrade .Values.sentinel.service.nodePorts.valkey ) }} + +{{- range $i := until (int .Values.replica.replicaCount) }} + +{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" $) (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data }} + +{{ $sentinelport := 0}} +{{ $valkeyport := 0}} +{{- if $portsmap }} +{{ $sentinelport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "sentinel") }} +{{ $valkeyport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "valkey") }} +{{- else }} +{{- end }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" $ }}-node-{{ $i }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + app.kubernetes.io/part-of: valkey + {{- if or $.Values.commonAnnotations $.Values.sentinel.service.annotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $.Values.sentinel.service.annotations $.Values.commonAnnotations ) "context" $ ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: NodePort + ports: + - name: sentinel + {{- if $.Values.sentinel.service.nodePorts.sentinel }} + nodePort: {{ (add $.Values.sentinel.service.nodePorts.sentinel $i 1) }} + port: {{ (add $.Values.sentinel.service.nodePorts.sentinel $i 1) }} + {{- else }} + nodePort: {{ $sentinelport }} + port: {{ $sentinelport }} + {{- end }} + protocol: TCP + targetPort: {{ $.Values.sentinel.containerPorts.sentinel }} + - name: valkey + {{- if $.Values.sentinel.service.nodePorts.valkey }} + nodePort: {{ (add $.Values.sentinel.service.nodePorts.valkey $i 1) }} + port: {{ (add $.Values.sentinel.service.nodePorts.valkey $i 1) }} + {{- else }} + nodePort: {{ $valkeyport }} + port: {{ $valkeyport }} + {{- end }} + protocol: TCP + targetPort: {{ $.Values.replica.containerPorts.valkey }} + - name: sentinel-internal + nodePort: null + port: {{ $.Values.sentinel.containerPorts.sentinel }} + protocol: TCP + targetPort: {{ $.Values.sentinel.containerPorts.sentinel }} + - name: valkey-internal + nodePort: null + port: {{ $.Values.replica.containerPorts.valkey }} + protocol: TCP + targetPort: {{ $.Values.replica.containerPorts.valkey }} + selector: + statefulset.kubernetes.io/pod-name: {{ template "common.names.fullname" $ }}-node-{{ $i }} +--- +{{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/pdb.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/pdb.yaml new file mode 100644 index 00000000..87bea09f --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/pdb.yaml @@ -0,0 +1,27 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- $pdb := coalesce .Values.pdb .Values.replica.pdb }} +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled $pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-node" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if $pdb.minAvailable }} + minAvailable: {{ $pdb.minAvailable }} + {{- end }} + {{- if or $pdb.maxUnavailable (not $pdb.minAvailable) }} + maxUnavailable: {{ $pdb.maxUnavailable | default 1 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: node +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/ports-configmap.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/ports-configmap.yaml new file mode 100644 index 00000000..35f95c0f --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/ports-configmap.yaml @@ -0,0 +1,103 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Values.sentinel.service.nodePorts.valkey ) }} +{{- /* create a list to keep track of ports we choose to use */}} +{{ $chosenports := (list ) }} + +{{- /* Get list of all used nodeports */}} +{{ $usedports := (list ) }} +{{- range $index, $service := (lookup "v1" "Service" "" "").items }} + {{- range.spec.ports }} + {{- if .nodePort }} + {{- $usedports = (append $usedports .nodePort) }} + {{- end }} + {{- end }} +{{- end }} + +{{- /* +comments that start with # are rendered in the output when you debug, so you can less and search for them +Vars in the comment will be rendered out, so you can check their value this way. +https://helm.sh/docs/chart_best_practices/templates/#comments-yaml-comments-vs-template-comments + +remove the template comments and leave the yaml comments to help debug +*/}} + +{{- /* Sort the list */}} +{{ $usedports = $usedports | sortAlpha }} +#usedports {{ $usedports }} + +{{- /* How many nodeports per service do we want to create, except for the main service which is always two */}} +{{ $numberofPortsPerNodeService := 2 }} + +{{- /* for every nodeport we want, loop though the used ports to get an unused port */}} +{{- range $j := until (int (add (mul (int .Values.replica.replicaCount) $numberofPortsPerNodeService) 2)) }} + {{- /* #j={{ $j }} */}} + {{- $nodeport := (add $j 30000) }} + {{- $nodeportfound := false }} + {{- range $i := $usedports }} + {{- /* #i={{ $i }} + #nodeport={{ $nodeport }} + #usedports={{ $usedports }} */}} + {{- if and (has (toString $nodeport) $usedports) (eq $nodeportfound false) }} + {{- /* nodeport conflicts with in use */}} + {{- $nodeport = (add $nodeport 1) }} + {{- else if and ( has $nodeport $chosenports) (eq $nodeportfound false) }} + {{- /* nodeport already chosen, try another */}} + {{- $nodeport = (add $nodeport 1) }} + {{- else if (eq $nodeportfound false) }} + {{- /* nodeport free to use: not already claimed and not in use */}} + {{- /* select nodeport, and place into usedports */}} + {{- $chosenports = (append $chosenports $nodeport) }} + {{- $nodeportfound = true }} + {{- else }} + {{- /* nodeport has already been chosen and locked in, just work through the rest of the list to get to the next nodeport selection */}} + {{- end }} + {{- end }} + {{- if (eq $nodeportfound false) }} + {{- $chosenports = (append $chosenports $nodeport) }} + {{- end }} + +{{- end }} + +{{- /* print the usedports and chosenports for debugging */}} +#usedports {{ $usedports }} +#chosenports {{ $chosenports }}}} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-ports-configmap + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if .Values.commonAnnotations }} + annotations: + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" .) (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }} +{{- if $portsmap }} +{{- /* configmap already exists, do not install again */ -}} + {{- range $name, $value := $portsmap }} + "{{ $name }}": "{{ $value }}" + {{- end }} +{{- else }} +{{- /* configmap being set for first time */ -}} + {{- range $index, $port := $chosenports }} + {{- $nodenumber := (floor (div $index 2)) }} + {{- if (eq $index 0) }} + "{{ template "common.names.fullname" $ }}-sentinel": "{{ $port }}" + {{- else if (eq $index 1) }} + "{{ template "common.names.fullname" $ }}-valkey": "{{ $port }}" + {{- else if (eq (mod $index 2) 0) }} + "{{ template "common.names.fullname" $ }}-node-{{ (sub $nodenumber 1) }}-sentinel": "{{ $port }}" + {{- else if (eq (mod $index 2) 1) }} + "{{ template "common.names.fullname" $ }}-node-{{ (sub $nodenumber 1) }}-valkey": "{{ $port }}" + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/service.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/service.yaml new file mode 100644 index 00000000..9c25a95d --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/service.yaml @@ -0,0 +1,162 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.valkey -}} +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} +{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" .) (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }} + +{{ $sentinelport := 0}} +{{ $valkeyport := 0}} +{{- if $portsmap }} +{{ $sentinelport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "sentinel") }} +{{ $valkeyport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "valkey") }} +{{- else }} +{{- end }} + +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + app.kubernetes.io/part-of: valkey + {{- if or .Values.sentinel.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.sentinel.service.type }} + {{- if or (eq .Values.sentinel.service.type "LoadBalancer") (eq .Values.sentinel.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.sentinel.service.type "LoadBalancer") .Values.sentinel.service.loadBalancerClass }} + loadBalancerClass: {{ .Values.sentinel.service.loadBalancerClass }} + {{- end }} + {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if and .Values.sentinel.service.clusterIP (eq .Values.sentinel.service.type "ClusterIP") }} + clusterIP: {{ .Values.sentinel.service.clusterIP }} + {{- end }} + {{- if .Values.sentinel.service.sessionAffinity }} + sessionAffinity: {{ .Values.sentinel.service.sessionAffinity }} + {{- end }} + {{- if .Values.sentinel.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: tcp-redis + {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.valkey }} + port: {{ .Values.sentinel.service.nodePorts.valkey }} + {{- else if eq .Values.sentinel.service.type "NodePort" }} + port: {{ $valkeyport }} + {{- else}} + port: {{ .Values.sentinel.service.ports.valkey }} + {{- end }} + targetPort: {{ .Values.replica.containerPorts.valkey }} + {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.valkey }} + nodePort: {{ .Values.sentinel.service.nodePorts.valkey }} + {{- else if eq .Values.sentinel.service.type "ClusterIP" }} + nodePort: null + {{- else if eq .Values.sentinel.service.type "NodePort" }} + nodePort: {{ $valkeyport }} + {{- end }} + - name: tcp-sentinel + {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.sentinel }} + port: {{ .Values.sentinel.service.nodePorts.sentinel }} + {{- else if eq .Values.sentinel.service.type "NodePort" }} + port: {{ $sentinelport }} + {{- else }} + port: {{ .Values.sentinel.service.ports.sentinel }} + {{- end }} + targetPort: {{ .Values.sentinel.containerPorts.sentinel }} + {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.sentinel }} + nodePort: {{ .Values.sentinel.service.nodePorts.sentinel }} + {{- else if eq .Values.sentinel.service.type "ClusterIP" }} + nodePort: null + {{- else if eq .Values.sentinel.service.type "NodePort" }} + nodePort: {{ $sentinelport }} + {{- end }} + {{- if eq .Values.sentinel.service.type "NodePort" }} + - name: sentinel-internal + nodePort: null + port: {{ .Values.sentinel.containerPorts.sentinel }} + protocol: TCP + targetPort: {{ .Values.sentinel.containerPorts.sentinel }} + - name: valkey-internal + nodePort: null + port: {{ .Values.replica.containerPorts.valkey }} + protocol: TCP + targetPort: {{ .Values.replica.containerPorts.valkey }} + {{- end }} + {{- if .Values.sentinel.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + +{{- if and .Values.sentinel.enabled .Values.sentinel.service.createPrimary}} +--- +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "common.names.fullname" . }}-primary" + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + {{- if or .Values.sentinel.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.sentinel.service.type }} + {{- if or (eq .Values.sentinel.service.type "LoadBalancer") (eq .Values.sentinel.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.sentinel.service.type "LoadBalancer") .Values.sentinel.service.loadBalancerClass }} + loadBalancerClass: {{ .Values.sentinel.service.loadBalancerClass }} + {{- end }} + {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if and .Values.sentinel.service.clusterIP (eq .Values.sentinel.service.type "ClusterIP") }} + clusterIP: {{ .Values.sentinel.service.clusterIP }} + {{- end }} + {{- if .Values.sentinel.service.sessionAffinity }} + sessionAffinity: {{ .Values.sentinel.service.sessionAffinity }} + {{- end }} + {{- if .Values.sentinel.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: tcp-redis + {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.valkey }} + port: {{ .Values.sentinel.service.nodePorts.valkey }} + {{- else if eq .Values.sentinel.service.type "NodePort" }} + port: {{ $valkeyport }} + {{- else}} + port: {{ .Values.sentinel.service.ports.valkey }} + {{- end }} + targetPort: {{ .Values.replica.containerPorts.valkey }} + {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.valkey }} + nodePort: {{ .Values.sentinel.service.nodePorts.valkey }} + {{- else if eq .Values.sentinel.service.type "ClusterIP" }} + nodePort: null + {{- else if eq .Values.sentinel.service.type "NodePort" }} + nodePort: {{ $valkeyport }} + {{- end }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + isPrimary: "true" +{{- end }} +{{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/statefulset.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/statefulset.yaml new file mode 100644 index 00000000..2ff6ebe5 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/statefulset.yaml @@ -0,0 +1,807 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.valkey -}} +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ printf "%s-node" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: node + app.kubernetes.io/part-of: valkey + {{- if or .Values.commonAnnotations .Values.sentinel.annotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replica.replicaCount }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: node + serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} + {{- if .Values.replica.updateStrategy }} + updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }} + {{- end }} + {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }} + minReadySeconds: {{ .Values.replica.minReadySeconds }} + {{- end }} + {{- if .Values.replica.podManagementPolicy }} + podManagementPolicy: {{ .Values.replica.podManagementPolicy | quote }} + {{- end }} + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: node + {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} + {{- end }} + annotations: + {{- if (include "valkey.createConfigmap" .) }} + checksum/configmap: {{ pick ( include (print $.Template.BasePath "/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} + {{- end }} + checksum/health: {{ pick ( include (print $.Template.BasePath "/health-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} + checksum/scripts: {{ pick ( include (print $.Template.BasePath "/scripts-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} + checksum/secret: {{ pick ( include (print $.Template.BasePath "/secret.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} + {{- if .Values.replica.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "valkey.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.replica.automountServiceAccountToken }} + {{- if .Values.replica.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "valkey.serviceAccountName" . }} + {{- if .Values.replica.priorityClassName }} + priorityClassName: {{ .Values.replica.priorityClassName | quote }} + {{- end }} + {{- if .Values.replica.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "node" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "node" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.replica.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }} + {{- end }} + {{- if .Values.replica.schedulerName }} + schedulerName: {{ .Values.replica.schedulerName | quote }} + {{- end }} + {{- if .Values.replica.dnsPolicy }} + dnsPolicy: {{ .Values.replica.dnsPolicy }} + {{- end }} + {{- if .Values.replica.dnsConfig }} + dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.dnsConfig "context" $) | nindent 8 }} + {{- end }} + enableServiceLinks: {{ .Values.sentinel.enableServiceLinks }} + terminationGracePeriodSeconds: {{ .Values.sentinel.terminationGracePeriodSeconds }} + {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }} + {{- if or .Values.replica.initContainers $needsVolumePermissions }} + initContainers: + {{- if .Values.replica.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if $needsVolumePermissions }} + - name: volume-permissions + image: {{ include "valkey.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }} + {{- else }} + chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: valkey-data + mountPath: {{ .Values.replica.persistence.path }} + {{- if .Values.replica.persistence.subPath }} + subPath: {{ .Values.replica.persistence.subPath }} + {{- else if .Values.replica.persistence.subPathExpr }} + subPathExpr: {{ .Values.replica.persistence.subPathExpr }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: valkey + image: {{ template "valkey.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.replica.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }} + {{- else }} + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - /opt/bitnami/scripts/start-scripts/prestop-valkey.sh + {{- end }} + {{- end }} + {{- if .Values.replica.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.replica.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.replica.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }} + {{- else }} + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-node.sh + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: VALKEY_PRIMARY_PORT_NUMBER + value: {{ .Values.replica.containerPorts.valkey | quote }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + {{- if .Values.auth.enabled }} + {{- if .Values.auth.usePasswordFiles }} + - name: VALKEY_PASSWORD_FILE + value: "/opt/bitnami/valkey/secrets/valkey-password" + - name: VALKEY_PRIMARY_PASSWORD_FILE + value: "/opt/bitnami/valkey/secrets/valkey-password" + {{- else }} + - name: VALKEY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "valkey.secretName" . }} + key: {{ template "valkey.secretPasswordKey" . }} + - name: VALKEY_PRIMARY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "valkey.secretName" . }} + key: {{ template "valkey.secretPasswordKey" . }} + {{- end }} + {{- end }} + - name: VALKEY_TLS_ENABLED + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: VALKEY_TLS_PORT + value: {{ .Values.replica.containerPorts.valkey | quote }} + - name: VALKEY_TLS_AUTH_CLIENTS + value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} + - name: VALKEY_TLS_CERT_FILE + value: {{ template "valkey.tlsCert" . }} + - name: VALKEY_TLS_KEY_FILE + value: {{ template "valkey.tlsCertKey" . }} + - name: VALKEY_TLS_CA_FILE + value: {{ template "valkey.tlsCACert" . }} + {{- if .Values.tls.dhParamsFilename }} + - name: VALKEY_TLS_DH_PARAMS_FILE + value: {{ template "valkey.tlsDHParams" . }} + {{- end }} + {{- else }} + - name: VALKEY_PORT + value: {{ .Values.replica.containerPorts.valkey | quote }} + {{- end }} + - name: VALKEY_SENTINEL_TLS_ENABLED + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: VALKEY_SENTINEL_TLS_PORT_NUMBER + value: {{ .Values.sentinel.containerPorts.sentinel | quote }} + - name: VALKEY_SENTINEL_TLS_AUTH_CLIENTS + value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} + - name: VALKEY_SENTINEL_TLS_CERT_FILE + value: {{ template "valkey.tlsCert" . }} + - name: VALKEY_SENTINEL_TLS_KEY_FILE + value: {{ template "valkey.tlsCertKey" . }} + - name: VALKEY_SENTINEL_TLS_CA_FILE + value: {{ template "valkey.tlsCACert" . }} + {{- if .Values.tls.dhParamsFilename }} + - name: VALKEY_SENTINEL_TLS_DH_PARAMS_FILE + value: {{ template "valkey.tlsDHParams" . }} + {{- end }} + {{- else }} + - name: VALKEY_SENTINEL_PORT + value: {{ .Values.sentinel.containerPorts.sentinel | quote }} + {{- end }} + - name: VALKEY_DATA_DIR + value: {{ .Values.replica.persistence.path }} + {{- if .Values.replica.externalPrimary.enabled }} + - name: VALKEY_EXTERNAL_PRIMARY_HOST + value: {{ .Values.replica.externalPrimary.host | quote }} + - name: VALKEY_EXTERNAL_PRIMARY_PORT + value: {{ .Values.replica.externalPrimary.port | quote }} + {{- end }} + {{- if .Values.replica.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }} + envFrom: + {{- if .Values.replica.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.replica.extraEnvVarsCM }} + {{- end }} + {{- if .Values.replica.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.replica.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: valkey + containerPort: {{ .Values.replica.containerPorts.valkey }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.replica.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.replica.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.replica.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.replica.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.replica.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.replica.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.replica.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.replica.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.replica.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.replica.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.replica.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh {{ .Values.replica.readinessProbe.timeoutSeconds }} + {{- end }} + {{- end }} + {{- if .Values.replica.resources }} + resources: {{- toYaml .Values.replica.resources | nindent 12 }} + {{- else if ne .Values.replica.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.replica.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + - name: sentinel-data + mountPath: /opt/bitnami/valkey-sentinel/etc + {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} + - name: valkey-password + mountPath: /opt/bitnami/valkey/secrets/ + {{- end }} + - name: valkey-data + mountPath: {{ .Values.replica.persistence.path }} + {{- if .Values.replica.persistence.subPath }} + subPath: {{ .Values.replica.persistence.subPath }} + {{- else if .Values.replica.persistence.subPathExpr }} + subPathExpr: {{ .Values.replica.persistence.subPathExpr }} + {{- end }} + - name: config + mountPath: /opt/bitnami/valkey/mounted-etc + - name: empty-dir + mountPath: /opt/bitnami/valkey/etc + subPath: app-conf-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if .Values.tls.enabled }} + - name: valkey-certificates + mountPath: /opt/bitnami/valkey/certs + readOnly: true + {{- end }} + {{- if .Values.replica.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + - name: sentinel + image: {{ template "valkey.sentinel.image" . }} + imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.sentinel.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.lifecycleHooks "context" $) | nindent 12 }} + {{- else }} + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - /opt/bitnami/scripts/start-scripts/prestop-sentinel.sh + {{- end }} + {{- end }} + {{- if .Values.sentinel.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.sentinel.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.sentinel.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.sentinel.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.args "context" $) | nindent 12 }} + {{- else }} + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-sentinel.sh + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.sentinel.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if .Values.auth.enabled }} + {{- if .Values.auth.usePasswordFiles }} + - name: VALKEY_PASSWORD_FILE + value: "/opt/bitnami/valkey/secrets/valkey-password" + {{- else }} + - name: VALKEY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "valkey.secretName" . }} + key: {{ template "valkey.secretPasswordKey" . }} + {{- end }} + {{- else }} + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + {{- end }} + - name: VALKEY_SENTINEL_TLS_ENABLED + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: VALKEY_SENTINEL_TLS_PORT_NUMBER + value: {{ .Values.sentinel.containerPorts.sentinel | quote }} + - name: VALKEY_SENTINEL_TLS_AUTH_CLIENTS + value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} + - name: VALKEY_SENTINEL_TLS_CERT_FILE + value: {{ template "valkey.tlsCert" . }} + - name: VALKEY_SENTINEL_TLS_KEY_FILE + value: {{ template "valkey.tlsCertKey" . }} + - name: VALKEY_SENTINEL_TLS_CA_FILE + value: {{ template "valkey.tlsCACert" . }} + {{- if .Values.tls.dhParamsFilename }} + - name: VALKEY_SENTINEL_TLS_DH_PARAMS_FILE + value: {{ template "valkey.tlsDHParams" . }} + {{- end }} + {{- else }} + - name: VALKEY_SENTINEL_PORT + value: {{ .Values.sentinel.containerPorts.sentinel | quote }} + {{- end }} + {{- if .Values.sentinel.externalPrimary.enabled }} + - name: VALKEY_EXTERNAL_PRIMARY_HOST + value: {{ .Values.sentinel.externalPrimary.host | quote }} + - name: VALKEY_EXTERNAL_PRIMARY_PORT + value: {{ .Values.sentinel.externalPrimary.port | quote }} + {{- end }} + {{- if .Values.sentinel.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if or .Values.sentinel.extraEnvVarsCM .Values.sentinel.extraEnvVarsSecret }} + envFrom: + {{- if .Values.sentinel.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.sentinel.extraEnvVarsCM }} + {{- end }} + {{- if .Values.sentinel.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.sentinel.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: valkey-sentinel + containerPort: {{ .Values.sentinel.containerPorts.sentinel }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.sentinel.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.sentinel.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.sentinel.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - sh + - -c + - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.sentinel.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.sentinel.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} + {{- end }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.sentinel.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.sentinel.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_sentinel.sh {{ .Values.sentinel.readinessProbe.timeoutSeconds }} + {{- end }} + {{- end }} + {{- if .Values.sentinel.resources }} + resources: {{- toYaml .Values.sentinel.resources | nindent 12 }} + {{- else if ne .Values.sentinel.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.sentinel.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + {{- if .Values.sentinel.service.createPrimary}} + - name: kubectl-shared + mountPath: /etc/shared + {{- end }} + - name: sentinel-data + mountPath: /opt/bitnami/valkey-sentinel/etc + {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} + - name: valkey-password + mountPath: /opt/bitnami/valkey/secrets/ + {{- end }} + - name: valkey-data + mountPath: {{ .Values.replica.persistence.path }} + {{- if .Values.replica.persistence.subPath }} + subPath: {{ .Values.replica.persistence.subPath }} + {{- else if .Values.replica.persistence.subPathExpr }} + subPathExpr: {{ .Values.replica.persistence.subPathExpr }} + {{- end }} + - name: config + mountPath: /opt/bitnami/valkey-sentinel/mounted-etc + {{- if .Values.tls.enabled }} + - name: valkey-certificates + mountPath: /opt/bitnami/valkey/certs + readOnly: true + {{- end }} + {{- if .Values.sentinel.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "valkey.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -c + - | + {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} + export REDIS_PASSWORD="$(< $REDIS_PASSWORD_FILE)" + {{- end }} + redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: REDIS_ALIAS + value: {{ template "common.names.fullname" . }} + - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS + value: {{ printf ":%v" .Values.metrics.containerPorts.http }} + {{- if .Values.auth.enabled }} + - name: REDIS_USER + value: default + {{- if .Values.auth.usePasswordFiles }} + - name: REDIS_PASSWORD_FILE + value: "/secrets/valkey-password" + {{- else }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "valkey.secretName" . }} + key: {{ template "valkey.secretPasswordKey" . }} + {{- end }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: REDIS_ADDR + value: valkeys://{{ .Values.metrics.valkeyTargetHost }}:{{ .Values.replica.containerPorts.valkey }} + {{- if .Values.tls.authClients }} + - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE + value: {{ template "valkey.tlsCertKey" . }} + - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE + value: {{ template "valkey.tlsCert" . }} + {{- end }} + - name: REDIS_EXPORTER_TLS_CA_CERT_FILE + value: {{ template "valkey.tlsCACert" . }} + {{- end }} + {{- if .Values.metrics.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPorts.http }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- else if ne .Values.metrics.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} + - name: valkey-password + mountPath: /secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: valkey-certificates + mountPath: /opt/bitnami/valkey/certs + readOnly: true + {{- end }} + {{- if .Values.metrics.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sentinel.service.createPrimary }} + - name: kubectl-shared + image: {{ template "valkey.kubectl.image" . }} + imagePullPolicy: {{ .Values.kubectl.image.pullPolicy | quote }} + command: {{- toYaml .Values.kubectl.command | nindent 12 }} + {{- if .Values.kubectl.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.kubectl.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: kubectl-shared + mountPath: /etc/shared + - name: kubectl-scripts + mountPath: /opt/bitnami/scripts/kubectl-scripts + {{- if .Values.kubectl.resources }} + resources: {{- toYaml .Values.kubectl.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.replica.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: start-scripts + configMap: + name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} + defaultMode: 0755 + - name: health + configMap: + name: {{ printf "%s-health" (include "common.names.fullname" .) }} + defaultMode: 0755 + {{- if .Values.sentinel.service.createPrimary}} + - name: kubectl-shared + emptyDir: {} + - name: kubectl-scripts + configMap: + name: {{ printf "%s-kubectl-scripts" (include "common.names.fullname" .) }} + defaultMode: 0755 + {{- end }} + {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} + - name: valkey-password + {{ if .Values.auth.usePasswordFileFromSecret }} + secret: + secretName: {{ template "valkey.secretName" . }} + items: + - key: {{ template "valkey.secretPasswordKey" . }} + path: valkey-password + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: config + configMap: + name: {{ include "valkey.configmapName" . }} + {{- if not .Values.sentinel.persistence.enabled }} + - name: sentinel-data + {{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }} + emptyDir: + {{- if .Values.sentinel.persistence.medium }} + medium: {{ .Values.sentinel.persistence.medium | quote }} + {{- end }} + {{- if .Values.sentinel.persistence.sizeLimit }} + sizeLimit: {{ .Values.sentinel.persistence.sizeLimit | quote }} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: empty-dir + {{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }} + emptyDir: + {{- if .Values.sentinel.persistence.medium }} + medium: {{ .Values.sentinel.persistence.medium | quote }} + {{- end }} + {{- if .Values.sentinel.persistence.sizeLimit }} + sizeLimit: {{ .Values.sentinel.persistence.sizeLimit | quote }} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.replica.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.sentinel.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: valkey-certificates + secret: + secretName: {{ include "valkey.tlsSecretName" . }} + defaultMode: 256 + {{- end }} + {{- if not .Values.replica.persistence.enabled }} + - name: valkey-data + {{- if or .Values.replica.persistence.medium .Values.replica.persistence.sizeLimit }} + emptyDir: + {{- if .Values.replica.persistence.medium }} + medium: {{ .Values.replica.persistence.medium | quote }} + {{- end }} + {{- if .Values.replica.persistence.sizeLimit }} + sizeLimit: {{ .Values.replica.persistence.sizeLimit | quote }} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else if .Values.replica.persistence.existingClaim }} + - name: valkey-data + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.replica.persistence.existingClaim .) }} + {{- else }} + {{- if .Values.sentinel.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.sentinel.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: valkey-data + labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }} + app.kubernetes.io/component: node + {{- if .Values.replica.persistence.annotations }} + annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.replica.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.replica.persistence.size | quote }} + {{- if .Values.replica.persistence.selector }} + selector: {{- include "common.tplvalues.render" ( dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }} + {{- if .Values.sentinel.persistence.enabled }} + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: sentinel-data + {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.persistence.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} + app.kubernetes.io/component: node + {{- if .Values.sentinel.persistence.annotations }} + annotations: {{- toYaml .Values.sentinel.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.sentinel.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.sentinel.persistence.size | quote }} + {{- if .Values.sentinel.persistence.selector }} + selector: {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.sentinel.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.sentinel.persistence "global" .Values.global) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/vpa.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/vpa.yaml new file mode 100644 index 00000000..6e53acb4 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/vpa.yaml @@ -0,0 +1,58 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.replica.autoscaling.vpa.enabled .Values.sentinel.enabled }} +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: replica + app.kubernetes.io/part-of: valkey + {{- if or .Values.replica.autoscaling.vpa.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + resourcePolicy: + containerPolicies: + - containerName: valkey + {{- with .Values.replica.autoscaling.vpa.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.replica.autoscaling.vpa.maxAllowed }} + maxAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.replica.autoscaling.vpa.minAllowed }} + minAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + - containerName: sentinel + {{- with .Values.replica.autoscaling.vpa.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.replica.autoscaling.vpa.maxAllowed }} + maxAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.replica.autoscaling.vpa.minAllowed }} + minAllowed: + {{- toYaml . | nindent 8 }} + {{- end }} + targetRef: + apiVersion: apps/v1 + kind: "StatefulSet" + name: {{ printf "%s-node" (include "common.names.fullname" .) }} + {{- if .Values.replica.autoscaling.vpa.updatePolicy }} + updatePolicy: + {{- with .Values.replica.autoscaling.vpa.updatePolicy.updateMode }} + updateMode: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/serviceaccount.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/serviceaccount.yaml new file mode 100644 index 00000000..f52411d6 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.serviceAccount.create .Values.sentinel.enabled }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ template "valkey.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/servicemonitor.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/servicemonitor.yaml new file mode 100644 index 00000000..cb9008bc --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/servicemonitor.yaml @@ -0,0 +1,83 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.metrics.serviceMonitor.port }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- toYaml . | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} + {{- end }} + {{- range .Values.metrics.serviceMonitor.additionalEndpoints }} + - port: {{ .port }} + {{- if .interval }} + interval: {{ .interval }} + {{- end }} + {{- if .scrapeTimeout }} + scrapeTimeout: {{ .scrapeTimeout }} + {{- end }} + {{- if .honorLabels }} + honorLabels: {{ .honorLabels }} + {{- end }} + {{- with $.Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- toYaml . | nindent 6 }} + {{- end }} + {{- if .metricRelabelings }} + metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }} + {{- end }} + {{- if .path }} + path: {{ .path }} + {{- end }} + {{- if .params }} + params: + {{- range $key, $value := .params }} + {{ $key }}: + {{- range $value }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.podTargetLabels }} + podTargetLabels: {{- toYaml .Values.metrics.serviceMonitor.podTargetLabels | nindent 4 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.sampleLimit }} + sampleLimit: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.targetLimit }} + targetLimit: {{ . }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: metrics +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/tls-secret.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/tls-secret.yaml new file mode 100644 index 00000000..56748368 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/templates/tls-secret.yaml @@ -0,0 +1,32 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "valkey.createTlsSecret" .) }} +{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} +{{- $ca := genCA "valkey-ca" 365 }} +{{- $releaseNamespace := (include "common.names.namespace" .) }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $fullname := include "common.names.fullname" . }} +{{- $serviceName := include "common.names.fullname" . }} +{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} +{{- $primaryServiceName := printf "%s-primary" (include "common.names.fullname" .) }} +{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $primaryServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $primaryServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/part-of: valkey + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/values.schema.json b/applications/n8n/charts/n8n/charts/valkey/values.schema.json new file mode 100644 index 00000000..1e2b65f2 --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/values.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "architecture": { + "type": "string", + "title": "Valkey architecture", + "form": true, + "description": "Allowed values: `standalone` or `replication`", + "enum": ["standalone", "replication"] + }, + "auth": { + "type": "object", + "title": "Authentication configuration", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Use password authentication" + }, + "password": { + "type": "string", + "title": "Valkey password", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": false, + "path": "auth/enabled" + } + } + } + }, + "primary": { + "type": "object", + "title": "Primary replicas settings", + "form": true, + "properties": { + "kind": { + "type": "string", + "title": "Workload Kind", + "form": true, + "description": "Allowed values: `Deployment`, `StatefulSet` or `DaemonSet`", + "enum": ["Deployment", "StatefulSet", "DaemonSet"] + }, + "persistence": { + "type": "object", + "title": "Persistence for primary replicas", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable persistence", + "description": "Enable persistence using Persistent Volume Claims" + }, + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi", + "hidden": { + "value": false, + "path": "primary/persistence/enabled" + } + } + } + } + } + }, + "replica": { + "type": "object", + "title": "Valkey replicas settings", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + }, + "properties": { + "kind": { + "type": "string", + "title": "Workload Kind", + "form": true, + "description": "Allowed values: `DaemonSet` or `StatefulSet`", + "enum": ["DaemonSet", "StatefulSet"] + }, + "replicaCount": { + "type": "integer", + "form": true, + "title": "Number of Valkey replicas" + }, + "persistence": { + "type": "object", + "title": "Persistence for Valkey replicas", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable persistence", + "description": "Enable persistence using Persistent Volume Claims" + }, + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi", + "hidden": { + "value": false, + "path": "replica/persistence/enabled" + } + } + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" + } + } + }, + "metrics": { + "type": "object", + "form": true, + "title": "Prometheus metrics details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus metrics exporter", + "description": "Create a side-car container to expose Prometheus metrics", + "form": true + }, + "serviceMonitor": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus Operator ServiceMonitor", + "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", + "form": true, + "hidden": { + "value": false, + "path": "metrics/enabled" + } + } + } + } + } + } + } +} diff --git a/applications/n8n/charts/n8n/charts/valkey/values.yaml b/applications/n8n/charts/n8n/charts/valkey/values.yaml new file mode 100644 index 00000000..557813ea --- /dev/null +++ b/applications/n8n/charts/n8n/charts/valkey/values.yaml @@ -0,0 +1,2137 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) +## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead +## @param global.valkey.password Global Valkey password (overrides `auth.password`) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + defaultStorageClass: "" + storageClass: "" + ## Security parameters + ## + security: + ## @param global.security.allowInsecureImages Allows skipping image verification + allowInsecureImages: false + valkey: + password: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param apiVersions Override Kubernetes API versions reported by .Capabilities +## +apiVersions: [] +## @param nameOverride String to partially override common.names.fullname +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param secretAnnotations Annotations to add to secret +## +secretAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## @param useHostnames Use hostnames internally when announcing replication. If false, the hostname will be resolved to an IP address +## +useHostnames: true +## @param nameResolutionThreshold Failure threshold for internal hostnames resolution +## +nameResolutionThreshold: 5 +## @param nameResolutionTimeout Timeout seconds between probes for internal hostnames resolution +## +nameResolutionTimeout: 5 +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity +## @section Valkey Image parameters +## + +## Bitnami Valkey image +## ref: https://hub.docker.com/r/bitnami/valkey/tags/ +## @param image.registry [default: REGISTRY_NAME] Valkey image registry +## @param image.repository [default: REPOSITORY_NAME/valkey] Valkey image repository +## @skip image.tag Valkey image tag (immutable tags are recommended) +## @param image.digest Valkey image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy Valkey image pull policy +## @param image.pullSecrets Valkey image pull secrets +## @param image.debug Enable image debug mode +## +image: + registry: docker.io + repository: bitnami/valkey + tag: 8.0.2-debian-12-r6 + digest: "" + ## Specify a imagePullPolicy + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false +## @section Valkey common configuration parameters +## https://github.com/bitnami/containers/tree/main/bitnami/valkey#configuration +## + +## @param architecture Valkey architecture. Allowed values: `standalone` or `replication` +## +architecture: replication +## Valkey Authentication parameters +## ref: https://github.com/bitnami/containers/tree/main/bitnami/valkey#setting-the-server-password-on-first-run +## +auth: + ## @param auth.enabled Enable password authentication + ## + enabled: true + ## @param auth.sentinel Enable password authentication on sentinels too + ## + sentinel: true + ## @param auth.password Valkey password + ## Defaults to a random 10-character alphanumeric string if not set + ## + password: "" + ## @param auth.existingSecret The name of an existing secret with Valkey credentials + ## NOTE: When it's set, the previous `auth.password` parameter is ignored + ## + existingSecret: "" + ## @param auth.existingSecretPasswordKey Password key to be retrieved from existing secret + ## NOTE: ignored unless `auth.existingSecret` parameter is set + ## + existingSecretPasswordKey: "" + ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable + ## + usePasswordFiles: true + ## @param auth.usePasswordFileFromSecret Mount password file from secret + ## + usePasswordFileFromSecret: true +## @param commonConfiguration [string] Common configuration to be added into the ConfigMap +## ref: https://valkey.io/topics/valkey-conf/ +## +commonConfiguration: |- + # Enable AOF https://valkey.io/docs/topics/persistence.html + appendonly yes + # Disable RDB persistence, AOF persistence already enabled. + save "" +## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Valkey nodes +## +existingConfigmap: "" +## @section Valkey primary configuration parameters +## +primary: + ## @param primary.replicaCount Number of Valkey primary instances to deploy (experimental, requires additional configuration) + ## + replicaCount: 1 + ## @param primary.configuration Configuration for Valkey primary nodes + ## ref: https://valkey.io/topics/config + ## + configuration: "" + ## @param primary.disableCommands Array with Valkey commands to disable on primary nodes + ## Commands will be completely disabled by renaming each to an empty string. + ## ref: https://valkey.io/topics/security#disabling-of-specific-commands + ## + disableCommands: + - FLUSHDB + - FLUSHALL + ## @param primary.command Override default container command (useful when using custom images) + ## + command: [] + ## @param primary.args Override default container args (useful when using custom images) + ## + args: [] + ## @param primary.enableServiceLinks Whether information about services should be injected into pod's environment variable + ## + enableServiceLinks: true + ## @param primary.preExecCmds Additional commands to run prior to starting Valkey primary + ## + preExecCmds: [] + ## @param primary.extraFlags Array with additional command line flags for Valkey primary + ## e.g: + ## extraFlags: + ## - "--maxmemory-policy volatile-ttl" + ## - "--repl-backlog-size 1024mb" + ## + extraFlags: [] + ## @param primary.extraEnvVars Array with extra environment variables to add to Valkey primary nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param primary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Valkey primary nodes + ## + extraEnvVarsCM: "" + ## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for Valkey primary nodes + ## + extraEnvVarsSecret: "" + ## @param primary.containerPorts.valkey Container port to open on Valkey primary nodes + ## + containerPorts: + valkey: 6379 + ## Configure extra options for Valkey containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param primary.startupProbe.enabled Enable startupProbe on Valkey primary nodes + ## @param primary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param primary.startupProbe.periodSeconds Period seconds for startupProbe + ## @param primary.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param primary.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param primary.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param primary.livenessProbe.enabled Enable livenessProbe on Valkey primary nodes + ## @param primary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param primary.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param primary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param primary.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param primary.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param primary.readinessProbe.enabled Enable readinessProbe on Valkey primary nodes + ## @param primary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param primary.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param primary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param primary.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param primary.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + ## @param primary.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param primary.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param primary.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## Valkey primary resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param primary.podSecurityContext.enabled Enabled Valkey primary pods' Security Context + ## @param primary.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param primary.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param primary.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param primary.podSecurityContext.fsGroup Set Valkey primary pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param primary.containerSecurityContext.enabled Enabled Valkey primary containers' Security Context + ## @param primary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param primary.containerSecurityContext.runAsUser Set Valkey primary containers' Security Context runAsUser + ## @param primary.containerSecurityContext.runAsGroup Set Valkey primary containers' Security Context runAsGroup + ## @param primary.containerSecurityContext.runAsNonRoot Set Valkey primary containers' Security Context runAsNonRoot + ## @param primary.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate Valkey pod(s) privileges + ## @param primary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem + ## @param primary.containerSecurityContext.seccompProfile.type Set Valkey primary containers' Security Context seccompProfile + ## @param primary.containerSecurityContext.capabilities.drop Set Valkey primary containers' Security Context capabilities to drop + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: ["ALL"] + ## @param primary.kind Use either Deployment, StatefulSet (default) or DaemonSet + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ + ## + kind: StatefulSet + ## @param primary.schedulerName Alternate scheduler for Valkey primary pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param primary.updateStrategy.type Valkey primary statefulset strategy type + ## @skip primary.updateStrategy.rollingUpdate + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment) + ## + type: RollingUpdate + ## @param primary.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update + ## + minReadySeconds: 0 + ## @param primary.priorityClassName Valkey primary pods' priorityClassName + ## + priorityClassName: "" + ## @param primary.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false + ## @param primary.hostAliases Valkey primary pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param primary.podLabels Extra labels for Valkey primary pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param primary.podAnnotations Annotations for Valkey primary pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param primary.shareProcessNamespace Share a single process namespace between all of the containers in Valkey primary pods + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + ## + shareProcessNamespace: false + ## @param primary.podAffinityPreset Pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param primary.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node primary.affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param primary.nodeAffinityPreset.type Node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param primary.nodeAffinityPreset.key Node label key to match. Ignored if `primary.affinity` is set + ## + key: "" + ## @param primary.nodeAffinityPreset.values Node label values to match. Ignored if `primary.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param primary.affinity Affinity for Valkey primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `primary.podAffinityPreset`, `primary.podAntiAffinityPreset`, and `primary.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param primary.nodeSelector Node labels for Valkey primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param primary.tolerations Tolerations for Valkey primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param primary.topologySpreadConstraints Spread Constraints for Valkey primary pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## E.g. + ## topologySpreadConstraints: + ## - maxSkew: 1 + ## topologyKey: node + ## whenUnsatisfiable: DoNotSchedule + ## + topologySpreadConstraints: [] + ## @param primary.dnsPolicy DNS Policy for Valkey primary pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsPolicy: ClusterFirst + ## + dnsPolicy: "" + ## @param primary.dnsConfig DNS Configuration for Valkey primary pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsConfig: + ## options: + ## - name: ndots + ## value: "4" + ## - name: single-request-reopen + ## + dnsConfig: {} + ## @param primary.lifecycleHooks for the Valkey primary container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param primary.extraVolumes Optionally specify extra list of additional volumes for the Valkey primary pod(s) + ## + extraVolumes: [] + ## @param primary.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Valkey primary container(s) + ## + extraVolumeMounts: [] + ## @param primary.sidecars Add additional sidecar containers to the Valkey primary pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param primary.initContainers Add additional init containers to the Valkey primary pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Persistence parameters + ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ + ## + persistence: + ## @param primary.persistence.enabled Enable persistence on Valkey primary nodes using Persistent Volume Claims + ## + enabled: true + ## @param primary.persistence.medium Provide a medium for `emptyDir` volumes. + ## + medium: "" + ## @param primary.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. + ## + sizeLimit: "" + ## @param primary.persistence.path The path the volume will be mounted at on Valkey primary containers + ## NOTE: Useful when using different Valkey images + ## + path: /data + ## @param primary.persistence.subPath The subdirectory of the volume to mount on Valkey primary containers + ## NOTE: Useful in dev environments + ## + subPath: "" + ## @param primary.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Valkey primary containers + ## + subPathExpr: "" + ## @param primary.persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner + ## + storageClass: "" + ## @param primary.persistence.accessModes Persistent Volume access modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size Persistent Volume size + ## + size: 8Gi + ## @param primary.persistence.annotations Additional custom annotations for the PVC + ## + annotations: {} + ## @param primary.persistence.labels Additional custom labels for the PVC + ## + labels: {} + ## @param primary.persistence.selector Additional labels to match for the PVC + ## e.g: + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param primary.persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## @param primary.persistence.existingClaim Use a existing PVC which must be created manually before bound + ## NOTE: requires primary.persistence.enabled: true + ## + existingClaim: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param primary.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param primary.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param primary.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: false + whenScaled: Retain + whenDeleted: Retain + ## Valkey primary service parameters + ## + service: + ## @param primary.service.type Valkey primary service type + ## + type: ClusterIP + ## @param primary.service.ports.valkey Valkey primary service port + ## + ports: + valkey: 6379 + ## @param primary.service.nodePorts.valkey Node port for Valkey primary + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + valkey: "" + ## @param primary.service.externalTrafficPolicy Valkey primary service external traffic policy + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param primary.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param primary.service.internalTrafficPolicy Valkey primary service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ + ## + internalTrafficPolicy: Cluster + ## @param primary.service.clusterIP Valkey primary service Cluster IP + ## + clusterIP: "" + ## @param primary.service.loadBalancerIP Valkey primary service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param primary.service.loadBalancerClass primary service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerClass: "" + ## @param primary.service.loadBalancerSourceRanges Valkey primary service Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param primary.service.externalIPs Valkey primary service External IPs + ## https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## e.g. + ## externalIPs: + ## - 10.10.10.1 + ## - 201.22.30.1 + ## + externalIPs: [] + ## @param primary.service.annotations Additional custom annotations for Valkey primary service + ## + annotations: {} + ## @param primary.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param primary.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## @param primary.terminationGracePeriodSeconds Integer setting the termination grace period for the valkey-primary pods + ## + terminationGracePeriodSeconds: 30 + ## ServiceAccount configuration + ## + serviceAccount: + ## @param primary.serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param primary.serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param primary.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## + automountServiceAccountToken: false + ## @param primary.serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param primary.pdb.create Enable/disable a Pod Disruption Budget creation + ## @param primary.pdb.minAvailable [object] Minimum number/percentage of pods that should remain scheduled + ## @param primary.pdb.maxUnavailable [object] Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `primary.pdb.minAvailable` and `primary.pdb.maxUnavailable` are empty. + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + +## @section Valkey replicas configuration parameters +## +replica: + ## @param replica.kind Use either DaemonSet or StatefulSet (default) + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ + ## + kind: StatefulSet + ## @param replica.replicaCount Number of Valkey replicas to deploy + ## + replicaCount: 3 + ## @param replica.configuration Configuration for Valkey replicas nodes + ## ref: https://valkey.io/topics/config + ## + configuration: "" + ## @param replica.disableCommands Array with Valkey commands to disable on replicas nodes + ## Commands will be completely disabled by renaming each to an empty string. + ## ref: https://valkey.io/topics/security#disabling-of-specific-commands + ## + disableCommands: + - FLUSHDB + - FLUSHALL + ## @param replica.command Override default container command (useful when using custom images) + ## + command: [] + ## @param replica.args Override default container args (useful when using custom images) + ## + args: [] + ## @param replica.enableServiceLinks Whether information about services should be injected into pod's environment variable + ## + enableServiceLinks: true + ## @param replica.preExecCmds Additional commands to run prior to starting Valkey replicas + ## + preExecCmds: [] + ## @param replica.extraFlags Array with additional command line flags for Valkey replicas + ## e.g: + ## extraFlags: + ## - "--maxmemory-policy volatile-ttl" + ## - "--repl-backlog-size 1024mb" + ## + extraFlags: [] + ## @param replica.extraEnvVars Array with extra environment variables to add to Valkey replicas nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param replica.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Valkey replicas nodes + ## + extraEnvVarsCM: "" + ## @param replica.extraEnvVarsSecret Name of existing Secret containing extra env vars for Valkey replicas nodes + ## + extraEnvVarsSecret: "" + ## @param replica.externalPrimary.enabled Use external primary for bootstrapping + ## @param replica.externalPrimary.host External primary host to bootstrap from + ## @param replica.externalPrimary.port Port for Valkey service external primary host + ## + externalPrimary: + enabled: false + host: "" + port: 6379 + ## @param replica.containerPorts.valkey Container port to open on Valkey replicas nodes + ## + containerPorts: + valkey: 6379 + ## Configure extra options for Valkey containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param replica.startupProbe.enabled Enable startupProbe on Valkey replicas nodes + ## @param replica.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param replica.startupProbe.periodSeconds Period seconds for startupProbe + ## @param replica.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param replica.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param replica.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 22 + ## @param replica.livenessProbe.enabled Enable livenessProbe on Valkey replicas nodes + ## @param replica.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param replica.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param replica.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param replica.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param replica.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param replica.readinessProbe.enabled Enable readinessProbe on Valkey replicas nodes + ## @param replica.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param replica.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param replica.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param replica.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param replica.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + ## @param replica.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param replica.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param replica.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## Valkey replicas resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param replica.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param replica.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param replica.podSecurityContext.enabled Enabled Valkey replicas pods' Security Context + ## @param replica.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param replica.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param replica.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param replica.podSecurityContext.fsGroup Set Valkey replicas pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param replica.containerSecurityContext.enabled Enabled Valkey replicas containers' Security Context + ## @param replica.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param replica.containerSecurityContext.runAsUser Set Valkey replicas containers' Security Context runAsUser + ## @param replica.containerSecurityContext.runAsGroup Set Valkey replicas containers' Security Context runAsGroup + ## @param replica.containerSecurityContext.runAsNonRoot Set Valkey replicas containers' Security Context runAsNonRoot + ## @param replica.containerSecurityContext.allowPrivilegeEscalation Set Valkey replicas pod's Security Context allowPrivilegeEscalation + ## @param replica.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem + ## @param replica.containerSecurityContext.seccompProfile.type Set Valkey replicas containers' Security Context seccompProfile + ## @param replica.containerSecurityContext.capabilities.drop Set Valkey replicas containers' Security Context capabilities to drop + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: ["ALL"] + ## @param replica.schedulerName Alternate scheduler for Valkey replicas pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param replica.updateStrategy.type Valkey replicas statefulset strategy type + ## @skip replica.updateStrategy.rollingUpdate + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment) + ## + type: RollingUpdate + ## @param replica.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update + ## + minReadySeconds: 0 + ## @param replica.priorityClassName Valkey replicas pods' priorityClassName + ## + priorityClassName: "" + ## @param replica.podManagementPolicy podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: "" + ## @param replica.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: false + ## @param replica.hostAliases Valkey replicas pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param replica.podLabels Extra labels for Valkey replicas pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param replica.podAnnotations Annotations for Valkey replicas pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param replica.shareProcessNamespace Share a single process namespace between all of the containers in Valkey replicas pods + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + ## + shareProcessNamespace: false + ## @param replica.podAffinityPreset Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param replica.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param replica.nodeAffinityPreset.type Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param replica.nodeAffinityPreset.key Node label key to match. Ignored if `replica.affinity` is set + ## + key: "" + ## @param replica.nodeAffinityPreset.values Node label values to match. Ignored if `replica.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param replica.affinity Affinity for Valkey replicas pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `replica.podAffinityPreset`, `replica.podAntiAffinityPreset`, and `replica.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param replica.nodeSelector Node labels for Valkey replicas pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param replica.tolerations Tolerations for Valkey replicas pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param replica.topologySpreadConstraints Spread Constraints for Valkey replicas pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## E.g. + ## topologySpreadConstraints: + ## - maxSkew: 1 + ## topologyKey: node + ## whenUnsatisfiable: DoNotSchedule + ## + topologySpreadConstraints: [] + ## @param replica.dnsPolicy DNS Policy for Valkey replica pods + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsPolicy: ClusterFirst + ## + dnsPolicy: "" + ## @param replica.dnsConfig DNS Configuration for Valkey replica pods + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsConfig: + ## options: + ## - name: ndots + ## value: "4" + ## - name: single-request-reopen + ## + dnsConfig: {} + ## @param replica.lifecycleHooks for the Valkey replica container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param replica.extraVolumes Optionally specify extra list of additional volumes for the Valkey replicas pod(s) + ## + extraVolumes: [] + ## @param replica.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Valkey replicas container(s) + ## + extraVolumeMounts: [] + ## @param replica.sidecars Add additional sidecar containers to the Valkey replicas pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param replica.initContainers Add additional init containers to the Valkey replicas pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Persistence Parameters + ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ + ## + persistence: + ## @param replica.persistence.enabled Enable persistence on Valkey replicas nodes using Persistent Volume Claims + ## + enabled: true + ## @param replica.persistence.medium Provide a medium for `emptyDir` volumes. + ## + medium: "" + ## @param replica.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. + ## + sizeLimit: "" + ## @param replica.persistence.path The path the volume will be mounted at on Valkey replicas containers + ## NOTE: Useful when using different Valkey images + ## + path: /data + ## @param replica.persistence.subPath The subdirectory of the volume to mount on Valkey replicas containers + ## NOTE: Useful in dev environments + ## + subPath: "" + ## @param replica.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Valkey replicas containers + ## + subPathExpr: "" + ## @param replica.persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner + ## + storageClass: "" + ## @param replica.persistence.accessModes Persistent Volume access modes + ## + accessModes: + - ReadWriteOnce + ## @param replica.persistence.size Persistent Volume size + ## + size: 8Gi + ## @param replica.persistence.annotations Additional custom annotations for the PVC + ## + annotations: {} + ## @param replica.persistence.labels Additional custom labels for the PVC + ## + labels: {} + ## @param replica.persistence.selector Additional labels to match for the PVC + ## e.g: + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param replica.persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## @param replica.persistence.existingClaim Use a existing PVC which must be created manually before bound + ## NOTE: requires replica.persistence.enabled: true + ## + existingClaim: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param replica.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param replica.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param replica.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: false + whenScaled: Retain + whenDeleted: Retain + ## Valkey replicas service parameters + ## + service: + ## @param replica.service.type Valkey replicas service type + ## + type: ClusterIP + ## @param replica.service.ports.valkey Valkey replicas service port + ## + ports: + valkey: 6379 + ## @param replica.service.nodePorts.valkey Node port for Valkey replicas + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + valkey: "" + ## @param replica.service.externalTrafficPolicy Valkey replicas service external traffic policy + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param replica.service.internalTrafficPolicy Valkey replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ + ## + internalTrafficPolicy: Cluster + ## @param replica.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param replica.service.clusterIP Valkey replicas service Cluster IP + ## + clusterIP: "" + ## @param replica.service.loadBalancerIP Valkey replicas service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param replica.service.loadBalancerClass replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerClass: "" + ## @param replica.service.loadBalancerSourceRanges Valkey replicas service Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param replica.service.annotations Additional custom annotations for Valkey replicas service + ## + annotations: {} + ## @param replica.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param replica.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## @param replica.terminationGracePeriodSeconds Integer setting the termination grace period for the valkey-replicas pods + ## + terminationGracePeriodSeconds: 30 + ## @section Autoscaling + ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + ## + autoscaling: + vpa: + ## @param replica.autoscaling.vpa.enabled Enable VPA + ## + enabled: false + ## @param replica.autoscaling.vpa.annotations Annotations for VPA resource + ## + annotations: {} + ## @param replica.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + ## + controlledResources: [] + ## @param replica.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod + ## cpu: 200m + ## memory: 100Mi + maxAllowed: {} + ## @param replica.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod + ## cpu: 200m + ## memory: 100Mi + minAllowed: {} + ## @section VPA update policy + ## + updatePolicy: + ## @param replica.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod + ## Possible values are "Off", "Initial", "Recreate", and "Auto". + ## + updateMode: Auto + hpa: + ## @param replica.autoscaling.hpa.enabled Enable HPA + ## + enabled: false + ## @param replica.autoscaling.hpa.minReplicas Minimum number of replicas + ## + minReplicas: "" + ## @param replica.autoscaling.hpa.maxReplicas Maximum number of replicas + ## + maxReplicas: "" + ## @param replica.autoscaling.hpa.targetCPU Target CPU utilization percentage + ## + targetCPU: "" + ## @param replica.autoscaling.hpa.targetMemory Target Memory utilization percentage + ## + targetMemory: "" + ## ServiceAccount configuration + ## + serviceAccount: + ## @param replica.serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param replica.serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param replica.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## + automountServiceAccountToken: false + ## @param replica.serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param replica.pdb.create Enable/disable a Pod Disruption Budget creation + ## @param replica.pdb.minAvailable [object] Minimum number/percentage of pods that should remain scheduled + ## @param replica.pdb.maxUnavailable [object] Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `replica.pdb.minAvailable` and `replica.pdb.maxUnavailable` are empty. + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + +## @section Valkey Sentinel configuration parameters +## + +sentinel: + ## @param sentinel.enabled Use Valkey Sentinel on Valkey pods. + ## IMPORTANT: this will disable the primary and replicas services and + ## create a single Valkey service exposing both the Valkey and Sentinel ports + ## + enabled: false + ## Bitnami Valkey Sentinel image version + ## ref: https://hub.docker.com/r/bitnami/valkey-sentinel/tags/ + ## @param sentinel.image.registry [default: REGISTRY_NAME] Valkey Sentinel image registry + ## @param sentinel.image.repository [default: REPOSITORY_NAME/valkey-sentinel] Valkey Sentinel image repository + ## @skip sentinel.image.tag Valkey Sentinel image tag (immutable tags are recommended) + ## @param sentinel.image.digest Valkey Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param sentinel.image.pullPolicy Valkey Sentinel image pull policy + ## @param sentinel.image.pullSecrets Valkey Sentinel image pull secrets + ## @param sentinel.image.debug Enable image debug mode + ## + image: + registry: docker.io + repository: bitnami/valkey-sentinel + tag: 8.0.2-debian-12-r6 + digest: "" + ## Specify a imagePullPolicy + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false + ## @param sentinel.annotations Additional custom annotations for Valkey Sentinel resource + ## + annotations: {} + ## @param sentinel.primarySet Primary set name + ## + primarySet: myprimary + ## @param sentinel.quorum Sentinel Quorum + ## + quorum: 2 + ## @param sentinel.getPrimaryTimeout Amount of time to allow before get_sentinel_primary_info() times out. + ## + getPrimaryTimeout: 90 + ## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. + ## This also prevents any new replica from starting until the last remaining replica is elected as primary to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data. + ## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000. + ## + automateClusterRecovery: false + ## @param sentinel.valkeyShutdownWaitFailover Whether the Valkey primary container waits for the failover at shutdown (in addition to the Valkey Sentinel container). + ## + valkeyShutdownWaitFailover: true + ## Sentinel timing restrictions + ## @param sentinel.downAfterMilliseconds Timeout for detecting a Valkey node is down + ## @param sentinel.failoverTimeout Timeout for performing a election failover + ## + downAfterMilliseconds: 60000 + failoverTimeout: 180000 + ## @param sentinel.parallelSyncs Number of replicas that can be reconfigured in parallel to use the new primary after a failover + ## + parallelSyncs: 1 + ## @param sentinel.configuration Configuration for Valkey Sentinel nodes + ## ref: https://valkey.io/topics/sentinel + ## + configuration: "" + ## @param sentinel.command Override default container command (useful when using custom images) + ## + command: [] + ## @param sentinel.args Override default container args (useful when using custom images) + ## + args: [] + ## @param sentinel.enableServiceLinks Whether information about services should be injected into pod's environment variable + ## + enableServiceLinks: true + ## @param sentinel.preExecCmds Additional commands to run prior to starting Valkey Sentinel + ## + preExecCmds: [] + ## @param sentinel.extraEnvVars Array with extra environment variables to add to Valkey Sentinel nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param sentinel.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Valkey Sentinel nodes + ## + extraEnvVarsCM: "" + ## @param sentinel.extraEnvVarsSecret Name of existing Secret containing extra env vars for Valkey Sentinel nodes + ## + extraEnvVarsSecret: "" + ## @param sentinel.externalPrimary.enabled Use external primary for bootstrapping + ## @param sentinel.externalPrimary.host External primary host to bootstrap from + ## @param sentinel.externalPrimary.port Port for Valkey service external primary host + ## + externalPrimary: + enabled: false + host: "" + port: 6379 + ## @param sentinel.containerPorts.sentinel Container port to open on Valkey Sentinel nodes + ## + containerPorts: + sentinel: 26379 + ## Configure extra options for Valkey containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param sentinel.startupProbe.enabled Enable startupProbe on Valkey Sentinel nodes + ## @param sentinel.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param sentinel.startupProbe.periodSeconds Period seconds for startupProbe + ## @param sentinel.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param sentinel.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param sentinel.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 22 + ## @param sentinel.livenessProbe.enabled Enable livenessProbe on Valkey Sentinel nodes + ## @param sentinel.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param sentinel.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param sentinel.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param sentinel.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param sentinel.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + ## @param sentinel.readinessProbe.enabled Enable readinessProbe on Valkey Sentinel nodes + ## @param sentinel.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param sentinel.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param sentinel.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param sentinel.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param sentinel.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 6 + ## @param sentinel.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param sentinel.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param sentinel.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## Persistence parameters + ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ + ## + persistence: + ## @param sentinel.persistence.enabled Enable persistence on Valkey sentinel nodes using Persistent Volume Claims (Experimental) + ## + enabled: false + ## @param sentinel.persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner + ## + storageClass: "" + ## @param sentinel.persistence.accessModes Persistent Volume access modes + ## + accessModes: + - ReadWriteOnce + ## @param sentinel.persistence.size Persistent Volume size + ## + size: 100Mi + ## @param sentinel.persistence.annotations Additional custom annotations for the PVC + ## + annotations: {} + ## @param sentinel.persistence.labels Additional custom labels for the PVC + ## + labels: {} + ## @param sentinel.persistence.selector Additional labels to match for the PVC + ## e.g: + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param sentinel.persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## @param sentinel.persistence.medium Provide a medium for `emptyDir` volumes. + ## + medium: "" + ## @param sentinel.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. + ## + sizeLimit: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param sentinel.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: false + whenScaled: Retain + whenDeleted: Retain + ## Valkey Sentinel resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param sentinel.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param sentinel.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param sentinel.containerSecurityContext.enabled Enabled Valkey Sentinel containers' Security Context + ## @param sentinel.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param sentinel.containerSecurityContext.runAsUser Set Valkey Sentinel containers' Security Context runAsUser + ## @param sentinel.containerSecurityContext.runAsGroup Set Valkey Sentinel containers' Security Context runAsGroup + ## @param sentinel.containerSecurityContext.runAsNonRoot Set Valkey Sentinel containers' Security Context runAsNonRoot + ## @param sentinel.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem + ## @param sentinel.containerSecurityContext.allowPrivilegeEscalation Set Valkey Sentinel containers' Security Context allowPrivilegeEscalation + ## @param sentinel.containerSecurityContext.seccompProfile.type Set Valkey Sentinel containers' Security Context seccompProfile + ## @param sentinel.containerSecurityContext.capabilities.drop Set Valkey Sentinel containers' Security Context capabilities to drop + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: ["ALL"] + ## @param sentinel.lifecycleHooks for the Valkey sentinel container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param sentinel.extraVolumes Optionally specify extra list of additional volumes for the Valkey Sentinel + ## + extraVolumes: [] + ## @param sentinel.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Valkey Sentinel container(s) + ## + extraVolumeMounts: [] + ## Valkey Sentinel service parameters + ## + service: + ## @param sentinel.service.type Valkey Sentinel service type + ## + type: ClusterIP + ## @param sentinel.service.ports.valkey Valkey service port for Valkey + ## @param sentinel.service.ports.sentinel Valkey service port for Valkey Sentinel + ## + ports: + valkey: 6379 + sentinel: 26379 + ## @param sentinel.service.nodePorts.valkey Node port for Valkey + ## @param sentinel.service.nodePorts.sentinel Node port for Sentinel + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## NOTE: choose port between <30000-32767> + ## NOTE: By leaving these values blank, they will be generated by ports-configmap + ## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.valkey and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port + ## + nodePorts: + valkey: "" + sentinel: "" + ## @param sentinel.service.externalTrafficPolicy Valkey Sentinel service external traffic policy + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param sentinel.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param sentinel.service.clusterIP Valkey Sentinel service Cluster IP + ## + clusterIP: "" + + ## @param sentinel.service.createPrimary Enable primary service pointing to the current primary (experimental) + ## NOTE: rbac.create need to be set to true + ## + createPrimary: false + + ## @param sentinel.service.loadBalancerIP Valkey Sentinel service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param sentinel.service.loadBalancerClass sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerClass: "" + ## @param sentinel.service.loadBalancerSourceRanges Valkey Sentinel service Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param sentinel.service.annotations Additional custom annotations for Valkey Sentinel service + ## + annotations: {} + ## @param sentinel.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param sentinel.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## Headless service properties + ## + headless: + ## @param sentinel.service.headless.annotations Annotations for the headless service. + ## + annotations: {} + ## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the valkey-node pods + ## + terminationGracePeriodSeconds: 30 +## @section Other Parameters +## + +## @param serviceBindings.enabled Create secret for service binding (Experimental) +## Ref: https://servicebinding.io/service-provider/ +## +serviceBindings: + enabled: false +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal Don't require client label for connections + ## When set to false, only pods with the correct client label will have network access to the ports + ## Valkey is listening on. When true, Valkey will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraIngress: [] + ## @param networkPolicy.extraEgress Add extra egress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + metrics: + ## @param networkPolicy.metrics.allowExternal Don't require client label for connections for metrics endpoint + ## When set to false, only pods with the correct client label will have network access to the metrics port + ## + allowExternal: true + ## @param networkPolicy.metrics.ingressNSMatchLabels Labels to match to allow traffic from other namespaces to metrics endpoint + ## @param networkPolicy.metrics.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces to metrics endpoint + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} +## PodSecurityPolicy configuration +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later + ## + create: false + ## @param podSecurityPolicy.enabled Enable PodSecurityPolicy's RBAC rules + ## + enabled: false +## RBAC configuration +## +rbac: + ## @param rbac.create Specifies whether RBAC resources should be created + ## + create: false + ## @param rbac.rules Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] +## ServiceAccount configuration +## +serviceAccount: + ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## + automountServiceAccountToken: false + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} +## Redis® Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## @param pdb DEPRECATED Please use `primary.pdb` and `replica.pdb` values instead +## +pdb: {} +## TLS configuration +## +tls: + ## @param tls.enabled Enable TLS traffic + ## + enabled: false + ## @param tls.authClients Require clients to authenticate + ## + authClients: true + ## @param tls.autoGenerated Enable autogenerated certificates + ## + autoGenerated: false + ## @param tls.existingSecret The name of the existing secret that contains the TLS certificates + ## + existingSecret: "" + ## @param tls.certFilename Certificate filename + ## + certFilename: "" + ## @param tls.certKeyFilename Certificate Key filename + ## + certKeyFilename: "" + ## @param tls.certCAFilename CA Certificate filename + ## + certCAFilename: "" + ## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers) + ## + dhParamsFilename: "" +## @section Metrics Parameters +## +metrics: + ## @param metrics.enabled Start a sidecar prometheus exporter to expose Valkey metrics + ## + enabled: false + ## Bitnami Valkey Exporter image + ## ref: https://hub.docker.com/r/bitnami/valkey-exporter/tags/ + ## @param metrics.image.registry [default: REGISTRY_NAME] Valkey Exporter image registry + ## @param metrics.image.repository [default: REPOSITORY_NAME/valkey-exporter] Valkey Exporter image repository + ## @skip metrics.image.tag Valkey Exporter image tag (immutable tags are recommended) + ## @param metrics.image.digest Valkey Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param metrics.image.pullPolicy Valkey Exporter image pull policy + ## @param metrics.image.pullSecrets Valkey Exporter image pull secrets + ## + image: + registry: docker.io + repository: bitnami/redis-exporter + tag: 1.69.0-debian-12-r1 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param metrics.containerPorts.http Metrics HTTP container port + ## + containerPorts: + http: 9121 + ## Configure extra options for Valkey containers' liveness, readiness & startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + ## @param metrics.startupProbe.enabled Enable startupProbe on Valkey replicas nodes + ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe + ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param metrics.livenessProbe.enabled Enable livenessProbe on Valkey replicas nodes + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param metrics.readinessProbe.enabled Enable readinessProbe on Valkey replicas nodes + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + ## @param metrics.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param metrics.command Override default metrics container init command (useful when using custom images) + ## + command: [] + ## @param metrics.valkeyTargetHost A way to specify an alternative Valkey hostname + ## Useful for certificate CN/SAN matching + ## + valkeyTargetHost: "localhost" + ## @param metrics.extraArgs Extra arguments for Valkey exporter, for example: + ## e.g.: + ## extraArgs: + ## check-keys: myKey,myOtherKey + ## + extraArgs: {} + ## @param metrics.extraEnvVars Array with extra environment variables to add to Valkey exporter + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param metrics.containerSecurityContext.enabled Enabled Valkey exporter containers' Security Context + ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param metrics.containerSecurityContext.runAsUser Set Valkey exporter containers' Security Context runAsUser + ## @param metrics.containerSecurityContext.runAsGroup Set Valkey exporter containers' Security Context runAsGroup + ## @param metrics.containerSecurityContext.runAsNonRoot Set Valkey exporter containers' Security Context runAsNonRoot + ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set Valkey exporter containers' Security Context allowPrivilegeEscalation + ## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem + ## @param metrics.containerSecurityContext.seccompProfile.type Set Valkey exporter containers' Security Context seccompProfile + ## @param metrics.containerSecurityContext.capabilities.drop Set Valkey exporter containers' Security Context capabilities to drop + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: ["ALL"] + ## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Valkey metrics sidecar + ## + extraVolumes: [] + ## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Valkey metrics sidecar + ## + extraVolumeMounts: [] + ## Valkey exporter resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param metrics.podLabels Extra labels for Valkey exporter pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param metrics.podAnnotations [object] Annotations for Valkey exporter pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9121" + ## Valkey exporter service parameters + ## + service: + ## @param metrics.service.enabled Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor + ## + enabled: true + ## @param metrics.service.type Valkey exporter service type + ## + type: ClusterIP + ## @param metrics.service.ports.http Valkey exporter service port + ## + ports: + http: 9121 + ## @param metrics.service.externalTrafficPolicy Valkey exporter service external traffic policy + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param metrics.service.loadBalancerIP Valkey exporter service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param metrics.service.loadBalancerClass exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerClass: "" + ## @param metrics.service.loadBalancerSourceRanges Valkey exporter service Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param metrics.service.annotations Additional custom annotations for Valkey exporter service + ## + annotations: {} + ## @param metrics.service.clusterIP Valkey exporter service Cluster IP + ## + clusterIP: "" + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + serviceMonitor: + ## @param metrics.serviceMonitor.port the service port to scrape metrics from + ## + port: http-metrics + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created + ## + namespace: "" + ## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping. + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion. + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.serviceMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics + ## + podTargetLabels: [] + ## @param metrics.serviceMonitor.sampleLimit Limit of how many samples should be scraped from every Pod + ## + sampleLimit: false + ## @param metrics.serviceMonitor.targetLimit Limit of how many targets should be scraped + ## + targetLimit: false + ## @param metrics.serviceMonitor.additionalEndpoints Additional endpoints to scrape (e.g sentinel) + ## + additionalEndpoints: [] + # uncomment in order to scrape sentinel metrics, also to in order distinguish between Sentinel and Valkey container metrics + # add metricRelabelings with label like app=valkey to main valkey pod-monitor port + # - interval: "30s" + # path: "/scrape" + # port: "metrics" + # params: + # target: ["localhost:26379"] + # metricRelabelings: + # - targetLabel: "app" + # replacement: "sentinel" + ## Prometheus Pod Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#podmonitor + ## + podMonitor: + ## @param metrics.podMonitor.port the pod port to scrape metrics from + ## + port: metrics + ## @param metrics.podMonitor.enabled Create PodMonitor resource(s) for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.podMonitor.namespace The namespace in which the PodMonitor will be created + ## + namespace: "" + ## @param metrics.podMonitor.interval The interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.podMonitor.scrapeTimeout The timeout after which the scrape is ended + ## + scrapeTimeout: "" + ## @param metrics.podMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping. + ## + relabelings: [] + ## @param metrics.podMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - targetLabel: "app" + # replacement: "valkey" + ## @param metrics.podMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.podMonitor.additionalLabels Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.podMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics + ## + podTargetLabels: [] + ## @param metrics.podMonitor.sampleLimit Limit of how many samples should be scraped from every Pod + ## + sampleLimit: false + ## @param metrics.podMonitor.targetLimit Limit of how many targets should be scraped + ## + targetLimit: false + ## @param metrics.podMonitor.additionalEndpoints Additional endpoints to scrape (e.g sentinel) + ## + additionalEndpoints: [] + # - interval: "30s" + # path: "/scrape" + # port: "metrics" + # params: + # target: ["localhost:26379"] + # metricRelabelings: + # - targetLabel: "app" + # replacement: "sentinel" + ## Custom PrometheusRule to be defined + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.prometheusRule.namespace The namespace in which the prometheusRule will be created + ## + namespace: "" + ## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule + ## + additionalLabels: {} + ## @param metrics.prometheusRule.rules Custom Prometheus rules + ## e.g: + ## rules: + ## - alert: ValkeyDown + ## expr: valkey_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0 + ## for: 2m + ## labels: + ## severity: error + ## annotations: + ## summary: Valkey instance {{ "{{ $labels.instance }}" }} down + ## description: Valkey instance {{ "{{ $labels.instance }}" }} is down + ## - alert: ValkeyMemoryHigh + ## expr: > + ## valkey_memory_used_bytes{service="{{ template "common.names.fullname" . }}-metrics"} * 100 + ## / + ## valkey_memory_max_bytes{service="{{ template "common.names.fullname" . }}-metrics"} + ## > 90 + ## for: 2m + ## labels: + ## severity: error + ## annotations: + ## summary: Valkey instance {{ "{{ $labels.instance }}" }} is using too much memory + ## description: | + ## Valkey instance {{ "{{ $labels.instance }}" }} is using {{ "{{ $value }}" }}% of its available memory. + ## - alert: ValkeyKeyEviction + ## expr: | + ## increase(valkey_evicted_keys_total{service="{{ template "common.names.fullname" . }}-metrics"}[5m]) > 0 + ## for: 1s + ## labels: + ## severity: error + ## annotations: + ## summary: Valkey instance {{ "{{ $labels.instance }}" }} has evicted keys + ## description: | + ## Valkey instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes. + ## + rules: [] +## @section Init Container Parameters +## + +## 'volumePermissions' init container parameters +## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values +## based on the *podSecurityContext/*containerSecurityContext parameters +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` + ## + enabled: false + ## OS Shell + Utility image + ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository + ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy + ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r40 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container's resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Init container Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser + ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the + ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) + ## + containerSecurityContext: + seLinuxOptions: {} + runAsUser: 0 + +## Kubectl InitContainer +## used by Sentinel to update the isPrimary label on the Valkey(TM) pods +## +kubectl: + ## Bitnami Kubectl image version + ## ref: https://hub.docker.com/r/bitnami/kubectl/tags/ + ## @param kubectl.image.registry [default: REGISTRY_NAME] Kubectl image registry + ## @param kubectl.image.repository [default: REPOSITORY_NAME/kubectl] Kubectl image repository + ## @skip kubectl.image.tag Kubectl image tag (immutable tags are recommended), by default, using the current version + ## @param kubectl.image.digest Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param kubectl.image.pullPolicy Kubectl image pull policy + ## @param kubectl.image.pullSecrets Kubectl pull secrets + ## + image: + registry: docker.io + repository: bitnami/kubectl + tag: 1.32.3-debian-12-r1 + digest: "" + ## Specify a imagePullPolicy + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param kubectl.command kubectl command to execute + ## + command: ["/opt/bitnami/scripts/kubectl-scripts/update-primary-label.sh"] + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param kubectl.containerSecurityContext.enabled Enabled kubectl containers' Security Context + ## @param kubectl.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param kubectl.containerSecurityContext.runAsUser Set kubectl containers' Security Context runAsUser + ## @param kubectl.containerSecurityContext.runAsGroup Set kubectl containers' Security Context runAsGroup + ## @param kubectl.containerSecurityContext.runAsNonRoot Set kubectl containers' Security Context runAsNonRoot + ## @param kubectl.containerSecurityContext.allowPrivilegeEscalation Set kubectl containers' Security Context allowPrivilegeEscalation + ## @param kubectl.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem + ## @param kubectl.containerSecurityContext.seccompProfile.type Set kubectl containers' Security Context seccompProfile + ## @param kubectl.containerSecurityContext.capabilities.drop Set kubectl containers' Security Context capabilities to drop + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: ["ALL"] + ## Bitnami Kubectl resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param kubectl.resources.limits The resources limits for the kubectl containers + ## @param kubectl.resources.requests The requested resources for the kubectl containers + ## + resources: + limits: {} + requests: {} +## @section useExternalDNS Parameters +## +## @param useExternalDNS.enabled Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable. +## @param useExternalDNS.additionalAnnotations Extra annotations to be utilized when `external-dns` is enabled. +## @param useExternalDNS.annotationKey The annotation key utilized when `external-dns` is enabled. Setting this to `false` will disable annotations. +## @param useExternalDNS.suffix The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. +## +useExternalDNS: + enabled: false + suffix: "" + annotationKey: external-dns.alpha.kubernetes.io/ + additionalAnnotations: {} diff --git a/applications/n8n/charts/n8n/templates/NOTES.txt b/applications/n8n/charts/n8n/templates/NOTES.txt new file mode 100644 index 00000000..106b2f42 --- /dev/null +++ b/applications/n8n/charts/n8n/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" (default "ClusterIP" .Values.main.service.type) }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "n8n.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" (default "ClusterIP" .Values.main.service.type) }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "n8n.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "n8n.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.main.service.port }} +{{- else if contains "ClusterIP" (default "ClusterIP" .Values.main.service.type) }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "n8n.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/applications/n8n/charts/n8n/templates/_helpers.tpl b/applications/n8n/charts/n8n/templates/_helpers.tpl new file mode 100644 index 00000000..c1cd45f7 --- /dev/null +++ b/applications/n8n/charts/n8n/templates/_helpers.tpl @@ -0,0 +1,105 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "n8n.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "n8n.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "n8n.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "n8n.labels" -}} +helm.sh/chart: {{ include "n8n.chart" . }} +{{ include "n8n.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "n8n.selectorLabels" -}} +app.kubernetes.io/name: {{ include "n8n.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + +{{/* Create the name of the service account to use */}} +{{- define "n8n.serviceAccountName" -}} +{{- if .Values.main.serviceAccount.create }} +{{- default (include "n8n.fullname" .) .Values.main.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.main.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* PVC existing, emptyDir, Dynamic */}} +{{- define "n8n.pvc" -}} +{{- if or (not .Values.main.persistence.enabled) (eq .Values.main.persistence.type "emptyDir") -}} + emptyDir: {} +{{- else if and .Values.main.persistence.enabled .Values.main.persistence.existingClaim -}} + persistentVolumeClaim: + claimName: {{ .Values.main.persistence.existingClaim }} +{{- else if and .Values.main.persistence.enabled (eq .Values.main.persistence.type "dynamic") -}} + persistentVolumeClaim: + claimName: {{ include "n8n.fullname" . }} +{{- end }} +{{- end }} + + +{{/* Create environment variables from yaml tree */}} +{{- define "toEnvVars" -}} + {{- $prefix := "" }} + {{- if .prefix }} + {{- $prefix = printf "%s_" .prefix }} + {{- end }} + {{- range $key, $value := .values }} + {{- if kindIs "map" $value -}} + {{- dict "values" $value "prefix" (printf "%s%s" $prefix ($key | upper)) "isSecret" $.isSecret | include "toEnvVars" -}} + {{- else -}} + {{- if $.isSecret -}} +{{ $prefix }}{{ $key | upper }}: {{ $value | toString | b64enc }}{{ "\n" }} + {{- else -}} +{{ $prefix }}{{ $key | upper }}: {{ $value | toString | quote }}{{ "\n" }} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end }} + + +{{/* Validate Valkey/Redis configuration when webhooks are enabled*/}} +{{- define "n8n.validateValkey" -}} +{{- $envVars := fromYaml (include "toEnvVars" (dict "values" .Values.main.config "prefix" "")) -}} +{{- if and .Values.webhook.enabled (not $envVars.QUEUE_BULL_REDIS_HOST) -}} +{{- fail "Webhook processes rely on Valkey. Please set a Redis/Valkey host when webhook.enabled=true" -}} +{{- end -}} +{{- end -}} + + diff --git a/applications/n8n/charts/n8n/templates/configmap.webhook.yaml b/applications/n8n/charts/n8n/templates/configmap.webhook.yaml new file mode 100644 index 00000000..af1d745b --- /dev/null +++ b/applications/n8n/charts/n8n/templates/configmap.webhook.yaml @@ -0,0 +1,10 @@ +{{- if .Values.webhook.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "n8n.fullname" . }}-webhook-config + labels: + {{- include "n8n.labels" . | nindent 4 }} +data: + {{- include "toEnvVars" (dict "values" .Values.webhook.config "prefix" "") | nindent 2 }} +{{- end }} diff --git a/applications/n8n/charts/n8n/templates/configmap.worker.yaml b/applications/n8n/charts/n8n/templates/configmap.worker.yaml new file mode 100644 index 00000000..370ff71f --- /dev/null +++ b/applications/n8n/charts/n8n/templates/configmap.worker.yaml @@ -0,0 +1,10 @@ +{{- if .Values.worker.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "n8n.fullname" . }}-worker-config + labels: + {{- include "n8n.labels" . | nindent 4 }} +data: + {{- include "toEnvVars" (dict "values" .Values.worker.config "prefix" "") | nindent 2 }} +{{- end }} diff --git a/applications/n8n/charts/n8n/templates/configmap.yaml b/applications/n8n/charts/n8n/templates/configmap.yaml new file mode 100644 index 00000000..05bc5bcc --- /dev/null +++ b/applications/n8n/charts/n8n/templates/configmap.yaml @@ -0,0 +1,10 @@ +{{- if .Values.main.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "n8n.fullname" . }}-app-config + labels: + {{- include "n8n.labels" . | nindent 4 }} +data: + {{- include "toEnvVars" (dict "values" .Values.main.config "prefix" "") | nindent 2 }} +{{- end }} diff --git a/applications/n8n/charts/n8n/templates/deployment.webhook.yaml b/applications/n8n/charts/n8n/templates/deployment.webhook.yaml new file mode 100644 index 00000000..ef56ab33 --- /dev/null +++ b/applications/n8n/charts/n8n/templates/deployment.webhook.yaml @@ -0,0 +1,143 @@ +{{- if .Values.webhook.enabled }} +{{- /* Validate Valkey/Redis configuration */}} +{{- include "n8n.validateValkey" . }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "n8n.fullname" . }}-webhook + labels: + {{- include "n8n.labels" . | nindent 4 }} + {{- if .Values.webhook.deploymentLabels }} + {{- toYaml .Values.webhook.deploymentLabels | nindent 4 }} + {{- end }} + {{- if .Values.webhook.deploymentAnnotations }} + annotations: + {{- toYaml .Values.webhook.deploymentAnnotations | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.webhook.autoscaling.enabled }} + replicas: {{ .Values.webhook.replicaCount }} + {{- end }} + strategy: + type: {{ .Values.webhook.deploymentStrategy.type }} + {{- if eq .Values.webhook.deploymentStrategy.type "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default "25%" .Values.webhook.deploymentStrategy.maxSurge }} + maxUnavailable: {{ default "25%" .Values.webhook.deploymentStrategy.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{- include "n8n.selectorLabels" . | nindent 6 }} + app.kubernetes.io/type: webhook + template: + metadata: + annotations: + checksum/config: {{ print .Values.webhook .Values.main | sha256sum }} + {{- with .Values.webhook.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "n8n.selectorLabels" . | nindent 8 }} + app.kubernetes.io/type: webhook + {{- if .Values.webhook.podLabels }} + {{ toYaml .Values.webhook.podLabels | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "n8n.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.webhook.podSecurityContext | nindent 8 }} + {{- if .Values.webhook.initContainers }} + initContainers: + {{ tpl (toYaml .Values.webhook.initContainers) . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-webhook + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.webhook.command }} + command: + {{- toYaml .Values.webhook.command | nindent 12 }} + {{- else }} + command: ["n8n"] + {{- end }} + {{- if .Values.webhook.commandArgs }} + args: + {{- toYaml .Values.webhook.commandArgs | nindent 12 }} + {{- else }} + args: + - "webhook" + {{- end }} + ports: + - name: http + containerPort: {{ get (default (dict) .Values.webhook.config) "port" | default 5678 }} + protocol: TCP + {{- with .Values.webhook.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.webhook.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.main.config }} + - configMapRef: + name: {{ include "n8n.fullname" . }}-app-config + {{- end }} + {{- if .Values.main.secret }} + - secretRef: + name: {{ include "n8n.fullname" . }}-app-secret + {{- end }} + {{- if .Values.webhook.config }} + - configMapRef: + name: {{ include "n8n.fullname" . }}-webhook-config + {{- end }} + {{- if .Values.webhook.secret }} + - secretRef: + name: {{ include "n8n.fullname" . }}-webhook-secret + {{- end }} + + env: {{ not (empty .Values.webhook.extraEnv) | ternary nil "[]" }} + {{- range $key, $value := .Values.webhook.extraEnv }} + - name: {{ $key }} + {{- toYaml $value | nindent 14 }} + {{- end }} + lifecycle: + {{- toYaml .Values.webhook.lifecycle | nindent 12 }} + securityContext: + {{- toYaml .Values.webhook.securityContext | nindent 12 }} + resources: + {{- toYaml .Values.webhook.resources | nindent 12 }} + volumeMounts: + - name: data + mountPath: /home/node/.n8n + {{- if .Values.webhook.extraVolumeMounts }} + {{- toYaml .Values.webhook.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- with .Values.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: "data" + {{ include "n8n.pvc" . }} + {{- if .Values.webhook.extraVolumes }} + {{- toYaml .Values.webhook.extraVolumes | nindent 8 }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/templates/deployment.worker.yaml b/applications/n8n/charts/n8n/templates/deployment.worker.yaml new file mode 100644 index 00000000..b6dbb60b --- /dev/null +++ b/applications/n8n/charts/n8n/templates/deployment.worker.yaml @@ -0,0 +1,139 @@ +{{- if .Values.worker.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "n8n.fullname" . }}-worker + labels: + {{- include "n8n.labels" . | nindent 4 }} + {{- if .Values.worker.deploymentLabels }} + {{- toYaml .Values.worker.deploymentLabels | nindent 4 }} + {{- end }} + {{- if .Values.worker.deploymentAnnotations }} + annotations: + {{- toYaml .Values.worker.deploymentAnnotations | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.worker.autoscaling.enabled }} + replicas: {{ .Values.worker.replicaCount }} + {{- end }} + strategy: + type: {{ .Values.worker.deploymentStrategy.type }} + {{- if eq .Values.worker.deploymentStrategy.type "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default "25%" .Values.worker.deploymentStrategy.maxSurge }} + maxUnavailable: {{ default "25%" .Values.worker.deploymentStrategy.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{- include "n8n.selectorLabels" . | nindent 6 }} + app.kubernetes.io/type: worker + template: + metadata: + annotations: + checksum/config: {{ print .Values | sha256sum }} + {{- with .Values.worker.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "n8n.selectorLabels" . | nindent 8 }} + app.kubernetes.io/type: worker + {{- if .Values.worker.podLabels }} + {{ toYaml .Values.worker.podLabels | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "n8n.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.worker.podSecurityContext | nindent 8 }} + {{- if .Values.worker.initContainers }} + initContainers: + {{ tpl (toYaml .Values.worker.initContainers) . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-worker + securityContext: + {{- toYaml .Values.worker.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + {{- if .Values.main.config }} + - configMapRef: + name: {{ include "n8n.fullname" . }}-app-config + {{- end }} + {{- if .Values.main.secret }} + - secretRef: + name: {{ include "n8n.fullname" . }}-app-secret + {{- end }} + {{- if .Values.worker.config }} + - configMapRef: + name: {{ include "n8n.fullname" . }}-worker-config + {{- end }} + {{- if .Values.worker.secret }} + - secretRef: + name: {{ include "n8n.fullname" . }}-worker-secret + {{- end }} + env: {{ not (empty .Values.worker.extraEnv) | ternary nil "[]" }} + {{- range $key, $value := .Values.worker.extraEnv }} + - name: {{ $key }} + {{- toYaml $value | nindent 14 }} + {{- end }} + {{- if .Values.worker.command }} + command: + {{- toYaml .Values.worker.command | nindent 12 }} + {{- else }} + command: ["n8n"] + {{- end }} + {{- if .Values.worker.commandArgs }} + args: + {{- toYaml .Values.worker.commandArgs | nindent 12 }} + {{- else }} + args: + - "worker" + - "--concurrency={{ .Values.worker.concurrency }}" + {{- end }} + ports: + - name: http + containerPort: {{ get (default (dict) .Values.worker.config) "port" | default 5678 }} + protocol: TCP + {{- with .Values.main.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.main.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.worker.resources | nindent 12 }} + volumeMounts: + - name: data + mountPath: /home/node/.n8n + {{- if .Values.worker.extraVolumeMounts }} + {{- toYaml .Values.worker.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- with .Values.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: "data" + {{ include "n8n.pvc" . }} + {{- if .Values.worker.extraVolumes }} + {{- toYaml .Values.worker.extraVolumes | nindent 8 }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/templates/deployment.yaml b/applications/n8n/charts/n8n/templates/deployment.yaml new file mode 100644 index 00000000..d354b5bf --- /dev/null +++ b/applications/n8n/charts/n8n/templates/deployment.yaml @@ -0,0 +1,123 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "n8n.fullname" . }} + labels: + {{- include "n8n.labels" . | nindent 4 }} + {{- if .Values.main.deploymentLabels }} + {{- toYaml .Values.main.deploymentLabels | nindent 4 }} + {{- end }} + {{- if .Values.main.deploymentAnnotations }} + annotations: + {{- toYaml .Values.main.deploymentAnnotations | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.main.autoscaling.enabled }} + replicas: {{ .Values.main.replicaCount }} + {{- end }} + strategy: + type: {{ .Values.main.deploymentStrategy.type }} + {{- if eq .Values.main.deploymentStrategy.type "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default "25%" .Values.main.deploymentStrategy.maxSurge }} + maxUnavailable: {{ default "25%" .Values.main.deploymentStrategy.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{- include "n8n.selectorLabels" . | nindent 6 }} + app.kubernetes.io/type: master + template: + metadata: + annotations: + checksum/config: {{ print .Values.main | sha256sum }} + {{- with .Values.main.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "n8n.selectorLabels" . | nindent 8 }} + app.kubernetes.io/type: master + {{- if .Values.main.podLabels }} + {{ toYaml .Values.main.podLabels | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "n8n.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.main.podSecurityContext | nindent 8 }} + {{- if or .Values.main.initContainers }} + initContainers: + {{- if .Values.main.initContainers }} + {{ tpl (toYaml .Values.main.initContainers) . | nindent 10 }} + {{- end }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + {{- with .Values.main.command }} + command: + {{- toYaml . | nindent 12 }} + {{- end }} + securityContext: + {{- toYaml .Values.main.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + {{- if .Values.main.config }} + - configMapRef: + name: {{ include "n8n.fullname" . }}-app-config + {{- end }} + {{- if .Values.main.secret }} + - secretRef: + name: {{ include "n8n.fullname" . }}-app-secret + {{- end }} + env: {{ not (empty .Values.main.extraEnv) | ternary nil "[]" }} + {{- range $key, $value := .Values.main.extraEnv }} + - name: {{ $key }} + {{- toYaml $value | nindent 14 }} + {{- end }} + lifecycle: + {{- toYaml .Values.main.lifecycle | nindent 12 }} + ports: + - name: http + containerPort: {{ get (default (dict) .Values.main.config) "port" | default 5678 }} + protocol: TCP + {{- with .Values.main.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.main.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.main.resources | nindent 12 }} + volumeMounts: + - name: data + mountPath: /home/node/.n8n + {{- if .Values.main.extraVolumeMounts }} + {{- toYaml .Values.main.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- with .Values.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.main.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.main.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.main.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: "data" + {{ include "n8n.pvc" . }} + {{- if .Values.main.extraVolumes }} + {{- toYaml .Values.main.extraVolumes | nindent 8 }} + {{- end }} diff --git a/applications/n8n/charts/n8n/templates/extraManifests.yaml b/applications/n8n/charts/n8n/templates/extraManifests.yaml new file mode 100644 index 00000000..2fd589be --- /dev/null +++ b/applications/n8n/charts/n8n/templates/extraManifests.yaml @@ -0,0 +1,49 @@ +{{/* +extraManifests.yaml creates Kubernetes resources from values provided in +.Values.extraManifests and .Values.extraTemplateManifests +*/}} + +{{- define "extraManifests.metadata" -}} +metadata: + labels: + app: {{ template "n8n.name" . }} + chart: {{ template "n8n.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} + +{{- $metadata := fromYaml (include "extraManifests.metadata" .) -}} + +{{- $resources := list -}} +{{- range .Values.extraManifests }} + {{- if typeIs "string" . }} + {{/* Handle multi-part YAML documents */}} + {{- range . | splitList "---\n" }} + {{- with . | fromYaml }} + {{- $resources = append $resources . }} + {{- end }} + {{- end }} + {{- else }} + {{- $resources = append $resources . }} + {{- end }} +{{- end }} + +{{- $templates := list -}} +{{- range .Values.extraTemplateManifests }} + {{/* Handle multi-part YAML documents */}} + {{- range . | splitList "---\n" }} + {{- if . | fromYaml }} + {{- $templates = append $templates . }} + {{- end }} + {{- end }} +{{- end }} + +{{- range $resources }} +--- +{{ merge . $metadata | toYaml }} +{{- end }} + +{{- range $templates }} +--- +{{ merge (tpl . $ | fromYaml) $metadata | toYaml }} +{{- end }} diff --git a/applications/n8n/charts/n8n/templates/hpa.yaml b/applications/n8n/charts/n8n/templates/hpa.yaml new file mode 100644 index 00000000..346ecf21 --- /dev/null +++ b/applications/n8n/charts/n8n/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.main.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "n8n.fullname" . }} + labels: + {{- include "n8n.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "n8n.fullname" . }} + minReplicas: {{ .Values.main.autoscaling.minReplicas }} + maxReplicas: {{ .Values.main.autoscaling.maxReplicas }} + metrics: + {{- if .Values.main.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.main.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.main.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.main.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/templates/ingress.yaml b/applications/n8n/charts/n8n/templates/ingress.yaml new file mode 100644 index 00000000..4b2dcd4e --- /dev/null +++ b/applications/n8n/charts/n8n/templates/ingress.yaml @@ -0,0 +1,73 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "n8n.fullname" . -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "n8n.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ $.Values.main.service.port | default 80 }} + {{- if $.Values.webhook.enabled }} + - path: {{ . }}webhook/ + pathType: Prefix + backend: + service: + name: {{ $fullName }}-webhook + port: + number: {{ $.Values.webhook.service.port | default 80 }} + # Note: The default URL for manual workflow executions is /webhook-test/*. Make sure that these URLs route to your main process. + - path: {{ . }}webhook-test/ + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ $.Values.main.service.port | default 80 }} + - path: {{ . }}webhook-waiting/ + pathType: Prefix + backend: + service: + name: {{ $fullName }}-webhook + port: + number: {{ $.Values.webhook.service.port | default 80 }} + - path: {{ . }}form/ + pathType: Prefix + backend: + service: + name: {{ $fullName }}-webhook + port: + number: {{ $.Values.webhook.service.port | default 80 }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} diff --git a/applications/n8n/charts/n8n/templates/pvc.yaml b/applications/n8n/charts/n8n/templates/pvc.yaml new file mode 100644 index 00000000..deff860f --- /dev/null +++ b/applications/n8n/charts/n8n/templates/pvc.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.main.persistence.enabled (not .Values.main.persistence.existingClaim) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "n8n.fullname" . }} + {{- with .Values.main.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + labels: + {{- include "n8n.labels" . | nindent 4 }} +spec: + accessModes: + {{- range .Values.main.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.main.persistence.size }} + {{- if .Values.main.persistence.storageClass }} + {{- if eq "-" .Values.main.persistence.storageClass }} + storageClassName: "" + {{- else }} + storageClassName: {{ .Values.main.persistence.storageClass }} + {{- end }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/templates/secret.webhook.yaml b/applications/n8n/charts/n8n/templates/secret.webhook.yaml new file mode 100644 index 00000000..21a20949 --- /dev/null +++ b/applications/n8n/charts/n8n/templates/secret.webhook.yaml @@ -0,0 +1,12 @@ +{{- if .Values.webhook.secret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "n8n.fullname" . }}-webhook-secret + labels: + {{- include "n8n.labels" . | nindent 4 }} +type: Opaque +data: + {{- include "toEnvVars" (dict "values" .Values.webhook.secret "prefix" "" "isSecret" true) | nindent 4 }} + +{{- end }} diff --git a/applications/n8n/charts/n8n/templates/secret.worker.yaml b/applications/n8n/charts/n8n/templates/secret.worker.yaml new file mode 100644 index 00000000..91c8f1a8 --- /dev/null +++ b/applications/n8n/charts/n8n/templates/secret.worker.yaml @@ -0,0 +1,12 @@ +{{- if .Values.worker.secret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "n8n.fullname" . }}-worker-secret + labels: + {{- include "n8n.labels" . | nindent 4 }} +type: Opaque +data: + {{- include "toEnvVars" (dict "values" .Values.worker.secret "prefix" "" "isSecret" true) | nindent 4 }} + +{{- end }} diff --git a/applications/n8n/charts/n8n/templates/secret.yaml b/applications/n8n/charts/n8n/templates/secret.yaml new file mode 100644 index 00000000..6366a65a --- /dev/null +++ b/applications/n8n/charts/n8n/templates/secret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.main.secret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "n8n.fullname" . }}-app-secret + labels: + {{- include "n8n.labels" . | nindent 4 }} +type: Opaque +data: + {{- include "toEnvVars" (dict "values" .Values.main.secret "prefix" "" "isSecret" true) | nindent 4 }} + +{{- end }} diff --git a/applications/n8n/charts/n8n/templates/service.webhook.yaml b/applications/n8n/charts/n8n/templates/service.webhook.yaml new file mode 100644 index 00000000..1d2d384f --- /dev/null +++ b/applications/n8n/charts/n8n/templates/service.webhook.yaml @@ -0,0 +1,22 @@ +{{- if .Values.webhook.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "n8n.fullname" . }}-webhook + labels: + {{- include "n8n.labels" . | nindent 4 }} + {{- with .Values.webhook.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.webhook.service.type | default "ClusterIP" }} + ports: + - port: {{ .Values.webhook.service.port | default 80 }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "n8n.selectorLabels" . | nindent 4 }} + app.kubernetes.io/type: webhook +{{- end }} diff --git a/applications/n8n/charts/n8n/templates/service.yaml b/applications/n8n/charts/n8n/templates/service.yaml new file mode 100644 index 00000000..e2c93cd6 --- /dev/null +++ b/applications/n8n/charts/n8n/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "n8n.fullname" . }} + labels: + {{- include "n8n.labels" . | nindent 4 }} + {{- with .Values.main.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ default "ClusterIP_" .Values.main.service.type }} + ports: + - port: {{ default 80 .Values.main.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "n8n.selectorLabels" . | nindent 4 }} + app.kubernetes.io/type: master diff --git a/applications/n8n/charts/n8n/templates/serviceaccount.yaml b/applications/n8n/charts/n8n/templates/serviceaccount.yaml new file mode 100644 index 00000000..137ea35a --- /dev/null +++ b/applications/n8n/charts/n8n/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.main.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "n8n.serviceAccountName" . }} + labels: + {{- include "n8n.labels" . | nindent 4 }} + {{- with .Values.main.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/applications/n8n/charts/n8n/templates/tests/test-connection.yaml b/applications/n8n/charts/n8n/templates/tests/test-connection.yaml new file mode 100644 index 00000000..5a0d6558 --- /dev/null +++ b/applications/n8n/charts/n8n/templates/tests/test-connection.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "n8n.fullname" . }}-test-connection" + labels: + {{- include "n8n.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: alpine + command: ['sh', '-c'] + args: + - | + echo "Testing connection to {{ include "n8n.fullname" . }}:{{ default 80 .Values.main.service.port }}"; + nslookup {{ include "n8n.fullname" . }}; + wget {{ include "n8n.fullname" . }}:{{ default 80 .Values.main.service.port }}; + restartPolicy: Never diff --git a/applications/n8n/charts/n8n/values.yaml b/applications/n8n/charts/n8n/values.yaml new file mode 100644 index 00000000..7437567a --- /dev/null +++ b/applications/n8n/charts/n8n/values.yaml @@ -0,0 +1,679 @@ +# README +# High level values structure, overview and explanation of the values.yaml file. +# 1. Global and chart wide values, like the image repository, image tag, etc. +# 2. Ingress, (default is nginx, but you can change it to your own ingress controller) +# 3. Main n8n app configuration + kubernetes specific settings +# 4. Worker related settings + kubernetes specific settings +# 5. Webhook related settings + kubernetes specific settings +# 6. Raw Resources to pass through your own manifests like GatewayAPI, ServiceMonitor etc. +# 7. Valkey/Redis related settings and kubernetes specific settings + +# +# Global common config for this entire n8n deployment +# + +image: + repository: n8nio/n8n + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" +imagePullSecrets: [] + +# The Name to use for the chart. Will be the prefix of all resources aka. The Chart.Name (default is 'n8n') +nameOverride: +# Override the full name of the deployment. When empty, the name will be "{release-name}-{chart-name}" or the value of nameOverride if specified +fullnameOverride: + +# Add entries to a pod's /etc/hosts file, mapping custom IP addresses to hostnames. +hostAliases: [] + # - ip: 8.8.8.8 + # hostnames: + # - service-example.local +# +# Ingress +# +ingress: + enabled: false + annotations: {} + # define a custom ingress class Name, like "traefik" or "nginx" + className: "" + hosts: + - host: workflow.example.com + paths: [] + tls: + - hosts: + - workflow.example.com + secretName: host-domain-cert + +# the main (n8n) application related configuration + Kubernetes specific settings +# The config: {} dictionary is converted to environmental variables in the ConfigMap. +main: + # See https://docs.n8n.io/hosting/configuration/environment-variables/ for all values. + config: {} + # n8n: + # db: + # type: postgresdb + # postgresdb: + # host: 192.168.0.52 + + # Dictionary for secrets, unlike config:, the values here will end up in the secret file. + # The YAML entry db.postgresdb.password: my_secret is transformed DB_POSTGRESDB_password=bXlfc2VjcmV0 + # See https://docs.n8n.io/hosting/configuration/environment-variables/ + secret: {} + # n8n: + # if you run n8n stateless, you should provide an encryption key here. + # encryption_key: + # + # db: + # postgresdb: + # password: 'big secret' + + # Extra environmental variables, so you can reference other configmaps and secrets into n8n as env vars. + extraEnv: + # N8N_DB_POSTGRESDB_NAME: + # valueFrom: + # secretKeyRef: + # name: db-app + # key: dbname + # + # N8n Kubernetes specific settings + # + persistence: + # If true, use a Persistent Volume Claim, If false, use emptyDir + enabled: false + # what type volume, possible options are [existing, emptyDir, dynamic] dynamic for Dynamic Volume Provisioning, existing for using an existing Claim + type: emptyDir + # Persistent Volume Storage Class + # If defined, storageClassName: + # If set to "-", storageClassName: "", which disables dynamic provisioning + # If undefined (the default) or set to null, no storageClassName spec is + # set, choosing the default provisioner. (gp2 on AWS, standard on + # GKE, AWS & OpenStack) + # + # storageClass: "-" + # PVC annotations + # + # If you need this annotation include it under `values.yml` file and pvc.yml template will add it. + # This is not maintained at Helm v3 anymore. + # https://github.com/8gears/n8n-helm-chart/issues/8 + # + # annotations: + # helm.sh/resource-policy: keep + # Persistent Volume Access Mode + # + accessModes: + - ReadWriteOnce + # Persistent Volume size + size: 1Gi + # Use an existing PVC + # existingClaim: + + extraVolumes: [] + # - name: db-ca-cert + # secret: + # secretName: db-ca + # items: + # - key: ca.crt + # path: ca.crt + + extraVolumeMounts: [] + # - name: db-ca-cert + # mountPath: /etc/ssl/certs/postgresql + # readOnly: true + + + # Number of desired pods. More than one pod is supported in n8n enterprise. + replicaCount: 1 + + # here you can specify the deployment strategy as Recreate or RollingUpdate with optional maxSurge and maxUnavailable + # If these options are not set, default values are 25% + # deploymentStrategy: + # type: Recreate | RollingUpdate + # maxSurge: "50%" + # maxUnavailable: "50%" + + deploymentStrategy: + type: "Recreate" + # maxSurge: "50%" + # maxUnavailable: "50%" + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + # Annotations to be implemented on the main service deployment + deploymentAnnotations: {} + # Labels to be implemented on the main service deployment + deploymentLabels: {} + # Annotations to be implemented on the main service pod + podAnnotations: {} + # Labels to be implemented on the main service pod + podLabels: {} + + podSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + # here you can specify lifecycle hooks - it can be used e.g., to easily add packages to the container without building + # your own docker image + # see https://github.com/8gears/n8n-helm-chart/pull/30 + lifecycle: {} + + # here's the sample configuration to add mysql-client to the container + # lifecycle: + # postStart: + # exec: + # command: ["/bin/sh", "-c", "apk add mysql-client"] + + # here you can override a command for main container + # it may be used to override a starting script (e.g., to resolve issues like https://github.com/n8n-io/n8n/issues/6412) or run additional preparation steps (e.g., installing additional software) + command: [] + + # sample configuration that overrides starting script and solves above issue (also it runs n8n as root, so be careful): + # command: + # - tini + # - -- + # - /bin/sh + # - -c + # - chmod o+rx /root; chown -R node /root/.n8n || true; chown -R node /root/.n8n; ln -s /root/.n8n /home/node; chown -R node /home/node || true; node /usr/local/bin/n8n + + # here you can override the livenessProbe for the main container + # it may be used to increase the timeout for the livenessProbe (e.g., to resolve issues like + + livenessProbe: + httpGet: + path: /healthz + port: http + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + + # here you can override the readinessProbe for the main container + # it may be used to increase the timeout for the readinessProbe (e.g., to resolve issues like + + readinessProbe: + httpGet: + path: /healthz + port: http + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + + # List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. + # See https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + initContainers: [] + # - name: init-data-dir + # image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + # command: [ "/bin/sh", "-c", "mkdir -p /home/node/.n8n/" ] + # volumeMounts: + # - name: data + # mountPath: /home/node/.n8n + + + service: + annotations: {} + # -- Service types allow you to specify what kind of Service you want. + # E.g., ClusterIP, NodePort, LoadBalancer, ExternalName + type: ClusterIP + # -- Service port + port: 80 + + resources: {} + # We usually recommend not specifying default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + tolerations: [] + affinity: {} + +# # # # # # # # # # # # # # # # +# +# Worker related settings +# +worker: + enabled: false + + # additional (to main) config for worker + config: {} + + # additional (to main) config for worker + secret: {} + + # Extra environmental variables, so you can reference other configmaps and secrets into n8n as env vars. + extraEnv: {} + + # Define the number of jobs a worker can run in parallel by using the concurrency flag. Default is 10 + concurrency: 10 + + # + # Worker Kubernetes specific settings + # + persistence: + # If true, use a Persistent Volume Claim, If false, use emptyDir + enabled: false + # what type volume, possible options are [existing, emptyDir, dynamic] dynamic for Dynamic Volume Provisioning, existing for using an existing Claim + type: emptyDir + # Persistent Volume Storage Class + # If defined, storageClassName: + # If set to "-", storageClassName: "", which disables dynamic provisioning + # If undefined (the default) or set to null, no storageClassName spec is + # set, choosing the default provisioner. (gp2 on AWS, standard on + # GKE, AWS & OpenStack) + # + # storageClass: "-" + # PVC annotations + # + # If you need this annotation include it under `values.yml` file and pvc.yml template will add it. + # This is not maintained at Helm v3 anymore. + # https://github.com/8gears/n8n-helm-chart/issues/8 + # + # annotations: + # helm.sh/resource-policy: keep + # Persistent Volume Access Mode + accessModes: + - ReadWriteOnce + # Persistent Volume size + size: 1Gi + # Use an existing PVC + # existingClaim: + + # Number of desired pods. + replicaCount: 1 + + # here you can specify the deployment strategy as Recreate or RollingUpdate with optional maxSurge and maxUnavailable + # If these options are not set, default values are 25% + # deploymentStrategy: + # type: RollingUpdate + # maxSurge: "50%" + # maxUnavailable: "50%" + + deploymentStrategy: + type: "Recreate" + # maxSurge: "50%" + # maxUnavailable: "50%" + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + # Annotations to be implemented on the worker deployment + deploymentAnnotations: {} + # Labels to be implemented on the worker deployment + deploymentLabels: {} + # Annotations to be implemented on the worker pod + podAnnotations: {} + # Labels to be implemented on the worker pod + podLabels: {} + + podSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + # here you can specify lifecycle hooks - it can be used e.g., to easily add packages to the container without building + # your own docker image + # see https://github.com/8gears/n8n-helm-chart/pull/30 + lifecycle: {} + + # here's the sample configuration to add mysql-client to the container + # lifecycle: + # postStart: + # exec: + # command: ["/bin/sh", "-c", "apk add mysql-client"] + + # here you can override a command for worker container + # it may be used to override a starting script (e.g., to resolve issues like https://github.com/n8n-io/n8n/issues/6412) or + # run additional preparation steps (e.g., installing additional software) + command: [] + + # sample configuration that overrides starting script and solves above issue (also it runs n8n as root, so be careful): + # command: + # - tini + # - -- + # - /bin/sh + # - -c + # - chmod o+rx /root; chown -R node /root/.n8n || true; chown -R node /root/.n8n; ln -s /root/.n8n /home/node; chown -R node /home/node || true; node /usr/local/bin/n8n + + # command args + commandArgs: [] + + # here you can override the livenessProbe for the main container + # it may be used to increase the timeout for the livenessProbe (e.g., to resolve issues like + livenessProbe: + httpGet: + path: /healthz + port: http + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + + # here you can override the readinessProbe for the main container + # it may be used to increase the timeout for the readinessProbe (e.g., to resolve issues like + + readinessProbe: + httpGet: + path: /healthz + port: http + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + + # List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. + # See https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + initContainers: [] + + service: + annotations: {} + # -- Service types allow you to specify what kind of Service you want. + # E.g., ClusterIP, NodePort, LoadBalancer, ExternalName + type: ClusterIP + # -- Service port + port: 80 + + resources: {} + # We usually recommend not specifying default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + tolerations: [] + affinity: {} + +# Webhook related settings +# With .Values.scaling.webhook.enabled=true you disable Webhooks from the main process, but you enable the processing on a different Webhook instance. +# See https://github.com/8gears/n8n-helm-chart/issues/39#issuecomment-1579991754 for the full explanation. +# Webhook processes rely on Valkey/Redis too. +webhook: + enabled: false + # additional (to main) config for webhook + config: {} + # additional (to main) config for webhook + secret: {} + + # Extra environmental variables, so you can reference other configmaps and secrets into n8n as env vars. + extraEnv: {} + # WEBHOOK_URL: + # value: "http://webhook.domain.tld" + + + # + # Webhook Kubernetes specific settings + # + persistence: + # If true, use a Persistent Volume Claim, If false, use emptyDir + enabled: false + # what type volume, possible options are [existing, emptyDir, dynamic] dynamic for Dynamic Volume Provisioning, existing for using an existing Claim + type: emptyDir + # Persistent Volume Storage Class + # If defined, storageClassName: + # If set to "-", storageClassName: "", which disables dynamic provisioning + # If undefined (the default) or set to null, no storageClassName spec is + # set, choosing the default provisioner. (gp2 on AWS, standard on + # GKE, AWS & OpenStack) + # + # storageClass: "-" + # PVC annotations + # + # If you need this annotation include it under `values.yml` file and pvc.yml template will add it. + # This is not maintained at Helm v3 anymore. + # https://github.com/8gears/n8n-helm-chart/issues/8 + # + # annotations: + # helm.sh/resource-policy: keep + # Persistent Volume Access Mode + # + accessModes: + - ReadWriteOnce + # Persistent Volume size + # + size: 1Gi + # Use an existing PVC + # + # existingClaim: + + # Number of desired pods. + replicaCount: 1 + + # here you can specify the deployment strategy as Recreate or RollingUpdate with optional maxSurge and maxUnavailable + # If these options are not set, default values are 25% + # deploymentStrategy: + # type: RollingUpdate + # maxSurge: "50%" + # maxUnavailable: "50%" + + deploymentStrategy: + type: "Recreate" + + nameOverride: "" + fullnameOverride: "" + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + # Annotations to be implemented on the webhook deployment + deploymentAnnotations: {} + # Labels to be implemented on the webhook deployment + deploymentLabels: {} + # Annotations to be implemented on the webhook pod + podAnnotations: {} + # Labels to be implemented on the webhook pod + podLabels: {} + + podSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + # here you can specify lifecycle hooks - it can be used e.g., to easily add packages to the container without building + # your own docker image + # see https://github.com/8gears/n8n-helm-chart/pull/30 + lifecycle: {} + + # here's the sample configuration to add mysql-client to the container + # lifecycle: + # postStart: + # exec: + # command: ["/bin/sh", "-c", "apk add mysql-client"] + + # here you can override a command for main container + # it may be used to override a starting script (e.g., to resolve issues like https://github.com/n8n-io/n8n/issues/6412) or + # run additional preparation steps (e.g., installing additional software) + command: [] + + # sample configuration that overrides starting script and solves above issue (also it runs n8n as root, so be careful): + # command: + # - tini + # - -- + # - /bin/sh + # - -c + # - chmod o+rx /root; chown -R node /root/.n8n || true; chown -R node /root/.n8n; ln -s /root/.n8n /home/node; chown -R node /home/node || true; node /usr/local/bin/n8n + # Command Arguments + commandArgs: [] + + # here you can override the livenessProbe for the main container + # it may be used to increase the timeout for the livenessProbe (e.g., to resolve issues like + + livenessProbe: + httpGet: + path: /healthz + port: http + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + + # here you can override the readinessProbe for the main container + # it may be used to increase the timeout for the readinessProbe (e.g., to resolve issues like + + readinessProbe: + httpGet: + path: /healthz + port: http + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + + # List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. + # See https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + initContainers: [] + + service: + annotations: {} + # -- Service types allow you to specify what kind of Service you want. + # E.g., ClusterIP, NodePort, LoadBalancer, ExternalName + type: ClusterIP + # -- Service port + port: 80 + + resources: {} + # We usually recommend not specifying default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + +# +# User defined supplementary K8s manifests +# + +# Takes a list of Kubernetes manifests and merges each resource with a default metadata.labels map and +# installs the result. +# Use this to add any arbitrary Kubernetes manifests alongside this chart instead of kubectl and scripts. +extraManifests: [] +# - apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: example-config +# data: +# example.property.1: "value1" +# example.property.2: "value2" +# As an alternative to the above, you can also use a string as the value of the data field. +# - | +# apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: example-config-string +# data: +# example.property.1: "value1" +# example.property.2: "value2" + +# String extraManifests supports using variables directly within a string manifest. +# Templates are rendered using the context defined in the values.yaml file, enabling dynamic and flexible content customization. +extraTemplateManifests: [] +# - | +# apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: my-config +# stringData: +# image_name: {{ .Values.image.repository }} + +# Bitnami Valkey configuration +# https://artifacthub.io/packages/helm/bitnami/valkey +valkey: + enabled: false + # architecture: standalone + # + # primary: + # persistence: + # enabled: false + # existingClaim: "" + # size: 2Gi diff --git a/applications/n8n/docs/workflow.md b/applications/n8n/docs/workflow.md new file mode 100644 index 00000000..d23c7941 --- /dev/null +++ b/applications/n8n/docs/workflow.md @@ -0,0 +1,38 @@ +# Goal +This document explains how to develop Helm charts with a focus on quick feedback and easy testing. It serves as input for AI agents to create implementation plans. + +# For Engineers +This guide focuses on tools and patterns, assuming basic engineering knowledge. + +# Project Scope +First, decide if you're creating a new Helm chart or combining existing ones. This guide uses the [n8n](https://github.com/8gears/n8n-helm-chart) chart because: +- It handles workflow automation +- It includes AI components +- It needs a database (CloudNativePG) and Ingress (Nginx) + +# Development Plan + +## Step 1: Learn the Chart and Dependencies + +Each step builds on quick feedback and testing. + +Start by learning the application and its Helm chart values: + +- n8n: A Node.js workflow automation tool that connects services using a node-based approach +- `values.yaml`: Review the [chart values](https://github.com/8gears/n8n-helm-chart/blob/main/charts/n8n/values.yaml) + +Use `helm template` to see what Kubernetes will deploy: + +```bash +helm template my-n8n oci://8gears.container-registry.com/library/n8n --version 1.0.0 | ag "# Source" +Pulled: 8gears.container-registry.com/library/n8n:1.0.0 +Digest: sha256:318c4abf101e6aa50a5ffad3199f7073eb3a91678f03d37cc358946984150315 +# Source: n8n/templates/serviceaccount.yaml +# Source: n8n/templates/service.yaml +# Source: n8n/templates/deployment.yaml +# Source: n8n/templates/tests/test-connection.yaml +``` + +Study the Helm chart source code for deeper understanding. + +At this point, you'll see that n8n needs Nginx Ingress and Postgres. The next step is to automate these dependencies using `helmfile`. \ No newline at end of file From a2f30f00e3c762f14fbbe51ca6db5153b5c0e361 Mon Sep 17 00:00:00 2001 From: Gerard Nguyen Date: Wed, 9 Apr 2025 22:04:11 +1000 Subject: [PATCH 02/10] wip --- applications/n8n/ai/helmfile-task.md | 10 --- applications/n8n/charts/helmfile.yaml | 33 ++++---- applications/n8n/charts/justfile | 30 +++++++ applications/n8n/charts/values/dev.yaml | 18 ++++ applications/n8n/charts/values/prod.yaml | 84 +++++++++++++++++++ applications/n8n/docs/workflow.md | 6 +- applications/n8n/memory_bank/long_term.md | 26 ++++++ .../wf_debug_extramanifests_rendering.md | 37 ++++++++ .../memory_bank/wf_helmfile_dynamic_values.md | 29 +++++++ 9 files changed, 248 insertions(+), 25 deletions(-) delete mode 100644 applications/n8n/ai/helmfile-task.md create mode 100644 applications/n8n/charts/justfile create mode 100644 applications/n8n/charts/values/dev.yaml create mode 100644 applications/n8n/charts/values/prod.yaml create mode 100644 applications/n8n/memory_bank/long_term.md create mode 100644 applications/n8n/memory_bank/wf_debug_extramanifests_rendering.md create mode 100644 applications/n8n/memory_bank/wf_helmfile_dynamic_values.md diff --git a/applications/n8n/ai/helmfile-task.md b/applications/n8n/ai/helmfile-task.md deleted file mode 100644 index 7614e8b9..00000000 --- a/applications/n8n/ai/helmfile-task.md +++ /dev/null @@ -1,10 +0,0 @@ -# Task -- write a Helmfile to `./applications/n8n/charts/helmfile.yaml` that will install these charts in order: CloudNativePG --> Nginx Ingress Controller --> local n8n chart in charts/n8n -- leave the values empty to be populated later -- use this `helmDefaults` - -```yaml -helmDefaults: - wait: true - timeout: 66 -``` \ No newline at end of file diff --git a/applications/n8n/charts/helmfile.yaml b/applications/n8n/charts/helmfile.yaml index 1790a0d9..b53191d6 100644 --- a/applications/n8n/charts/helmfile.yaml +++ b/applications/n8n/charts/helmfile.yaml @@ -1,27 +1,32 @@ -helmDefaults: - wait: true - timeout: 66 - repositories: - name: cloudnative-pg url: https://cloudnative-pg.github.io/charts - - name: ingress-nginx - url: https://kubernetes.github.io/ingress-nginx + - name: traefik + url: https://helm.traefik.io/traefik + +environments: + dev: {} + prod: {} +commonLabels: + app: n8n-stack + +--- releases: - name: cloudnative-pg namespace: n8n chart: cloudnative-pg/cloudnative-pg - version: 0.20.5 - values: [] + version: 0.23.2 + installed: {{ eq .Environment.Name "prod" }} - - name: ingress-nginx - namespace: n8n - chart: ingress-nginx/ingress-nginx - version: 4.7.1 - values: [] + - name: traefik + namespace: traefik + chart: traefik/traefik + version: 35.0.0 + installed: {{ eq .Environment.Name "prod"}} - name: n8n namespace: n8n chart: ./n8n - values: [] \ No newline at end of file + values: + - values/{{ .Environment.Name }}.yaml \ No newline at end of file diff --git a/applications/n8n/charts/justfile b/applications/n8n/charts/justfile new file mode 100644 index 00000000..460f32a5 --- /dev/null +++ b/applications/n8n/charts/justfile @@ -0,0 +1,30 @@ +# Default environment +default_env := "dev" + +# Apply Helmfile with the specified environment +apply env=default_env: + helmfile --environment {{env}} apply + +# Template Helmfile with the specified environment +template env=default_env: + helmfile --environment {{env}} template + +# Sync Helmfile with the specified environment +sync env=default_env: + helmfile --environment {{env}} sync + +# Preview Helmfile diff with the specified environment +diff env=default_env: + helmfile --environment {{env}} diff + +# Deploy dev setup +dev: + just apply dev + +# Deploy prod setup (Postgres + Traefik Ingress) +prod: + just apply prod + +# Destroy all releases +destroy: + helmfile --selector app=n8n-stack destroy --skip-charts diff --git a/applications/n8n/charts/values/dev.yaml b/applications/n8n/charts/values/dev.yaml new file mode 100644 index 00000000..b840bd70 --- /dev/null +++ b/applications/n8n/charts/values/dev.yaml @@ -0,0 +1,18 @@ +# small deployment with nodeport for local testing or small deployments +# no Postgres, no Ingress +n8n: + main: + config: + n8n: + hide_usage_page: true + secret: + n8n: + encryption_key: "thisistheway" + resources: + limits: + memory: 2048Mi + requests: + memory: 512Mi + service: + type: NodePort + port: 5678 \ No newline at end of file diff --git a/applications/n8n/charts/values/prod.yaml b/applications/n8n/charts/values/prod.yaml new file mode 100644 index 00000000..bf8fef10 --- /dev/null +++ b/applications/n8n/charts/values/prod.yaml @@ -0,0 +1,84 @@ +#Prod like set up with CloudNativePG and nginx-ingress +main: + config: + db: + type: postgresdb + postgresdb: + host: db-rw + user: n8n +# password: password is read from cnpg db-app secretKeyRef + pool: + size: 10 + ssl: + enabled: true + reject_Unauthorized: true + ca_file: "/home/ssl/certs/postgresql/ca.crt" + secret: + n8n: + encryption_key: "thisistheway" + + extraEnv: + DB_POSTGRESDB_PASSWORD: + valueFrom: + secretKeyRef: + name: db-app + key: password + # Mount the CNPG CA Cert into N8N container + extraVolumeMounts: + - name: db-ca-cert + mountPath: /home/ssl/certs/postgresql + readOnly: true + + extraVolumes: + - name: db-ca-cert + secret: + secretName: db-ca + items: + - key: ca.crt + path: ca.crt + resources: + limits: + memory: 2048Mi + requests: + memory: 512Mi + +ingress: + enabled: false + # className: nginx + # annotations: + # cert-manager.io/cluster-issuer: letsencrypt-prod + # nginx.ingress.kubernetes.io/proxy-body-size: "0" + # nginx.ingress.kubernetes.io/proxy-buffering: "off" + # nginx.ingress.kubernetes.io/proxy-request-buffering: "off" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + # hosts: + # - host: n8n-dev.8gears.com + # paths: + # - / + # tls: + # - secretName: n8n-ingress-tls + # hosts: + # - n8n-dev.8gears.com + +# cnpg DB cluster request +extraManifests: +- apiVersion: postgresql.cnpg.io/v1 + kind: Cluster + metadata: + name: db + spec: + instances: 1 + bootstrap: + initdb: + database: n8n + owner: n8n + postgresql: + parameters: + shared_buffers: "64MB" + resources: + requests: + memory: "512Mi" + limits: + memory: "512Mi" + storage: + size: 1Gi diff --git a/applications/n8n/docs/workflow.md b/applications/n8n/docs/workflow.md index d23c7941..552b135f 100644 --- a/applications/n8n/docs/workflow.md +++ b/applications/n8n/docs/workflow.md @@ -35,4 +35,8 @@ Digest: sha256:318c4abf101e6aa50a5ffad3199f7073eb3a91678f03d37cc358946984150315 Study the Helm chart source code for deeper understanding. -At this point, you'll see that n8n needs Nginx Ingress and Postgres. The next step is to automate these dependencies using `helmfile`. \ No newline at end of file +You'll see that n8n needs Nginx Ingress and Postgres. The next step is to set up these parts using `helmfile`. We keep these parts separate from the Helm chart. + +After writing the `helmfile`, run `helmfile template | ag "# Source"` to see what will be deployed. + +## Step 2: Populate values \ No newline at end of file diff --git a/applications/n8n/memory_bank/long_term.md b/applications/n8n/memory_bank/long_term.md new file mode 100644 index 00000000..0779a2de --- /dev/null +++ b/applications/n8n/memory_bank/long_term.md @@ -0,0 +1,26 @@ +# N8N Helm Chart project + +## Project Goals +- Configure a N8N Helm chart that emphasizes incremental development and fast feedback loops +- The Helm chart has optional dependencies to external Postgres chart (cloudnative-pg/cloudnative-pg) and Traefik Ingress (traefik/traefik) + +## Techstacks +- **helmfile**: v0.171.0 for orchestrating multiple charts installation +- **just**: 1.40.0 command runner to automate repetitive tasks + +## Architecture & Folder Structure + +### Project Structure + +``` +. +├── charts # all charts here +│   ├── helmfile.yaml # helmfile +│   ├── justfile # justfile to automate tasks +│   ├── n8n # local n8n chart +│   └── values # value folders +├── docs # docs folder +│   └── workflow.md +└── memory_bank # memory bank folder + └── long_term.md +``` \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_debug_extramanifests_rendering.md b/applications/n8n/memory_bank/wf_debug_extramanifests_rendering.md new file mode 100644 index 00000000..0db322a2 --- /dev/null +++ b/applications/n8n/memory_bank/wf_debug_extramanifests_rendering.md @@ -0,0 +1,37 @@ +## Current tasks from user prompt +Debug why extraManifests in the n8n Helm chart are not rendering despite being defined in the values file. + +## Plan (simple) +1. Examine the extraManifests.yaml template to understand how it processes values +2. Check how the values are structured in prod.yaml +3. Verify that the values files are being properly loaded when the chart is deployed +4. Identify potential issues preventing rendering + +## Steps +1. Analyze the extraManifests.yaml template logic +2. Check the usage of .Values.extraManifests in the template +3. Investigate potential conditions where extraManifests would be skipped +4. Check the deployment process and debug commands + +## Things done +- Examined extraManifests.yaml template structure +- Checked prod.yaml for extraManifests definition +- Ran helm template command to verify the extraManifests are not being rendered +- Analyzed the values.yaml file to check default extraManifests structure +- Added debug output to see what values are being processed +- Fixed the structure/location of the extraManifests section in prod.yaml +- Successfully verified that extraManifests are now being rendered correctly + +## Solution +The issue was that although extraManifests was properly indented in prod.yaml, the values weren't being passed correctly to the chart. + +We initially thought the problem might be related to the nesting of values under the `n8n` key in prod.yaml, but by adding debug output to the extraManifests.yaml template, we discovered that `.Values.extraManifests` was being received as an empty array `[]`. + +Upon further investigation, we found that since we're using the chart directly with `./n8n` in the helmfile, not as a dependency, the Helm values are already being applied at the root level of the values file, meaning extraManifests should be at the root level of the YAML structure. + +The debug output helped us confirm this - when we left extraManifests at the root level of prod.yaml, it worked correctly. The Helm template successfully rendered the PostgreSQL Cluster resource. + +## Key Takeaways +1. When using a chart directly (not as a dependency), Helm values should be at the root level of the values file +2. Adding debug output can help diagnose Helm template rendering issues +3. The extraManifests feature is working correctly but requires proper value structure \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_helmfile_dynamic_values.md b/applications/n8n/memory_bank/wf_helmfile_dynamic_values.md new file mode 100644 index 00000000..84cb4be7 --- /dev/null +++ b/applications/n8n/memory_bank/wf_helmfile_dynamic_values.md @@ -0,0 +1,29 @@ +# Helmfile Dynamic Values Integration + +## Current tasks from user prompt +- Update helmfile.yaml to include dynamic values from environment-specific YAML files +- Configure helmfile to use dev.yaml or prod.yaml based on the selected environment name + +## Plan (simple) +1. Understand the current helmfile.yaml structure +2. Examine the existing values files in the values directory +3. Modify the helmfile.yaml to dynamically load values based on environment name +4. Test the changes by applying them to the helmfile.yaml + +## Steps +1. Read the current helmfile.yaml to understand configuration +2. Check values/dev.yaml and values/prod.yaml to understand what values need to be included +3. Update the n8n release in helmfile.yaml to include a values section that uses `{{ .Environment.Name }}` to dynamically select the right values file +4. Verify the modifications work correctly + +## Things done +- Read and analyzed the current helmfile.yaml structure +- Examined the values files in the values directory +- Successfully updated the n8n release in helmfile.yaml to include: `values: [values/{{ .Environment.Name }}.yaml]` +- Verified that the changes were properly applied to the helmfile.yaml file + +## TODOs +- Test the configuration by running helmfile with different environments: + - `helmfile -e dev apply` to test with dev values + - `helmfile -e prod apply` to test with prod values +- Consider adding additional configuration if needed for specific use cases \ No newline at end of file From d81c79e9466b4185295290aa6d87b585fc195597 Mon Sep 17 00:00:00 2001 From: Gerard Nguyen Date: Thu, 10 Apr 2025 14:52:13 +1000 Subject: [PATCH 03/10] wip --- applications/n8n/.terraform.lock.hcl | 79 ++++++++ applications/n8n/charts/helmfile.yaml | 32 ---- applications/n8n/charts/justfile | 30 --- .../{values/prod.yaml => n8n-values.yaml} | 62 +++---- applications/n8n/charts/n8n/Chart.lock | 7 +- applications/n8n/charts/n8n/Chart.yaml | 3 + applications/n8n/charts/values/dev.yaml | 18 -- applications/n8n/dagger.json | 20 ++ applications/n8n/dagger/.gitattributes | 4 + applications/n8n/dagger/.gitignore | 4 + applications/n8n/dagger/go.mod | 50 +++++ applications/n8n/dagger/go.sum | 85 +++++++++ applications/n8n/dagger/main.go | 124 +++++++++++++ applications/n8n/docs/workflow.md | 175 +++++++++++++++--- applications/n8n/justfile | 11 ++ applications/n8n/main.tf | 111 +++++++++++ applications/n8n/memory_bank/long_term.md | 26 --- .../wf_chart_replicated_integration.md | 25 +++ .../wf_debug_extramanifests_rendering.md | 37 ---- .../memory_bank/wf_helm_dependency_update.md | 25 +++ .../wf_helm_template_verification.md | 25 +++ .../memory_bank/wf_helmfile_dynamic_values.md | 29 --- .../wf_n8n_terraform_chart_deployment.md | 50 +++++ .../wf_replicated_release_automation.md | 24 +++ .../wf_repository_structure_update.md | 30 +++ .../wf_terraform_helm_dependency_fix.md | 24 +++ .../n8n/replicated/kots-application.yaml | 18 ++ applications/n8n/replicated/kots-chart.yaml | 11 ++ applications/n8n/replicated/kots-config.yaml | 4 + applications/n8n/replicated/kots-ec.yaml | 20 ++ 30 files changed, 923 insertions(+), 240 deletions(-) create mode 100644 applications/n8n/.terraform.lock.hcl delete mode 100644 applications/n8n/charts/helmfile.yaml delete mode 100644 applications/n8n/charts/justfile rename applications/n8n/charts/{values/prod.yaml => n8n-values.yaml} (51%) delete mode 100644 applications/n8n/charts/values/dev.yaml create mode 100644 applications/n8n/dagger.json create mode 100644 applications/n8n/dagger/.gitattributes create mode 100644 applications/n8n/dagger/.gitignore create mode 100644 applications/n8n/dagger/go.mod create mode 100644 applications/n8n/dagger/go.sum create mode 100644 applications/n8n/dagger/main.go create mode 100644 applications/n8n/justfile create mode 100644 applications/n8n/main.tf delete mode 100644 applications/n8n/memory_bank/long_term.md create mode 100644 applications/n8n/memory_bank/wf_chart_replicated_integration.md delete mode 100644 applications/n8n/memory_bank/wf_debug_extramanifests_rendering.md create mode 100644 applications/n8n/memory_bank/wf_helm_dependency_update.md create mode 100644 applications/n8n/memory_bank/wf_helm_template_verification.md delete mode 100644 applications/n8n/memory_bank/wf_helmfile_dynamic_values.md create mode 100644 applications/n8n/memory_bank/wf_n8n_terraform_chart_deployment.md create mode 100644 applications/n8n/memory_bank/wf_replicated_release_automation.md create mode 100644 applications/n8n/memory_bank/wf_repository_structure_update.md create mode 100644 applications/n8n/memory_bank/wf_terraform_helm_dependency_fix.md create mode 100644 applications/n8n/replicated/kots-application.yaml create mode 100644 applications/n8n/replicated/kots-chart.yaml create mode 100644 applications/n8n/replicated/kots-config.yaml create mode 100644 applications/n8n/replicated/kots-ec.yaml diff --git a/applications/n8n/.terraform.lock.hcl b/applications/n8n/.terraform.lock.hcl new file mode 100644 index 00000000..ff11fa55 --- /dev/null +++ b/applications/n8n/.terraform.lock.hcl @@ -0,0 +1,79 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.17.0" + hashes = [ + "h1:kQMkcPVvHOguOqnxoEU2sm1ND9vCHiT8TvZ2x6v/Rsw=", + "zh:06fb4e9932f0afc1904d2279e6e99353c2ddac0d765305ce90519af410706bd4", + "zh:104eccfc781fc868da3c7fec4385ad14ed183eb985c96331a1a937ac79c2d1a7", + "zh:129345c82359837bb3f0070ce4891ec232697052f7d5ccf61d43d818912cf5f3", + "zh:3956187ec239f4045975b35e8c30741f701aa494c386aaa04ebabffe7749f81c", + "zh:66a9686d92a6b3ec43de3ca3fde60ef3d89fb76259ed3313ca4eb9bb8c13b7dd", + "zh:88644260090aa621e7e8083585c468c8dd5e09a3c01a432fb05da5c4623af940", + "zh:a248f650d174a883b32c5b94f9e725f4057e623b00f171936dcdcc840fad0b3e", + "zh:aa498c1f1ab93be5c8fbf6d48af51dc6ef0f10b2ea88d67bcb9f02d1d80d3930", + "zh:bf01e0f2ec2468c53596e027d376532a2d30feb72b0b5b810334d043109ae32f", + "zh:c46fa84cc8388e5ca87eb575a534ebcf68819c5a5724142998b487cb11246654", + "zh:d0c0f15ffc115c0965cbfe5c81f18c2e114113e7a1e6829f6bfd879ce5744fbb", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.25.2" + constraints = "~> 2.25.2" + hashes = [ + "h1:T1WAQt40cAk721H0AM/eZ5YuodJaIfS8r3Tu7rKCJJE=", + "zh:044788ac936e0e8ece8f78a2e4e366ecd435ea8235388eaf2cbc8e7975d9d970", + "zh:24f5ff01df91f51f00ee7ff39430adeb63bb2ca4ea0042e68f06d6b65808c02f", + "zh:49984aa0aa1faa8c4f01e8faa039322f1e6fdaeab0b7e32f5c6e96edfde36a38", + "zh:4eeceaff56bac9fc782e7e33f157fa2c7e9a47b2c3c3d12da2642c312ace73f6", + "zh:4f49b6419345960d5af475e0200c243af4c9c140b0ee64799fe1fc9b023c49ea", + "zh:7958414d516867a2263a978792a24843f80023fb233cf051ff4095adc9803d85", + "zh:c633a755fc95e9ff0cd73656f052947afd85883a0987dde5198113aa48474156", + "zh:cbfe958d119795004ce1e8001449d01c056fa2a062b51d07843d98be216337d7", + "zh:cfb85392e18768578d4c943438897083895719be678227fd90efbe3500702a56", + "zh:d705a661ed5da425dd236a48645bec39fe78a67d2e70e8460b720417cbf260ac", + "zh:ddd7a01263da3793df4f3b5af65f166307eed5acf525e51e058cda59009cc856", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.3" + hashes = [ + "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=", + "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", + "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", + "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", + "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", + "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", + "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", + "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", + "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", + "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", + "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.7.1" + hashes = [ + "h1:t152MY0tQH4a8fLzTtEWx70ITd3azVOrFDn/pQblbto=", + "zh:3193b89b43bf5805493e290374cdda5132578de6535f8009547c8b5d7a351585", + "zh:3218320de4be943e5812ed3de995946056db86eb8d03aa3f074e0c7316599bef", + "zh:419861805a37fa443e7d63b69fb3279926ccf98a79d256c422d5d82f0f387d1d", + "zh:4df9bd9d839b8fc11a3b8098a604b9b46e2235eb65ef15f4432bde0e175f9ca6", + "zh:5814be3f9c9cc39d2955d6f083bae793050d75c572e70ca11ccceb5517ced6b1", + "zh:63c6548a06de1231c8ee5570e42ca09c4b3db336578ded39b938f2156f06dd2e", + "zh:697e434c6bdee0502cc3deb098263b8dcd63948e8a96d61722811628dce2eba1", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:a0b8e44927e6327852bbfdc9d408d802569367f1e22a95bcdd7181b1c3b07601", + "zh:b7d3af018683ef22794eea9c218bc72d7c35a2b3ede9233b69653b3c782ee436", + "zh:d63b911d618a6fe446c65bfc21e793a7663e934b2fef833d42d3ccd38dd8d68d", + "zh:fa985cd0b11e6d651f47cff3055f0a9fd085ec190b6dbe99bf5448174434cdea", + ] +} diff --git a/applications/n8n/charts/helmfile.yaml b/applications/n8n/charts/helmfile.yaml deleted file mode 100644 index b53191d6..00000000 --- a/applications/n8n/charts/helmfile.yaml +++ /dev/null @@ -1,32 +0,0 @@ -repositories: - - name: cloudnative-pg - url: https://cloudnative-pg.github.io/charts - - name: traefik - url: https://helm.traefik.io/traefik - -environments: - dev: {} - prod: {} - -commonLabels: - app: n8n-stack - ---- -releases: - - name: cloudnative-pg - namespace: n8n - chart: cloudnative-pg/cloudnative-pg - version: 0.23.2 - installed: {{ eq .Environment.Name "prod" }} - - - name: traefik - namespace: traefik - chart: traefik/traefik - version: 35.0.0 - installed: {{ eq .Environment.Name "prod"}} - - - name: n8n - namespace: n8n - chart: ./n8n - values: - - values/{{ .Environment.Name }}.yaml \ No newline at end of file diff --git a/applications/n8n/charts/justfile b/applications/n8n/charts/justfile deleted file mode 100644 index 460f32a5..00000000 --- a/applications/n8n/charts/justfile +++ /dev/null @@ -1,30 +0,0 @@ -# Default environment -default_env := "dev" - -# Apply Helmfile with the specified environment -apply env=default_env: - helmfile --environment {{env}} apply - -# Template Helmfile with the specified environment -template env=default_env: - helmfile --environment {{env}} template - -# Sync Helmfile with the specified environment -sync env=default_env: - helmfile --environment {{env}} sync - -# Preview Helmfile diff with the specified environment -diff env=default_env: - helmfile --environment {{env}} diff - -# Deploy dev setup -dev: - just apply dev - -# Deploy prod setup (Postgres + Traefik Ingress) -prod: - just apply prod - -# Destroy all releases -destroy: - helmfile --selector app=n8n-stack destroy --skip-charts diff --git a/applications/n8n/charts/values/prod.yaml b/applications/n8n/charts/n8n-values.yaml similarity index 51% rename from applications/n8n/charts/values/prod.yaml rename to applications/n8n/charts/n8n-values.yaml index bf8fef10..f131048e 100644 --- a/applications/n8n/charts/values/prod.yaml +++ b/applications/n8n/charts/n8n-values.yaml @@ -13,9 +13,10 @@ main: enabled: true reject_Unauthorized: true ca_file: "/home/ssl/certs/postgresql/ca.crt" - secret: - n8n: - encryption_key: "thisistheway" + # comment out as we are experiment with Terraform template + # secret: + # n8n: + # encryption_key: "thisistheway" extraEnv: DB_POSTGRESDB_PASSWORD: @@ -44,41 +45,26 @@ main: ingress: enabled: false - # className: nginx - # annotations: - # cert-manager.io/cluster-issuer: letsencrypt-prod - # nginx.ingress.kubernetes.io/proxy-body-size: "0" - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/proxy-request-buffering: "off" - # nginx.ingress.kubernetes.io/ssl-redirect: "true" - # hosts: - # - host: n8n-dev.8gears.com - # paths: - # - / - # tls: - # - secretName: n8n-ingress-tls - # hosts: - # - n8n-dev.8gears.com # cnpg DB cluster request extraManifests: -- apiVersion: postgresql.cnpg.io/v1 - kind: Cluster - metadata: - name: db - spec: - instances: 1 - bootstrap: - initdb: - database: n8n - owner: n8n - postgresql: - parameters: - shared_buffers: "64MB" - resources: - requests: - memory: "512Mi" - limits: - memory: "512Mi" - storage: - size: 1Gi + - apiVersion: postgresql.cnpg.io/v1 + kind: Cluster + metadata: + name: db + spec: + instances: 1 + bootstrap: + initdb: + database: n8n + owner: n8n + postgresql: + parameters: + shared_buffers: "64MB" + resources: + requests: + memory: "512Mi" + limits: + memory: "512Mi" + storage: + size: 1Gi diff --git a/applications/n8n/charts/n8n/Chart.lock b/applications/n8n/charts/n8n/Chart.lock index f4f47366..c94d98b1 100644 --- a/applications/n8n/charts/n8n/Chart.lock +++ b/applications/n8n/charts/n8n/Chart.lock @@ -2,5 +2,8 @@ dependencies: - name: valkey repository: oci://registry-1.docker.io/bitnamicharts version: 2.4.7 -digest: sha256:22d7881004c028611a742708c08e2f2861a54b1134f9c2d74b451a75ba1968a8 -generated: "2025-03-31T11:55:46.320432+01:00" +- name: replicated + repository: oci://registry.replicated.com/library + version: 1.5.0 +digest: sha256:1eb6a06e563152b56016188710d829b5caab37ba6da16470b0779007779b326f +generated: "2025-04-10T09:43:54.914664+10:00" diff --git a/applications/n8n/charts/n8n/Chart.yaml b/applications/n8n/charts/n8n/Chart.yaml index a5de0468..6b7b0306 100644 --- a/applications/n8n/charts/n8n/Chart.yaml +++ b/applications/n8n/charts/n8n/Chart.yaml @@ -10,6 +10,9 @@ dependencies: name: valkey repository: oci://registry-1.docker.io/bitnamicharts version: 2.4.7 +- name: replicated + repository: oci://registry.replicated.com/library + version: 1.5.0 description: Helm Chart for deploying n8n on Kubernetes, a fair-code workflow automation platform with native AI capabilities for technical teams. Easily automate tasks across different services. diff --git a/applications/n8n/charts/values/dev.yaml b/applications/n8n/charts/values/dev.yaml deleted file mode 100644 index b840bd70..00000000 --- a/applications/n8n/charts/values/dev.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# small deployment with nodeport for local testing or small deployments -# no Postgres, no Ingress -n8n: - main: - config: - n8n: - hide_usage_page: true - secret: - n8n: - encryption_key: "thisistheway" - resources: - limits: - memory: 2048Mi - requests: - memory: 512Mi - service: - type: NodePort - port: 5678 \ No newline at end of file diff --git a/applications/n8n/dagger.json b/applications/n8n/dagger.json new file mode 100644 index 00000000..e63627c1 --- /dev/null +++ b/applications/n8n/dagger.json @@ -0,0 +1,20 @@ +{ + "name": "n8n", + "engineVersion": "v0.18.1", + "sdk": { + "source": "go" + }, + "dependencies": [ + { + "name": "helm", + "source": "github.com/sagikazarmark/daggerverse/helm@helm/v0.14.0", + "pin": "4981f49ead356d64a860ef85caec9b0622933ad7" + }, + { + "name": "replicated", + "source": "github.com/replicatedhq/daggerverse/replicated@1b8faf528b3c00b6b400bc7555ea4b5de5224ef8", + "pin": "1b8faf528b3c00b6b400bc7555ea4b5de5224ef8" + } + ], + "source": "dagger" +} diff --git a/applications/n8n/dagger/.gitattributes b/applications/n8n/dagger/.gitattributes new file mode 100644 index 00000000..3a454933 --- /dev/null +++ b/applications/n8n/dagger/.gitattributes @@ -0,0 +1,4 @@ +/dagger.gen.go linguist-generated +/internal/dagger/** linguist-generated +/internal/querybuilder/** linguist-generated +/internal/telemetry/** linguist-generated diff --git a/applications/n8n/dagger/.gitignore b/applications/n8n/dagger/.gitignore new file mode 100644 index 00000000..7ebabcc1 --- /dev/null +++ b/applications/n8n/dagger/.gitignore @@ -0,0 +1,4 @@ +/dagger.gen.go +/internal/dagger +/internal/querybuilder +/internal/telemetry diff --git a/applications/n8n/dagger/go.mod b/applications/n8n/dagger/go.mod new file mode 100644 index 00000000..ef0637fa --- /dev/null +++ b/applications/n8n/dagger/go.mod @@ -0,0 +1,50 @@ +module dagger/n-8-n + +go 1.23.6 + +require ( + github.com/99designs/gqlgen v0.17.70 + github.com/Khan/genqlient v0.8.0 + github.com/vektah/gqlparser/v2 v2.5.23 + go.opentelemetry.io/otel v1.34.0 + go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 + go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 + go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 + go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 + go.opentelemetry.io/otel/log v0.8.0 + go.opentelemetry.io/otel/metric v1.34.0 + go.opentelemetry.io/otel/sdk v1.34.0 + go.opentelemetry.io/otel/sdk/log v0.8.0 + go.opentelemetry.io/otel/sdk/metric v1.34.0 + go.opentelemetry.io/otel/trace v1.34.0 + go.opentelemetry.io/proto/otlp v1.3.1 + golang.org/x/sync v0.12.0 + google.golang.org/grpc v1.71.0 +) + +require ( + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/go-logr/logr v1.4.2 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect + github.com/sosodev/duration v1.3.1 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 // indirect + golang.org/x/net v0.38.0 // indirect + golang.org/x/sys v0.31.0 // indirect + golang.org/x/text v0.23.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f // indirect + google.golang.org/protobuf v1.36.6 // indirect +) + +replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 + +replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 + +replace go.opentelemetry.io/otel/log => go.opentelemetry.io/otel/log v0.8.0 + +replace go.opentelemetry.io/otel/sdk/log => go.opentelemetry.io/otel/sdk/log v0.8.0 diff --git a/applications/n8n/dagger/go.sum b/applications/n8n/dagger/go.sum new file mode 100644 index 00000000..2d8a69fe --- /dev/null +++ b/applications/n8n/dagger/go.sum @@ -0,0 +1,85 @@ +github.com/99designs/gqlgen v0.17.70 h1:xgLIgQuG+Q2L/AE9cW595CT7xCWCe/bpPIFGSfsGSGs= +github.com/99designs/gqlgen v0.17.70/go.mod h1:fvCiqQAu2VLhKXez2xFvLmE47QgAPf/KTPN5XQ4rsHQ= +github.com/Khan/genqlient v0.8.0 h1:Hd1a+E1CQHYbMEKakIkvBH3zW0PWEeiX6Hp1i2kP2WE= +github.com/Khan/genqlient v0.8.0/go.mod h1:hn70SpYjWteRGvxTwo0kfaqg4wxvndECGkfa1fdDdYI= +github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= +github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 h1:ad0vkEBuk23VJzZR9nkLVG0YAoN9coASF1GusYX6AlU= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0/go.mod h1:igFoXX2ELCW06bol23DWPB5BEWfZISOzSP5K2sbLea0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= +github.com/sosodev/duration v1.3.1 h1:qtHBDMQ6lvMQsL15g4aopM4HEfOaYuhWBw3NPTtlqq4= +github.com/sosodev/duration v1.3.1/go.mod h1:RQIBBX0+fMLc/D9+Jb/fwvVmo0eZvDDEERAikUR6SDg= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/vektah/gqlparser/v2 v2.5.23 h1:PurJ9wpgEVB7tty1seRUwkIDa/QH5RzkzraiKIjKLfA= +github.com/vektah/gqlparser/v2 v2.5.23/go.mod h1:D1/VCZtV3LPnQrcPBeR/q5jkSQIPti0uYCP/RI0gIeo= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY= +go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 h1:WzNab7hOOLzdDF/EoWCt4glhrbMPVMOO5JYTmpz36Ls= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0/go.mod h1:hKvJwTzJdp90Vh7p6q/9PAOd55dI6WA6sWj62a/JvSs= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 h1:S+LdBGiQXtJdowoJoQPEtI52syEP/JYBUpjO49EQhV8= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0/go.mod h1:5KXybFvPGds3QinJWQT7pmXf+TN5YIa7CNYObWRkj50= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 h1:j7ZSD+5yn+lo3sGV69nW04rRR0jhYnBwjuX3r0HvnK0= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0/go.mod h1:WXbYJTUaZXAbYd8lbgGuvih0yuCfOFC5RJoYnoLcGz8= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 h1:t/Qur3vKSkUCcDVaSumWF2PKHt85pc7fRvFuoVT8qFU= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0/go.mod h1:Rl61tySSdcOJWoEgYZVtmnKdA0GeKrSqkHC1t+91CH8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 h1:IJFEoHiytixx8cMiVAO+GmHR6Frwu+u5Ur8njpFO6Ac= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0/go.mod h1:3rHrKNtLIoS0oZwkY2vxi+oJcwFRWdtUyRII+so45p8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 h1:9kV11HXBHZAvuPUZxmMWrH8hZn/6UnHX4K0mu36vNsU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0/go.mod h1:JyA0FHXe22E1NeNiHmVp7kFHglnexDQ7uRWDiiJ1hKQ= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 h1:cMyu9O88joYEaI47CnQkxO1XZdpoTF9fEnW2duIddhw= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0/go.mod h1:6Am3rn7P9TVVeXYG+wtcGE7IE1tsQ+bP3AuWcKt/gOI= +go.opentelemetry.io/otel/log v0.8.0 h1:egZ8vV5atrUWUbnSsHn6vB8R21G2wrKqNiDt3iWertk= +go.opentelemetry.io/otel/log v0.8.0/go.mod h1:M9qvDdUTRCopJcGRKg57+JSQ9LgLBrwwfC32epk5NX8= +go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ= +go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE= +go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A= +go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU= +go.opentelemetry.io/otel/sdk/log v0.8.0 h1:zg7GUYXqxk1jnGF/dTdLPrK06xJdrXgqgFLnI4Crxvs= +go.opentelemetry.io/otel/sdk/log v0.8.0/go.mod h1:50iXr0UVwQrYS45KbruFrEt4LvAdCaWWgIrsN3ZQggo= +go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce1EK0Gyvahk= +go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w= +go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k= +go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= +golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= +golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= +google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422 h1:GVIKPyP/kLIyVOgOnTwFOrvQaQUzOzGMCxgFUOEmm24= +google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422/go.mod h1:b6h1vNKhxaSoEI+5jc3PJUCustfli/mRab7295pY7rw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f h1:OxYkA3wjPsZyBylwymxSHa7ViiW1Sml4ToBrncvFehI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50= +google.golang.org/grpc v1.71.0 h1:kF77BGdPTQ4/JZWMlb9VpJ5pa25aqvVqogsxNHHdeBg= +google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= +google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= +google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/applications/n8n/dagger/main.go b/applications/n8n/dagger/main.go new file mode 100644 index 00000000..1b2a65bc --- /dev/null +++ b/applications/n8n/dagger/main.go @@ -0,0 +1,124 @@ +// A generated module for N8N functions +// +// This module has been generated via dagger init and serves as a reference to +// basic module structure as you get started with Dagger. +// +// Two functions have been pre-created. You can modify, delete, or add to them, +// as needed. They demonstrate usage of arguments and return types using simple +// echo and grep commands. The functions can be called from the dagger CLI or +// from one of the SDKs. +// +// The first line in this comment block is a short description line and the +// rest is a long description with more detail on the module's purpose or usage, +// if appropriate. All modules should have a short description. + +package main + +import ( + "context" + "dagger/n-8-n/internal/dagger" + "fmt" + "log" + "time" +) + +type N8N struct { + // +private + Source *dagger.Directory +} + +const ( + REPLICATED_APP = "gerard-n8n" + CHART_DIR = "charts/n8n" +) + +func New( + // Project source directory + // + // +defaultPath="." + source *dagger.Directory) *N8N { + return &N8N{ + Source: source, + } +} + +func (m *N8N) CreateReplicatedRelease(ctx context.Context, token *dagger.Secret, version, channel string) (string, error) { + versionStr := m.generateVersion(ctx, version) + packagedDir := m.PrepareReplicatedRelease(ctx, versionStr) + return dag.Container(). + From("replicated/vendor-cli:latest"). + WithDirectory("/src", packagedDir). + WithEnvVariable("REPLICATED_APP", REPLICATED_APP). + WithSecretVariable("REPLICATED_API_TOKEN", token). + WithExec([]string{"/replicated", "release", "create", "--yaml-dir", "/src", "--promote", channel, "--version", version, "--ensure-channel"}). + Stdout(ctx) +} + +func (m *N8N) DownloadLicense(ctx context.Context, token *dagger.Secret, channel string) *dagger.File { + // create customer and download license + customerName := fmt.Sprintf("%s-customer", channel) + return dag.Container(). + From("replicated/vendor-cli:latest"). + WithEnvVariable("REPLICATED_APP", REPLICATED_APP). + WithSecretVariable("REPLICATED_API_TOKEN", token). + WithExec([]string{"/replicated", "customer", "create", "--name", customerName, "--channel", channel}). + WithExec([]string{"/replicated", "customer", "download-license", "--customer", customerName, "--output", "license.yaml"}). + File("license.yaml") +} + +func (m *N8N) PrepareReplicatedRelease(ctx context.Context, version string) *dagger.Directory { + releaseDir := m.Source.Directory("replicated") + + // lint chart + _, err := m.Lint(ctx) + if err != nil { + log.Fatalf("Failed to lint Helm chart: %v", err) + } + + // package Helm chart + appHelmChart := m.Package(ctx, version) + appHelmChartName, _ := appHelmChart.Name(ctx) + + // update KOTS HelmChart CR version + baseContainer := m.Base() + return baseContainer. + WithDirectory("/src", releaseDir). + WithWorkdir("/src"). + WithExec([]string{"apk", "add", "yq"}). + WithExec([]string{"yq", "-i", fmt.Sprintf(".spec.chart.chartVersion=\"%s\"", version), "kots-chart.yaml"}). + WithFile(appHelmChartName, appHelmChart). + Directory("/src") +} + +func (m *N8N) Base() *dagger.Container { + return dag.Container().From("alpine:latest") +} + +// Lint the Helm chart +func (m *N8N) Lint(ctx context.Context) (string, error) { + chart := m.chart() + return chart.Lint().Stdout(ctx) +} + +// Package the Helm chart +func (m *N8N) Package(ctx context.Context, version string) *dagger.File { + chart := m.chart() + return chart.Package(dagger.HelmChartPackageOpts{ + Version: version, + AppVersion: version, + DependencyUpdate: true, + }).File() +} + +func (m *N8N) chart() *dagger.HelmChart { + chart := m.Source.Directory(CHART_DIR) + return dag.Helm(dagger.HelmOpts{ + Version: "3.17.1", + }).Chart(chart) +} + +// Generates a version string based on the current date, branch name, and commit hash +func (m *N8N) generateVersion(ctx context.Context, version string) string { + date := time.Now().Format("20060102-150405") + return fmt.Sprintf("%s-%s", version, date) +} diff --git a/applications/n8n/docs/workflow.md b/applications/n8n/docs/workflow.md index 552b135f..915c1da7 100644 --- a/applications/n8n/docs/workflow.md +++ b/applications/n8n/docs/workflow.md @@ -1,42 +1,161 @@ -# Goal -This document explains how to develop Helm charts with a focus on quick feedback and easy testing. It serves as input for AI agents to create implementation plans. +# Helm Chart Development Workflow -# For Engineers -This guide focuses on tools and patterns, assuming basic engineering knowledge. +## Objective -# Project Scope -First, decide if you're creating a new Helm chart or combining existing ones. This guide uses the [n8n](https://github.com/8gears/n8n-helm-chart) chart because: -- It handles workflow automation -- It includes AI components -- It needs a database (CloudNativePG) and Ingress (Nginx) +Provide engineers with a clear, reproducible workflow for iterative Helm chart development, emphasizing fast feedback loops and easy configuration management. The workflow leverages Terraform, Helm CLI, and automation via `just` and Dagger. -# Development Plan +--- -## Step 1: Learn the Chart and Dependencies +## Components -Each step builds on quick feedback and testing. +- **n8n** *(local, custom Helm chart)* +- **CloudNativePG (Postgres)** *(remote Helm chart)* +- **Traefik ingress** *(remote Helm chart)* -Start by learning the application and its Helm chart values: +--- -- n8n: A Node.js workflow automation tool that connects services using a node-based approach -- `values.yaml`: Review the [chart values](https://github.com/8gears/n8n-helm-chart/blob/main/charts/n8n/values.yaml) +## Key Principles -Use `helm template` to see what Kubernetes will deploy: +- **Progressive Complexity** – Start simple, add complexity incrementally. +- **Fast Feedback** – Immediate validation of changes. +- **Reproducibility** – Simple to recreate locally. +- **Modular Configuration** – Clear separation of values per component. +- **Automation** – Minimize repetitive tasks. + +--- + +## Project Repository Structure -```bash -helm template my-n8n oci://8gears.container-registry.com/library/n8n --version 1.0.0 | ag "# Source" -Pulled: 8gears.container-registry.com/library/n8n:1.0.0 -Digest: sha256:318c4abf101e6aa50a5ffad3199f7073eb3a91678f03d37cc358946984150315 -# Source: n8n/templates/serviceaccount.yaml -# Source: n8n/templates/service.yaml -# Source: n8n/templates/deployment.yaml -# Source: n8n/templates/tests/test-connection.yaml ``` +. +├── charts +│ ├── n8n/ # Custom local Helm chart +│ │ ├── charts/ # Helm chart dependencies +│ └── n8n-values.yaml # Environment-specific Helm values for n8n for local dev +├── dagger # Automation logic (chart packaging/releases) +│ ├── main.go # Main dagger code +├── docs # Workflow documentation +│ └── workflow.md # Workflow guide (this document) +├── memory_bank # Tracking files for workflow tasks +├── justfile # Automation tasks (developer-friendly commands) +├── main.tf # Terraform config for Helm chart releases +``` + +--- + +## Prerequisites + +- Kubernetes cluster (**k3d recommended**; any valid Kubernetes cluster is acceptable) +- Helm CLI installed +- Terraform CLI installed +- Dagger CLI installed +- `just` command-line runner installed + +--- + +## Workflow Steps + +### 1. Local Cluster Setup + +- **Action:** Create a local Kubernetes cluster using k3d. +- **Command Example:** `k3d cluster create mydevcluster --port 8080:80@loadbalancer --port 8443:443@loadbalancer` +- **Verification:** Confirm cluster access with `kubectl cluster-info`. + +### 2. Initialize Dependencies (Terraform) + +- **Action:** Define `helm_release` resources in `main.tf` for CloudNativePG and Traefik. +- **Configuration:** Specify chart repositories, versions, and necessary values within the Terraform HCL. Reference external values files if preferred (e.g., `values/traefik-values.yaml`, `values/cnpg-values.yaml`). +- **Command:** `terraform init && terraform apply` +- **Verification:** Check for running pods/services for Postgres and Traefik using `kubectl get pods,svc -A`. Ensure Terraform state reflects the deployed releases. + +### 3. Create Initial Local Chart (`n8n`) + +- **Action:** Use Helm CLI to scaffold the `n8n` chart. +- **Command:** `helm create charts/n8n` +- **Cleanup:** Remove default template files not immediately needed (e.g., `hpa.yaml`, `ingress.yaml`, `serviceaccount.yaml`, test files). Keep `_helpers.tpl`, `deployment.yaml`, `service.yaml`, `NOTES.txt`. +- **Initial Values:** Review and potentially simplify the initial `charts/n8n/values.yaml`. + +### 4. Configure `justfile` for Core Workflow + +- **Action:** Define initial recipes in `justfile`. +- **Recipes:** + - `lint`: Run `helm lint ./charts/n8n -f ./charts/n8n-values.yaml`. + - `template`: Run `helm template n8n ./charts/n8n -f ./charts/n8n-values.yaml > rendered-n8n.yaml`. + - `deploy`: Run `helm upgrade --install n8n ./charts/n8n -f ./charts/n8n-values.yaml --create-namespace --namespace n8n`. + - `delete`: Run `helm uninstall n8n --namespace n8n`. + - `logs`: Run `kubectl logs -f -l app.kubernetes.io/name=n8n -n n8n --tail=50`. + +### 5. Iterative Development Cycle + +- **Action:** Develop the `n8n` chart incrementally. + - **Step 1 (Basic Deployment):** + - Modify `charts/n8n/templates/deployment.yaml` for the n8n image and basic configuration. + - Modify `charts/n8n/templates/service.yaml` to expose the n8n port. + - Update `charts/n8n/values.yaml` and `charts/n8n-values.yaml` with necessary image details, ports, etc. + - **Test:** `just lint`, `just template` (review output), `just deploy`, `just logs`, check service (`kubectl get svc -n n8n`). + - **Step 2 (Add Database Connection):** + - Update `deployment.yaml` to include environment variables for database connection (host, user, password, db name). + - Source these values from `values.yaml` (potentially using secrets later). + - Reference the Postgres service created by CloudNativePG (check its service name/namespace, usually managed via Terraform outputs or known conventions). + - Update `n8n-values.yaml` with actual DB connection details. + - **Test:** `just deploy`, `just logs` (check for connection errors), access n8n if possible. + - **Step 3 (Add Ingress):** + - Add `charts/n8n/templates/ingress.yaml`. + - Parameterize hostname, path, TLS settings using `values.yaml`. + - Ensure Traefik's IngressClass is correctly referenced (as deployed by Terraform). + - Update `n8n-values.yaml` with ingress details. + - **Test:** `just deploy`, access n8n via the defined hostname (may require local `/etc/hosts` modification). + - **Step 4 (Add Persistence, ConfigMaps, Secrets, etc.):** + - Incrementally add other required Kubernetes objects (PVCs, ConfigMaps, Secrets). + - Follow the `modify -> lint -> template -> deploy -> test` cycle for each addition. + +### 6. Managing Configuration & Secrets + +- **Action:** Refine value management. +- **Explain:** How `charts/n8n/values.yaml` provides defaults and `charts/n8n-values.yaml` provides overrides for the local development environment. +- **Introduce Secrets:** Discuss strategies (e.g., manual `kubectl create secret`, Sealed Secrets, External Secrets Operator, Terraform-managed secrets) and integrate one method for sensitive values like database passwords. Update `deployment.yaml` to use `valueFrom: secretKeyRef`. + +### 7. Adding Helm Tests + +- **Action:** Create basic Helm tests. +- **Example:** Add a test pod definition in `charts/n8n/templates/tests/test-connection.yaml` that tries to connect to the n8n service. +- **Update `justfile`:** Add `test: helm test n8n --namespace n8n`. +- **Test:** Run `just test` after a successful `just deploy`. + +### 8. Integrating Dagger (Packaging/Release - Optional) + +- **Action:** Introduce Dagger for CI/CD related tasks. +- **Setup:** Create basic Dagger functions in the `dagger/` directory (e.g., using Go or Python SDK). +- **Example Functions:** + - `dagger call package --chart-dir ./charts/n8n --version `: Runs `helm dependency update` and `helm package`. + - `dagger call publish --chart-path --repo `: Pushes the chart to an OCI registry. +- **Update `justfile`:** Add recipes like `just package` and `just publish` that invoke Dagger. + +### 9. Cleanup + +- **Action:** Document cleanup steps. +- **Commands:** + - `just delete` (or `helm uninstall n8n -n n8n`) + - `terraform destroy` (to remove CloudNativePG, Traefik, and any other Terraform-managed resources) + - `k3d cluster delete mydevcluster` +- **Update `justfile`:** Add a `clean-all` recipe combining relevant uninstall/destroy commands. + +### 10. Documentation & Final Touches + +- **Action:** Review and finalize the `docs/` content. +- **Explain:** How the `justfile` ties everything together for the developer. +- **Summarize:** Reiterate the workflow benefits (fast feedback, reproducibility). + +## Known Friction Points + +- Terraform may fail to diff changes to chart, e.g. add new dependency in Chart.yaml -Study the Helm chart source code for deeper understanding. +## Suitable Use Cases -You'll see that n8n needs Nginx Ingress and Postgres. The next step is to set up these parts using `helmfile`. We keep these parts separate from the Helm chart. +This workflow fits best for teams: -After writing the `helmfile`, run `helmfile template | ag "# Source"` to see what will be deployed. +- Requiring rapid local iteration +- Using mixed (local/remote) Helm charts +- Familiar with Helm, Terraform, and Kubernetes basics -## Step 2: Populate values \ No newline at end of file +## Immediate Next Steps for Implementation diff --git a/applications/n8n/justfile b/applications/n8n/justfile new file mode 100644 index 00000000..cd82200b --- /dev/null +++ b/applications/n8n/justfile @@ -0,0 +1,11 @@ +helm-dep-update: + @echo "Updating Helm dependencies for n8n chart..." + cd charts/n8n && helm dependency update + +helm-template: + @echo "Running helm template to verify current values..." + helm template n8n ./charts/n8n -f ./charts/n8n-values.yaml --debug + +create-replicated-release version channel: + @echo "Creating replicated release..." + dagger call create-replicated-release --token=env://REPLICATED_API_TOKEN --version={{version}} --channel={{channel}} diff --git a/applications/n8n/main.tf b/applications/n8n/main.tf new file mode 100644 index 00000000..77280a76 --- /dev/null +++ b/applications/n8n/main.tf @@ -0,0 +1,111 @@ +terraform { + required_providers { + helm = { + source = "hashicorp/helm" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.25.2" + } + } + required_version = ">= 1.0.0" +} + +provider "helm" { + kubernetes { + config_path = "~/.kube/config" + } +} + +provider "kubernetes" { + config_path = "~/.kube/config" +} + +# Create n8n namespace +resource "kubernetes_namespace" "n8n" { + metadata { + name = "n8n" + } +} + +# Install CloudNativePG Operator +resource "helm_release" "cloudnativepg" { + name = "cloudnativepg" + repository = "https://cloudnative-pg.github.io/charts" + chart = "cloudnative-pg" + version = "0.23.2" + namespace = kubernetes_namespace.n8n.metadata[0].name + + # Wait for the CloudNativePG operator to be ready + wait = true +} + +# Install Traefik Ingress Controller +resource "helm_release" "traefik" { + name = "traefik" + repository = "https://traefik.github.io/charts" + chart = "traefik" + version = "35.0.0" + namespace = "traefik-system" + create_namespace = true + + # Set values for Traefik (customize as needed) + set { + name = "ingressClass.enabled" + value = "true" + } + + set { + name = "ingressClass.isDefaultClass" + value = "true" + } +} + +# Install n8n chart (local chart) +resource "helm_release" "n8n" { + name = "n8n" + chart = "${path.module}/charts/n8n" + namespace = kubernetes_namespace.n8n.metadata[0].name + dependency_update = true + + # Load values from the n8n-values.yaml file + values = [ + file("${path.module}/charts/n8n-values.yaml") + ] + + # Set the encryption key using the random_password resource + set_sensitive { + name = "main.secret.n8n.encryption_key" + value = random_password.encryption_key.result + } + + # Dependencies - wait for both remote charts to be installed first + depends_on = [ + helm_release.cloudnativepg, + helm_release.traefik + ] +} + +# Generate random passwords for n8n +resource "random_password" "encryption_key" { + length = 32 + special = false +} + +# resource "random_password" "db_password" { +# length = 16 +# special = false +# } + +# # Create a secret for PostgreSQL credentials +# resource "kubernetes_secret" "postgres_credentials" { +# metadata { +# name = "n8n-db-credentials" +# namespace = kubernetes_namespace.n8n.metadata[0].name +# } + +# data = { +# username = "n8n" +# password = random_password.db_password.result +# } +# } \ No newline at end of file diff --git a/applications/n8n/memory_bank/long_term.md b/applications/n8n/memory_bank/long_term.md deleted file mode 100644 index 0779a2de..00000000 --- a/applications/n8n/memory_bank/long_term.md +++ /dev/null @@ -1,26 +0,0 @@ -# N8N Helm Chart project - -## Project Goals -- Configure a N8N Helm chart that emphasizes incremental development and fast feedback loops -- The Helm chart has optional dependencies to external Postgres chart (cloudnative-pg/cloudnative-pg) and Traefik Ingress (traefik/traefik) - -## Techstacks -- **helmfile**: v0.171.0 for orchestrating multiple charts installation -- **just**: 1.40.0 command runner to automate repetitive tasks - -## Architecture & Folder Structure - -### Project Structure - -``` -. -├── charts # all charts here -│   ├── helmfile.yaml # helmfile -│   ├── justfile # justfile to automate tasks -│   ├── n8n # local n8n chart -│   └── values # value folders -├── docs # docs folder -│   └── workflow.md -└── memory_bank # memory bank folder - └── long_term.md -``` \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_chart_replicated_integration.md b/applications/n8n/memory_bank/wf_chart_replicated_integration.md new file mode 100644 index 00000000..141254e6 --- /dev/null +++ b/applications/n8n/memory_bank/wf_chart_replicated_integration.md @@ -0,0 +1,25 @@ +## Current tasks from user prompt +- Update the n8n Helm chart with a new dependency for Replicated SDK + +## Plan (simple) +1. Understand the current Chart.yaml structure +2. Add the Replicated SDK dependency to the dependencies section +3. Ensure the new dependency is properly formatted and follows the same pattern as existing dependencies + +## Steps +1. Examine the current Chart.yaml file to understand its structure and dependencies +2. Add the new Replicated SDK dependency with the specified repository and version +3. Ensure proper formatting and indentation is maintained +4. Verify the changes + +## Things done +- Examined the current Chart.yaml file structure +- Added the Replicated SDK dependency to the dependencies section with: + - name: replicated + - repository: oci://registry.replicated.com/library + - version: 1.5.0 + +## TODOs +- Verify if any values configuration is needed for the Replicated SDK +- Check if there are any specific conditions to add for the Replicated SDK +- Ensure compatibility between n8n chart and the Replicated SDK \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_debug_extramanifests_rendering.md b/applications/n8n/memory_bank/wf_debug_extramanifests_rendering.md deleted file mode 100644 index 0db322a2..00000000 --- a/applications/n8n/memory_bank/wf_debug_extramanifests_rendering.md +++ /dev/null @@ -1,37 +0,0 @@ -## Current tasks from user prompt -Debug why extraManifests in the n8n Helm chart are not rendering despite being defined in the values file. - -## Plan (simple) -1. Examine the extraManifests.yaml template to understand how it processes values -2. Check how the values are structured in prod.yaml -3. Verify that the values files are being properly loaded when the chart is deployed -4. Identify potential issues preventing rendering - -## Steps -1. Analyze the extraManifests.yaml template logic -2. Check the usage of .Values.extraManifests in the template -3. Investigate potential conditions where extraManifests would be skipped -4. Check the deployment process and debug commands - -## Things done -- Examined extraManifests.yaml template structure -- Checked prod.yaml for extraManifests definition -- Ran helm template command to verify the extraManifests are not being rendered -- Analyzed the values.yaml file to check default extraManifests structure -- Added debug output to see what values are being processed -- Fixed the structure/location of the extraManifests section in prod.yaml -- Successfully verified that extraManifests are now being rendered correctly - -## Solution -The issue was that although extraManifests was properly indented in prod.yaml, the values weren't being passed correctly to the chart. - -We initially thought the problem might be related to the nesting of values under the `n8n` key in prod.yaml, but by adding debug output to the extraManifests.yaml template, we discovered that `.Values.extraManifests` was being received as an empty array `[]`. - -Upon further investigation, we found that since we're using the chart directly with `./n8n` in the helmfile, not as a dependency, the Helm values are already being applied at the root level of the values file, meaning extraManifests should be at the root level of the YAML structure. - -The debug output helped us confirm this - when we left extraManifests at the root level of prod.yaml, it worked correctly. The Helm template successfully rendered the PostgreSQL Cluster resource. - -## Key Takeaways -1. When using a chart directly (not as a dependency), Helm values should be at the root level of the values file -2. Adding debug output can help diagnose Helm template rendering issues -3. The extraManifests feature is working correctly but requires proper value structure \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_helm_dependency_update.md b/applications/n8n/memory_bank/wf_helm_dependency_update.md new file mode 100644 index 00000000..c4e51c55 --- /dev/null +++ b/applications/n8n/memory_bank/wf_helm_dependency_update.md @@ -0,0 +1,25 @@ +# Helm Dependency Update for n8n Chart + +## Current tasks from user prompt +- Create a new task to run helm dependency update for the n8n chart +- Update the task to first log out from the Replicated registry before running helm dependency update + +## Plan (simple) +1. Add a new task in the justfile to run helm dependency update for the n8n chart +2. Include helm registry logout for registry.replicated.com before running the update +3. Ensure the command navigates to the correct directory where Chart.yaml is located before running the helm dependency update command + +## Steps +1. Create or update the justfile with a new task called 'helm-dep-update' +2. Add command to log out from registry.replicated.com +3. Make the task execute the helm dependency update command in the charts/n8n directory +4. Add appropriate echo commands to provide feedback during execution + +## Things done +- Created a new task 'helm-dep-update' in the justfile +- Added command to log out from registry.replicated.com first +- The task navigates to charts/n8n directory and runs 'helm dependency update' +- Added feedback messages to show when each command is running + +## TODOs +- Test the task by running 'just helm-dep-update' \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_helm_template_verification.md b/applications/n8n/memory_bank/wf_helm_template_verification.md new file mode 100644 index 00000000..31995287 --- /dev/null +++ b/applications/n8n/memory_bank/wf_helm_template_verification.md @@ -0,0 +1,25 @@ +# Workflow: Helm Template Verification + +## Current tasks from user prompt +- Add a new task to run helm template to verify current values + +## Plan (simple) +- Add a new recipe to the justfile that executes `helm template` command +- The command should use the n8n chart directory and the values file +- The output should be displayed or redirected to a file for review +- This will allow verification of the rendered Kubernetes manifests before actually deploying + +## Steps +1. Examine the current justfile structure +2. Add a new recipe called `helm-template` or similar +3. Implement the command to run helm template with appropriate parameters +4. Test the command to ensure it works properly + +## Things done +- Added a new `helm-template` recipe to the justfile that executes `helm template n8n ./charts/n8n -f ./charts/n8n-values.yaml --debug` +- The command will render all templates with the current values file without actually installing anything +- Added the `--debug` flag to provide more detailed output for better verification + +## TODOs +- Test the command by running `just helm-template` +- Consider adding an option to save output to a file for review \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_helmfile_dynamic_values.md b/applications/n8n/memory_bank/wf_helmfile_dynamic_values.md deleted file mode 100644 index 84cb4be7..00000000 --- a/applications/n8n/memory_bank/wf_helmfile_dynamic_values.md +++ /dev/null @@ -1,29 +0,0 @@ -# Helmfile Dynamic Values Integration - -## Current tasks from user prompt -- Update helmfile.yaml to include dynamic values from environment-specific YAML files -- Configure helmfile to use dev.yaml or prod.yaml based on the selected environment name - -## Plan (simple) -1. Understand the current helmfile.yaml structure -2. Examine the existing values files in the values directory -3. Modify the helmfile.yaml to dynamically load values based on environment name -4. Test the changes by applying them to the helmfile.yaml - -## Steps -1. Read the current helmfile.yaml to understand configuration -2. Check values/dev.yaml and values/prod.yaml to understand what values need to be included -3. Update the n8n release in helmfile.yaml to include a values section that uses `{{ .Environment.Name }}` to dynamically select the right values file -4. Verify the modifications work correctly - -## Things done -- Read and analyzed the current helmfile.yaml structure -- Examined the values files in the values directory -- Successfully updated the n8n release in helmfile.yaml to include: `values: [values/{{ .Environment.Name }}.yaml]` -- Verified that the changes were properly applied to the helmfile.yaml file - -## TODOs -- Test the configuration by running helmfile with different environments: - - `helmfile -e dev apply` to test with dev values - - `helmfile -e prod apply` to test with prod values -- Consider adding additional configuration if needed for specific use cases \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_n8n_terraform_chart_deployment.md b/applications/n8n/memory_bank/wf_n8n_terraform_chart_deployment.md new file mode 100644 index 00000000..5c36649d --- /dev/null +++ b/applications/n8n/memory_bank/wf_n8n_terraform_chart_deployment.md @@ -0,0 +1,50 @@ +## Current tasks from user prompt +- Create a Terraform main.tf file that installs remote charts (cloudnativepg, traefik) and local n8n chart +- Ensure n8n chart depends on other charts +- Ensure cloudnativepg is in the same namespace as n8n chart +- Update n8n configuration to load values from n8n-values.yaml file +- Set n8n encryption_key using Terraform random_password resource + +## Plan (simple) +1. Explore the local n8n chart structure to understand its configuration +2. Create a Terraform configuration that: + - Sets up required providers and versions + - Creates a namespace for n8n + - Installs CloudNativePG in the n8n namespace + - Installs Traefik in its own namespace + - Installs the local n8n chart with proper dependencies + - Configures a PostgreSQL database for n8n using CloudNativePG +3. Update the n8n configuration to load values from n8n-values.yaml file +4. Set the n8n encryption_key using the Terraform random_password resource + +## Steps +1. Analyze the structure of the local n8n chart to understand its dependencies and configuration options +2. Create main.tf with terraform configuration blocks and required providers +3. Set up namespace resource for n8n +4. Add helm_release resource for CloudNativePG chart in the n8n namespace +5. Add helm_release resource for Traefik chart +6. Add helm_release resource for local n8n chart with proper dependencies +7. Configure PostgreSQL cluster using CloudNativePG operator +8. Set up secrets and random passwords for secure configuration +9. Update n8n helm_release to load values from n8n-values.yaml file instead of inline values +10. Add set_sensitive block to set the encryption_key using the random_password resource + +## Things done +- Examined the n8n chart structure to understand its configuration +- Created main.tf file with: + - Required providers configuration (helm, kubernetes) + - Namespace creation for n8n + - CloudNativePG chart installation in n8n namespace + - Traefik chart installation in separate namespace + - Local n8n chart installation with dependencies on other charts + - PostgreSQL cluster configuration using CloudNativePG + - Random password generation for secure configuration + - Database credentials secret +- Updated the n8n helm_release to load values from the n8n-values.yaml file instead of using inline values +- Added set_sensitive block to set the encryption_key using the random_password resource + +## TODOs +- Verify the configuration against specific cluster requirements +- Consider adding HorizontalPodAutoscaler for production environments +- Add backup configuration for the PostgreSQL database +- Configure persistent storage for n8n if needed beyond default settings \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_replicated_release_automation.md b/applications/n8n/memory_bank/wf_replicated_release_automation.md new file mode 100644 index 00000000..a9bf71e3 --- /dev/null +++ b/applications/n8n/memory_bank/wf_replicated_release_automation.md @@ -0,0 +1,24 @@ +# Replicated Release Automation + +## Current tasks from user prompt +- Add a task to the justfile to call dagger for creating a replicated release + +## Plan (simple) +Create a new task in the justfile that allows users to create a replicated release with Dagger using specified version and channel parameters. The task will leverage environment variables for sensitive information (API token). + +## Steps +1. Read the existing justfile to understand current structure +2. Add a new task called `create-replicated-release` that accepts version and channel parameters +3. Make sure the task uses environment variables for sensitive tokens +4. Test the implementation + +## Things done +- Added `create-replicated-release` task to the justfile that: + - Takes version and channel as parameters + - Uses environment variable for REPLICATED_API_TOKEN + - Calls dagger with appropriate parameters + +## TODOs +- Verify the implementation works as expected +- Consider adding documentation about this task in the workflow documentation +- Consider adding input validation or help text for parameter usage \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_repository_structure_update.md b/applications/n8n/memory_bank/wf_repository_structure_update.md new file mode 100644 index 00000000..85238c3d --- /dev/null +++ b/applications/n8n/memory_bank/wf_repository_structure_update.md @@ -0,0 +1,30 @@ +# Repository Structure Update Workflow + +## Current tasks from user prompt +- Update project repository structure documentation to reflect current content + +## Plan (simple) +1. Examine the current repository structure by listing directories and files +2. Compare the actual structure with what's described in workflow.md +3. Update the workflow.md file with the accurate project structure +4. Validate the updated documentation matches the actual structure + +## Steps +1. List contents of root directory +2. List contents of applications/n8n directory +3. Check each relevant subdirectory to understand the full structure +4. Update the project repository structure section in workflow.md +5. Ensure the documentation is accurate and complete + +## Things done +- Listed root directory contents +- Listed applications/n8n directory contents +- Listed applications/n8n/memory_bank contents +- Listed applications/n8n/charts contents +- Checked n8n chart structure and templates +- Examined dagger directory structure +- Updated Project Repository Structure section in workflow.md to reflect current content +- Added more detailed documentation of template files and directory structure + +## TODOs +- None - task completed \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_terraform_helm_dependency_fix.md b/applications/n8n/memory_bank/wf_terraform_helm_dependency_fix.md new file mode 100644 index 00000000..ca5fcaf0 --- /dev/null +++ b/applications/n8n/memory_bank/wf_terraform_helm_dependency_fix.md @@ -0,0 +1,24 @@ +## Current tasks from user prompt +- Fix Terraform failing to detect changes to the Helm chart dependencies (replicated) +- Make sure Terraform runs helm upgrade with the new changes + +## Plan (simple) +1. Understand why Terraform is not detecting the changes to Chart.yaml +2. Find a solution to make Terraform aware of the new dependency +3. Apply the changes to ensure Terraform performs helm upgrade correctly + +## Steps +1. Check the current Terraform configuration for the Helm release +2. Look for any mechanisms to update dependencies before applying +3. Identify if we need to add a lifecycle or trigger mechanism to detect changes +4. Implement the solution + +## Things done +- Identified that the Helm chart has a new dependency "replicated" added to Chart.yaml +- Found a justfile command `helm-dep-update` that updates Helm dependencies for the n8n chart +- Added a local-exec provisioner to the Terraform helm_release resource to run helm dependency update before applying +- Added recreate_pods = timestamp() to force Terraform to redeploy when Chart.yaml changes, making it recognize the changes to dependencies + +## TODOs +- Run `terraform apply` to test if the solution works +- Verify that the Helm chart is deployed with the replicated dependency \ No newline at end of file diff --git a/applications/n8n/replicated/kots-application.yaml b/applications/n8n/replicated/kots-application.yaml new file mode 100644 index 00000000..6cb09796 --- /dev/null +++ b/applications/n8n/replicated/kots-application.yaml @@ -0,0 +1,18 @@ +apiVersion: kots.io/v1beta1 +kind: Application +metadata: + name: n8n +spec: + title: n8n + icon: https://www.shareicon.net/data/256x256/2016/07/26/802134_workflow_512x512.png + allowRollback: true + additionalNamespaces: + - "traefik-system" + - "n8n" + - "*" + ports: + - serviceName: n8n/n8n + servicePort: 5678 + applicationUrl: "http://n8n" + statusInformers: + - n8n/deployment/n8n \ No newline at end of file diff --git a/applications/n8n/replicated/kots-chart.yaml b/applications/n8n/replicated/kots-chart.yaml new file mode 100644 index 00000000..459e1b52 --- /dev/null +++ b/applications/n8n/replicated/kots-chart.yaml @@ -0,0 +1,11 @@ +apiVersion: kots.io/v1beta2 +kind: HelmChart +metadata: + name: n8n +spec: + chart: + name: n8n + chartVersion: 0.0.1 + helmUpgradeFlags: + - --debug + values: \ No newline at end of file diff --git a/applications/n8n/replicated/kots-config.yaml b/applications/n8n/replicated/kots-config.yaml new file mode 100644 index 00000000..f64d8a17 --- /dev/null +++ b/applications/n8n/replicated/kots-config.yaml @@ -0,0 +1,4 @@ +apiVersion: kots.io/v1beta1 +kind: Config +metadata: + name: n8n \ No newline at end of file diff --git a/applications/n8n/replicated/kots-ec.yaml b/applications/n8n/replicated/kots-ec.yaml new file mode 100644 index 00000000..264d9035 --- /dev/null +++ b/applications/n8n/replicated/kots-ec.yaml @@ -0,0 +1,20 @@ +apiVersion: embeddedcluster.replicated.com/v1beta1 +kind: Config +spec: + version: 2.3.1+k8s-1.30 + roles: + controller: + name: management + labels: + management: "true" + custom: + - name: app + labels: + app: "true" + unsupportedOverrides: + k0s: | + config: + spec: + api: + extraArgs: + service-node-port-range: 80-32767 \ No newline at end of file From 74c6e4b9693c7002cbf1ea3c82e99c95524e99c0 Mon Sep 17 00:00:00 2001 From: Gerard Nguyen Date: Thu, 10 Apr 2025 23:49:12 +1000 Subject: [PATCH 04/10] wip --- .cursor/rules/workflow-rule.mdc | 19 +++++++ .gitignore | 11 ++++ applications/n8n/.terraform.lock.hcl | 19 ------- applications/n8n/charts/n8n-values.yaml | 5 +- applications/n8n/justfile | 56 +++++++++++++++++++ applications/n8n/main.tf | 24 +++----- .../memory_bank/wf_terraform_output_task.md | 23 ++++++++ .../wf_update_replicated_values.md | 40 +++++++++++++ 8 files changed, 157 insertions(+), 40 deletions(-) create mode 100644 .cursor/rules/workflow-rule.mdc create mode 100644 applications/n8n/memory_bank/wf_terraform_output_task.md create mode 100644 applications/n8n/memory_bank/wf_update_replicated_values.md diff --git a/.cursor/rules/workflow-rule.mdc b/.cursor/rules/workflow-rule.mdc new file mode 100644 index 00000000..673148c6 --- /dev/null +++ b/.cursor/rules/workflow-rule.mdc @@ -0,0 +1,19 @@ +--- +description: +globs: +alwaysApply: true +--- +- When user starts a new conversation: + 1. Say "Hi Gerard!" every time you response. + 2. Read [workflow.md](mdc:applications/n8n/docs/workflow.md) file to get the context of the project. + 2. Generate a workflow name (under 10 words, snake case). + 3. Then, create file `applications/n8n/memory_bank/wf_{workflow_name}.md`. The content must have the following sections: + - Current tasks from user prompt. + - Plan (simple): your plan & thoughts to solve task(s). + - Steps: break your plan into small steps. + - Things done + - TODOs +- In a cycle of current conversation: + 1. Read current `applications/n8n/memory_bank/wf_{workflow_name}.md` file. Don't be lazy, don't omit any content. + 2. Update plan and steps if needed, based on the current state. + 3. After you finish a task, update `Things done` and `TODOs` to track your work. \ No newline at end of file diff --git a/.gitignore b/.gitignore index fb04f535..4ee9d97c 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,14 @@ Thumbs.db *.pyo *.pyd __pycache__/ + +# Terraform +*.tfvars +*.terraform +*.tfplan +*.tfstate +*.tfstate.backup +*.tfvars.json +*.tfvars.json.lock + +.env \ No newline at end of file diff --git a/applications/n8n/.terraform.lock.hcl b/applications/n8n/.terraform.lock.hcl index ff11fa55..fbd5e99b 100644 --- a/applications/n8n/.terraform.lock.hcl +++ b/applications/n8n/.terraform.lock.hcl @@ -40,25 +40,6 @@ provider "registry.terraform.io/hashicorp/kubernetes" { ] } -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.3" - hashes = [ - "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=", - "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", - "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", - "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", - "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", - "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", - "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", - "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", - "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", - "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", - "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", - ] -} - provider "registry.terraform.io/hashicorp/random" { version = "3.7.1" hashes = [ diff --git a/applications/n8n/charts/n8n-values.yaml b/applications/n8n/charts/n8n-values.yaml index f131048e..1e143f0d 100644 --- a/applications/n8n/charts/n8n-values.yaml +++ b/applications/n8n/charts/n8n-values.yaml @@ -6,7 +6,7 @@ main: postgresdb: host: db-rw user: n8n -# password: password is read from cnpg db-app secretKeyRef + # password: password is read from cnpg db-app secretKeyRef pool: size: 10 ssl: @@ -29,7 +29,6 @@ main: - name: db-ca-cert mountPath: /home/ssl/certs/postgresql readOnly: true - extraVolumes: - name: db-ca-cert secret: @@ -42,10 +41,8 @@ main: memory: 2048Mi requests: memory: 512Mi - ingress: enabled: false - # cnpg DB cluster request extraManifests: - apiVersion: postgresql.cnpg.io/v1 diff --git a/applications/n8n/justfile b/applications/n8n/justfile index cd82200b..20fabd89 100644 --- a/applications/n8n/justfile +++ b/applications/n8n/justfile @@ -1,3 +1,34 @@ +set dotenv-load + +customer_name := "dev-customer" +channel_name := "workflow-experiment" + +setup: + @echo "Create DEV customer..." + replicated customer create --name {{customer_name}} --channel {{channel_name}} + @echo "CUSTOMER_ID=$(replicated customer inspect --customer {{customer_name}} --output json | jq -r '.id')" >> .env + @echo "LICENSE_ID=$(replicated customer inspect --customer {{customer_name}} --output json | jq -r '.installationId')" >> .env + + @echo "Setting up Terraform..." + terraform init + +install: + @echo "Add DEV customer to n8n-values.yaml..." + @echo "Installing all charts..." + terraform apply --auto-approve + +destroy: + @echo "Destroying Terraform..." + terraform destroy --auto-approve + @echo "Remove global/replicated block from n8n-values.yaml if any..." + yq -i 'del(.global)' ./charts/n8n-values.yaml + yq -i 'del(.replicated)' ./charts/n8n-values.yaml + @echo "Delete DEV customer..." + replicated customer archive "$CUSTOMER_ID" + @echo "Remove env CUSTOMER_ID and LICENSE_ID..." + gsed -i '/^CUSTOMER_ID=/d' .env || true + gsed -i '/^LICENSE_ID=/d' .env || true + helm-dep-update: @echo "Updating Helm dependencies for n8n chart..." cd charts/n8n && helm dependency update @@ -6,6 +37,31 @@ helm-template: @echo "Running helm template to verify current values..." helm template n8n ./charts/n8n -f ./charts/n8n-values.yaml --debug +helm-lint: + @echo "Running helm lint to verify current values..." + helm lint ./charts/n8n -f ./charts/n8n-values.yaml --debug + +helm-diff: + @echo "Running helm diff to verify current values..." + helm diff upgrade n8n -n n8n ./charts/n8n -f ./charts/n8n-values.yaml --debug + +get-manifests: + @echo "Getting manifests for n8n chart..." + terraform output n8n_template | jq -r '. | fromjson' | yq -P + create-replicated-release version channel: @echo "Creating replicated release..." dagger call create-replicated-release --token=env://REPLICATED_API_TOKEN --version={{version}} --channel={{channel}} + +show-replicated-values: + @echo "Logging into replicated registry with license ID..." + helm registry login registry.replicated.com --username $LICENSE_ID --password $LICENSE_ID + @echo "Showing values from replicated Helm chart..." + helm show values oci://registry.replicated.com/library/replicated --version 1.5.0 | yq + @echo "Logging out from replicated registry..." + helm registry logout registry.replicated.com + +set-replicated-values: + @echo "Setting replicated values in n8n-values.yaml..." + yq eval -i '.replicated.integration.licenseID = env(LICENSE_ID)' ./charts/n8n-values.yaml + yq eval -i '.replicated.integration.enabled = true' ./charts/n8n-values.yaml diff --git a/applications/n8n/main.tf b/applications/n8n/main.tf index 77280a76..c9a95a18 100644 --- a/applications/n8n/main.tf +++ b/applications/n8n/main.tf @@ -12,6 +12,9 @@ terraform { } provider "helm" { + experiments { + manifest = true + } kubernetes { config_path = "~/.kube/config" } @@ -92,20 +95,7 @@ resource "random_password" "encryption_key" { special = false } -# resource "random_password" "db_password" { -# length = 16 -# special = false -# } - -# # Create a secret for PostgreSQL credentials -# resource "kubernetes_secret" "postgres_credentials" { -# metadata { -# name = "n8n-db-credentials" -# namespace = kubernetes_namespace.n8n.metadata[0].name -# } - -# data = { -# username = "n8n" -# password = random_password.db_password.result -# } -# } \ No newline at end of file +output "n8n_template" { + sensitive = true + value = helm_release.n8n.manifest +} diff --git a/applications/n8n/memory_bank/wf_terraform_output_task.md b/applications/n8n/memory_bank/wf_terraform_output_task.md new file mode 100644 index 00000000..bd614740 --- /dev/null +++ b/applications/n8n/memory_bank/wf_terraform_output_task.md @@ -0,0 +1,23 @@ +# Terraform Output Task Workflow + +## Current tasks from user prompt +- Add a new task to do a terraform output in the justfile + +## Plan (simple) +1. Understand the current justfile structure +2. Add a new task called terraform-output to run the terraform output command +3. Ensure it follows the same pattern as other existing terraform-related tasks + +## Steps +1. Read the current justfile to understand its structure +2. Identify the appropriate location to add the new terraform-output task +3. Add the new task to the justfile +4. Test to ensure it works as expected (if needed) + +## Things done +- Read the current justfile and understood its structure +- Added the terraform-output task after the set-replicated-values task +- The task includes an echo statement and the terraform output command + +## TODOs +- None - task completed \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_update_replicated_values.md b/applications/n8n/memory_bank/wf_update_replicated_values.md new file mode 100644 index 00000000..09649ed8 --- /dev/null +++ b/applications/n8n/memory_bank/wf_update_replicated_values.md @@ -0,0 +1,40 @@ +# Current tasks from user prompt +- Update the justfile with a new task `update-replicated-values` that accepts `customer_name` and `channel_name` parameters +- The task should: + 1. Create a replicated customer with the given name and channel + 2. Extract the license ID + 3. Login to the replicated registry with the license ID + 4. Show values from the replicated Helm chart + 5. Extract the global block and append to n8n-values.yaml + 6. Logout from the replicated registry +- Update the justfile task to append the entire global block, not just the content under global + +# Plan (simple) +1. Read the existing justfile to understand the format and pattern +2. Create a new task called update-replicated-values with the required parameters +3. Implement the commands as specified in the user's request +4. Ensure proper formatting and consistent style with the existing justfile +5. Update the yq command to preserve the global structure when appending to n8n-values.yaml + +# Steps +1. Read the existing justfile +2. Create a new task update-replicated-values with customer_name and channel_name parameters +3. Implement the command sequence with proper echo statements for feedback +4. Add the new task to the justfile +5. Update the yq command to use '{global: .global}' pattern instead of just '.global' + +# Things done +- Read the existing justfile +- Reviewed the workflow documentation to understand context +- Created the new update-replicated-values task in the justfile with all required functionality: + - Creating a replicated customer with name and channel + - Extracting the license ID using grep and awk + - Logging into the replicated registry + - Showing values from the replicated Helm chart + - Extracting the global block and appending to n8n-values.yaml + - Logging out from the replicated registry +- Updated the yq command to preserve the global structure when appending to n8n-values.yaml + - Changed from `yq '.global'` to `yq '{global: .global}'` + +# TODOs +- None - all tasks completed \ No newline at end of file From d555836fbb5a82462236885d58f17ea3801dc636 Mon Sep 17 00:00:00 2001 From: Gerard Nguyen Date: Thu, 10 Apr 2025 23:51:44 +1000 Subject: [PATCH 05/10] update workflow --- applications/n8n/docs/workflow.md | 153 ++++++++++-------------------- 1 file changed, 49 insertions(+), 104 deletions(-) diff --git a/applications/n8n/docs/workflow.md b/applications/n8n/docs/workflow.md index 915c1da7..e1c7926a 100644 --- a/applications/n8n/docs/workflow.md +++ b/applications/n8n/docs/workflow.md @@ -55,107 +55,52 @@ Provide engineers with a clear, reproducible workflow for iterative Helm chart d ## Workflow Steps -### 1. Local Cluster Setup - -- **Action:** Create a local Kubernetes cluster using k3d. -- **Command Example:** `k3d cluster create mydevcluster --port 8080:80@loadbalancer --port 8443:443@loadbalancer` -- **Verification:** Confirm cluster access with `kubectl cluster-info`. - -### 2. Initialize Dependencies (Terraform) - -- **Action:** Define `helm_release` resources in `main.tf` for CloudNativePG and Traefik. -- **Configuration:** Specify chart repositories, versions, and necessary values within the Terraform HCL. Reference external values files if preferred (e.g., `values/traefik-values.yaml`, `values/cnpg-values.yaml`). -- **Command:** `terraform init && terraform apply` -- **Verification:** Check for running pods/services for Postgres and Traefik using `kubectl get pods,svc -A`. Ensure Terraform state reflects the deployed releases. - -### 3. Create Initial Local Chart (`n8n`) - -- **Action:** Use Helm CLI to scaffold the `n8n` chart. -- **Command:** `helm create charts/n8n` -- **Cleanup:** Remove default template files not immediately needed (e.g., `hpa.yaml`, `ingress.yaml`, `serviceaccount.yaml`, test files). Keep `_helpers.tpl`, `deployment.yaml`, `service.yaml`, `NOTES.txt`. -- **Initial Values:** Review and potentially simplify the initial `charts/n8n/values.yaml`. - -### 4. Configure `justfile` for Core Workflow - -- **Action:** Define initial recipes in `justfile`. -- **Recipes:** - - `lint`: Run `helm lint ./charts/n8n -f ./charts/n8n-values.yaml`. - - `template`: Run `helm template n8n ./charts/n8n -f ./charts/n8n-values.yaml > rendered-n8n.yaml`. - - `deploy`: Run `helm upgrade --install n8n ./charts/n8n -f ./charts/n8n-values.yaml --create-namespace --namespace n8n`. - - `delete`: Run `helm uninstall n8n --namespace n8n`. - - `logs`: Run `kubectl logs -f -l app.kubernetes.io/name=n8n -n n8n --tail=50`. - -### 5. Iterative Development Cycle - -- **Action:** Develop the `n8n` chart incrementally. - - **Step 1 (Basic Deployment):** - - Modify `charts/n8n/templates/deployment.yaml` for the n8n image and basic configuration. - - Modify `charts/n8n/templates/service.yaml` to expose the n8n port. - - Update `charts/n8n/values.yaml` and `charts/n8n-values.yaml` with necessary image details, ports, etc. - - **Test:** `just lint`, `just template` (review output), `just deploy`, `just logs`, check service (`kubectl get svc -n n8n`). - - **Step 2 (Add Database Connection):** - - Update `deployment.yaml` to include environment variables for database connection (host, user, password, db name). - - Source these values from `values.yaml` (potentially using secrets later). - - Reference the Postgres service created by CloudNativePG (check its service name/namespace, usually managed via Terraform outputs or known conventions). - - Update `n8n-values.yaml` with actual DB connection details. - - **Test:** `just deploy`, `just logs` (check for connection errors), access n8n if possible. - - **Step 3 (Add Ingress):** - - Add `charts/n8n/templates/ingress.yaml`. - - Parameterize hostname, path, TLS settings using `values.yaml`. - - Ensure Traefik's IngressClass is correctly referenced (as deployed by Terraform). - - Update `n8n-values.yaml` with ingress details. - - **Test:** `just deploy`, access n8n via the defined hostname (may require local `/etc/hosts` modification). - - **Step 4 (Add Persistence, ConfigMaps, Secrets, etc.):** - - Incrementally add other required Kubernetes objects (PVCs, ConfigMaps, Secrets). - - Follow the `modify -> lint -> template -> deploy -> test` cycle for each addition. - -### 6. Managing Configuration & Secrets - -- **Action:** Refine value management. -- **Explain:** How `charts/n8n/values.yaml` provides defaults and `charts/n8n-values.yaml` provides overrides for the local development environment. -- **Introduce Secrets:** Discuss strategies (e.g., manual `kubectl create secret`, Sealed Secrets, External Secrets Operator, Terraform-managed secrets) and integrate one method for sensitive values like database passwords. Update `deployment.yaml` to use `valueFrom: secretKeyRef`. - -### 7. Adding Helm Tests - -- **Action:** Create basic Helm tests. -- **Example:** Add a test pod definition in `charts/n8n/templates/tests/test-connection.yaml` that tries to connect to the n8n service. -- **Update `justfile`:** Add `test: helm test n8n --namespace n8n`. -- **Test:** Run `just test` after a successful `just deploy`. - -### 8. Integrating Dagger (Packaging/Release - Optional) - -- **Action:** Introduce Dagger for CI/CD related tasks. -- **Setup:** Create basic Dagger functions in the `dagger/` directory (e.g., using Go or Python SDK). -- **Example Functions:** - - `dagger call package --chart-dir ./charts/n8n --version `: Runs `helm dependency update` and `helm package`. - - `dagger call publish --chart-path --repo `: Pushes the chart to an OCI registry. -- **Update `justfile`:** Add recipes like `just package` and `just publish` that invoke Dagger. - -### 9. Cleanup - -- **Action:** Document cleanup steps. -- **Commands:** - - `just delete` (or `helm uninstall n8n -n n8n`) - - `terraform destroy` (to remove CloudNativePG, Traefik, and any other Terraform-managed resources) - - `k3d cluster delete mydevcluster` -- **Update `justfile`:** Add a `clean-all` recipe combining relevant uninstall/destroy commands. - -### 10. Documentation & Final Touches - -- **Action:** Review and finalize the `docs/` content. -- **Explain:** How the `justfile` ties everything together for the developer. -- **Summarize:** Reiterate the workflow benefits (fast feedback, reproducibility). - -## Known Friction Points - -- Terraform may fail to diff changes to chart, e.g. add new dependency in Chart.yaml - -## Suitable Use Cases - -This workflow fits best for teams: - -- Requiring rapid local iteration -- Using mixed (local/remote) Helm charts -- Familiar with Helm, Terraform, and Kubernetes basics - -## Immediate Next Steps for Implementation +``` +just setup +just install +just destroy +``` + +## Evaluation + +**What Worked Well:** + +* **Consistency/Reproducibility:** Strongest point via Dagger + Terraform. +* **Simple Interface:** `just` provides a low-friction CLI. +* **Automation:** Reduces repetitive commands. +* **Separation of Concerns:** Clear roles for Terraform, Dagger, `just`. +* **Pipeline as Code:** Version-controlled dev/test/deploy logic via Dagger. + +**Friction Points:** + +* **Learning Curve:** Terraform and Dagger concepts require learning investment. +* **Initial Setup:** Installation effort for tools. +* **Dagger Complexity:** Can become complex for intricate pipelines; debugging challenges. +* **Cold Starts:** Initial runs take longer (image pulls, provisioning). +* **Terraform `helm_release` Template Change Detection:** Terraform's `helm_release` may not detect *template-only* changes in local charts without a version bump or value change, potentially requiring manual intervention or preferring the Dagger/`helm upgrade` approach for rapid template iteration. +* **State Management:** Handling `kubeconfig` between Terraform/Dagger; Helm state lives outside Terraform unless `helm_release` is used. + +**Not Yet Implemented/Tested (Examples):** + +* Complex CI/CD integration details. +* Handling inter-chart dependencies locally. +* Advanced validation suites. +* Secure secret management locally. + +## Suitability + +**This approach is well-suited for:** + +* Teams already comfortable with IaC (Terraform) and containerization (Docker). +* Projects where consistency between local development and CI/CD is highly valued. +* Developing complex Helm charts where robust linting, testing, and validation are crucial. +* Teams looking to standardize development workflows across multiple developers or projects. +* Situations where developers need isolated, ephemeral Kubernetes environments frequently. +* Teams wanting to bundle Kubernetes cluster creation and application (Helm chart) installation into a single, automated setup process. This workflow supports this directly using Terraform (managing both cluster resources and `helm_release` resources) or via orchestration through `justfile` (e.g., `just setup` runs Terraform for the cluster, followed by `just deploy` running Dagger for the chart). +* **Is particularly effective for iterating on Helm chart configurations (`values.yaml`)** due to the ease of creating clean environments and reliably testing different value sets. + +**It might be overkill for:** + +* Very simple Helm charts with minimal testing needs. +* Teams unfamiliar or unwilling to adopt Terraform and/or Dagger. +* Projects where developers prefer direct, manual `helm` and `kubectl` interaction without abstraction layers. From bfdd9599f56a54805b065154a84a9ec2e15b09eb Mon Sep 17 00:00:00 2001 From: Gerard Nguyen Date: Fri, 11 Apr 2025 00:00:31 +1000 Subject: [PATCH 06/10] remove cursor rule --- .cursor/rules/workflow-rule.mdc | 19 ------------------- .gitignore | 6 +++++- 2 files changed, 5 insertions(+), 20 deletions(-) delete mode 100644 .cursor/rules/workflow-rule.mdc diff --git a/.cursor/rules/workflow-rule.mdc b/.cursor/rules/workflow-rule.mdc deleted file mode 100644 index 673148c6..00000000 --- a/.cursor/rules/workflow-rule.mdc +++ /dev/null @@ -1,19 +0,0 @@ ---- -description: -globs: -alwaysApply: true ---- -- When user starts a new conversation: - 1. Say "Hi Gerard!" every time you response. - 2. Read [workflow.md](mdc:applications/n8n/docs/workflow.md) file to get the context of the project. - 2. Generate a workflow name (under 10 words, snake case). - 3. Then, create file `applications/n8n/memory_bank/wf_{workflow_name}.md`. The content must have the following sections: - - Current tasks from user prompt. - - Plan (simple): your plan & thoughts to solve task(s). - - Steps: break your plan into small steps. - - Things done - - TODOs -- In a cycle of current conversation: - 1. Read current `applications/n8n/memory_bank/wf_{workflow_name}.md` file. Don't be lazy, don't omit any content. - 2. Update plan and steps if needed, based on the current state. - 3. After you finish a task, update `Things done` and `TODOs` to track your work. \ No newline at end of file diff --git a/.gitignore b/.gitignore index 4ee9d97c..6714b876 100644 --- a/.gitignore +++ b/.gitignore @@ -40,4 +40,8 @@ __pycache__/ *.tfvars.json *.tfvars.json.lock -.env \ No newline at end of file +# Misc +.env + +# Cursor +.cursor/ \ No newline at end of file From 21696c1913bc3cb23270bc609ad9d6bf05c56fef Mon Sep 17 00:00:00 2001 From: Gerard Nguyen Date: Wed, 16 Apr 2025 08:11:18 +1000 Subject: [PATCH 07/10] remove extracted valkey subchart --- .../n8n/charts/n8n/charts/valkey/.helmignore | 25 - .../n8n/charts/n8n/charts/valkey/Chart.lock | 6 - .../n8n/charts/n8n/charts/valkey/Chart.yaml | 39 - .../n8n/charts/n8n/charts/valkey/README.md | 1083 --------- .../charts/valkey/charts/common/.helmignore | 26 - .../charts/valkey/charts/common/Chart.yaml | 23 - .../n8n/charts/valkey/charts/common/README.md | 235 -- .../charts/common/templates/_affinities.tpl | 155 -- .../charts/common/templates/_capabilities.tpl | 253 -- .../common/templates/_compatibility.tpl | 46 - .../charts/common/templates/_errors.tpl | 85 - .../charts/common/templates/_images.tpl | 115 - .../charts/common/templates/_ingress.tpl | 73 - .../charts/common/templates/_labels.tpl | 46 - .../valkey/charts/common/templates/_names.tpl | 71 - .../charts/common/templates/_resources.tpl | 50 - .../charts/common/templates/_secrets.tpl | 192 -- .../charts/common/templates/_storage.tpl | 21 - .../charts/common/templates/_tplvalues.tpl | 52 - .../valkey/charts/common/templates/_utils.tpl | 77 - .../charts/common/templates/_warnings.tpl | 109 - .../templates/validations/_cassandra.tpl | 51 - .../common/templates/validations/_mariadb.tpl | 108 - .../common/templates/validations/_mongodb.tpl | 67 - .../common/templates/validations/_mysql.tpl | 67 - .../templates/validations/_postgresql.tpl | 105 - .../common/templates/validations/_redis.tpl | 48 - .../templates/validations/_validations.tpl | 51 - .../charts/valkey/charts/common/values.yaml | 8 - .../n8n/charts/valkey/templates/NOTES.txt | 214 -- .../n8n/charts/valkey/templates/_helpers.tpl | 298 --- .../charts/valkey/templates/configmap.yaml | 65 - .../charts/valkey/templates/extra-list.yaml | 9 - .../charts/valkey/templates/headless-svc.yaml | 36 - .../valkey/templates/health-configmap.yaml | 194 -- .../charts/valkey/templates/metrics-svc.yaml | 45 - .../valkey/templates/networkpolicy.yaml | 109 - .../charts/valkey/templates/podmonitor.yaml | 82 - .../valkey/templates/primary/application.yaml | 520 ---- .../charts/valkey/templates/primary/pdb.yaml | 28 - .../charts/valkey/templates/primary/psp.yaml | 48 - .../charts/valkey/templates/primary/pvc.yaml | 34 - .../valkey/templates/primary/service.yaml | 63 - .../templates/primary/serviceaccount.yaml | 19 - .../valkey/templates/prometheusrule.yaml | 24 - .../templates/replicas/application.yaml | 535 ----- .../charts/valkey/templates/replicas/hpa.yaml | 50 - .../charts/valkey/templates/replicas/pdb.yaml | 28 - .../valkey/templates/replicas/service.yaml | 60 - .../templates/replicas/serviceaccount.yaml | 19 - .../charts/valkey/templates/replicas/vpa.yaml | 45 - .../n8n/charts/valkey/templates/role.yaml | 35 - .../charts/valkey/templates/rolebinding.yaml | 24 - .../valkey/templates/scripts-configmap.yaml | 792 ------ .../valkey/templates/secret-svcbind.yaml | 38 - .../n8n/charts/valkey/templates/secret.yaml | 26 - .../charts/valkey/templates/sentinel/hpa.yaml | 50 - .../templates/sentinel/node-services.yaml | 68 - .../charts/valkey/templates/sentinel/pdb.yaml | 27 - .../templates/sentinel/ports-configmap.yaml | 103 - .../valkey/templates/sentinel/service.yaml | 162 -- .../templates/sentinel/statefulset.yaml | 807 ------- .../charts/valkey/templates/sentinel/vpa.yaml | 58 - .../valkey/templates/serviceaccount.yaml | 19 - .../valkey/templates/servicemonitor.yaml | 83 - .../charts/valkey/templates/tls-secret.yaml | 32 - .../n8n/charts/valkey/values.schema.json | 163 -- .../n8n/charts/n8n/charts/valkey/values.yaml | 2137 ----------------- 68 files changed, 10436 deletions(-) delete mode 100644 applications/n8n/charts/n8n/charts/valkey/.helmignore delete mode 100644 applications/n8n/charts/n8n/charts/valkey/Chart.lock delete mode 100644 applications/n8n/charts/n8n/charts/valkey/Chart.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/README.md delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/.helmignore delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/Chart.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/README.md delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_affinities.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_capabilities.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_compatibility.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_errors.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_images.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_ingress.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_labels.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_names.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_resources.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_secrets.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_storage.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_tplvalues.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_utils.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_warnings.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_cassandra.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mariadb.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mongodb.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mysql.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_postgresql.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_redis.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_validations.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/charts/common/values.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/NOTES.txt delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/_helpers.tpl delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/configmap.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/extra-list.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/headless-svc.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/health-configmap.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/metrics-svc.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/networkpolicy.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/podmonitor.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/primary/application.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/primary/pdb.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/primary/psp.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/primary/pvc.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/primary/service.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/primary/serviceaccount.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/prometheusrule.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/replicas/application.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/replicas/hpa.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/replicas/pdb.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/replicas/service.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/replicas/serviceaccount.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/replicas/vpa.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/role.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/rolebinding.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/scripts-configmap.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/secret-svcbind.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/secret.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/sentinel/hpa.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/sentinel/node-services.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/sentinel/pdb.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/sentinel/ports-configmap.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/sentinel/service.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/sentinel/statefulset.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/sentinel/vpa.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/serviceaccount.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/servicemonitor.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/templates/tls-secret.yaml delete mode 100644 applications/n8n/charts/n8n/charts/valkey/values.schema.json delete mode 100644 applications/n8n/charts/n8n/charts/valkey/values.yaml diff --git a/applications/n8n/charts/n8n/charts/valkey/.helmignore b/applications/n8n/charts/n8n/charts/valkey/.helmignore deleted file mode 100644 index 207983f3..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# img folder -img/ -# Changelog -CHANGELOG.md diff --git a/applications/n8n/charts/n8n/charts/valkey/Chart.lock b/applications/n8n/charts/n8n/charts/valkey/Chart.lock deleted file mode 100644 index fe3c55d8..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: oci://registry-1.docker.io/bitnamicharts - version: 2.30.0 -digest: sha256:46afdf79eae69065904d430f03f7e5b79a148afed20aa45ee83ba88adc036169 -generated: "2025-02-20T08:10:35.25400622Z" diff --git a/applications/n8n/charts/n8n/charts/valkey/Chart.yaml b/applications/n8n/charts/n8n/charts/valkey/Chart.yaml deleted file mode 100644 index 2b87c3e6..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/Chart.yaml +++ /dev/null @@ -1,39 +0,0 @@ -annotations: - category: Database - images: | - - name: kubectl - image: docker.io/bitnami/kubectl:1.32.3-debian-12-r1 - - name: os-shell - image: docker.io/bitnami/os-shell:12-debian-12-r40 - - name: redis-exporter - image: docker.io/bitnami/redis-exporter:1.69.0-debian-12-r1 - - name: valkey - image: docker.io/bitnami/valkey:8.0.2-debian-12-r6 - - name: valkey-sentinel - image: docker.io/bitnami/valkey-sentinel:8.0.2-debian-12-r6 - licenses: Apache-2.0 - tanzuCategory: service -apiVersion: v2 -appVersion: 8.0.2 -dependencies: -- name: common - repository: oci://registry-1.docker.io/bitnamicharts - tags: - - bitnami-common - version: 2.x.x -description: Valkey is an open source (BSD) high-performance key/value datastore that - supports a variety workloads such as caching, message queues, and can act as a primary - database. -home: https://bitnami.com -icon: https://dyltqmyl993wv.cloudfront.net/assets/stacks/valkey/img/valkey-stack-220x234.png -keywords: -- valkey -- keyvalue -- database -maintainers: -- name: Broadcom, Inc. All Rights Reserved. - url: https://github.com/bitnami/charts -name: valkey -sources: -- https://github.com/bitnami/charts/tree/main/bitnami/valkey -version: 2.4.7 diff --git a/applications/n8n/charts/n8n/charts/valkey/README.md b/applications/n8n/charts/n8n/charts/valkey/README.md deleted file mode 100644 index f4f3e1f1..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/README.md +++ /dev/null @@ -1,1083 +0,0 @@ - - -# Bitnami package for Valkey - -Valkey is an open source (BSD) high-performance key/value datastore that supports a variety workloads such as caching, message queues, and can act as a primary database. - -[Overview of Valkey](https://valkey.io/) - -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - -## TL;DR - -```console -helm install my-release oci://registry-1.docker.io/bitnamicharts/valkey -``` - -Looking to use Valkey in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. - -## Introduction - -This chart bootstraps a [Valkey](https://github.com/bitnami/containers/tree/main/bitnami/valkey) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.23+ -- Helm 3.8.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/valkey -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The command deploys Valkey on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Configuration and installation details - -### Resource requests and limits - -Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. - -To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcesPreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). - -### Update credentials - -The Bitnami Valkey chart, when upgrading, reuses the secret previously rendered by the chart or the one specified in `auth.existingSecret`. To update credentials, use one of the following: - -- Run `helm upgrade` specifying a new password in `auth.password` -- Run `helm upgrade` specifying a new secret in `auth.existingSecret` - -### Prometheus metrics - -This chart can be integrated with Prometheus by setting `metrics.enabled` to `true`. This will deploy a sidecar container with [redis_exporter](https://github.com/oliver006/redis_exporter) in all pods and a `metrics` service, which can be configured under the `metrics.service` section. This `metrics` service will have the necessary annotations to be automatically scraped by Prometheus. - -#### Prometheus requirements - -It is necessary to have a working installation of Prometheus or Prometheus Operator for the integration to work. Install the [Bitnami Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/prometheus) or the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) to easily have a working Prometheus in your cluster. - -#### Integration with Prometheus Operator - -The chart can deploy `ServiceMonitor` objects for integration with Prometheus Operator installations. To do so, set the value `metrics.serviceMonitor.enabled=true`. Ensure that the Prometheus Operator `CustomResourceDefinitions` are installed in the cluster or it will fail with the following error: - -```text -no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1" -``` - -Install the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) for having the necessary CRDs and the Prometheus Operator. - -### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use a different Valkey version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. - -### Bootstrapping with an External Cluster - -This chart is equipped with the ability to bring online a set of Pods that connect to an existing Valkey deployment that lies outside of Kubernetes. This effectively creates a hybrid Valkey Deployment where both Pods in Kubernetes and Instances such as Virtual Machines can partake in a single Valkey Deployment. This is helpful in situations where one may be migrating Valkey from Virtual Machines into Kubernetes, for example. To take advantage of this, use the following as an example configuration: - -```yaml -replica: - externalPrimary: - enabled: true - host: external-valkey-0.internal -sentinel: - externalPrimary: - enabled: true - host: external-valkey-0.internal -``` - -:warning: This is currently limited to clusters in which Sentinel and Valkey run on the same node! :warning: - -Please also note that the external sentinel must be listening on port `26379`, and this is currently not configurable. - -Once the Kubernetes Valkey Deployment is online and confirmed to be working with the existing cluster, the configuration can then be removed and the cluster will remain connected. - -### External DNS - -This chart is equipped to allow leveraging the ExternalDNS project. Doing so will enable ExternalDNS to publish the FQDN for each instance, in the format of `..`. -Example, when using the following configuration: - -```yaml -useExternalDNS: - enabled: true - suffix: prod.example.org - additionalAnnotations: - ttl: 10 -``` - -On a cluster where the name of the Helm release is `a`, the hostname of a Pod is generated as: `a-valkey-node-0.a-valkey.prod.example.org`. The IP of that FQDN will match that of the associated Pod. This modifies the following parameters of the Valkey/Sentinel configuration using this new FQDN: - -- `replica-announce-ip` -- `known-sentinel` -- `known-replica` -- `announce-ip` - -:warning: This requires a working installation of `external-dns` to be fully functional. :warning: - -See the [official ExternalDNS documentation](https://github.com/kubernetes-sigs/external-dns) for additional configuration options. - -### Cluster topologies - -#### Default: Primary-Replicas - -When installing the chart with `architecture=replication`, it will deploy a Valkey primary StatefulSet and a Valkey replicas StatefulSet. The replicas will be read-replicas of the primary. Two services will be exposed: - -- Valkey Primary service: Points to the primary, where read-write operations can be performed -- Valkey Replicas service: Points to the replicas, where only read operations are allowed by default. - -In case the primary crashes, the replicas will wait until the primary node is respawned again by the Kubernetes Controller Manager. - -#### Standalone - -When installing the chart with `architecture=standalone`, it will deploy a standalone Valkey StatefulSet. A single service will be exposed: - -- Valkey Primary service: Points to the primary, where read-write operations can be performed - -#### Primary-Replicas with Sentinel - -When installing the chart with `architecture=replication` and `sentinel.enabled=true`, it will deploy a Valkey primary StatefulSet (only one primary allowed) and a Valkey replicas StatefulSet. In this case, the pods will contain an extra container with Valkey Sentinel. This container will form a cluster of Valkey Sentinel nodes, which will promote a new primary in case the actual one fails. - -On graceful termination of the Valkey primary pod, a failover of the primary is initiated to promote a new primary. The Valkey Sentinel container in this pod will wait for the failover to occur before terminating. If `sentinel.valkeyShutdownWaitFailover=true` is set (the default), the Valkey container will wait for the failover as well before terminating. This increases availability for reads during failover, but may cause stale reads until all clients have switched to the new primary. - -In addition to this, only one service is exposed: - -- Valkey service: Exposes port 6379 for Valkey read-only operations and port 26379 for accessing Valkey Sentinel. - -For read-only operations, access the service using port 6379. For write operations, it's necessary to access the Valkey Sentinel cluster and query the current primary using the command below (using valkey-cli or similar): - -```console -SENTINEL get-primary-addr-by-name -``` - -This command will return the address of the current primary, which can be accessed from inside the cluster. - -In case the current primary crashes, the Sentinel containers will elect a new primary node. - -`primary.replicaCount` greater than `1` is not designed for use when `sentinel.enabled=true`. - -### Multiple primary nodes (experimental) - -When `primary.replicaCount` is greater than `1`, special care must be taken to create a consistent setup. - -An example of use case is the creation of a redundant set of standalone primary nodes or primary-replicas per Kubernetes node where you must ensure: - -- No more than `1` primary can be deployed per Kubernetes node -- Replicas and writers can only see the single primary of their own Kubernetes node - -One way of achieving this is by setting `primary.service.internalTrafficPolicy=Local` in combination with a `primary.affinity.podAntiAffinity` spec to never schedule more than one primary per Kubernetes node. - -It's recommended to only change `primary.replicaCount` if you know what you are doing. -`primary.replicaCount` greater than `1` is not designed for use when `sentinel.enabled=true`. - -### Using a password file - -To use a password file for Valkey you need to create a secret containing the password and then deploy the chart using that secret. Follow these instructions: - -- Create the secret with the password. It is important that the file with the password must be called `valkey-password`. - -```console -kubectl create secret generic valkey-password-secret --from-file=valkey-password.yaml -``` - -- Deploy the Helm Chart using the secret name as parameter: - -```text -usePassword=true -usePasswordFile=true -existingSecret=valkey-password-secret -sentinels.enabled=true -metrics.enabled=true -``` - -### Securing traffic using TLS - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the cluster: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. -- `tls.certCAFilename`: CA Certificate filename. No defaults. - -For example: - -First, create the secret with the certificates files: - -```console -kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem -``` - -Then, use the following parameters: - -```console -tls.enabled="true" -tls.existingSecret="certificates-tls-secret" -tls.certFilename="cert.pem" -tls.certKeyFilename="cert.key" -tls.certCAFilename="ca.pem" -``` - -### Metrics - -The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9121) is exposed in the service. Metrics can be scraped from within the cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). If metrics are to be scraped from outside the cluster, the Kubernetes API proxy can be utilized to access the endpoint. - -If you have enabled TLS by specifying `tls.enabled=true` you also need to specify TLS option to the metrics exporter. You can do that via `metrics.extraArgs`. You can find the metrics exporter CLI flags for TLS [here](https://github.com/oliver006/valkey_exporter#command-line-flags). For example: - -You can either specify `metrics.extraArgs.skip-tls-verification=true` to skip TLS verification or providing the following values under `metrics.extraArgs` for TLS client authentication: - -```console -tls-client-key-file -tls-client-cert-file -tls-ca-cert-file -``` - -### Deploy a custom metrics script in the sidecar - -A custom Lua script can be added to the `redis-exporter` sidecar by way of the `metrics.extraArgs.script` parameter. The pathname of the script must exist on the container, or the `redis_exporter` process (and therefore the whole pod) will refuse to start. The script can be provided to the sidecar containers via the `metrics.extraVolumes` and `metrics.extraVolumeMounts` parameters: - -```yaml -metrics: - extraVolumeMounts: - - name: '{{ printf "%s-metrics-script-file" (include "common.names.fullname" .) }}' - mountPath: '{{ printf "/mnt/%s/" (include "common.names.name" .) }}' - readOnly: true - extraVolumes: - - name: '{{ printf "%s-metrics-script-file" (include "common.names.fullname" .) }}' - configMap: - name: '{{ printf "%s-metrics-script" (include "common.names.fullname" .) }}' - extraArgs: - script: '{{ printf "/mnt/%s/my_custom_metrics.lua" (include "common.names.name" .) }}' -``` - -Then deploy the script into the correct location via `extraDeploy`: - -```yaml -extraDeploy: - - apiVersion: v1 - kind: ConfigMap - metadata: - name: '{{ printf "%s-metrics-script" (include "common.names.fullname" .) }}' - data: - my_custom_metrics.lua: | - -- LUA SCRIPT CODE HERE, e.g., - return {'bitnami_makes_the_best_charts', '1'} -``` - -### Host Kernel Settings - -Valkey may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages. To do so, you can set `securityContext.sysctls` which will configure `sysctls` for primary and replica pods. Example: - -```yaml -securityContext: - sysctls: - - name: net.core.somaxconn - value: "10000" -``` - -Note that this will not disable transparent huge tables. - -### Backup and restore - -To backup and restore Valkey deployments on Kubernetes, you will need to create a snapshot of the data in the source cluster, and later restore it in a new cluster with the new parameters. Follow the instructions below: - -#### Step 1: Backup the deployment - -- Connect to one of the nodes and start the Valkey CLI tool. Then, run the commands below: - - ```text - $ kubectl exec -it my-release-primary-0 bash - $ valkey-cli - 127.0.0.1:6379> auth your_current_valkey_password - OK - 127.0.0.1:6379> save - OK - ``` - -- Copy the dump file from the Valkey node: - - ```console - kubectl cp my-release-primary-0:/data/dump.rdb dump.rdb -c valkey - ``` - -#### Step 2: Restore the data on the destination cluster - -To restore the data in a new cluster, you will need to create a PVC and then upload the *dump.rdb* file to the new volume. - -Follow the following steps: - -- In the [*values.yaml*](https://github.com/bitnami/charts/blob/main/bitnami/valkey/values.yaml) file set the *appendonly* parameter to *no*. You can skip this step if it is already configured as *no* - - ```yaml - commonConfiguration: |- - # Enable AOF https://valkey.io/topics/persistence#append-only-file - appendonly no - # Disable RDB persistence, AOF persistence already enabled. - save "" - ``` - - > *Note that the `Enable AOF` comment belongs to the original config file and what you're actually doing is disabling it. This change will only be neccessary for the temporal cluster you're creating to upload the dump.* - -- Start the new cluster to create the PVCs. Use the command below as an example: - - ```console - helm install new-valkey -f values.yaml . --set cluster.enabled=true --set cluster.replicaCount=3 - ``` - -- Now that the PVC were created, stop it and copy the *dump.rdp* file on the persisted data by using a helping pod. - - ```text - $ helm delete new-valkey - - $ kubectl run --generator=run-pod/v1 -i --rm --tty volpod --overrides=' - { - "apiVersion": "v1", - "kind": "Pod", - "metadata": { - "name": "valkeyvolpod" - }, - "spec": { - "containers": [{ - "command": [ - "tail", - "-f", - "/dev/null" - ], - "image": "bitnami/os-shell", - "name": "mycontainer", - "volumeMounts": [{ - "mountPath": "/mnt", - "name": "valkeydata" - }] - }], - "restartPolicy": "Never", - "volumes": [{ - "name": "valkeydata", - "persistentVolumeClaim": { - "claimName": "valkey-data-new-valkey-primary-0" - } - }] - } - }' --image="bitnami/os-shell" - - $ kubectl cp dump.rdb valkeyvolpod:/mnt/dump.rdb - $ kubectl delete pod volpod - ``` - -- Restart the cluster: - - > **INFO:** The *appendonly* parameter can be safely restored to your desired value. - - ```console - helm install new-valkey -f values.yaml . --set cluster.enabled=true --set cluster.replicaCount=3 - ``` - -### NetworkPolicy - -To enable network policy for Valkey, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -With NetworkPolicy enabled, only pods with the generated client label will be able to connect to Valkey. This label will be displayed in the output after a successful install. - -With `networkPolicy.ingressNSMatchLabels` pods from other namespaces can connect to Valkey. Set `networkPolicy.ingressNSPodMatchLabels` to match pod labels in matched namespace. For example, for a namespace labeled `valkey=external` and pods in that namespace labeled `valkey-client=true` the fields should be set: - -```yaml -networkPolicy: - enabled: true - ingressNSMatchLabels: - valkey: external - ingressNSPodMatchLabels: - valkey-client: true -``` - -#### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Persistence - -By default, the chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at the `/data` path. The volume is created using dynamic volume provisioning. If a Persistent Volume Claim already exists, specify it during installation. - -### Existing PersistentVolumeClaim - -1. Create the PersistentVolume -2. Create the PersistentVolumeClaim -3. Install the chart - -```console -helm install my-release --set primary.persistence.existingClaim=PVC_NAME oci://REGISTRY_NAME/REPOSITORY_NAME/valkey -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | -| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | -| `global.valkey.password` | Global Valkey password (overrides `auth.password`) | `""` | -| `global.security.allowInsecureImages` | Allows skipping image verification | `false` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | - -### Common parameters - -| Name | Description | Value | -| ------------------------- | -------------------------------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `apiVersions` | Override Kubernetes API versions reported by .Capabilities | `[]` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `namespaceOverride` | String to fully override common.names.namespace | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `secretAnnotations` | Annotations to add to secret | `{}` | -| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `useHostnames` | Use hostnames internally when announcing replication. If false, the hostname will be resolved to an IP address | `true` | -| `nameResolutionThreshold` | Failure threshold for internal hostnames resolution | `5` | -| `nameResolutionTimeout` | Timeout seconds between probes for internal hostnames resolution | `5` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - -### Valkey Image parameters - -| Name | Description | Value | -| ------------------- | ------------------------------------------------------------------------------------------------------ | ------------------------ | -| `image.registry` | Valkey image registry | `REGISTRY_NAME` | -| `image.repository` | Valkey image repository | `REPOSITORY_NAME/valkey` | -| `image.digest` | Valkey image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Valkey image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Valkey image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | - -### Valkey common configuration parameters - -| Name | Description | Value | -| -------------------------------- | --------------------------------------------------------------------------------- | ------------- | -| `architecture` | Valkey architecture. Allowed values: `standalone` or `replication` | `replication` | -| `auth.enabled` | Enable password authentication | `true` | -| `auth.sentinel` | Enable password authentication on sentinels too | `true` | -| `auth.password` | Valkey password | `""` | -| `auth.existingSecret` | The name of an existing secret with Valkey credentials | `""` | -| `auth.existingSecretPasswordKey` | Password key to be retrieved from existing secret | `""` | -| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `true` | -| `auth.usePasswordFileFromSecret` | Mount password file from secret | `true` | -| `commonConfiguration` | Common configuration to be added into the ConfigMap | `""` | -| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for Valkey nodes | `""` | - -### Valkey primary configuration parameters - -| Name | Description | Value | -| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `primary.replicaCount` | Number of Valkey primary instances to deploy (experimental, requires additional configuration) | `1` | -| `primary.configuration` | Configuration for Valkey primary nodes | `""` | -| `primary.disableCommands` | Array with Valkey commands to disable on primary nodes | `["FLUSHDB","FLUSHALL"]` | -| `primary.command` | Override default container command (useful when using custom images) | `[]` | -| `primary.args` | Override default container args (useful when using custom images) | `[]` | -| `primary.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` | -| `primary.preExecCmds` | Additional commands to run prior to starting Valkey primary | `[]` | -| `primary.extraFlags` | Array with additional command line flags for Valkey primary | `[]` | -| `primary.extraEnvVars` | Array with extra environment variables to add to Valkey primary nodes | `[]` | -| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Valkey primary nodes | `""` | -| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Valkey primary nodes | `""` | -| `primary.containerPorts.valkey` | Container port to open on Valkey primary nodes | `6379` | -| `primary.startupProbe.enabled` | Enable startupProbe on Valkey primary nodes | `false` | -| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `20` | -| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | -| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `primary.livenessProbe.enabled` | Enable livenessProbe on Valkey primary nodes | `true` | -| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | -| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `primary.readinessProbe.enabled` | Enable readinessProbe on Valkey primary nodes | `true` | -| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | -| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `primary.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `primary.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `primary.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `nano` | -| `primary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `primary.podSecurityContext.enabled` | Enabled Valkey primary pods' Security Context | `true` | -| `primary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `primary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `primary.podSecurityContext.fsGroup` | Set Valkey primary pod's Security Context fsGroup | `1001` | -| `primary.containerSecurityContext.enabled` | Enabled Valkey primary containers' Security Context | `true` | -| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `primary.containerSecurityContext.runAsUser` | Set Valkey primary containers' Security Context runAsUser | `1001` | -| `primary.containerSecurityContext.runAsGroup` | Set Valkey primary containers' Security Context runAsGroup | `1001` | -| `primary.containerSecurityContext.runAsNonRoot` | Set Valkey primary containers' Security Context runAsNonRoot | `true` | -| `primary.containerSecurityContext.allowPrivilegeEscalation` | Is it possible to escalate Valkey pod(s) privileges | `false` | -| `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | -| `primary.containerSecurityContext.seccompProfile.type` | Set Valkey primary containers' Security Context seccompProfile | `RuntimeDefault` | -| `primary.containerSecurityContext.capabilities.drop` | Set Valkey primary containers' Security Context capabilities to drop | `["ALL"]` | -| `primary.kind` | Use either Deployment, StatefulSet (default) or DaemonSet | `StatefulSet` | -| `primary.schedulerName` | Alternate scheduler for Valkey primary pods | `""` | -| `primary.updateStrategy.type` | Valkey primary statefulset strategy type | `RollingUpdate` | -| `primary.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | -| `primary.priorityClassName` | Valkey primary pods' priorityClassName | `""` | -| `primary.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `primary.hostAliases` | Valkey primary pods host aliases | `[]` | -| `primary.podLabels` | Extra labels for Valkey primary pods | `{}` | -| `primary.podAnnotations` | Annotations for Valkey primary pods | `{}` | -| `primary.shareProcessNamespace` | Share a single process namespace between all of the containers in Valkey primary pods | `false` | -| `primary.podAffinityPreset` | Pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `primary.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.nodeAffinityPreset.key` | Node label key to match. Ignored if `primary.affinity` is set | `""` | -| `primary.nodeAffinityPreset.values` | Node label values to match. Ignored if `primary.affinity` is set | `[]` | -| `primary.affinity` | Affinity for Valkey primary pods assignment | `{}` | -| `primary.nodeSelector` | Node labels for Valkey primary pods assignment | `{}` | -| `primary.tolerations` | Tolerations for Valkey primary pods assignment | `[]` | -| `primary.topologySpreadConstraints` | Spread Constraints for Valkey primary pod assignment | `[]` | -| `primary.dnsPolicy` | DNS Policy for Valkey primary pod | `""` | -| `primary.dnsConfig` | DNS Configuration for Valkey primary pod | `{}` | -| `primary.lifecycleHooks` | for the Valkey primary container(s) to automate configuration before or after startup | `{}` | -| `primary.extraVolumes` | Optionally specify extra list of additional volumes for the Valkey primary pod(s) | `[]` | -| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Valkey primary container(s) | `[]` | -| `primary.sidecars` | Add additional sidecar containers to the Valkey primary pod(s) | `[]` | -| `primary.initContainers` | Add additional init containers to the Valkey primary pod(s) | `[]` | -| `primary.persistence.enabled` | Enable persistence on Valkey primary nodes using Persistent Volume Claims | `true` | -| `primary.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `primary.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | -| `primary.persistence.path` | The path the volume will be mounted at on Valkey primary containers | `/data` | -| `primary.persistence.subPath` | The subdirectory of the volume to mount on Valkey primary containers | `""` | -| `primary.persistence.subPathExpr` | Used to construct the subPath subdirectory of the volume to mount on Valkey primary containers | `""` | -| `primary.persistence.storageClass` | Persistent Volume storage class | `""` | -| `primary.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | -| `primary.persistence.size` | Persistent Volume size | `8Gi` | -| `primary.persistence.annotations` | Additional custom annotations for the PVC | `{}` | -| `primary.persistence.labels` | Additional custom labels for the PVC | `{}` | -| `primary.persistence.selector` | Additional labels to match for the PVC | `{}` | -| `primary.persistence.dataSource` | Custom PVC data source | `{}` | -| `primary.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | -| `primary.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | -| `primary.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | -| `primary.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | -| `primary.service.type` | Valkey primary service type | `ClusterIP` | -| `primary.service.ports.valkey` | Valkey primary service port | `6379` | -| `primary.service.nodePorts.valkey` | Node port for Valkey primary | `""` | -| `primary.service.externalTrafficPolicy` | Valkey primary service external traffic policy | `Cluster` | -| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `primary.service.internalTrafficPolicy` | Valkey primary service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster` | -| `primary.service.clusterIP` | Valkey primary service Cluster IP | `""` | -| `primary.service.loadBalancerIP` | Valkey primary service Load Balancer IP | `""` | -| `primary.service.loadBalancerClass` | primary service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | -| `primary.service.loadBalancerSourceRanges` | Valkey primary service Load Balancer sources | `[]` | -| `primary.service.externalIPs` | Valkey primary service External IPs | `[]` | -| `primary.service.annotations` | Additional custom annotations for Valkey primary service | `{}` | -| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `primary.terminationGracePeriodSeconds` | Integer setting the termination grace period for the valkey-primary pods | `30` | -| `primary.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `primary.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `primary.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` | -| `primary.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | -| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | -| `primary.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `{}` | -| `primary.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `primary.pdb.minAvailable` and `primary.pdb.maxUnavailable` are empty. | `{}` | - -### Valkey replicas configuration parameters - -| Name | Description | Value | -| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `replica.kind` | Use either DaemonSet or StatefulSet (default) | `StatefulSet` | -| `replica.replicaCount` | Number of Valkey replicas to deploy | `3` | -| `replica.configuration` | Configuration for Valkey replicas nodes | `""` | -| `replica.disableCommands` | Array with Valkey commands to disable on replicas nodes | `["FLUSHDB","FLUSHALL"]` | -| `replica.command` | Override default container command (useful when using custom images) | `[]` | -| `replica.args` | Override default container args (useful when using custom images) | `[]` | -| `replica.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` | -| `replica.preExecCmds` | Additional commands to run prior to starting Valkey replicas | `[]` | -| `replica.extraFlags` | Array with additional command line flags for Valkey replicas | `[]` | -| `replica.extraEnvVars` | Array with extra environment variables to add to Valkey replicas nodes | `[]` | -| `replica.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Valkey replicas nodes | `""` | -| `replica.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Valkey replicas nodes | `""` | -| `replica.externalPrimary.enabled` | Use external primary for bootstrapping | `false` | -| `replica.externalPrimary.host` | External primary host to bootstrap from | `""` | -| `replica.externalPrimary.port` | Port for Valkey service external primary host | `6379` | -| `replica.containerPorts.valkey` | Container port to open on Valkey replicas nodes | `6379` | -| `replica.startupProbe.enabled` | Enable startupProbe on Valkey replicas nodes | `true` | -| `replica.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `replica.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `replica.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `replica.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` | -| `replica.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `replica.livenessProbe.enabled` | Enable livenessProbe on Valkey replicas nodes | `true` | -| `replica.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | -| `replica.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `replica.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `replica.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `replica.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `replica.readinessProbe.enabled` | Enable readinessProbe on Valkey replicas nodes | `true` | -| `replica.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | -| `replica.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `replica.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `replica.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `replica.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `replica.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `replica.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `replica.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `replica.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production). | `nano` | -| `replica.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `replica.podSecurityContext.enabled` | Enabled Valkey replicas pods' Security Context | `true` | -| `replica.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `replica.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `replica.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `replica.podSecurityContext.fsGroup` | Set Valkey replicas pod's Security Context fsGroup | `1001` | -| `replica.containerSecurityContext.enabled` | Enabled Valkey replicas containers' Security Context | `true` | -| `replica.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `replica.containerSecurityContext.runAsUser` | Set Valkey replicas containers' Security Context runAsUser | `1001` | -| `replica.containerSecurityContext.runAsGroup` | Set Valkey replicas containers' Security Context runAsGroup | `1001` | -| `replica.containerSecurityContext.runAsNonRoot` | Set Valkey replicas containers' Security Context runAsNonRoot | `true` | -| `replica.containerSecurityContext.allowPrivilegeEscalation` | Set Valkey replicas pod's Security Context allowPrivilegeEscalation | `false` | -| `replica.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | -| `replica.containerSecurityContext.seccompProfile.type` | Set Valkey replicas containers' Security Context seccompProfile | `RuntimeDefault` | -| `replica.containerSecurityContext.capabilities.drop` | Set Valkey replicas containers' Security Context capabilities to drop | `["ALL"]` | -| `replica.schedulerName` | Alternate scheduler for Valkey replicas pods | `""` | -| `replica.updateStrategy.type` | Valkey replicas statefulset strategy type | `RollingUpdate` | -| `replica.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | -| `replica.priorityClassName` | Valkey replicas pods' priorityClassName | `""` | -| `replica.podManagementPolicy` | podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods | `""` | -| `replica.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `replica.hostAliases` | Valkey replicas pods host aliases | `[]` | -| `replica.podLabels` | Extra labels for Valkey replicas pods | `{}` | -| `replica.podAnnotations` | Annotations for Valkey replicas pods | `{}` | -| `replica.shareProcessNamespace` | Share a single process namespace between all of the containers in Valkey replicas pods | `false` | -| `replica.podAffinityPreset` | Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `replica.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `replica.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `replica.nodeAffinityPreset.key` | Node label key to match. Ignored if `replica.affinity` is set | `""` | -| `replica.nodeAffinityPreset.values` | Node label values to match. Ignored if `replica.affinity` is set | `[]` | -| `replica.affinity` | Affinity for Valkey replicas pods assignment | `{}` | -| `replica.nodeSelector` | Node labels for Valkey replicas pods assignment | `{}` | -| `replica.tolerations` | Tolerations for Valkey replicas pods assignment | `[]` | -| `replica.topologySpreadConstraints` | Spread Constraints for Valkey replicas pod assignment | `[]` | -| `replica.dnsPolicy` | DNS Policy for Valkey replica pods | `""` | -| `replica.dnsConfig` | DNS Configuration for Valkey replica pods | `{}` | -| `replica.lifecycleHooks` | for the Valkey replica container(s) to automate configuration before or after startup | `{}` | -| `replica.extraVolumes` | Optionally specify extra list of additional volumes for the Valkey replicas pod(s) | `[]` | -| `replica.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Valkey replicas container(s) | `[]` | -| `replica.sidecars` | Add additional sidecar containers to the Valkey replicas pod(s) | `[]` | -| `replica.initContainers` | Add additional init containers to the Valkey replicas pod(s) | `[]` | -| `replica.persistence.enabled` | Enable persistence on Valkey replicas nodes using Persistent Volume Claims | `true` | -| `replica.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `replica.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | -| `replica.persistence.path` | The path the volume will be mounted at on Valkey replicas containers | `/data` | -| `replica.persistence.subPath` | The subdirectory of the volume to mount on Valkey replicas containers | `""` | -| `replica.persistence.subPathExpr` | Used to construct the subPath subdirectory of the volume to mount on Valkey replicas containers | `""` | -| `replica.persistence.storageClass` | Persistent Volume storage class | `""` | -| `replica.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | -| `replica.persistence.size` | Persistent Volume size | `8Gi` | -| `replica.persistence.annotations` | Additional custom annotations for the PVC | `{}` | -| `replica.persistence.labels` | Additional custom labels for the PVC | `{}` | -| `replica.persistence.selector` | Additional labels to match for the PVC | `{}` | -| `replica.persistence.dataSource` | Custom PVC data source | `{}` | -| `replica.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | -| `replica.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | -| `replica.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | -| `replica.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | -| `replica.service.type` | Valkey replicas service type | `ClusterIP` | -| `replica.service.ports.valkey` | Valkey replicas service port | `6379` | -| `replica.service.nodePorts.valkey` | Node port for Valkey replicas | `""` | -| `replica.service.externalTrafficPolicy` | Valkey replicas service external traffic policy | `Cluster` | -| `replica.service.internalTrafficPolicy` | Valkey replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster` | -| `replica.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `replica.service.clusterIP` | Valkey replicas service Cluster IP | `""` | -| `replica.service.loadBalancerIP` | Valkey replicas service Load Balancer IP | `""` | -| `replica.service.loadBalancerClass` | replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | -| `replica.service.loadBalancerSourceRanges` | Valkey replicas service Load Balancer sources | `[]` | -| `replica.service.annotations` | Additional custom annotations for Valkey replicas service | `{}` | -| `replica.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `replica.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `replica.terminationGracePeriodSeconds` | Integer setting the termination grace period for the valkey-replicas pods | `30` | - -### Autoscaling - -| Name | Description | Value | -| --------------------------------------------- | ---------------------------------------------------------------------------------------------- | ------- | -| `replica.autoscaling.vpa.enabled` | Enable VPA | `false` | -| `replica.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` | -| `replica.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` | -| `replica.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` | -| `replica.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` | - -### VPA update policy - -| Name | Description | Value | -| ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `replica.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | `Auto` | -| `replica.autoscaling.hpa.enabled` | Enable HPA | `false` | -| `replica.autoscaling.hpa.minReplicas` | Minimum number of replicas | `""` | -| `replica.autoscaling.hpa.maxReplicas` | Maximum number of replicas | `""` | -| `replica.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` | -| `replica.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` | -| `replica.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `replica.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `replica.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` | -| `replica.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | -| `replica.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | -| `replica.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `{}` | -| `replica.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `replica.pdb.minAvailable` and `replica.pdb.maxUnavailable` are empty. | `{}` | - -### Valkey Sentinel configuration parameters - -| Name | Description | Value | -| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | -| `sentinel.enabled` | Use Valkey Sentinel on Valkey pods. | `false` | -| `sentinel.image.registry` | Valkey Sentinel image registry | `REGISTRY_NAME` | -| `sentinel.image.repository` | Valkey Sentinel image repository | `REPOSITORY_NAME/valkey-sentinel` | -| `sentinel.image.digest` | Valkey Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `sentinel.image.pullPolicy` | Valkey Sentinel image pull policy | `IfNotPresent` | -| `sentinel.image.pullSecrets` | Valkey Sentinel image pull secrets | `[]` | -| `sentinel.image.debug` | Enable image debug mode | `false` | -| `sentinel.annotations` | Additional custom annotations for Valkey Sentinel resource | `{}` | -| `sentinel.primarySet` | Primary set name | `myprimary` | -| `sentinel.quorum` | Sentinel Quorum | `2` | -| `sentinel.getPrimaryTimeout` | Amount of time to allow before get_sentinel_primary_info() times out. | `90` | -| `sentinel.automateClusterRecovery` | Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. | `false` | -| `sentinel.valkeyShutdownWaitFailover` | Whether the Valkey primary container waits for the failover at shutdown (in addition to the Valkey Sentinel container). | `true` | -| `sentinel.downAfterMilliseconds` | Timeout for detecting a Valkey node is down | `60000` | -| `sentinel.failoverTimeout` | Timeout for performing a election failover | `180000` | -| `sentinel.parallelSyncs` | Number of replicas that can be reconfigured in parallel to use the new primary after a failover | `1` | -| `sentinel.configuration` | Configuration for Valkey Sentinel nodes | `""` | -| `sentinel.command` | Override default container command (useful when using custom images) | `[]` | -| `sentinel.args` | Override default container args (useful when using custom images) | `[]` | -| `sentinel.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` | -| `sentinel.preExecCmds` | Additional commands to run prior to starting Valkey Sentinel | `[]` | -| `sentinel.extraEnvVars` | Array with extra environment variables to add to Valkey Sentinel nodes | `[]` | -| `sentinel.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Valkey Sentinel nodes | `""` | -| `sentinel.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Valkey Sentinel nodes | `""` | -| `sentinel.externalPrimary.enabled` | Use external primary for bootstrapping | `false` | -| `sentinel.externalPrimary.host` | External primary host to bootstrap from | `""` | -| `sentinel.externalPrimary.port` | Port for Valkey service external primary host | `6379` | -| `sentinel.containerPorts.sentinel` | Container port to open on Valkey Sentinel nodes | `26379` | -| `sentinel.startupProbe.enabled` | Enable startupProbe on Valkey Sentinel nodes | `true` | -| `sentinel.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `sentinel.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `sentinel.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `sentinel.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` | -| `sentinel.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `sentinel.livenessProbe.enabled` | Enable livenessProbe on Valkey Sentinel nodes | `true` | -| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | -| `sentinel.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `sentinel.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `sentinel.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `sentinel.readinessProbe.enabled` | Enable readinessProbe on Valkey Sentinel nodes | `true` | -| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | -| `sentinel.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `sentinel.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `sentinel.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `sentinel.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `sentinel.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `sentinel.persistence.enabled` | Enable persistence on Valkey sentinel nodes using Persistent Volume Claims (Experimental) | `false` | -| `sentinel.persistence.storageClass` | Persistent Volume storage class | `""` | -| `sentinel.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | -| `sentinel.persistence.size` | Persistent Volume size | `100Mi` | -| `sentinel.persistence.annotations` | Additional custom annotations for the PVC | `{}` | -| `sentinel.persistence.labels` | Additional custom labels for the PVC | `{}` | -| `sentinel.persistence.selector` | Additional labels to match for the PVC | `{}` | -| `sentinel.persistence.dataSource` | Custom PVC data source | `{}` | -| `sentinel.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `sentinel.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | -| `sentinel.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | -| `sentinel.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | -| `sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | -| `sentinel.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production). | `nano` | -| `sentinel.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `sentinel.containerSecurityContext.enabled` | Enabled Valkey Sentinel containers' Security Context | `true` | -| `sentinel.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `sentinel.containerSecurityContext.runAsUser` | Set Valkey Sentinel containers' Security Context runAsUser | `1001` | -| `sentinel.containerSecurityContext.runAsGroup` | Set Valkey Sentinel containers' Security Context runAsGroup | `1001` | -| `sentinel.containerSecurityContext.runAsNonRoot` | Set Valkey Sentinel containers' Security Context runAsNonRoot | `true` | -| `sentinel.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | -| `sentinel.containerSecurityContext.allowPrivilegeEscalation` | Set Valkey Sentinel containers' Security Context allowPrivilegeEscalation | `false` | -| `sentinel.containerSecurityContext.seccompProfile.type` | Set Valkey Sentinel containers' Security Context seccompProfile | `RuntimeDefault` | -| `sentinel.containerSecurityContext.capabilities.drop` | Set Valkey Sentinel containers' Security Context capabilities to drop | `["ALL"]` | -| `sentinel.lifecycleHooks` | for the Valkey sentinel container(s) to automate configuration before or after startup | `{}` | -| `sentinel.extraVolumes` | Optionally specify extra list of additional volumes for the Valkey Sentinel | `[]` | -| `sentinel.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Valkey Sentinel container(s) | `[]` | -| `sentinel.service.type` | Valkey Sentinel service type | `ClusterIP` | -| `sentinel.service.ports.valkey` | Valkey service port for Valkey | `6379` | -| `sentinel.service.ports.sentinel` | Valkey service port for Valkey Sentinel | `26379` | -| `sentinel.service.nodePorts.valkey` | Node port for Valkey | `""` | -| `sentinel.service.nodePorts.sentinel` | Node port for Sentinel | `""` | -| `sentinel.service.externalTrafficPolicy` | Valkey Sentinel service external traffic policy | `Cluster` | -| `sentinel.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `sentinel.service.clusterIP` | Valkey Sentinel service Cluster IP | `""` | -| `sentinel.service.createPrimary` | Enable primary service pointing to the current primary (experimental) | `false` | -| `sentinel.service.loadBalancerIP` | Valkey Sentinel service Load Balancer IP | `""` | -| `sentinel.service.loadBalancerClass` | sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | -| `sentinel.service.loadBalancerSourceRanges` | Valkey Sentinel service Load Balancer sources | `[]` | -| `sentinel.service.annotations` | Additional custom annotations for Valkey Sentinel service | `{}` | -| `sentinel.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `sentinel.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `sentinel.service.headless.annotations` | Annotations for the headless service. | `{}` | -| `sentinel.terminationGracePeriodSeconds` | Integer setting the termination grace period for the valkey-node pods | `30` | - -### Other Parameters - -| Name | Description | Value | -| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.extraEgress` | Add extra egress rules to the NetworkPolicy | `[]` | -| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `networkPolicy.metrics.allowExternal` | Don't require client label for connections for metrics endpoint | `true` | -| `networkPolicy.metrics.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces to metrics endpoint | `{}` | -| `networkPolicy.metrics.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces to metrics endpoint | `{}` | -| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | -| `podSecurityPolicy.enabled` | Enable PodSecurityPolicy's RBAC rules | `false` | -| `rbac.create` | Specifies whether RBAC resources should be created | `false` | -| `rbac.rules` | Custom RBAC rules to set | `[]` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` | -| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | -| `pdb` | DEPRECATED Please use `primary.pdb` and `replica.pdb` values instead | `{}` | -| `tls.enabled` | Enable TLS traffic | `false` | -| `tls.authClients` | Require clients to authenticate | `true` | -| `tls.autoGenerated` | Enable autogenerated certificates | `false` | -| `tls.existingSecret` | The name of the existing secret that contains the TLS certificates | `""` | -| `tls.certFilename` | Certificate filename | `""` | -| `tls.certKeyFilename` | Certificate Key filename | `""` | -| `tls.certCAFilename` | CA Certificate filename | `""` | -| `tls.dhParamsFilename` | File containing DH params (in order to support DH based ciphers) | `""` | - -### Metrics Parameters - -| Name | Description | Value | -| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | -| `metrics.enabled` | Start a sidecar prometheus exporter to expose Valkey metrics | `false` | -| `metrics.image.registry` | Valkey Exporter image registry | `REGISTRY_NAME` | -| `metrics.image.repository` | Valkey Exporter image repository | `REPOSITORY_NAME/valkey-exporter` | -| `metrics.image.digest` | Valkey Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | Valkey Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Valkey Exporter image pull secrets | `[]` | -| `metrics.containerPorts.http` | Metrics HTTP container port | `9121` | -| `metrics.startupProbe.enabled` | Enable startupProbe on Valkey replicas nodes | `false` | -| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `metrics.livenessProbe.enabled` | Enable livenessProbe on Valkey replicas nodes | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `metrics.readinessProbe.enabled` | Enable readinessProbe on Valkey replicas nodes | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `metrics.command` | Override default metrics container init command (useful when using custom images) | `[]` | -| `metrics.valkeyTargetHost` | A way to specify an alternative Valkey hostname | `localhost` | -| `metrics.extraArgs` | Extra arguments for Valkey exporter, for example: | `{}` | -| `metrics.extraEnvVars` | Array with extra environment variables to add to Valkey exporter | `[]` | -| `metrics.containerSecurityContext.enabled` | Enabled Valkey exporter containers' Security Context | `true` | -| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `metrics.containerSecurityContext.runAsUser` | Set Valkey exporter containers' Security Context runAsUser | `1001` | -| `metrics.containerSecurityContext.runAsGroup` | Set Valkey exporter containers' Security Context runAsGroup | `1001` | -| `metrics.containerSecurityContext.runAsNonRoot` | Set Valkey exporter containers' Security Context runAsNonRoot | `true` | -| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set Valkey exporter containers' Security Context allowPrivilegeEscalation | `false` | -| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | -| `metrics.containerSecurityContext.seccompProfile.type` | Set Valkey exporter containers' Security Context seccompProfile | `RuntimeDefault` | -| `metrics.containerSecurityContext.capabilities.drop` | Set Valkey exporter containers' Security Context capabilities to drop | `["ALL"]` | -| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Valkey metrics sidecar | `[]` | -| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Valkey metrics sidecar | `[]` | -| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` | -| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `metrics.podLabels` | Extra labels for Valkey exporter pods | `{}` | -| `metrics.podAnnotations` | Annotations for Valkey exporter pods | `{}` | -| `metrics.service.enabled` | Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor | `true` | -| `metrics.service.type` | Valkey exporter service type | `ClusterIP` | -| `metrics.service.ports.http` | Valkey exporter service port | `9121` | -| `metrics.service.externalTrafficPolicy` | Valkey exporter service external traffic policy | `Cluster` | -| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `metrics.service.loadBalancerIP` | Valkey exporter service Load Balancer IP | `""` | -| `metrics.service.loadBalancerClass` | exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) | `""` | -| `metrics.service.loadBalancerSourceRanges` | Valkey exporter service Load Balancer sources | `[]` | -| `metrics.service.annotations` | Additional custom annotations for Valkey exporter service | `{}` | -| `metrics.service.clusterIP` | Valkey exporter service Cluster IP | `""` | -| `metrics.serviceMonitor.port` | the service port to scrape metrics from | `http-metrics` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` | -| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabelings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` | -| `metrics.serviceMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` | -| `metrics.serviceMonitor.targetLimit` | Limit of how many targets should be scraped | `false` | -| `metrics.serviceMonitor.additionalEndpoints` | Additional endpoints to scrape (e.g sentinel) | `[]` | -| `metrics.podMonitor.port` | the pod port to scrape metrics from | `metrics` | -| `metrics.podMonitor.enabled` | Create PodMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | -| `metrics.podMonitor.namespace` | The namespace in which the PodMonitor will be created | `""` | -| `metrics.podMonitor.interval` | The interval at which metrics should be scraped | `30s` | -| `metrics.podMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | -| `metrics.podMonitor.relabelings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | -| `metrics.podMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | -| `metrics.podMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus | `{}` | -| `metrics.podMonitor.podTargetLabels` | Labels from the Kubernetes pod to be transferred to the created metrics | `[]` | -| `metrics.podMonitor.sampleLimit` | Limit of how many samples should be scraped from every Pod | `false` | -| `metrics.podMonitor.targetLimit` | Limit of how many targets should be scraped | `false` | -| `metrics.podMonitor.additionalEndpoints` | Additional endpoints to scrape (e.g sentinel) | `[]` | -| `metrics.prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` | -| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` | -| `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` | - -### Init Container Parameters - -| Name | Description | Value | -| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------ | -| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | -| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` | -| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | -| `kubectl.image.registry` | Kubectl image registry | `REGISTRY_NAME` | -| `kubectl.image.repository` | Kubectl image repository | `REPOSITORY_NAME/kubectl` | -| `kubectl.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `kubectl.image.pullPolicy` | Kubectl image pull policy | `IfNotPresent` | -| `kubectl.image.pullSecrets` | Kubectl pull secrets | `[]` | -| `kubectl.command` | kubectl command to execute | `["/opt/bitnami/scripts/kubectl-scripts/update-primary-label.sh"]` | -| `kubectl.containerSecurityContext.enabled` | Enabled kubectl containers' Security Context | `true` | -| `kubectl.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `kubectl.containerSecurityContext.runAsUser` | Set kubectl containers' Security Context runAsUser | `1001` | -| `kubectl.containerSecurityContext.runAsGroup` | Set kubectl containers' Security Context runAsGroup | `1001` | -| `kubectl.containerSecurityContext.runAsNonRoot` | Set kubectl containers' Security Context runAsNonRoot | `true` | -| `kubectl.containerSecurityContext.allowPrivilegeEscalation` | Set kubectl containers' Security Context allowPrivilegeEscalation | `false` | -| `kubectl.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` | -| `kubectl.containerSecurityContext.seccompProfile.type` | Set kubectl containers' Security Context seccompProfile | `RuntimeDefault` | -| `kubectl.containerSecurityContext.capabilities.drop` | Set kubectl containers' Security Context capabilities to drop | `["ALL"]` | -| `kubectl.resources.limits` | The resources limits for the kubectl containers | `{}` | -| `kubectl.resources.requests` | The requested resources for the kubectl containers | `{}` | - -### useExternalDNS Parameters - -| Name | Description | Value | -| -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| `useExternalDNS.enabled` | Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable. | `false` | -| `useExternalDNS.additionalAnnotations` | Extra annotations to be utilized when `external-dns` is enabled. | `{}` | -| `useExternalDNS.annotationKey` | The annotation key utilized when `external-dns` is enabled. Setting this to `false` will disable annotations. | `external-dns.alpha.kubernetes.io/` | -| `useExternalDNS.suffix` | The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. | `""` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -helm install my-release \ - --set auth.password=secretpassword \ - oci://REGISTRY_NAME/REPOSITORY_NAME/valkey -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -The above command sets the Valkey server password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/valkey -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. -> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/valkey/values.yaml) - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 2.2.0 - -This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850). - -### To 2.0.0 - -This major updates all the references from `master/slave` to `primary/replica` to follow the upstream project strategy: - -- The term *master* has been replaced by the term *primary*. Therefore, parameters prefixed with `master` are now prefixed with `primary`. -- Environment variables previously prefixed as `VALKEY_MASTER` or `VALKEY_SENTINEL_MASTER` use `VALKEY_PRIMARY` and `VALKEY_SENTINEL_PRIMARY` now. - -Consequences: - -Backwards compatibility is not guaranteed. To upgrade to `2.0.0`, install a new release of the Valkey chart, and migrate the data from your previous release. You have 2 alternatives to do so: - -- Create a backup of the database, and restore it on the new release as explained in the [Backup and restore](#backup-and-restore) section. -- Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `valkey`: - -```console -helm install valkey oci://REGISTRY_NAME/REPOSITORY_NAME/valkey --set auth.password=[PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] -``` - -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. - -| Note: you need to substitute the placeholder *[EXISTING_PVC]* with the name of the PVC used on your previous release, and *[PASSWORD]* with the password used in your previous release. - -## License - -Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/.helmignore b/applications/n8n/charts/n8n/charts/valkey/charts/common/.helmignore deleted file mode 100644 index d0e10845..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -# img folder -img/ -# Changelog -CHANGELOG.md diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/Chart.yaml b/applications/n8n/charts/n8n/charts/valkey/charts/common/Chart.yaml deleted file mode 100644 index 10fc86a4..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure - licenses: Apache-2.0 -apiVersion: v2 -appVersion: 2.30.0 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://bitnami.com -icon: https://dyltqmyl993wv.cloudfront.net/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- name: Broadcom, Inc. All Rights Reserved. - url: https://github.com/bitnami/charts -name: common -sources: -- https://github.com/bitnami/charts/tree/main/bitnami/common -type: library -version: 2.30.0 diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/README.md b/applications/n8n/charts/n8n/charts/valkey/charts/common/README.md deleted file mode 100644 index 0e5f6499..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/README.md +++ /dev/null @@ -1,235 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 2.x.x - repository: oci://registry-1.docker.io/bitnamicharts -``` - -```console -helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.23+ -- Helm 3.8.0+ - -## Parameters - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy.' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets (evaluated as templates). - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -#### What changes were introduced in this major version? - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -#### Considerations when upgrading to this version - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -#### Useful links - -- -- -- - -## License - -Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_affinities.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_affinities.tpl deleted file mode 100644 index d387dbe6..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,155 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a topologyKey definition -{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} -*/}} -{{- define "common.affinities.topologyKey" -}} -{{ .topologyKey | default "kubernetes.io/hostname" -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "extraNamespaces" (list "namespace1" "namespace2") "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -{{- $extraNamespaces := default (list) .extraNamespaces -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- if $extraNamespaces }} - namespaces: - - {{ .context.Release.Namespace }} - {{- with $extraNamespaces }} - {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} - {{- end }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: 1 - {{- range $extraPodAffinityTerms }} - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: {{ .weight | default 1 -}} - {{- end -}} -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "extraNamespaces" (list "namespace1" "namespace2") "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -{{- $extraNamespaces := default (list) .extraNamespaces -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- if $extraNamespaces }} - namespaces: - - {{ .context.Release.Namespace }} - {{- with $extraNamespaces }} - {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} - {{- end }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- range $extraPodAffinityTerms }} - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- end -}} -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_capabilities.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_capabilities.tpl deleted file mode 100644 index 6423fb11..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,253 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- default (default .Capabilities.KubeVersion.Version .Values.kubeVersion) ((.Values.global).kubeVersion) -}} -{{- end -}} - -{{/* -Return true if the apiVersion is supported -Usage: -{{ include "common.capabilities.apiVersions.has" (dict "version" "batch/v1" "context" $) }} -*/}} -{{- define "common.capabilities.apiVersions.has" -}} -{{- $providedAPIVersions := default .context.Values.apiVersions ((.context.Values.global).apiVersions) -}} -{{- if and (empty $providedAPIVersions) (.context.Capabilities.APIVersions.Has .version) -}} - {{- true -}} -{{- else if has .version $providedAPIVersions -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.7-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for job. -*/}} -{{- define "common.capabilities.job.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "common.capabilities.daemonset.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if (.Values.ingress).apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.17-0" $kubeVersion) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.10-0" $kubeVersion) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Vertical Pod Autoscaler. -*/}} -{{- define "common.capabilities.vpa.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.11-0" $kubeVersion) -}} -{{- print "autoscaling/v1beta1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} -{{- print "autoscaling/v1beta2" -}} -{{- else -}} -{{- print "autoscaling/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if PodSecurityPolicy is supported -*/}} -{{- define "common.capabilities.psp.supported" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if or (empty $kubeVersion) (semverCompare "<1.25-0" $kubeVersion) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if AdmissionConfiguration is supported -*/}} -{{- define "common.capabilities.admissionConfiguration.supported" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if or (empty $kubeVersion) (not (semverCompare "<1.23-0" $kubeVersion)) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for AdmissionConfiguration. -*/}} -{{- define "common.capabilities.admissionConfiguration.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- print "apiserver.config.k8s.io/v1alpha1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} -{{- print "apiserver.config.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiserver.config.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for PodSecurityConfiguration. -*/}} -{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} -{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "pod-security.admission.config.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_compatibility.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_compatibility.tpl deleted file mode 100644 index 19c26dbd..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_compatibility.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return true if the detected platform is Openshift -Usage: -{{- include "common.compatibility.isOpenshift" . -}} -*/}} -{{- define "common.compatibility.isOpenshift" -}} -{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} -{{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC -Usage: -{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}} -*/}} -{{- define "common.compatibility.renderSecurityContext" -}} -{{- $adaptedContext := .secContext -}} - -{{- if (((.context.Values.global).compatibility).openshift) -}} - {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}} - {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} - {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} - {{- if not .secContext.seLinuxOptions -}} - {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}} - {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{/* Remove empty seLinuxOptions object if global.compatibility.omitEmptySeLinuxOptions is set to true */}} -{{- if and (((.context.Values.global).compatibility).omitEmptySeLinuxOptions) (not .secContext.seLinuxOptions) -}} - {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} -{{- end -}} -{{/* Remove fields that are disregarded when running the container in privileged mode */}} -{{- if $adaptedContext.privileged -}} - {{- $adaptedContext = omit $adaptedContext "capabilities" -}} -{{- end -}} -{{- omit $adaptedContext "enabled" | toYaml -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_errors.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_errors.tpl deleted file mode 100644 index 93f3ffc9..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,85 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Throw error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} - -{{/* -Throw error when original container images are replaced. -The error can be bypassed by setting the "global.security.allowInsecureImages" to true. In this case, -a warning message will be shown instead. - -Usage: -{{ include "common.errors.insecureImages" (dict "images" (list .Values.path.to.the.imageRoot) "context" $) }} -*/}} -{{- define "common.errors.insecureImages" -}} -{{- $relocatedImages := list -}} -{{- $replacedImages := list -}} -{{- $retaggedImages := list -}} -{{- $globalRegistry := ((.context.Values.global).imageRegistry) -}} -{{- $originalImages := .context.Chart.Annotations.images -}} -{{- range .images -}} - {{- $registryName := default .registry $globalRegistry -}} - {{- $fullImageNameNoTag := printf "%s/%s" $registryName .repository -}} - {{- $fullImageName := printf "%s:%s" $fullImageNameNoTag .tag -}} - {{- if not (contains $fullImageNameNoTag $originalImages) -}} - {{- if not (contains $registryName $originalImages) -}} - {{- $relocatedImages = append $relocatedImages $fullImageName -}} - {{- else if not (contains .repository $originalImages) -}} - {{- $replacedImages = append $replacedImages $fullImageName -}} - {{- end -}} - {{- end -}} - {{- if not (contains (printf "%s:%s" .repository .tag) $originalImages) -}} - {{- $retaggedImages = append $retaggedImages $fullImageName -}} - {{- end -}} -{{- end -}} - -{{- if and (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) (((.context.Values.global).security).allowInsecureImages) -}} - {{- print "\n\nâš  SECURITY WARNING: Verifying original container images was skipped. Please note this Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.\n" -}} -{{- else if (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) -}} - {{- $errorString := "Original containers have been substituted for unrecognized ones. Deploying this chart with non-standard containers is likely to cause degraded security and performance, broken chart features, and missing environment variables." -}} - {{- $errorString = print $errorString "\n\nUnrecognized images:" -}} - {{- range (concat $relocatedImages $replacedImages) -}} - {{- $errorString = print $errorString "\n - " . -}} - {{- end -}} - {{- if or (contains "docker.io/bitnami/" $originalImages) (contains "docker.io/bitnamiprem/" $originalImages) -}} - {{- $errorString = print "\n\nâš  ERROR: " $errorString -}} - {{- $errorString = print $errorString "\n\nIf you are sure you want to proceed with non-standard containers, you can skip container image verification by setting the global parameter 'global.security.allowInsecureImages' to true." -}} - {{- $errorString = print $errorString "\nFurther information can be obtained at https://github.com/bitnami/charts/issues/30850" -}} - {{- print $errorString | fail -}} - {{- else if gt (len $replacedImages) 0 -}} - {{- $errorString = print "\n\nâš  WARNING: " $errorString -}} - {{- print $errorString -}} - {{- end -}} -{{- else if gt (len $retaggedImages) 0 -}} - {{- $warnString := "\n\nâš  WARNING: Original containers have been retagged. Please note this Helm chart was tested, and validated on multiple platforms using a specific set of Tanzu Application Catalog containers. Substituting original image tags could cause unexpected behavior." -}} - {{- $warnString = print $warnString "\n\nRetagged images:" -}} - {{- range $retaggedImages -}} - {{- $warnString = print $warnString "\n - " . -}} - {{- end -}} - {{- print $warnString -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_images.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_images.tpl deleted file mode 100644 index 76bb7ce4..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_images.tpl +++ /dev/null @@ -1,115 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name. -If image tag and digest are not defined, termination fallbacks to chart appVersion. -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global "chart" .Chart ) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := default .imageRoot.registry ((.global).imageRegistry) -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $separator := ":" -}} -{{- $termination := .imageRoot.tag | toString -}} - -{{- if not .imageRoot.tag }} - {{- if .chart }} - {{- $termination = .chart.AppVersion | toString -}} - {{- end -}} -{{- end -}} -{{- if .imageRoot.digest }} - {{- $separator = "@" -}} - {{- $termination = .imageRoot.digest | toString -}} -{{- end -}} -{{- if $registryName }} - {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} -{{- else -}} - {{- printf "%s%s%s" $repositoryName $separator $termination -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- range ((.global).imagePullSecrets) -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end }} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- range (($context.Values.global).imagePullSecrets) -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) -{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} -*/}} -{{- define "common.images.version" -}} -{{- $imageTag := .imageRoot.tag | toString -}} -{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} -{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} - {{- $version := semver $imageTag -}} - {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} -{{- else -}} - {{- print .chart.AppVersion -}} -{{- end -}} -{{- end -}} - diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_ingress.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_ingress.tpl deleted file mode 100644 index 7d2b8798..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_labels.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_labels.tpl deleted file mode 100644 index 0a0cc548..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Kubernetes standard labels -{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} -*/}} -{{- define "common.labels.standard" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} -{{- with .context.Chart.AppVersion -}} -{{- $_ := set $default "app.kubernetes.io/version" . -}} -{{- end -}} -{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- with .Chart.AppVersion }} -app.kubernetes.io/version: {{ . | quote }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector -{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} - -We don't want to loop over custom labels appending them to the selector -since it's very likely that it will break deployments, services, etc. -However, it's important to overwrite the standard labels if the user -overwrote them on metadata.labels fields. -*/}} -{{- define "common.labels.matchLabels" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_names.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_names.tpl deleted file mode 100644 index ba839568..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_names.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_resources.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_resources.tpl deleted file mode 100644 index d8a43e1c..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_resources.tpl +++ /dev/null @@ -1,50 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a resource request/limit object based on a given preset. -These presets are for basic testing and not meant to be used in production -{{ include "common.resources.preset" (dict "type" "nano") -}} -*/}} -{{- define "common.resources.preset" -}} -{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} -{{- $presets := dict - "nano" (dict - "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") - ) - "micro" (dict - "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") - ) - "small" (dict - "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") - ) - "medium" (dict - "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") - ) - "large" (dict - "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") - ) - "xlarge" (dict - "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") - ) - "2xlarge" (dict - "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") - ) - }} -{{- if hasKey $presets .type -}} -{{- index $presets .type | toYaml -}} -{{- else -}} -{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} -{{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_secrets.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_secrets.tpl deleted file mode 100644 index bfef4697..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,192 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "honorProvidedValues" false "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. - - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted. - - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret. - - honorProvidedValues - Boolean - Optional - Default to false. If set to true, the values in providedValues have higher priority than an existing secret -The order in which this function returns a secret password: - 1. Password provided via the values.yaml if honorProvidedValues = true - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 2. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 3. Password provided via the values.yaml if honorProvidedValues = false - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 4. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key | b64dec }} - {{- else if not (eq .failOnNew false) }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- end -}} -{{- end }} - -{{- if and $providedPasswordValue .honorProvidedValues }} - {{- $password = $providedPasswordValue | toString }} -{{- end }} - -{{- if not $password }} - {{- if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString }} - {{- else }} - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- if not (eq .failOnNew false) }} - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - {{- end }} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} - {{- else }} - {{- $password = randAlphaNum $passwordLength }} - {{- end }} - {{- end -}} -{{- end -}} -{{- if not .skipB64enc }} -{{- $password = $password | b64enc }} -{{- end -}} -{{- if .skipQuote -}} -{{- printf "%s" $password -}} -{{- else -}} -{{- printf "%s" $password | quote -}} -{{- end -}} -{{- end -}} - -{{/* -Reuses the value from an existing secret, otherwise sets its value to a default value. - -Usage: -{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - context - Context - Required - Parent context. - -*/}} -{{- define "common.secrets.lookup" -}} -{{- $value := "" -}} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} -{{- if and $secretData (hasKey $secretData .key) -}} - {{- $value = index $secretData .key -}} -{{- else if .defaultValue -}} - {{- $value = .defaultValue | toString | b64enc -}} -{{- end -}} -{{- if $value -}} -{{- printf "%s" $value -}} -{{- end -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_storage.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_storage.tpl deleted file mode 100644 index aa75856c..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} -{{- $storageClass := (.global).storageClass | default .persistence.storageClass | default (.global).defaultStorageClass | default "" -}} -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else -}} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_tplvalues.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index a04f4c1e..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,52 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template perhaps with scope if the scope is present. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} -*/}} -{{- define "common.tplvalues.render" -}} -{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} -{{- if contains "{{" (toJson .value) }} - {{- if .scope }} - {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} - {{- else }} - {{- tpl $value .context }} - {{- end }} -{{- else }} - {{- $value }} -{{- end }} -{{- end -}} - -{{/* -Merge a list of values that contains template after rendering them. -Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge -Usage: -{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} -*/}} -{{- define "common.tplvalues.merge" -}} -{{- $dst := dict -}} -{{- range .values -}} -{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} -{{- end -}} -{{ $dst | toYaml }} -{{- end -}} - -{{/* -Merge a list of values that contains template after rendering them. -Merge precedence is consistent with https://masterminds.github.io/sprig/dicts.html#mergeoverwrite-mustmergeoverwrite -Usage: -{{ include "common.tplvalues.merge-overwrite" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} -*/}} -{{- define "common.tplvalues.merge-overwrite" -}} -{{- $dst := dict -}} -{{- range .values -}} -{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | mergeOverwrite $dst -}} -{{- end -}} -{{ $dst | toYaml }} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_utils.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_utils.tpl deleted file mode 100644 index d53c74aa..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376). -Usage: -{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} -*/}} -{{- define "common.utils.checksumTemplate" -}} -{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}} -{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_warnings.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_warnings.tpl deleted file mode 100644 index 62c44dfc..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,109 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html -{{- end }} -{{- end -}} - -{{/* -Warning about replaced images from the original. -Usage: -{{ include "common.warnings.modifiedImages" (dict "images" (list .Values.path.to.the.imageRoot) "context" $) }} -*/}} -{{- define "common.warnings.modifiedImages" -}} -{{- $affectedImages := list -}} -{{- $printMessage := false -}} -{{- $originalImages := .context.Chart.Annotations.images -}} -{{- range .images -}} - {{- $fullImageName := printf (printf "%s/%s:%s" .registry .repository .tag) -}} - {{- if not (contains $fullImageName $originalImages) }} - {{- $affectedImages = append $affectedImages (printf "%s/%s:%s" .registry .repository .tag) -}} - {{- $printMessage = true -}} - {{- end -}} -{{- end -}} -{{- if $printMessage }} - -âš  SECURITY WARNING: Original containers have been substituted. This Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables. - -Substituted images detected: -{{- range $affectedImages }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Warning about not setting the resource object in all deployments. -Usage: -{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }} -Example: -{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }} -The list in the example assumes that the following values exist: - - csiProvider.provider.resources - - server.resources - - volumePermissions.resources - - resources -*/}} -{{- define "common.warnings.resources" -}} -{{- $values := .context.Values -}} -{{- $printMessage := false -}} -{{ $affectedSections := list -}} -{{- range .sections -}} - {{- if eq . "" -}} - {{/* Case where the resources section is at the root (one main deployment in the chart) */}} - {{- if not (index $values "resources") -}} - {{- $affectedSections = append $affectedSections "resources" -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else -}} - {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}} - {{- $keys := split "." . -}} - {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}} - {{- $section := $values -}} - {{- range $keys -}} - {{- $section = index $section . -}} - {{- end -}} - {{- if not (index $section "resources") -}} - {{/* If the section has enabled=false or replicaCount=0, do not include it */}} - {{- if and (hasKey $section "enabled") -}} - {{- if index $section "enabled" -}} - {{/* enabled=true */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else if and (hasKey $section "replicaCount") -}} - {{/* We need a casting to int because number 0 is not treated as an int by default */}} - {{- if (gt (index $section "replicaCount" | int) 0) -}} - {{/* replicaCount > 0 */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else -}} - {{/* Default case, add it to the affected sections */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- if $printMessage }} - -WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs: -{{- range $affectedSections }} - - {{ . }} -{{- end }} -+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -{{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_cassandra.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index f8fd213b..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mariadb.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index 6ea8c0f4..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mongodb.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index e678a6de..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,67 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mysql.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index fbb65c33..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,67 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_postgresql.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 51d47162..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,105 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_redis.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index 9fedfef9..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_validations.tpl b/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 7cdee617..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/charts/common/values.yaml b/applications/n8n/charts/n8n/charts/valkey/charts/common/values.yaml deleted file mode 100644 index de2cac57..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/charts/common/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/NOTES.txt b/applications/n8n/charts/n8n/charts/valkey/templates/NOTES.txt deleted file mode 100644 index 9050390b..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/NOTES.txt +++ /dev/null @@ -1,214 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami for more information. - -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ include "common.names.namespace" . }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - -For Valkey: - - /opt/bitnami/scripts/valkey/entrypoint.sh /opt/bitnami/scripts/valkey/run.sh - -{{- if .Values.sentinel.enabled }} - -For Valkey Sentinel: - - /opt/bitnami/scripts/valkey-sentinel/entrypoint.sh /opt/bitnami/scripts/valkey-sentinel/run.sh - -{{- end }} -{{- else }} - -{{- if contains .Values.primary.service.type "LoadBalancer" }} -{{- if not .Values.auth.enabled }} -{{ if and (not .Values.networkPolicy.enabled) (.Values.networkPolicy.allowExternal) }} - -------------------------------------------------------------------------------- - WARNING - - By specifying "primary.service.type=LoadBalancer" and "auth.enabled=false" you have - most likely exposed the Valkey service externally without any authentication - mechanism. - - For security reasons, we strongly suggest that you switch to "ClusterIP" or - "NodePort". As alternative, you can also switch to "auth.enabled=true" - providing a valid password on "password" parameter. - -------------------------------------------------------------------------------- -{{- end }} -{{- end }} -{{- end }} - -{{- if and .Values.auth.usePasswordFiles (not .Values.auth.usePasswordFileFromSecret) (or (empty .Values.primary.initContainers) (empty .Values.replica.initContainers)) }} - -------------------------------------------------------------------------------- - WARNING - - By specifying ".Values.auth.usePasswordFiles=true" and ".Values.auth.usePasswordFileFromSecret=false" - Valkey is expecting that the password is mounted as a file in each pod - (by default in /opt/bitnami/valkey/secrets/valkey-password) - - Ensure that you specify the respective initContainers in - both .Values.primary.initContainers and .Values.replica.initContainers - in order to populate the contents of this file. - -------------------------------------------------------------------------------- -{{- end }} - -{{- if eq .Values.architecture "replication" }} -{{- if .Values.sentinel.enabled }} - -Valkey can be accessed via port {{ .Values.sentinel.service.ports.valkey }} on the following DNS name from within your cluster: - - {{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} for read only operations - -For read/write operations, first access the Valkey Sentinel cluster, which is available in port {{ .Values.sentinel.service.ports.sentinel }} using the same domain name above. - -{{- else }} - -Valkey can be accessed on the following DNS names from within your cluster: - - {{ printf "%s-primary.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" . ) .Values.clusterDomain }} for read/write operations (port {{ .Values.primary.service.ports.valkey }}) - {{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" . ) .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.ports.valkey }}) - -{{- end }} -{{- else }} - -Valkey can be accessed via port {{ .Values.primary.service.ports.valkey }} on the following DNS name from within your cluster: - - {{ template "common.names.fullname" . }}-primary.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} - -{{- end }} - -{{ if .Values.auth.enabled }} - -To get your password run: - - export VALKEY_PASSWORD=$(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ include "valkey.secretName" . }} -o jsonpath="{.data.{{ include "valkey.secretPasswordKey" . }}}" | base64 -d) - -{{- end }} - -To connect to your Valkey server: - -1. Run a Valkey pod that you can use as a client: - - kubectl run --namespace {{ include "common.names.namespace" . }} valkey-client --restart='Never' {{ if .Values.auth.enabled }} --env VALKEY_PASSWORD=$VALKEY_PASSWORD {{ end }} --image {{ template "valkey.image" . }} --command -- sleep infinity - -{{- if .Values.tls.enabled }} - - Copy your TLS certificates to the pod: - - kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.cert valkey-client:/tmp/client.cert - kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.key valkey-client:/tmp/client.key - kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/CA.cert valkey-client:/tmp/CA.cert - -{{- end }} - - Use the following command to attach to the pod: - - kubectl exec --tty -i valkey-client \ - {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }} - --namespace {{ include "common.names.namespace" . }} -- bash - -2. Connect using the Valkey CLI: - -{{- if eq .Values.architecture "replication" }} - {{- if .Values.sentinel.enabled }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.ports.valkey }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Read only operations - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.ports.sentinel }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Sentinel access - {{- else }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h {{ printf "%s-primary" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h {{ printf "%s-replicas" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - {{- end }} -{{- else }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h {{ template "common.names.fullname" . }}-primary{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} -{{- end }} - -{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - -Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to valkey. - -{{- else }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} -{{- if contains "NodePort" .Values.sentinel.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "LoadBalancer" .Values.sentinel.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h $SERVICE_IP -p {{ .Values.sentinel.service.ports.valkey }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "ClusterIP" .Values.sentinel.service.type }} - - kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.ports.valkey }}:{{ .Values.sentinel.service.ports.valkey }} & - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h 127.0.0.1 -p {{ .Values.sentinel.service.ports.valkey }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- end }} -{{- else }} -{{- if contains "NodePort" .Values.primary.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-primary" (include "common.names.fullname" .) }}) - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "LoadBalancer" .Values.primary.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ printf "%s-primary" (include "common.names.fullname" .) }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h $SERVICE_IP -p {{ .Values.primary.service.ports.valkey }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "ClusterIP" .Values.primary.service.type }} - - kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ printf "%s-primary" (include "common.names.fullname" .) }} {{ .Values.primary.service.ports.valkey }}:{{ .Values.primary.service.ports.valkey }} & - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$VALKEY_PASSWORD" {{ end }}valkey-cli -h 127.0.0.1 -p {{ .Values.primary.service.ports.valkey }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- end }} -{{- end }} - -{{- end }} -{{- end }} -{{- include "valkey.checkRollingTags" . }} -{{- include "valkey.validateValues" . }} - -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Release.IsUpgrade ) }} -{{- if $.Values.sentinel.service.nodePorts.sentinel }} -No need to upgrade, ports and nodeports have been set from values -{{- else }} -#!#!#!#!#!#!#!# IMPORTANT #!#!#!#!#!#!#!# -YOU NEED TO PERFORM AN UPGRADE FOR THE SERVICES AND WORKLOAD TO BE CREATED -{{- end }} -{{- end }} -{{- $resourceSections := list "metrics" "replica" "sentinel" "volumePermissions" }} -{{- if not (and (eq .Values.architecture "replication") .Values.sentinel.enabled) }} - {{- $resourceSections = append $resourceSections "primary" -}} -{{- end }} -{{- include "common.warnings.resources" (dict "sections" $resourceSections "context" $) }} -{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.kubectl.image) "context" $) }} -{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.kubectl.image) "context" $) }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/_helpers.tpl b/applications/n8n/charts/n8n/charts/valkey/templates/_helpers.tpl deleted file mode 100644 index 03598f72..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/_helpers.tpl +++ /dev/null @@ -1,298 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Valkey image name -*/}} -{{- define "valkey.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Valkey Sentinel image name -*/}} -{{- define "valkey.sentinel.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.sentinel.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "valkey.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "valkey.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return kubectl image -*/}} -{{- define "valkey.kubectl.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.kubectl.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "valkey.imagePullSecrets" -}} -{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image) "context" $) -}} -{{- end -}} - -{{/* -Return the appropriate apiGroup for PodSecurityPolicy. -*/}} -{{- define "podSecurityPolicy.apiGroup" -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy" -}} -{{- else -}} -{{- print "extensions" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS secret object should be created -*/}} -{{- define "valkey.createTlsSecret" -}} -{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret containing Valkey TLS certificates -*/}} -{{- define "valkey.tlsSecretName" -}} -{{- if .Values.tls.existingSecret -}} - {{- printf "%s" (tpl .Values.tls.existingSecret $) -}} -{{- else -}} - {{- printf "%s-crt" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert file. -*/}} -{{- define "valkey.tlsCert" -}} -{{- if (include "valkey.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/valkey/certs/%s" "tls.crt" -}} -{{- else -}} - {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/valkey/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert key file. -*/}} -{{- define "valkey.tlsCertKey" -}} -{{- if (include "valkey.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/valkey/certs/%s" "tls.key" -}} -{{- else -}} - {{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/valkey/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the CA cert file. -*/}} -{{- define "valkey.tlsCACert" -}} -{{- if (include "valkey.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/valkey/certs/%s" "ca.crt" -}} -{{- else -}} - {{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/valkey/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the DH params file. -*/}} -{{- define "valkey.tlsDHParams" -}} -{{- if .Values.tls.dhParamsFilename -}} -{{- printf "/opt/bitnami/valkey/certs/%s" .Values.tls.dhParamsFilename -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the shared service account to use -*/}} -{{- define "valkey.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the primary service account to use -*/}} -{{- define "valkey.primaryServiceAccountName" -}} -{{- if .Values.primary.serviceAccount.create -}} - {{ default (printf "%s-primary" (include "common.names.fullname" .)) .Values.primary.serviceAccount.name }} -{{- else -}} - {{- if .Values.serviceAccount.create -}} - {{ template "valkey.serviceAccountName" . }} - {{- else -}} - {{ default "default" .Values.primary.serviceAccount.name }} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the replicas service account to use -*/}} -{{- define "valkey.replicaServiceAccountName" -}} -{{- if .Values.replica.serviceAccount.create -}} - {{ default (printf "%s-replica" (include "common.names.fullname" .)) .Values.replica.serviceAccount.name }} -{{- else -}} - {{- if .Values.serviceAccount.create -}} - {{ template "valkey.serviceAccountName" . }} - {{- else -}} - {{ default "default" .Values.replica.serviceAccount.name }} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the configuration configmap name -*/}} -{{- define "valkey.configmapName" -}} -{{- if .Values.existingConfigmap -}} - {{- print (tpl .Values.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-configuration" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created -*/}} -{{- define "valkey.createConfigmap" -}} -{{- if empty .Values.existingConfigmap }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "valkey.secretName" -}} -{{- if .Values.auth.existingSecret -}} -{{- print (tpl .Values.auth.existingSecret $) -}} -{{- else -}} -{{- print (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password key to be retrieved from Valkey secret. -*/}} -{{- define "valkey.secretPasswordKey" -}} -{{- if and .Values.auth.existingSecret .Values.auth.existingSecretPasswordKey -}} -{{- print (tpl .Values.auth.existingSecretPasswordKey $) -}} -{{- else -}} -{{- print "valkey-password" -}} -{{- end -}} -{{- end -}} - -{{/* Check if there are rolling tags in the images */}} -{{- define "valkey.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.sentinel.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "valkey.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "valkey.validateValues.topologySpreadConstraints" .) -}} -{{- $messages := append $messages (include "valkey.validateValues.architecture" .) -}} -{{- $messages := append $messages (include "valkey.validateValues.podSecurityPolicy.create" .) -}} -{{- $messages := append $messages (include "valkey.validateValues.tls" .) -}} -{{- $messages := append $messages (include "valkey.validateValues.createPrimary" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Valkey - spreadConstrainsts K8s version */}} -{{- define "valkey.validateValues.topologySpreadConstraints" -}} -{{- if and (semverCompare "<1.16-0" .Capabilities.KubeVersion.GitVersion) .Values.replica.topologySpreadConstraints -}} -valkey: topologySpreadConstraints - Pod Topology Spread Constraints are only available on K8s >= 1.16 - Find more information at https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -{{- end -}} -{{- end -}} - -{{/* Validate values of Valkey - must provide a valid architecture */}} -{{- define "valkey.validateValues.architecture" -}} -{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replication") -}} -valkey: architecture - Invalid architecture selected. Valid values are "standalone" and - "replication". Please set a valid architecture (--set architecture="xxxx") -{{- end -}} -{{- if and .Values.sentinel.enabled (not (eq .Values.architecture "replication")) }} -valkey: architecture - Using valkey sentinel on standalone mode is not supported. - To deploy valkey sentinel, please select the "replication" mode - (--set "architecture=replication,sentinel.enabled=true") -{{- end -}} -{{- end -}} - -{{/* Validate values of Valkey - PodSecurityPolicy create */}} -{{- define "valkey.validateValues.podSecurityPolicy.create" -}} -{{- if and .Values.podSecurityPolicy.create (not .Values.podSecurityPolicy.enabled) }} -valkey: podSecurityPolicy.create - In order to create PodSecurityPolicy, you also need to enable - podSecurityPolicy.enabled field -{{- end -}} -{{- end -}} - -{{/* Validate values of Valkey - TLS enabled */}} -{{- define "valkey.validateValues.tls" -}} -{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) }} -valkey: tls.enabled - In order to enable TLS, you also need to provide - an existing secret containing the TLS certificates or - enable auto-generated certificates. -{{- end -}} -{{- end -}} - -{{/* Validate values of Valkey - primary service enabled */}} -{{- define "valkey.validateValues.createPrimary" -}} -{{- if and .Values.sentinel.service.createPrimary (or (not .Values.rbac.create) (not .Values.replica.automountServiceAccountToken) (not .Values.serviceAccount.create)) }} -valkey: sentinel.service.createPrimary - In order to redirect requests only to the primary pod via the service, you also need to - create rbac and serviceAccount. In addition, you need to enable - replica.automountServiceAccountToken. -{{- end -}} -{{- end -}} - -{{/* Define the suffix utilized for external-dns */}} -{{- define "valkey.externalDNS.suffix" -}} -{{ printf "%s.%s" (include "common.names.fullname" .) .Values.useExternalDNS.suffix }} -{{- end -}} - -{{/* Compile all annotations utilized for external-dns */}} -{{- define "valkey.externalDNS.annotations" -}} -{{- if and .Values.useExternalDNS.enabled .Values.useExternalDNS.annotationKey }} -{{ .Values.useExternalDNS.annotationKey }}hostname: {{ include "valkey.externalDNS.suffix" . }} -{{- range $key, $val := .Values.useExternalDNS.additionalAnnotations }} -{{ $.Values.useExternalDNS.annotationKey }}{{ $key }}: {{ $val | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/configmap.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/configmap.yaml deleted file mode 100644 index ec37c7ef..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/configmap.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if (include "valkey.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-configuration" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - valkey.conf: |- - # User-supplied common configuration: - {{- if .Values.commonConfiguration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonConfiguration "context" $ ) | nindent 4 }} - {{- end }} - # End of common configuration - primary.conf: |- - dir {{ .Values.primary.persistence.path }} - # User-supplied primary configuration: - {{- if .Values.primary.configuration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.configuration "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.primary.disableCommands }} - {{- range .Values.primary.disableCommands }} - rename-command {{ . }} "" - {{- end }} - {{- end }} - # End of primary configuration - replica.conf: |- - dir {{ .Values.replica.persistence.path }} - # User-supplied replica configuration: - {{- if .Values.replica.configuration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.configuration "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.replica.disableCommands }} - {{- range .Values.replica.disableCommands }} - rename-command {{ . }} "" - {{- end }} - {{- end }} - # End of replica configuration - {{- if .Values.sentinel.enabled }} - sentinel.conf: |- - dir "/tmp" - port {{ .Values.sentinel.containerPorts.sentinel }} - sentinel monitor {{ .Values.sentinel.primarySet }} {{ template "common.names.fullname" . }}-node-0.{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} {{ .Values.sentinel.service.ports.valkey }} {{ .Values.sentinel.quorum }} - sentinel down-after-milliseconds {{ .Values.sentinel.primarySet }} {{ .Values.sentinel.downAfterMilliseconds }} - sentinel failover-timeout {{ .Values.sentinel.primarySet }} {{ .Values.sentinel.failoverTimeout }} - sentinel parallel-syncs {{ .Values.sentinel.primarySet }} {{ .Values.sentinel.parallelSyncs }} - {{- if .Values.sentinel.service.createPrimary}} - sentinel client-reconfig-script {{ .Values.sentinel.primarySet }} /opt/bitnami/scripts/start-scripts/push-primary-label.sh - {{- end }} - # User-supplied sentinel configuration: - {{- if .Values.sentinel.configuration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.configuration "context" $ ) | nindent 4 }} - {{- end }} - # End of sentinel configuration - {{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/extra-list.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/extra-list.yaml deleted file mode 100644 index 329f5c65..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/extra-list.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/headless-svc.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/headless-svc.yaml deleted file mode 100644 index 16be9aa1..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/headless-svc.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-headless" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations (include "valkey.externalDNS.annotations" .) }} - annotations: - {{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} - {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} - {{- include "valkey.externalDNS.annotations" . | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - {{- if .Values.sentinel.enabled }} - publishNotReadyAddresses: true - {{- end }} - ports: - - name: tcp-redis - port: {{ if .Values.sentinel.enabled }}{{ .Values.replica.containerPorts.valkey }}{{ else }} {{ .Values.primary.containerPorts.valkey }}{{ end }} - targetPort: redis - {{- if .Values.sentinel.enabled }} - - name: tcp-sentinel - port: {{ .Values.sentinel.containerPorts.sentinel }} - targetPort: valkey-sentinel - {{- end }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/health-configmap.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/health-configmap.yaml deleted file mode 100644 index 4a8886c0..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/health-configmap.yaml +++ /dev/null @@ -1,194 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - ping_readiness_local.sh: |- - #!/bin/bash - - [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")" - [[ -n "$VALKEY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PASSWORD" - response=$( - timeout -s 15 $1 \ - valkey-cli \ - -h localhost \ - {{- if .Values.tls.enabled }} - -p $VALKEY_TLS_PORT \ - --tls \ - --cacert {{ template "valkey.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "valkey.tlsCert" . }} \ - --key {{ template "valkey.tlsCertKey" . }} \ - {{- end }} - {{- else }} - -p $VALKEY_PORT \ - {{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - ping_liveness_local.sh: |- - #!/bin/bash - - [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")" - [[ -n "$VALKEY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PASSWORD" - response=$( - timeout -s 15 $1 \ - valkey-cli \ - -h localhost \ - {{- if .Values.tls.enabled }} - -p $VALKEY_TLS_PORT \ - --tls \ - --cacert {{ template "valkey.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "valkey.tlsCert" . }} \ - --key {{ template "valkey.tlsCertKey" . }} \ - {{- end }} - {{- else }} - -p $VALKEY_PORT \ - {{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') - if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then - echo "$response" - exit 1 - fi -{{- if .Values.sentinel.enabled }} - ping_sentinel.sh: |- - #!/bin/bash - - {{- if .Values.auth.sentinel }} - [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")" - [[ -n "$VALKEY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PASSWORD" - {{- end }} - response=$( - timeout -s 15 $1 \ - valkey-cli \ - -h localhost \ - {{- if .Values.tls.enabled }} - -p $VALKEY_SENTINEL_TLS_PORT_NUMBER \ - --tls \ - --cacert "$VALKEY_SENTINEL_TLS_CA_FILE" \ - {{- if .Values.tls.authClients }} - --cert "$VALKEY_SENTINEL_TLS_CERT_FILE" \ - --key "$VALKEY_SENTINEL_TLS_KEY_FILE" \ - {{- end }} - {{- else }} - -p $VALKEY_SENTINEL_PORT \ - {{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - parse_sentinels.awk: |- - /ip/ {FOUND_IP=1} - /port/ {FOUND_PORT=1} - /runid/ {FOUND_RUNID=1} - !/ip|port|runid/ { - if (FOUND_IP==1) { - IP=$1; FOUND_IP=0; - } - else if (FOUND_PORT==1) { - PORT=$1; - FOUND_PORT=0; - } else if (FOUND_RUNID==1) { - printf "\nsentinel known-sentinel {{ .Values.sentinel.primarySet }} %s %s %s", IP, PORT, $0; FOUND_RUNID=0; - } - } -{{- end }} - ping_readiness_primary.sh: |- - #!/bin/bash - - [[ -f $VALKEY_PRIMARY_PASSWORD_FILE ]] && export VALKEY_PRIMARY_PASSWORD="$(< "${VALKEY_PRIMARY_PASSWORD_FILE}")" - [[ -n "$VALKEY_PRIMARY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PRIMARY_PASSWORD" - response=$( - timeout -s 15 $1 \ - valkey-cli \ - -h $VALKEY_PRIMARY_HOST \ - -p $VALKEY_PRIMARY_PORT_NUMBER \ - {{- if .Values.tls.enabled }} - --tls \ - --cacert {{ template "valkey.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "valkey.tlsCert" . }} \ - --key {{ template "valkey.tlsCertKey" . }} \ - {{- end }} - {{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - ping_liveness_primary.sh: |- - #!/bin/bash - - [[ -f $VALKEY_PRIMARY_PASSWORD_FILE ]] && export VALKEY_PRIMARY_PASSWORD="$(< "${VALKEY_PRIMARY_PASSWORD_FILE}")" - [[ -n "$VALKEY_PRIMARY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PRIMARY_PASSWORD" - response=$( - timeout -s 15 $1 \ - valkey-cli \ - -h $VALKEY_PRIMARY_HOST \ - -p $VALKEY_PRIMARY_PORT_NUMBER \ - {{- if .Values.tls.enabled }} - --tls \ - --cacert {{ template "valkey.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "valkey.tlsCert" . }} \ - --key {{ template "valkey.tlsCertKey" . }} \ - {{- end }} - {{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') - if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then - echo "$response" - exit 1 - fi - ping_readiness_local_and_primary.sh: |- - script_dir="$(dirname "$0")" - exit_status=0 - "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? - "$script_dir/ping_readiness_primary.sh" $1 || exit_status=$? - exit $exit_status - ping_liveness_local_and_primary.sh: |- - script_dir="$(dirname "$0")" - exit_status=0 - "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? - "$script_dir/ping_liveness_primary.sh" $1 || exit_status=$? - exit $exit_status diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/metrics-svc.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/metrics-svc.yaml deleted file mode 100644 index 84721832..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/metrics-svc.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: valkey - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if and .Values.metrics.service.clusterIP (eq .Values.metrics.service.type "ClusterIP") }} - clusterIP: {{ .Values.metrics.service.clusterIP }} - {{- end }} - {{- if eq .Values.metrics.service.type "LoadBalancer" }} - externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerClass }} - loadBalancerClass: {{ .Values.metrics.service.loadBalancerClass }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.metrics.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: http-metrics - port: {{ .Values.metrics.service.ports.http }} - protocol: TCP - targetPort: metrics - {{- if .Values.metrics.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/networkpolicy.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/networkpolicy.yaml deleted file mode 100644 index 56a73c10..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/networkpolicy.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - policyTypes: - - Ingress - - Egress - {{- if .Values.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - {{- if eq .Values.architecture "replication" }} - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - # Allow outbound connections to other cluster pods - - ports: - - port: {{ .Values.primary.containerPorts.valkey }} - {{- if .Values.sentinel.enabled }} - - port: {{ .Values.sentinel.containerPorts.sentinel }} - {{- end }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.primary.containerPorts.valkey }} - {{- if .Values.sentinel.enabled }} - - port: {{ .Values.sentinel.containerPorts.sentinel }} - {{- end }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - {{- if or .Values.networkPolicy.ingressNSMatchLabels .Values.networkPolicy.ingressNSPodMatchLabels }} - - namespaceSelector: - matchLabels: - {{- if .Values.networkPolicy.ingressNSMatchLabels }} - {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{ else }} - {} - {{- end }} - {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes for metrics - - ports: - - port: {{ .Values.metrics.containerPorts.http }} - {{- if not .Values.networkPolicy.metrics.allowExternal }} - from: - {{- if or .Values.networkPolicy.metrics.ingressNSMatchLabels .Values.networkPolicy.metrics.ingressNSPodMatchLabels }} - - namespaceSelector: - matchLabels: - {{- if .Values.networkPolicy.metrics.ingressNSMatchLabels }} - {{- range $key, $value := .Values.networkPolicy.metrics.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{ else }} - {} - {{- end }} - {{- if .Values.networkPolicy.metrics.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.metrics.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/podmonitor.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/podmonitor.yaml deleted file mode 100644 index 1e7d4143..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/podmonitor.yaml +++ /dev/null @@ -1,82 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.podMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ default (include "common.names.namespace" .) .Values.metrics.podMonitor.namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if .Values.metrics.podMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podMetricsEndpoints: - - port: {{ .Values.metrics.podMonitor.port }} - {{- if .Values.metrics.podMonitor.interval }} - interval: {{ .Values.metrics.podMonitor.interval }} - {{- end }} - {{- if .Values.metrics.podMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.podMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.podMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.podMonitor.honorLabels }} - {{- end }} - {{- with .Values.metrics.podMonitor.relabelings }} - relabelings: {{- toYaml . | nindent 6 }} - {{- end }} - {{- if .Values.metrics.podMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.podMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- range .Values.metrics.podMonitor.additionalEndpoints }} - - port: {{ .port }} - {{- if .interval }} - interval: {{ .interval }} - {{- end }} - {{- if .path }} - path: {{ .path }} - {{- end }} - {{- if .honorLabels }} - honorLabels: {{ .honorLabels }} - {{- end }} - {{- with .relabelings }} - relabelings: {{- toYaml . | nindent 6 }} - {{- end }} - {{- if .metricRelabelings }} - metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }} - {{- end }} - {{- if .scrapeTimeout }} - scrapeTimeout: {{ .scrapeTimeout }} - {{- end }} - {{- if .params }} - params: - {{- range $key, $value := .params }} - {{ $key }}: - {{- range $value }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.podTargetLabels }} - podTargetLabels: {{- toYaml .Values.metrics.podMonitor.podTargetLabels | nindent 4 }} - {{- end }} - {{- with .Values.metrics.podMonitor.sampleLimit -}} - sampleLimit: {{ . }} - {{- end }} - {{- with .Values.metrics.podMonitor.targetLimit -}} - targetLimit: {{ . }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "common.names.namespace" . | quote }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/primary/application.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/primary/application.yaml deleted file mode 100644 index 5083c8e9..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/primary/application.yaml +++ /dev/null @@ -1,520 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if or (eq .Values.primary.kind "DaemonSet") (gt (int64 .Values.primary.replicaCount) 0) -}} -{{- if or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: {{ .Values.primary.kind }} -metadata: - name: {{ printf "%s-primary" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: primary - app.kubernetes.io/part-of: valkey - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if not (eq .Values.primary.kind "DaemonSet") }} - replicas: {{ .Values.primary.replicaCount }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: primary - {{- if (eq .Values.primary.kind "StatefulSet") }} - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - {{- end }} - {{- if .Values.primary.updateStrategy }} - {{- if (eq .Values.primary.kind "Deployment") }} - strategy: {{- toYaml .Values.primary.updateStrategy | nindent 4 }} - {{- else }} - updateStrategy: {{- toYaml .Values.primary.updateStrategy | nindent 4 }} - {{- end }} - {{- if and .Values.primary.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }} - minReadySeconds: {{ .Values.primary.minReadySeconds }} - {{- end }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/component: primary - {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} - {{- end }} - annotations: - {{- if (include "valkey.createConfigmap" .) }} - checksum/configmap: {{ pick ( include (print $.Template.BasePath "/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - {{- end }} - checksum/health: {{ pick ( include (print $.Template.BasePath "/health-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - checksum/scripts: {{ pick ( include (print $.Template.BasePath "/scripts-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - checksum/secret: {{ pick ( include (print $.Template.BasePath "/secret.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - {{- if .Values.primary.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- include "valkey.imagePullSecrets" . | nindent 6 }} - {{- if .Values.primary.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.primary.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.primary.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "valkey.primaryServiceAccountName" . }} - automountServiceAccountToken: {{ .Values.primary.automountServiceAccountToken }} - {{- if .Values.primary.priorityClassName }} - priorityClassName: {{ .Values.primary.priorityClassName | quote }} - {{- end }} - {{- if .Values.primary.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.primary.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.primary.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.primary.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.primary.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.primary.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.primary.shareProcessNamespace }} - {{- end }} - {{- if .Values.primary.schedulerName }} - schedulerName: {{ .Values.primary.schedulerName | quote }} - {{- end }} - {{- if .Values.primary.dnsPolicy }} - dnsPolicy: {{ .Values.primary.dnsPolicy }} - {{- end }} - {{- if .Values.primary.dnsConfig }} - dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.primary.dnsConfig "context" $) | nindent 8 }} - {{- end }} - enableServiceLinks: {{ .Values.primary.enableServiceLinks }} - terminationGracePeriodSeconds: {{ .Values.primary.terminationGracePeriodSeconds }} - {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.primary.persistence.enabled .Values.primary.podSecurityContext.enabled .Values.primary.containerSecurityContext.enabled }} - {{- if or .Values.primary.initContainers $needsVolumePermissions }} - initContainers: - {{- if .Values.primary.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if $needsVolumePermissions }} - - name: volume-permissions - image: {{ include "valkey.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.primary.persistence.path }} - {{- else }} - chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} {{ .Values.primary.persistence.path }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: valkey-data - mountPath: {{ .Values.primary.persistence.path }} - {{- if .Values.primary.persistence.subPath }} - subPath: {{ .Values.primary.persistence.subPath }} - {{- else if .Values.primary.persistence.subPathExpr }} - subPathExpr: {{ .Values.primary.persistence.subPathExpr }} - {{- end }} - {{- end }} - {{- end }} - containers: - - name: valkey - image: {{ template "valkey.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.primary.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.primary.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.primary.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.primary.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.primary.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.primary.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.primary.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.primary.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-primary.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: VALKEY_REPLICATION_MODE - value: primary - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: VALKEY_PASSWORD_FILE - value: "/opt/bitnami/valkey/secrets/valkey-password" - {{- else }} - - name: VALKEY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "valkey.secretName" . }} - key: {{ template "valkey.secretPasswordKey" . }} - {{- end }} - {{- end }} - - name: VALKEY_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: VALKEY_TLS_PORT - value: {{ .Values.primary.containerPorts.valkey | quote }} - - name: VALKEY_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: VALKEY_TLS_CERT_FILE - value: {{ template "valkey.tlsCert" . }} - - name: VALKEY_TLS_KEY_FILE - value: {{ template "valkey.tlsCertKey" . }} - - name: VALKEY_TLS_CA_FILE - value: {{ template "valkey.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: VALKEY_TLS_DH_PARAMS_FILE - value: {{ template "valkey.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: VALKEY_PORT - value: {{ .Values.primary.containerPorts.valkey | quote }} - {{- end }} - {{- if .Values.primary.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.primary.extraEnvVarsCM .Values.primary.extraEnvVarsSecret }} - envFrom: - {{- if .Values.primary.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.primary.extraEnvVarsCM }} - {{- end }} - {{- if .Values.primary.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.primary.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: redis - containerPort: {{ .Values.primary.containerPorts.valkey }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.primary.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.primary.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: redis - {{- end }} - {{- if .Values.primary.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.primary.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.primary.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.primary.livenessProbe.periodSeconds }} - # One second longer than command timeout should prevent generation of zombie processes. - timeoutSeconds: {{ add1 .Values.primary.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.primary.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.primary.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_liveness_local.sh {{ .Values.primary.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.primary.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.primary.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.primary.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.primary.readinessProbe.periodSeconds }} - timeoutSeconds: {{ add1 .Values.primary.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.primary.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.primary.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_readiness_local.sh {{ .Values.primary.readinessProbe.timeoutSeconds }} - {{- end }} - {{- end }} - {{- if .Values.primary.resources }} - resources: {{- toYaml .Values.primary.resources | nindent 12 }} - {{- else if ne .Values.primary.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.primary.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} - - name: valkey-password - mountPath: /opt/bitnami/valkey/secrets/ - {{- end }} - - name: valkey-data - mountPath: {{ .Values.primary.persistence.path }} - {{- if .Values.primary.persistence.subPath }} - subPath: {{ .Values.primary.persistence.subPath }} - {{- else if .Values.primary.persistence.subPathExpr }} - subPathExpr: {{ .Values.primary.persistence.subPathExpr }} - {{- end }} - - name: config - mountPath: /opt/bitnami/valkey/mounted-etc - - name: empty-dir - mountPath: /opt/bitnami/valkey/etc/ - subPath: app-conf-dir - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.tls.enabled }} - - name: valkey-certificates - mountPath: /opt/bitnami/valkey/certs - readOnly: true - {{- end }} - {{- if .Values.primary.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "valkey.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.metrics.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -c - - | - {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} - export REDIS_PASSWORD="$(< $REDIS_PASSWORD_FILE)" - {{- end }} - redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: REDIS_ALIAS - value: {{ template "common.names.fullname" . }} - - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS - value: {{ printf ":%v" .Values.metrics.containerPorts.http }} - {{- if .Values.auth.enabled }} - - name: REDIS_USER - value: default - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/secrets/valkey-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "valkey.secretName" . }} - key: {{ template "valkey.secretPasswordKey" . }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: REDIS_ADDR - value: valkeys://{{ .Values.metrics.valkeyTargetHost }}:{{ .Values.primary.containerPorts.valkey }} - {{- if .Values.tls.authClients }} - - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE - value: {{ template "valkey.tlsCertKey" . }} - - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE - value: {{ template "valkey.tlsCert" . }} - {{- end }} - - name: REDIS_EXPORTER_TLS_CA_CERT_FILE - value: {{ template "valkey.tlsCACert" . }} - {{- end }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.metrics.containerPorts.http }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: / - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- else if ne .Values.metrics.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: app-tmp-dir - {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} - - name: valkey-password - mountPath: /secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: valkey-certificates - mountPath: /opt/bitnami/valkey/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.primary.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: start-scripts - configMap: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - defaultMode: 0755 - - name: health - configMap: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} - - name: valkey-password - {{ if .Values.auth.usePasswordFileFromSecret }} - secret: - secretName: {{ template "valkey.secretName" . }} - items: - - key: {{ template "valkey.secretPasswordKey" . }} - path: valkey-password - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - - name: config - configMap: - name: {{ include "valkey.configmapName" . }} - - name: empty-dir - {{- if or .Values.primary.persistence.medium .Values.primary.persistence.sizeLimit }} - emptyDir: - {{- if .Values.primary.persistence.medium }} - medium: {{ .Values.primary.persistence.medium | quote }} - {{- end }} - {{- if .Values.primary.persistence.sizeLimit }} - sizeLimit: {{ .Values.primary.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.tls.enabled }} - - name: valkey-certificates - secret: - secretName: {{ include "valkey.tlsSecretName" . }} - defaultMode: 256 - {{- end }} - {{- if .Values.primary.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if or (not .Values.primary.persistence.enabled) (eq .Values.primary.kind "DaemonSet") }} - - name: valkey-data - {{- if or .Values.primary.persistence.medium .Values.primary.persistence.sizeLimit }} - emptyDir: - {{- if .Values.primary.persistence.medium }} - medium: {{ .Values.primary.persistence.medium | quote }} - {{- end }} - {{- if .Values.primary.persistence.sizeLimit }} - sizeLimit: {{ .Values.primary.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else if .Values.primary.persistence.existingClaim }} - - name: valkey-data - persistentVolumeClaim: - claimName: {{ printf "%s" (tpl .Values.primary.persistence.existingClaim .) }} - {{- else if (eq .Values.primary.kind "Deployment") }} - - name: valkey-data - persistentVolumeClaim: - claimName: {{ printf "valkey-data-%s-primary" (include "common.names.fullname" .) }} - {{- else }} - {{- if .Values.primary.persistentVolumeClaimRetentionPolicy.enabled }} - persistentVolumeClaimRetentionPolicy: - whenDeleted: {{ .Values.primary.persistentVolumeClaimRetentionPolicy.whenDeleted }} - whenScaled: {{ .Values.primary.persistentVolumeClaimRetentionPolicy.whenScaled }} - {{- end }} - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: valkey-data - {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.persistence.labels .Values.commonLabels ) "context" . ) }} - labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} - app.kubernetes.io/component: primary - {{- if .Values.primary.persistence.annotations }} - annotations: {{- toYaml .Values.primary.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.primary.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.primary.persistence.size | quote }} - {{- if .Values.primary.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.primary.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.primary.persistence "global" .Values.global) | nindent 8 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/primary/pdb.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/primary/pdb.yaml deleted file mode 100644 index 657668da..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/primary/pdb.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- $pdb := coalesce .Values.pdb .Values.primary.pdb }} -{{- if and $pdb.create (gt (int64 .Values.primary.count) 0) (or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled)) }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ printf "%s-primary" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if $pdb.minAvailable }} - minAvailable: {{ $pdb.minAvailable }} - {{- end }} - {{- if or $pdb.maxUnavailable (not $pdb.minAvailable)}} - maxUnavailable: {{ $pdb.maxUnavailable | default 1 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: primary -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/primary/psp.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/primary/psp.yaml deleted file mode 100644 index 8d9df8dc..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/primary/psp.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.create }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ printf "%s-primary" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - allowPrivilegeEscalation: false - fsGroup: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.primary.podSecurityContext.fsGroup }} - max: {{ .Values.primary.podSecurityContext.fsGroup }} - hostIPC: false - hostNetwork: false - hostPID: false - privileged: false - readOnlyRootFilesystem: false - requiredDropCapabilities: - - ALL - runAsUser: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.primary.containerSecurityContext.runAsUser }} - max: {{ .Values.primary.containerSecurityContext.runAsUser }} - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.primary.containerSecurityContext.runAsUser }} - max: {{ .Values.primary.containerSecurityContext.runAsUser }} - volumes: - - 'configMap' - - 'secret' - - 'emptyDir' - - 'persistentVolumeClaim' -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/primary/pvc.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/primary/pvc.yaml deleted file mode 100644 index df17fab0..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/primary/pvc.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (eq .Values.architecture "standalone") (eq .Values.primary.kind "Deployment") (.Values.primary.persistence.enabled) (not .Values.primary.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ printf "valkey-data-%s-primary" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} - namespace: {{ include "common.names.namespace" . | quote }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.persistence.labels .Values.commonLabels ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: primary - app.kubernetes.io/part-of: valkey - {{- if .Values.primary.persistence.annotations }} - annotations: {{- toYaml .Values.primary.persistence.annotations | nindent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.primary.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.primary.persistence.size | quote }} - {{- if .Values.primary.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.primary.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.dataSource "context" $) | nindent 4 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.primary.persistence "global" .Values.global) | nindent 2 }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/primary/service.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/primary/service.yaml deleted file mode 100644 index 2e87a1b7..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/primary/service.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (not .Values.sentinel.enabled) (gt (int64 .Values.primary.replicaCount) 0) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-primary" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: primary - app.kubernetes.io/part-of: valkey - {{- if or .Values.primary.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.primary.service.type }} - {{- if or (eq .Values.primary.service.type "LoadBalancer") (eq .Values.primary.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (semverCompare ">=1.22-0" (include "common.capabilities.kubeVersion" .)) }} - internalTrafficPolicy: {{ .Values.primary.service.internalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.primary.service.type "LoadBalancer") .Values.primary.service.loadBalancerClass }} - loadBalancerClass: {{ .Values.primary.service.loadBalancerClass }} - {{- end }} - {{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ toYaml .Values.primary.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if and .Values.primary.service.clusterIP (eq .Values.primary.service.type "ClusterIP") }} - clusterIP: {{ .Values.primary.service.clusterIP }} - {{- end }} - {{- if .Values.primary.service.sessionAffinity }} - sessionAffinity: {{ .Values.primary.service.sessionAffinity }} - {{- end }} - {{- if .Values.primary.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.primary.service.externalIPs }} - externalIPs: {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.externalIPs "context" $) | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - port: {{ .Values.primary.service.ports.valkey }} - targetPort: redis - {{- if and (or (eq .Values.primary.service.type "NodePort") (eq .Values.primary.service.type "LoadBalancer")) .Values.primary.service.nodePorts.valkey}} - nodePort: {{ .Values.primary.service.nodePorts.valkey}} - {{- else if eq .Values.primary.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.primary.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: primary -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/primary/serviceaccount.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/primary/serviceaccount.yaml deleted file mode 100644 index 5fe059fd..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/primary/serviceaccount.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.primary.serviceAccount.create (or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled)) }} -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: {{ .Values.primary.serviceAccount.automountServiceAccountToken }} -metadata: - name: {{ template "valkey.primaryServiceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if or .Values.primary.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/prometheusrule.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/prometheusrule.yaml deleted file mode 100644 index c7b320b7..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/prometheusrule.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if .Values.metrics.prometheusRule.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - groups: - - name: {{ include "common.names.fullname" . }} - rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/application.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/application.yaml deleted file mode 100644 index b244d5fc..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/application.yaml +++ /dev/null @@ -1,535 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: {{ .Values.replica.kind }} -metadata: - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: replica - app.kubernetes.io/part-of: valkey - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if and (not (eq .Values.replica.kind "DaemonSet")) (not .Values.replica.autoscaling.enabled) }} - replicas: {{ .Values.replica.replicaCount }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: replica - {{- if (eq .Values.replica.kind "StatefulSet") }} - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - {{- end }} - {{- if .Values.replica.updateStrategy }} - updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }} - {{- end }} - {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }} - minReadySeconds: {{ .Values.replica.minReadySeconds }} - {{- end }} - {{- if .Values.replica.podManagementPolicy }} - podManagementPolicy: {{ .Values.replica.podManagementPolicy | quote }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/component: replica - {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} - {{- end }} - annotations: - {{- if (include "valkey.createConfigmap" .) }} - checksum/configmap: {{ pick ( include (print $.Template.BasePath "/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - {{- end }} - checksum/health: {{ pick ( include (print $.Template.BasePath "/health-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - checksum/scripts: {{ pick ( include (print $.Template.BasePath "/scripts-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - checksum/secret: {{ pick ( include (print $.Template.BasePath "/secret.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - {{- if .Values.replica.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- include "valkey.imagePullSecrets" . | nindent 6 }} - {{- if .Values.replica.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "valkey.replicaServiceAccountName" . }} - automountServiceAccountToken: {{ .Values.replica.automountServiceAccountToken }} - {{- if .Values.replica.priorityClassName }} - priorityClassName: {{ .Values.replica.priorityClassName | quote }} - {{- end }} - {{- if .Values.replica.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "replica" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "replica" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.replica.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }} - {{- end }} - {{- if .Values.replica.schedulerName }} - schedulerName: {{ .Values.replica.schedulerName | quote }} - {{- end }} - {{- if .Values.replica.dnsPolicy }} - dnsPolicy: {{ .Values.replica.dnsPolicy }} - {{- end }} - {{- if .Values.replica.dnsConfig }} - dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.dnsConfig "context" $) | nindent 8 }} - {{- end }} - enableServiceLinks: {{ .Values.replica.enableServiceLinks }} - terminationGracePeriodSeconds: {{ .Values.replica.terminationGracePeriodSeconds }} - {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }} - {{- if or .Values.replica.initContainers $needsVolumePermissions }} - initContainers: - {{- if .Values.replica.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if $needsVolumePermissions }} - - name: volume-permissions - image: {{ include "valkey.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }} - {{- else }} - chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: valkey-data - mountPath: {{ .Values.replica.persistence.path }} - {{- if .Values.replica.persistence.subPath }} - subPath: {{ .Values.replica.persistence.subPath }} - {{- else if .Values.replica.persistence.subPathExpr }} - subPathExpr: {{ .Values.replica.persistence.subPathExpr }} - {{- end }} - {{- end }} - {{- end }} - containers: - - name: valkey - image: {{ template "valkey.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.replica.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.replica.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-replica.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: VALKEY_REPLICATION_MODE - value: replica - - name: VALKEY_PRIMARY_HOST - {{- if .Values.replica.externalPrimary.enabled }} - value: {{ .Values.replica.externalPrimary.host | quote }} - {{- else if and (eq (int64 .Values.primary.replicaCount) 1) (eq .Values.primary.kind "StatefulSet") }} - value: {{ template "common.names.fullname" . }}-primary-0.{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} - {{- else }} - value: {{ template "common.names.fullname" . }}-primary.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} - {{- end }} - - name: VALKEY_PRIMARY_PORT_NUMBER - {{- if .Values.replica.externalPrimary.enabled }} - value: {{ .Values.replica.externalPrimary.port | quote }} - {{- else }} - value: {{ .Values.primary.containerPorts.valkey | quote }} - {{- end }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: VALKEY_PASSWORD_FILE - value: "/opt/bitnami/valkey/secrets/valkey-password" - - name: VALKEY_PRIMARY_PASSWORD_FILE - value: "/opt/bitnami/valkey/secrets/valkey-password" - {{- else }} - - name: VALKEY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "valkey.secretName" . }} - key: {{ template "valkey.secretPasswordKey" . }} - - name: VALKEY_PRIMARY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "valkey.secretName" . }} - key: {{ template "valkey.secretPasswordKey" . }} - {{- end }} - {{- end }} - - name: VALKEY_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: VALKEY_TLS_PORT - value: {{ .Values.replica.containerPorts.valkey | quote }} - - name: VALKEY_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: VALKEY_TLS_CERT_FILE - value: {{ template "valkey.tlsCert" . }} - - name: VALKEY_TLS_KEY_FILE - value: {{ template "valkey.tlsCertKey" . }} - - name: VALKEY_TLS_CA_FILE - value: {{ template "valkey.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: VALKEY_TLS_DH_PARAMS_FILE - value: {{ template "valkey.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: VALKEY_PORT - value: {{ .Values.replica.containerPorts.valkey | quote }} - {{- end }} - {{- if .Values.replica.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }} - envFrom: - {{- if .Values.replica.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.replica.extraEnvVarsCM }} - {{- end }} - {{- if .Values.replica.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.replica.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: redis - containerPort: {{ .Values.replica.containerPorts.valkey }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.replica.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.replica.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: redis - {{- end }} - {{- if .Values.replica.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.replica.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }} - timeoutSeconds: {{ add1 .Values.replica.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_liveness_local_and_primary.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.replica.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.replica.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }} - timeoutSeconds: {{ add1 .Values.replica.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_readiness_local_and_primary.sh {{ .Values.replica.readinessProbe.timeoutSeconds }} - {{- end }} - {{- end }} - {{- if .Values.replica.resources }} - resources: {{- toYaml .Values.replica.resources | nindent 12 }} - {{- else if ne .Values.replica.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.replica.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} - - name: valkey-password - mountPath: /opt/bitnami/valkey/secrets/ - {{- end }} - - name: valkey-data - mountPath: /data - {{- if .Values.replica.persistence.subPath }} - subPath: {{ .Values.replica.persistence.subPath }} - {{- else if .Values.replica.persistence.subPathExpr }} - subPathExpr: {{ .Values.replica.persistence.subPathExpr }} - {{- end }} - - name: config - mountPath: /opt/bitnami/valkey/mounted-etc - - name: empty-dir - mountPath: /opt/bitnami/valkey/etc - subPath: app-conf-dir - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.tls.enabled }} - - name: valkey-certificates - mountPath: /opt/bitnami/valkey/certs - readOnly: true - {{- end }} - {{- if .Values.replica.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "valkey.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.metrics.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -c - - | - {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} - export REDIS_PASSWORD="$(< $REDIS_PASSWORD_FILE)" - {{- end }} - redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: REDIS_ALIAS - value: {{ template "common.names.fullname" . }} - - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS - value: {{ printf ":%v" .Values.metrics.containerPorts.http }} - {{- if .Values.auth.enabled }} - - name: REDIS_USER - value: default - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/secrets/valkey-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "valkey.secretName" . }} - key: {{ template "valkey.secretPasswordKey" . }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: REDIS_ADDR - value: valkeys://{{ .Values.metrics.valkeyTargetHost }}:{{ .Values.replica.containerPorts.valkey }} - {{- if .Values.tls.authClients }} - - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE - value: {{ template "valkey.tlsCertKey" . }} - - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE - value: {{ template "valkey.tlsCert" . }} - {{- end }} - - name: REDIS_EXPORTER_TLS_CA_CERT_FILE - value: {{ template "valkey.tlsCACert" . }} - {{- end }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.metrics.containerPorts.http }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: / - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- else if ne .Values.metrics.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} - - name: valkey-password - mountPath: /secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: valkey-certificates - mountPath: /opt/bitnami/valkey/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: start-scripts - configMap: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - defaultMode: 0755 - - name: health - configMap: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} - - name: valkey-password - {{ if .Values.auth.usePasswordFileFromSecret }} - secret: - secretName: {{ template "valkey.secretName" . }} - items: - - key: {{ template "valkey.secretPasswordKey" . }} - path: valkey-password - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - - name: config - configMap: - name: {{ include "valkey.configmapName" . }} - - name: empty-dir - {{- if or .Values.replica.persistence.medium .Values.replica.persistence.sizeLimit }} - emptyDir: - {{- if .Values.replica.persistence.medium }} - medium: {{ .Values.replica.persistence.medium | quote }} - {{- end }} - {{- if .Values.replica.persistence.sizeLimit }} - sizeLimit: {{ .Values.replica.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.tls.enabled }} - - name: valkey-certificates - secret: - secretName: {{ include "valkey.tlsSecretName" . }} - defaultMode: 256 - {{- end }} - {{- if .Values.replica.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if or (not .Values.replica.persistence.enabled) (not (eq .Values.replica.kind "StatefulSet")) }} - - name: valkey-data - {{- if or .Values.replica.persistence.medium .Values.replica.persistence.sizeLimit }} - emptyDir: - {{- if .Values.replica.persistence.medium }} - medium: {{ .Values.replica.persistence.medium | quote }} - {{- end }} - {{- if .Values.replica.persistence.sizeLimit }} - sizeLimit: {{ .Values.replica.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else if .Values.replica.persistence.existingClaim }} - - name: valkey-data - persistentVolumeClaim: - claimName: {{ printf "%s" (tpl .Values.replica.persistence.existingClaim .) }} - {{- else }} - {{- if .Values.replica.persistentVolumeClaimRetentionPolicy.enabled }} - persistentVolumeClaimRetentionPolicy: - whenDeleted: {{ .Values.replica.persistentVolumeClaimRetentionPolicy.whenDeleted }} - whenScaled: {{ .Values.replica.persistentVolumeClaimRetentionPolicy.whenScaled }} - {{- end }} - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: valkey-data - {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.persistence.labels .Values.commonLabels ) "context" . ) }} - labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} - app.kubernetes.io/component: replica - {{- if .Values.replica.persistence.annotations }} - annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.replica.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.replica.persistence.size | quote }} - {{- if .Values.replica.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.replica.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.replica.persistence.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/hpa.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/hpa.yaml deleted file mode 100644 index 821e1fb8..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/hpa.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.replica.autoscaling.hpa.enabled (not .Values.sentinel.enabled) }} -apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: replica - app.kubernetes.io/part-of: valkey - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: StatefulSet - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - minReplicas: {{ .Values.replica.autoscaling.hpa.minReplicas }} - maxReplicas: {{ .Values.replica.autoscaling.hpa.maxReplicas }} - metrics: - {{- if .Values.replica.autoscaling.hpa.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.hpa.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.hpa.targetCPU }} - {{- end }} - {{- end }} - {{- if .Values.replica.autoscaling.hpa.targetMemory }} - - type: Resource - resource: - name: memory - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.hpa.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.hpa.targetMemory }} - {{- end }} - {{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/pdb.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/pdb.yaml deleted file mode 100644 index d7b777b5..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/pdb.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- $pdb := coalesce .Values.pdb .Values.replica.pdb }} -{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) $pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if $pdb.minAvailable }} - minAvailable: {{ $pdb.minAvailable }} - {{- end }} - {{- if or $pdb.maxUnavailable (not $pdb.minAvailable) }} - maxUnavailable: {{ $pdb.maxUnavailable | default 1 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: replica -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/service.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/service.yaml deleted file mode 100644 index 75d6363d..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/service.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: replica - app.kubernetes.io/part-of: valkey - {{- if or .Values.replica.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.replica.service.type }} - {{- if or (eq .Values.replica.service.type "LoadBalancer") (eq .Values.replica.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.replica.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (semverCompare ">=1.22-0" (include "common.capabilities.kubeVersion" .)) }} - internalTrafficPolicy: {{ .Values.replica.service.internalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.replica.service.type "LoadBalancer") .Values.replica.service.loadBalancerClass }} - loadBalancerClass: {{ .Values.replica.service.loadBalancerClass }} - {{- end }} - {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ toYaml .Values.replica.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if and .Values.replica.service.clusterIP (eq .Values.replica.service.type "ClusterIP") }} - clusterIP: {{ .Values.replica.service.clusterIP }} - {{- end }} - {{- if .Values.replica.service.sessionAffinity }} - sessionAffinity: {{ .Values.replica.service.sessionAffinity }} - {{- end }} - {{- if .Values.replica.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - port: {{ .Values.replica.service.ports.valkey }} - targetPort: redis - {{- if and (or (eq .Values.replica.service.type "NodePort") (eq .Values.replica.service.type "LoadBalancer")) .Values.replica.service.nodePorts.valkey}} - nodePort: {{ .Values.replica.service.nodePorts.valkey}} - {{- else if eq .Values.replica.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.replica.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: replica -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/serviceaccount.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/serviceaccount.yaml deleted file mode 100644 index 5693ff0a..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/serviceaccount.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.replica.serviceAccount.create (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: {{ .Values.replica.serviceAccount.automountServiceAccountToken }} -metadata: - name: {{ template "valkey.replicaServiceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if or .Values.replica.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/vpa.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/replicas/vpa.yaml deleted file mode 100644 index 702a350a..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/replicas/vpa.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.replica.autoscaling.vpa.enabled (not .Values.sentinel.enabled) }} -apiVersion: autoscaling.k8s.io/v1 -kind: VerticalPodAutoscaler -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: replica - app.kubernetes.io/part-of: valkey - {{- if or .Values.replica.autoscaling.vpa.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - resourcePolicy: - containerPolicies: - - containerName: valkey - {{- with .Values.replica.autoscaling.vpa.controlledResources }} - controlledResources: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.replica.autoscaling.vpa.maxAllowed }} - maxAllowed: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.replica.autoscaling.vpa.minAllowed }} - minAllowed: - {{- toYaml . | nindent 8 }} - {{- end }} - targetRef: - apiVersion: apps/v1 - kind: {{ .Values.replica.kind }} - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - {{- if .Values.replica.autoscaling.vpa.updatePolicy }} - updatePolicy: - {{- with .Values.replica.autoscaling.vpa.updatePolicy.updateMode }} - updateMode: {{ . }} - {{- end }} - {{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/role.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/role.yaml deleted file mode 100644 index a01ccb5d..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/role.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - {{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.enabled }} - - apiGroups: - - '{{ template "podSecurityPolicy.apiGroup" . }}' - resources: - - 'podsecuritypolicies' - verbs: - - 'use' - resourceNames: [{{ printf "%s-primary" (include "common.names.fullname" .) }}] - {{- end }} - {{- if and .Values.sentinel.enabled .Values.sentinel.service.createPrimary}} - - apiGroups: [""] - resources: ["pods"] - verbs: ["list", "patch"] - {{- end -}} - {{- if .Values.rbac.rules }} - {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} - {{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/rolebinding.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/rolebinding.yaml deleted file mode 100644 index 1e434e94..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/rolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "common.names.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "valkey.serviceAccountName" . }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/scripts-configmap.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/scripts-configmap.yaml deleted file mode 100644 index 934d5882..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/scripts-configmap.yaml +++ /dev/null @@ -1,792 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} - start-node.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libos.sh - . /opt/bitnami/scripts/liblog.sh - . /opt/bitnami/scripts/libvalidations.sh - - get_port() { - hostname="$1" - type="$2" - - port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") - port=${!port_var} - - if [ -z "$port" ]; then - case $type in - "SENTINEL") - echo {{ .Values.sentinel.containerPorts.sentinel }} - ;; - "VALKEY") - echo {{ .Values.primary.containerPorts.valkey }} - ;; - esac - else - echo $port - fi - } - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - full_hostname="${hostname}.{{- include "common.names.namespace" . }}" - {{- else }} - full_hostname="${hostname}.${HEADLESS_SERVICE}" - {{- end }} - - {{- if .Values.useHostnames }} - echo "${full_hostname}" - {{- else }} - retry_count=0 - until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do - if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then - sleep {{ .Values.nameResolutionTimeout }} - else - error "IP address for ${full_hostname} not found" - exit 1 - fi - ((retry_count++)) - done - {{- end }} - } - - VALKEYPORT=$(get_port "$HOSTNAME" "VALKEY") - - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - - if [ -n "$VALKEY_EXTERNAL_PRIMARY_HOST" ]; then - VALKEY_SERVICE="$VALKEY_EXTERNAL_PRIMARY_HOST" - else - VALKEY_SERVICE="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - fi - - SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "SENTINEL") - validate_quorum() { - if is_boolean_yes "$VALKEY_TLS_ENABLED"; then - quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} sentinel primary {{ .Values.sentinel.primarySet }}" - else - quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT sentinel primary {{ .Values.sentinel.primarySet }}" - fi - info "about to run the command: $quorum_info_command" - eval $quorum_info_command | grep -Fq "s_down" - } - - trigger_manual_failover() { - if is_boolean_yes "$VALKEY_TLS_ENABLED"; then - failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} sentinel failover {{ .Values.sentinel.primarySet }}" - else - failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT sentinel failover {{ .Values.sentinel.primarySet }}" - fi - - info "about to run the command: $failover_command" - eval $failover_command - } - - get_sentinel_primary_info() { - if is_boolean_yes "$VALKEY_TLS_ENABLED"; then - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getPrimaryTimeout }} valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} sentinel get-primary-addr-by-name {{ .Values.sentinel.primarySet }}" - else - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getPrimaryTimeout }} valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-primary-addr-by-name {{ .Values.sentinel.primarySet }}" - fi - - info "about to run the command: $sentinel_info_command" - retry_while "eval $sentinel_info_command" 2 5 - } - - {{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }} - useradd valkey - chown -R valkey {{ .Values.replica.persistence.path }} - {{- end }} - - [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")" - [[ -f $VALKEY_PRIMARY_PASSWORD_FILE ]] && export VALKEY_PRIMARY_PASSWORD="$(< "${VALKEY_PRIMARY_PASSWORD_FILE}")" - - # check if there is a primary - primary_in_persisted_conf="$(get_full_hostname "$HOSTNAME")" - primary_port_in_persisted_conf="$VALKEY_PRIMARY_PORT_NUMBER" - primary_in_sentinel="$(get_sentinel_primary_info)" - valkeyRetVal=$? - - if [[ -f /opt/bitnami/valkey-sentinel/etc/sentinel.conf ]]; then - primary_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/valkey-sentinel/etc/sentinel.conf)" - primary_port_in_persisted_conf="$(awk '/monitor/ {print $5}' /opt/bitnami/valkey-sentinel/etc/sentinel.conf)" - info "Found previous primary ${primary_in_persisted_conf}:${primary_port_in_persisted_conf} in /opt/bitnami/valkey-sentinel/etc/sentinel.conf" - debug "$(cat /opt/bitnami/valkey-sentinel/etc/sentinel.conf | grep monitor)" - fi - - if [[ $valkeyRetVal -ne 0 ]]; then - if [[ "$primary_in_persisted_conf" == "$(get_full_hostname "$HOSTNAME")" ]]; then - # Case 1: No active sentinel and in previous sentinel.conf we were the primary --> PRIMARY - info "Configuring the node as primary" - export VALKEY_REPLICATION_MODE="primary" - else - # Case 2: No active sentinel and in previous sentinel.conf we were not primary --> REPLICA - info "Configuring the node as replica" - export VALKEY_REPLICATION_MODE="replica" - VALKEY_PRIMARY_HOST=${primary_in_persisted_conf} - VALKEY_PRIMARY_PORT_NUMBER=${primary_port_in_persisted_conf} - fi - else - # Fetches current primary's host and port - VALKEY_SENTINEL_INFO=($(get_sentinel_primary_info)) - info "Current primary: VALKEY_SENTINEL_INFO=(${VALKEY_SENTINEL_INFO[0]},${VALKEY_SENTINEL_INFO[1]})" - VALKEY_PRIMARY_HOST=${VALKEY_SENTINEL_INFO[0]} - VALKEY_PRIMARY_PORT_NUMBER=${VALKEY_SENTINEL_INFO[1]} - - if [[ "$VALKEY_PRIMARY_HOST" == "$(get_full_hostname "$HOSTNAME")" ]]; then - # Case 3: Active sentinel and primary it is this node --> PRIMARY - info "Configuring the node as primary" - export VALKEY_REPLICATION_MODE="primary" - else - # Case 4: Active sentinel and primary is not this node --> REPLICA - info "Configuring the node as replica" - export VALKEY_REPLICATION_MODE="replica" - - {{- if and .Values.sentinel.automateClusterRecovery (le (int .Values.sentinel.downAfterMilliseconds) 2000) }} - retry_count=1 - while validate_quorum - do - info "sleeping, waiting for Valkey primary to come up" - sleep 1s - if ! ((retry_count % 11)); then - info "Trying to manually failover" - failover_result=$(trigger_manual_failover) - - debug "Failover result: $failover_result" - fi - - ((retry_count+=1)) - done - info "Valkey primary is up now" - {{- end }} - fi - fi - - if [[ -n "$VALKEY_EXTERNAL_PRIMARY_HOST" ]]; then - VALKEY_PRIMARY_HOST="$VALKEY_EXTERNAL_PRIMARY_HOST" - VALKEY_PRIMARY_PORT_NUMBER="${VALKEY_EXTERNAL_PRIMARY_PORT}" - fi - - if [[ -f /opt/bitnami/valkey/mounted-etc/replica.conf ]];then - cp /opt/bitnami/valkey/mounted-etc/replica.conf /opt/bitnami/valkey/etc/replica.conf - fi - - if [[ -f /opt/bitnami/valkey/mounted-etc/valkey.conf ]];then - cp /opt/bitnami/valkey/mounted-etc/valkey.conf /opt/bitnami/valkey/etc/valkey.conf - fi - - echo "" >> /opt/bitnami/valkey/etc/replica.conf - echo "replica-announce-port $VALKEYPORT" >> /opt/bitnami/valkey/etc/replica.conf - echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/valkey/etc/replica.conf - - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${VALKEY_TLS_PORT}") - ARGS+=("--tls-cert-file" "${VALKEY_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${VALKEY_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${VALKEY_TLS_CA_FILE}") - ARGS+=("--tls-auth-clients" "${VALKEY_TLS_AUTH_CLIENTS}") - ARGS+=("--tls-replication" "yes") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${VALKEY_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- else }} - ARGS=("--port" "${VALKEY_PORT}") - {{- end }} - - if [[ "$VALKEY_REPLICATION_MODE" = "replica" ]]; then - ARGS+=("--replicaof" "${VALKEY_PRIMARY_HOST}" "${VALKEY_PRIMARY_PORT_NUMBER}") - fi - - {{- if .Values.auth.enabled }} - ARGS+=("--requirepass" "${VALKEY_PASSWORD}") - ARGS+=("--primaryauth" "${VALKEY_PRIMARY_PASSWORD}") - {{- else }} - ARGS+=("--protected-mode" "no") - {{- end }} - ARGS+=("--include" "/opt/bitnami/valkey/etc/replica.conf") - ARGS+=("--include" "/opt/bitnami/valkey/etc/valkey.conf") - {{- if .Values.replica.extraFlags }} - {{- range .Values.replica.extraFlags }} - ARGS+=({{ . | quote }}) - {{- end }} - {{- end }} - - {{- if .Values.replica.preExecCmds }} - {{- .Values.replica.preExecCmds | nindent 4 }} - {{- end }} - - {{- if .Values.replica.command }} - exec {{ .Values.replica.command }} "${ARGS[@]}" - {{- else }} - exec valkey-server "${ARGS[@]}" - {{- end }} - - start-sentinel.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libos.sh - . /opt/bitnami/scripts/libvalidations.sh - . /opt/bitnami/scripts/libfile.sh - - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - VALKEY_SERVICE="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - - get_port() { - hostname="$1" - type="$2" - - port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") - port=${!port_var} - - if [ -z "$port" ]; then - case $type in - "SENTINEL") - echo {{ .Values.sentinel.containerPorts.sentinel }} - ;; - "VALKEY") - echo {{ .Values.primary.containerPorts.valkey }} - ;; - esac - else - echo $port - fi - } - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - full_hostname="${hostname}.{{- include "common.names.namespace" . }}" - {{- else }} - full_hostname="${hostname}.${HEADLESS_SERVICE}" - {{- end }} - - {{- if .Values.useHostnames }} - echo "${full_hostname}" - {{- else }} - retry_count=0 - until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do - if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then - sleep {{ .Values.nameResolutionTimeout }} - else - error "IP address for ${full_hostname} not found" - exit 1 - fi - ((retry_count++)) - done - {{- end }} - } - - SERVPORT=$(get_port "$HOSTNAME" "SENTINEL") - VALKEYPORT=$(get_port "$HOSTNAME" "VALKEY") - SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "SENTINEL") - - sentinel_conf_set() { - local -r key="${1:?missing key}" - local value="${2:-}" - - # Sanitize inputs - value="${value//\\/\\\\}" - value="${value//&/\\&}" - value="${value//\?/\\?}" - [[ "$value" = "" ]] && value="\"$value\"" - - replace_in_file "/opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false - } - sentinel_conf_add() { - echo $'\n'"$@" >> "/opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf" - } - host_id() { - echo "$1" | openssl sha1 | awk '{print $2}' - } - get_sentinel_primary_info() { - if is_boolean_yes "$VALKEY_SENTINEL_TLS_ENABLED"; then - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getPrimaryTimeout }} valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${VALKEY_SENTINEL_TLS_CERT_FILE} --key ${VALKEY_SENTINEL_TLS_KEY_FILE} --cacert ${VALKEY_SENTINEL_TLS_CA_FILE} sentinel get-primary-addr-by-name {{ .Values.sentinel.primarySet }}" - else - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$VALKEY_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getPrimaryTimeout }} valkey-cli -h $VALKEY_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-primary-addr-by-name {{ .Values.sentinel.primarySet }}" - fi - info "about to run the command: $sentinel_info_command" - retry_while "eval $sentinel_info_command" 2 5 - } - - [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")" - - primary_in_persisted_conf="$(get_full_hostname "$HOSTNAME")" - - if [[ -f /opt/bitnami/valkey-sentinel/etc/sentinel.conf ]]; then - primary_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/valkey-sentinel/etc/sentinel.conf)" - info "Found previous primary $primary_in_persisted_conf in /opt/bitnami/valkey-sentinel/etc/sentinel.conf" - debug "$(cat /opt/bitnami/valkey-sentinel/etc/sentinel.conf | grep monitor)" - fi - VALKEY_SENTINEL_INFO=($(get_sentinel_primary_info)) - if [ "$?" -eq "0" ]; then - # current primary's host and port obtained from other Sentinel - info "printing VALKEY_SENTINEL_INFO=(${VALKEY_SENTINEL_INFO[0]},${VALKEY_SENTINEL_INFO[1]})" - VALKEY_PRIMARY_HOST=${VALKEY_SENTINEL_INFO[0]} - VALKEY_PRIMARY_PORT_NUMBER=${VALKEY_SENTINEL_INFO[1]} - else - VALKEY_PRIMARY_HOST="$primary_in_persisted_conf" - VALKEY_PRIMARY_PORT_NUMBER="$VALKEYPORT" - fi - if [[ "$VALKEY_PRIMARY_HOST" == "$(get_full_hostname "$HOSTNAME")" ]]; then - export VALKEY_REPLICATION_MODE="primary" - else - export VALKEY_REPLICATION_MODE="replica" - fi - - {{- if .Values.sentinel.service.createPrimary }} - if [[ "${VALKEY_REPLICATION_MODE}" == "primary" ]]; then - # Add isPrimary label to primary node for primary service - echo "${VALKEY_PRIMARY_HOST/.*}" > /etc/shared/current - fi - {{- end }} - - if [[ -n "$VALKEY_EXTERNAL_PRIMARY_HOST" ]]; then - VALKEY_PRIMARY_HOST="$VALKEY_EXTERNAL_PRIMARY_HOST" - VALKEY_PRIMARY_PORT_NUMBER="${VALKEY_EXTERNAL_PRIMARY_PORT}" - fi - - # To prevent incomplete configuration and as the valkey container accesses /opt/bitnami/valkey-sentinel/etc/sentinel.conf - # as well, prepare the new config in `prepare-sentinel.conf` and move it atomically to the ultimate destination when it is complete. - cp /opt/bitnami/valkey-sentinel/mounted-etc/sentinel.conf /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf - {{- if .Values.auth.enabled }} - printf "\nsentinel auth-pass %s %s" "{{ .Values.sentinel.primarySet }}" "$VALKEY_PASSWORD" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf - {{- if and .Values.auth.enabled .Values.auth.sentinel }} - printf "\nrequirepass %s" "$VALKEY_PASSWORD" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf - {{- end }} - {{- end }} - printf "\nsentinel myid %s" "$(host_id "$HOSTNAME")" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf - - if [[ -z "$VALKEY_PRIMARY_HOST" ]] || [[ -z "$VALKEY_PRIMARY_PORT_NUMBER" ]] - then - # Prevent incorrect configuration to be written to sentinel.conf - error "Valkey primary host is configured incorrectly (host: $VALKEY_PRIMARY_HOST, port: $VALKEY_PRIMARY_PORT_NUMBER)" - exit 1 - fi - - sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.primarySet }} "$VALKEY_PRIMARY_HOST" "$VALKEY_PRIMARY_PORT_NUMBER" {{ .Values.sentinel.quorum }}" - - add_known_sentinel() { - hostname="$1" - ip="$2" - - if [[ -n "$hostname" && -n "$ip" && "$hostname" != "$HOSTNAME" ]]; then - sentinel_conf_add "sentinel known-sentinel {{ .Values.sentinel.primarySet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "SENTINEL") $(host_id "$hostname")" - fi - } - add_known_replica() { - hostname="$1" - ip="$2" - - if [[ -n "$ip" && "$(get_full_hostname "$hostname")" != "$VALKEY_PRIMARY_HOST" ]]; then - sentinel_conf_add "sentinel known-replica {{ .Values.sentinel.primarySet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "VALKEY")" - fi - } - - # Add available hosts on the network as known replicas & sentinels - for node in $(seq 0 $(({{ .Values.replica.replicaCount }}-1))); do - hostname="{{ template "common.names.fullname" . }}-node-$node" - ip="$(getent hosts "$hostname.$HEADLESS_SERVICE" | awk '{ print $1 }')" - add_known_sentinel "$hostname" "$ip" - add_known_replica "$hostname" "$ip" - done - - echo "" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf - {{- if not (contains "sentinel announce-hostnames" .Values.sentinel.configuration) }} - echo "sentinel announce-hostnames yes" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf - {{- end }} - {{- if not (contains "sentinel resolve-hostnames" .Values.sentinel.configuration) }} - echo "sentinel resolve-hostnames yes" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf - {{- end }} - {{- if not (contains "sentinel announce-port" .Values.sentinel.configuration) }} - echo "sentinel announce-port $SERVPORT" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf - {{- end }} - {{- if not (contains "sentinel announce-ip" .Values.sentinel.configuration) }} - echo "sentinel announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf - {{- end }} - - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${VALKEY_SENTINEL_TLS_PORT_NUMBER}") - ARGS+=("--tls-cert-file" "${VALKEY_SENTINEL_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${VALKEY_SENTINEL_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${VALKEY_SENTINEL_TLS_CA_FILE}") - ARGS+=("--tls-replication" "yes") - ARGS+=("--tls-auth-clients" "${VALKEY_SENTINEL_TLS_AUTH_CLIENTS}") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${VALKEY_SENTINEL_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- end }} - {{- if .Values.sentinel.preExecCmds }} - {{ .Values.sentinel.preExecCmds | nindent 4 }} - {{- end }} - mv /opt/bitnami/valkey-sentinel/etc/prepare-sentinel.conf /opt/bitnami/valkey-sentinel/etc/sentinel.conf - exec valkey-server /opt/bitnami/valkey-sentinel/etc/sentinel.conf {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }} --sentinel - prestop-sentinel.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libvalidations.sh - . /opt/bitnami/scripts/libos.sh - - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - full_hostname="${hostname}.{{- include "common.names.namespace" . }}" - {{- else }} - full_hostname="${hostname}.${HEADLESS_SERVICE}" - {{- end }} - - {{- if .Values.useHostnames }} - echo "${full_hostname}" - {{- else }} - retry_count=0 - until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do - if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then - sleep {{ .Values.nameResolutionTimeout }} - else - error "IP address for ${full_hostname} not found" - exit 1 - fi - ((retry_count++)) - done - {{- end }} - } - - run_sentinel_command() { - if is_boolean_yes "$VALKEY_SENTINEL_TLS_ENABLED"; then - valkey-cli -h "$VALKEY_SERVICE" -p "$VALKEY_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$VALKEY_SENTINEL_TLS_CERT_FILE" --key "$VALKEY_SENTINEL_TLS_KEY_FILE" --cacert "$VALKEY_SENTINEL_TLS_CA_FILE" sentinel "$@" - else - valkey-cli -h "$VALKEY_SERVICE" -p "$VALKEY_SENTINEL_PORT" sentinel "$@" - fi - } - sentinel_failover_finished() { - VALKEY_SENTINEL_INFO=($(run_sentinel_command get-primary-addr-by-name "{{ .Values.sentinel.primarySet }}")) - VALKEY_PRIMARY_HOST="${VALKEY_SENTINEL_INFO[0]}" - [[ "$VALKEY_PRIMARY_HOST" != "$(get_full_hostname $HOSTNAME)" ]] - } - - VALKEY_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - - {{ if .Values.auth.sentinel -}} - # valkey-cli automatically consumes credentials from the REDISCLI_AUTH variable - [[ -n "$VALKEY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PASSWORD" - [[ -f "$VALKEY_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${VALKEY_PASSWORD_FILE}")" - {{- end }} - - if ! sentinel_failover_finished; then - echo "I am the primary pod and you are stopping me. Starting sentinel failover" - if retry_while "sentinel_failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1; then - echo "Primary has been successfuly failed over to a different pod." - exit 0 - else - echo "Primary failover failed" - exit 1 - fi - else - exit 0 - fi - prestop-valkey.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libvalidations.sh - . /opt/bitnami/scripts/libos.sh - - run_valkey_command() { - if is_boolean_yes "$VALKEY_TLS_ENABLED"; then - valkey-cli -h 127.0.0.1 -p "$VALKEY_TLS_PORT" --tls --cert "$VALKEY_TLS_CERT_FILE" --key "$VALKEY_TLS_KEY_FILE" --cacert "$VALKEY_TLS_CA_FILE" "$@" - else - valkey-cli -h 127.0.0.1 -p "$VALKEY_PORT" "$@" - fi - } - is_primary() { - VALKEY_ROLE=$(run_valkey_command role | head -1) - [[ "$VALKEY_ROLE" == "master" ]] - } - - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{- include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - full_hostname="${hostname}.{{- include "common.names.namespace" . }}" - {{- else }} - full_hostname="${hostname}.${HEADLESS_SERVICE}" - {{- end }} - - {{- if .Values.useHostnames }} - echo "${full_hostname}" - {{- else }} - retry_count=0 - until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do - if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then - sleep {{ .Values.nameResolutionTimeout }} - else - error "IP address for ${full_hostname} not found" - exit 1 - fi - ((retry_count++)) - done - {{- end }} - } - - run_sentinel_command() { - if is_boolean_yes "$VALKEY_SENTINEL_TLS_ENABLED"; then - {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} valkey-cli -h "$VALKEY_SERVICE" -p "$VALKEY_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$VALKEY_SENTINEL_TLS_CERT_FILE" --key "$VALKEY_SENTINEL_TLS_KEY_FILE" --cacert "$VALKEY_SENTINEL_TLS_CA_FILE" sentinel "$@" - else - {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} valkey-cli -h "$VALKEY_SERVICE" -p "$VALKEY_SENTINEL_PORT" sentinel "$@" - fi - } - sentinel_failover_finished() { - VALKEY_SENTINEL_INFO=($(run_sentinel_command get-primary-addr-by-name "{{ .Values.sentinel.primarySet }}")) - VALKEY_PRIMARY_HOST="${VALKEY_SENTINEL_INFO[0]}" - [[ "$VALKEY_PRIMARY_HOST" != "$(get_full_hostname $HOSTNAME)" ]] - } - - VALKEY_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - - # valkey-cli automatically consumes credentials from the REDISCLI_AUTH variable - [[ -n "$VALKEY_PASSWORD" ]] && export REDISCLI_AUTH="$VALKEY_PASSWORD" - [[ -f "$VALKEY_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${VALKEY_PASSWORD_FILE}")" - - - if is_primary && ! sentinel_failover_finished; then - echo "I am the primary pod and you are stopping me. Pausing client connections." - # Pausing client write connections to avoid data loss - run_valkey_command CLIENT PAUSE "{{ mul (add 2 (sub .Values.sentinel.terminationGracePeriodSeconds 10)) 1000 }}" WRITE - - echo "Issuing failover" - # if I am the primary, issue a command to failover once - run_sentinel_command failover "{{ .Values.sentinel.primarySet }}" - - {{- if .Values.sentinel.valkeyShutdownWaitFailover }} - echo "Waiting for sentinel to complete failover for up to {{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}s" - retry_while "sentinel_failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1 - {{- end }} - else - exit 0 - fi - - {{- if .Values.sentinel.service.createPrimary}} - push-primary-label.sh: | - #!/bin/bash - # https://download.valkey.io/valkey-stable/sentinel.conf - - echo "${6/.*}" > /etc/shared/current - echo "${4/.*}" > /etc/shared/previous - {{- end }} -{{- else }} - start-primary.sh: | - #!/bin/bash - - [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")" - {{- if and .Values.primary.containerSecurityContext.runAsUser (eq (.Values.primary.containerSecurityContext.runAsUser | int) 0) }} - useradd valkey - chown -R valkey {{ .Values.primary.persistence.path }} - {{- end }} - if [[ -f /opt/bitnami/valkey/mounted-etc/primary.conf ]];then - cp /opt/bitnami/valkey/mounted-etc/primary.conf /opt/bitnami/valkey/etc/primary.conf - fi - if [[ -f /opt/bitnami/valkey/mounted-etc/valkey.conf ]];then - cp /opt/bitnami/valkey/mounted-etc/valkey.conf /opt/bitnami/valkey/etc/valkey.conf - fi - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${VALKEY_TLS_PORT}") - ARGS+=("--tls-cert-file" "${VALKEY_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${VALKEY_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${VALKEY_TLS_CA_FILE}") - ARGS+=("--tls-auth-clients" "${VALKEY_TLS_AUTH_CLIENTS}") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${VALKEY_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- else }} - ARGS=("--port" "${VALKEY_PORT}") - {{- end }} - {{- if .Values.auth.enabled }} - ARGS+=("--requirepass" "${VALKEY_PASSWORD}") - ARGS+=("--primaryauth" "${VALKEY_PASSWORD}") - {{- else }} - ARGS+=("--protected-mode" "no") - {{- end }} - ARGS+=("--include" "/opt/bitnami/valkey/etc/valkey.conf") - ARGS+=("--include" "/opt/bitnami/valkey/etc/primary.conf") - {{- if .Values.primary.extraFlags }} - {{- range .Values.primary.extraFlags }} - ARGS+=({{ . | quote }}) - {{- end }} - {{- end }} - {{- if .Values.primary.preExecCmds }} - {{ .Values.primary.preExecCmds | nindent 4 }} - {{- end }} - {{- if .Values.primary.command }} - exec {{ .Values.primary.command }} "${ARGS[@]}" - {{- else }} - exec valkey-server "${ARGS[@]}" - {{- end }} - {{- if eq .Values.architecture "replication" }} - start-replica.sh: | - #!/bin/bash - - get_port() { - hostname="$1" - type="$2" - - port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") - port=${!port_var} - - if [ -z "$port" ]; then - case $type in - "SENTINEL") - echo {{ .Values.sentinel.containerPorts.sentinel }} - ;; - "VALKEY") - echo {{ .Values.primary.containerPorts.valkey }} - ;; - esac - else - echo $port - fi - } - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - full_hostname="${hostname}.{{- include "valkey.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - full_hostname="${hostname}.{{- include "common.names.namespace" . }}" - {{- else }} - full_hostname="${hostname}.${HEADLESS_SERVICE}" - {{- end }} - - {{- if .Values.useHostnames }} - echo "${full_hostname}" - {{- else }} - retry_count=0 - until getent hosts "${full_hostname}" | awk '{ print $1; exit }' | grep .; do - if [[ $retry_count -lt {{ .Values.nameResolutionThreshold }} ]]; then - sleep {{ .Values.nameResolutionTimeout }} - else - error "IP address for ${full_hostname} not found" - exit 1 - fi - ((retry_count++)) - done - {{- end }} - } - - VALKEYPORT=$(get_port "$HOSTNAME" "VALKEY") - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}" - - [[ -f $VALKEY_PASSWORD_FILE ]] && export VALKEY_PASSWORD="$(< "${VALKEY_PASSWORD_FILE}")" - [[ -f $VALKEY_PRIMARY_PASSWORD_FILE ]] && export VALKEY_PRIMARY_PASSWORD="$(< "${VALKEY_PRIMARY_PASSWORD_FILE}")" - {{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }} - useradd valkey - chown -R valkey {{ .Values.replica.persistence.path }} - {{- end }} - if [[ -f /opt/bitnami/valkey/mounted-etc/replica.conf ]];then - cp /opt/bitnami/valkey/mounted-etc/replica.conf /opt/bitnami/valkey/etc/replica.conf - fi - if [[ -f /opt/bitnami/valkey/mounted-etc/valkey.conf ]];then - cp /opt/bitnami/valkey/mounted-etc/valkey.conf /opt/bitnami/valkey/etc/valkey.conf - fi - - echo "" >> /opt/bitnami/valkey/etc/replica.conf - echo "replica-announce-port $VALKEYPORT" >> /opt/bitnami/valkey/etc/replica.conf - echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/valkey/etc/replica.conf - - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${VALKEY_TLS_PORT}") - ARGS+=("--tls-cert-file" "${VALKEY_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${VALKEY_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${VALKEY_TLS_CA_FILE}") - ARGS+=("--tls-auth-clients" "${VALKEY_TLS_AUTH_CLIENTS}") - ARGS+=("--tls-replication" "yes") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${VALKEY_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- else }} - ARGS=("--port" "${VALKEY_PORT}") - {{- end }} - ARGS+=("--replicaof" "${VALKEY_PRIMARY_HOST}" "${VALKEY_PRIMARY_PORT_NUMBER}") - {{- if .Values.auth.enabled }} - ARGS+=("--requirepass" "${VALKEY_PASSWORD}") - ARGS+=("--primaryauth" "${VALKEY_PRIMARY_PASSWORD}") - {{- else }} - ARGS+=("--protected-mode" "no") - {{- end }} - ARGS+=("--include" "/opt/bitnami/valkey/etc/valkey.conf") - ARGS+=("--include" "/opt/bitnami/valkey/etc/replica.conf") - {{- if .Values.replica.extraFlags }} - {{- range .Values.replica.extraFlags }} - ARGS+=({{ . | quote }}) - {{- end }} - {{- end }} - {{- if .Values.replica.preExecCmds }} - {{ .Values.replica.preExecCmds | nindent 4 }} - {{- end }} - {{- if .Values.replica.command }} - exec {{ .Values.replica.command }} "${ARGS[@]}" - {{- else }} - exec valkey-server "${ARGS[@]}" - {{- end }} - {{- end }} -{{- end }} ---- -{{- if .Values.sentinel.service.createPrimary}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-kubectl-scripts" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - update-primary-label.sh: | - #!/bin/bash - while true; do - while [ ! -f "/etc/shared/current" ]; do - sleep 1 - done - echo "new primary elected, updating label(s)..." - kubectl label pod --field-selector metadata.name="$(< "/etc/shared/current")" isPrimary="true" --overwrite - if [ -f /etc/shared/previous ]; then - kubectl label pod --field-selector metadata.name="$(< "/etc/shared/previous")" isPrimary="false" --overwrite - fi - rm "/etc/shared/current" "/etc/shared/previous" - done -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/secret-svcbind.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/secret-svcbind.yaml deleted file mode 100644 index 5609e04c..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/secret-svcbind.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.serviceBindings.enabled }} -{{- $host := include "common.names.fullname" . }} -{{- if not .Values.sentinel.enabled }} -{{- $host = printf "%s-primary" (include "common.names.fullname" .) }} -{{- end }} -{{- $port := print .Values.primary.service.ports.valkey }} -{{- if .Values.sentinel.enabled }} -{{- $port = print .Values.sentinel.service.ports.valkey }} -{{- end }} -{{- $password := include "valkey.password" . }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }}-svcbind - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: servicebinding.io/valkey -data: - provider: {{ print "bitnami" | b64enc | quote }} - type: {{ print "valkey" | b64enc | quote }} - host: {{ print $host | b64enc | quote }} - port: {{ print $port | b64enc | quote }} - password: {{ print $password | b64enc | quote }} - {{- if $password }} - uri: {{ printf "valkey://:%s@%s:%s" $password $host $port | b64enc | quote }} - {{- else }} - uri: {{ printf "valkey://%s:%s" $host $port | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/secret.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/secret.yaml deleted file mode 100644 index 9145bf52..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/secret.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) (or .Values.auth.usePasswordFileFromSecret (not .Values.auth.usePasswordFiles)) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if or .Values.secretAnnotations .Values.commonAnnotations }} - annotations: - {{- if .Values.secretAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.secretAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -type: Opaque -data: - valkey-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "valkey-password" "providedValues" (list "global.valkey.password" "auth.password") "length" 10 "honorProvidedValues" true "context" $) }} -{{- end -}} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/hpa.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/hpa.yaml deleted file mode 100644 index a9f71b98..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/hpa.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.replica.autoscaling.hpa.enabled .Values.sentinel.enabled }} -apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: replica - app.kubernetes.io/part-of: valkey - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: StatefulSet - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - minReplicas: {{ .Values.replica.autoscaling.hpa.minReplicas }} - maxReplicas: {{ .Values.replica.autoscaling.hpa.maxReplicas }} - metrics: - {{- if .Values.replica.autoscaling.hpa.targetMemory }} - - type: Resource - resource: - name: memory - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.hpa.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.hpa.targetMemory }} - {{- end }} - {{- end }} - {{- if .Values.replica.autoscaling.hpa.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.hpa.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.hpa.targetCPU }} - {{- end }} - {{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/node-services.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/node-services.yaml deleted file mode 100644 index 2ffeb7cb..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/node-services.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (or .Release.IsUpgrade .Values.sentinel.service.nodePorts.valkey ) }} - -{{- range $i := until (int .Values.replica.replicaCount) }} - -{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" $) (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data }} - -{{ $sentinelport := 0}} -{{ $valkeyport := 0}} -{{- if $portsmap }} -{{ $sentinelport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "sentinel") }} -{{ $valkeyport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "valkey") }} -{{- else }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" $ }}-node-{{ $i }} - namespace: {{ include "common.names.namespace" $ | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: node - app.kubernetes.io/part-of: valkey - {{- if or $.Values.commonAnnotations $.Values.sentinel.service.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $.Values.sentinel.service.annotations $.Values.commonAnnotations ) "context" $ ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: NodePort - ports: - - name: sentinel - {{- if $.Values.sentinel.service.nodePorts.sentinel }} - nodePort: {{ (add $.Values.sentinel.service.nodePorts.sentinel $i 1) }} - port: {{ (add $.Values.sentinel.service.nodePorts.sentinel $i 1) }} - {{- else }} - nodePort: {{ $sentinelport }} - port: {{ $sentinelport }} - {{- end }} - protocol: TCP - targetPort: {{ $.Values.sentinel.containerPorts.sentinel }} - - name: valkey - {{- if $.Values.sentinel.service.nodePorts.valkey }} - nodePort: {{ (add $.Values.sentinel.service.nodePorts.valkey $i 1) }} - port: {{ (add $.Values.sentinel.service.nodePorts.valkey $i 1) }} - {{- else }} - nodePort: {{ $valkeyport }} - port: {{ $valkeyport }} - {{- end }} - protocol: TCP - targetPort: {{ $.Values.replica.containerPorts.valkey }} - - name: sentinel-internal - nodePort: null - port: {{ $.Values.sentinel.containerPorts.sentinel }} - protocol: TCP - targetPort: {{ $.Values.sentinel.containerPorts.sentinel }} - - name: valkey-internal - nodePort: null - port: {{ $.Values.replica.containerPorts.valkey }} - protocol: TCP - targetPort: {{ $.Values.replica.containerPorts.valkey }} - selector: - statefulset.kubernetes.io/pod-name: {{ template "common.names.fullname" $ }}-node-{{ $i }} ---- -{{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/pdb.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/pdb.yaml deleted file mode 100644 index 87bea09f..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/pdb.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} -{{- $pdb := coalesce .Values.pdb .Values.replica.pdb }} -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled $pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: node - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if $pdb.minAvailable }} - minAvailable: {{ $pdb.minAvailable }} - {{- end }} - {{- if or $pdb.maxUnavailable (not $pdb.minAvailable) }} - maxUnavailable: {{ $pdb.maxUnavailable | default 1 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: node -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/ports-configmap.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/ports-configmap.yaml deleted file mode 100644 index 35f95c0f..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/ports-configmap.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Values.sentinel.service.nodePorts.valkey ) }} -{{- /* create a list to keep track of ports we choose to use */}} -{{ $chosenports := (list ) }} - -{{- /* Get list of all used nodeports */}} -{{ $usedports := (list ) }} -{{- range $index, $service := (lookup "v1" "Service" "" "").items }} - {{- range.spec.ports }} - {{- if .nodePort }} - {{- $usedports = (append $usedports .nodePort) }} - {{- end }} - {{- end }} -{{- end }} - -{{- /* -comments that start with # are rendered in the output when you debug, so you can less and search for them -Vars in the comment will be rendered out, so you can check their value this way. -https://helm.sh/docs/chart_best_practices/templates/#comments-yaml-comments-vs-template-comments - -remove the template comments and leave the yaml comments to help debug -*/}} - -{{- /* Sort the list */}} -{{ $usedports = $usedports | sortAlpha }} -#usedports {{ $usedports }} - -{{- /* How many nodeports per service do we want to create, except for the main service which is always two */}} -{{ $numberofPortsPerNodeService := 2 }} - -{{- /* for every nodeport we want, loop though the used ports to get an unused port */}} -{{- range $j := until (int (add (mul (int .Values.replica.replicaCount) $numberofPortsPerNodeService) 2)) }} - {{- /* #j={{ $j }} */}} - {{- $nodeport := (add $j 30000) }} - {{- $nodeportfound := false }} - {{- range $i := $usedports }} - {{- /* #i={{ $i }} - #nodeport={{ $nodeport }} - #usedports={{ $usedports }} */}} - {{- if and (has (toString $nodeport) $usedports) (eq $nodeportfound false) }} - {{- /* nodeport conflicts with in use */}} - {{- $nodeport = (add $nodeport 1) }} - {{- else if and ( has $nodeport $chosenports) (eq $nodeportfound false) }} - {{- /* nodeport already chosen, try another */}} - {{- $nodeport = (add $nodeport 1) }} - {{- else if (eq $nodeportfound false) }} - {{- /* nodeport free to use: not already claimed and not in use */}} - {{- /* select nodeport, and place into usedports */}} - {{- $chosenports = (append $chosenports $nodeport) }} - {{- $nodeportfound = true }} - {{- else }} - {{- /* nodeport has already been chosen and locked in, just work through the rest of the list to get to the next nodeport selection */}} - {{- end }} - {{- end }} - {{- if (eq $nodeportfound false) }} - {{- $chosenports = (append $chosenports $nodeport) }} - {{- end }} - -{{- end }} - -{{- /* print the usedports and chosenports for debugging */}} -#usedports {{ $usedports }} -#chosenports {{ $chosenports }}}} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "common.names.fullname" . }}-ports-configmap - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if .Values.commonAnnotations }} - annotations: - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" .) (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }} -{{- if $portsmap }} -{{- /* configmap already exists, do not install again */ -}} - {{- range $name, $value := $portsmap }} - "{{ $name }}": "{{ $value }}" - {{- end }} -{{- else }} -{{- /* configmap being set for first time */ -}} - {{- range $index, $port := $chosenports }} - {{- $nodenumber := (floor (div $index 2)) }} - {{- if (eq $index 0) }} - "{{ template "common.names.fullname" $ }}-sentinel": "{{ $port }}" - {{- else if (eq $index 1) }} - "{{ template "common.names.fullname" $ }}-valkey": "{{ $port }}" - {{- else if (eq (mod $index 2) 0) }} - "{{ template "common.names.fullname" $ }}-node-{{ (sub $nodenumber 1) }}-sentinel": "{{ $port }}" - {{- else if (eq (mod $index 2) 1) }} - "{{ template "common.names.fullname" $ }}-node-{{ (sub $nodenumber 1) }}-valkey": "{{ $port }}" - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/service.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/service.yaml deleted file mode 100644 index 9c25a95d..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/service.yaml +++ /dev/null @@ -1,162 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.valkey -}} -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} -{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" .) (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }} - -{{ $sentinelport := 0}} -{{ $valkeyport := 0}} -{{- if $portsmap }} -{{ $sentinelport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "sentinel") }} -{{ $valkeyport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "valkey") }} -{{- else }} -{{- end }} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: node - app.kubernetes.io/part-of: valkey - {{- if or .Values.sentinel.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.sentinel.service.type }} - {{- if or (eq .Values.sentinel.service.type "LoadBalancer") (eq .Values.sentinel.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.sentinel.service.type "LoadBalancer") .Values.sentinel.service.loadBalancerClass }} - loadBalancerClass: {{ .Values.sentinel.service.loadBalancerClass }} - {{- end }} - {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if and .Values.sentinel.service.clusterIP (eq .Values.sentinel.service.type "ClusterIP") }} - clusterIP: {{ .Values.sentinel.service.clusterIP }} - {{- end }} - {{- if .Values.sentinel.service.sessionAffinity }} - sessionAffinity: {{ .Values.sentinel.service.sessionAffinity }} - {{- end }} - {{- if .Values.sentinel.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.valkey }} - port: {{ .Values.sentinel.service.nodePorts.valkey }} - {{- else if eq .Values.sentinel.service.type "NodePort" }} - port: {{ $valkeyport }} - {{- else}} - port: {{ .Values.sentinel.service.ports.valkey }} - {{- end }} - targetPort: {{ .Values.replica.containerPorts.valkey }} - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.valkey }} - nodePort: {{ .Values.sentinel.service.nodePorts.valkey }} - {{- else if eq .Values.sentinel.service.type "ClusterIP" }} - nodePort: null - {{- else if eq .Values.sentinel.service.type "NodePort" }} - nodePort: {{ $valkeyport }} - {{- end }} - - name: tcp-sentinel - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.sentinel }} - port: {{ .Values.sentinel.service.nodePorts.sentinel }} - {{- else if eq .Values.sentinel.service.type "NodePort" }} - port: {{ $sentinelport }} - {{- else }} - port: {{ .Values.sentinel.service.ports.sentinel }} - {{- end }} - targetPort: {{ .Values.sentinel.containerPorts.sentinel }} - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.sentinel }} - nodePort: {{ .Values.sentinel.service.nodePorts.sentinel }} - {{- else if eq .Values.sentinel.service.type "ClusterIP" }} - nodePort: null - {{- else if eq .Values.sentinel.service.type "NodePort" }} - nodePort: {{ $sentinelport }} - {{- end }} - {{- if eq .Values.sentinel.service.type "NodePort" }} - - name: sentinel-internal - nodePort: null - port: {{ .Values.sentinel.containerPorts.sentinel }} - protocol: TCP - targetPort: {{ .Values.sentinel.containerPorts.sentinel }} - - name: valkey-internal - nodePort: null - port: {{ .Values.replica.containerPorts.valkey }} - protocol: TCP - targetPort: {{ .Values.replica.containerPorts.valkey }} - {{- end }} - {{- if .Values.sentinel.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: node - -{{- if and .Values.sentinel.enabled .Values.sentinel.service.createPrimary}} ---- -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "common.names.fullname" . }}-primary" - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: node - {{- if or .Values.sentinel.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.sentinel.service.type }} - {{- if or (eq .Values.sentinel.service.type "LoadBalancer") (eq .Values.sentinel.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.sentinel.service.type "LoadBalancer") .Values.sentinel.service.loadBalancerClass }} - loadBalancerClass: {{ .Values.sentinel.service.loadBalancerClass }} - {{- end }} - {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if and .Values.sentinel.service.clusterIP (eq .Values.sentinel.service.type "ClusterIP") }} - clusterIP: {{ .Values.sentinel.service.clusterIP }} - {{- end }} - {{- if .Values.sentinel.service.sessionAffinity }} - sessionAffinity: {{ .Values.sentinel.service.sessionAffinity }} - {{- end }} - {{- if .Values.sentinel.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.valkey }} - port: {{ .Values.sentinel.service.nodePorts.valkey }} - {{- else if eq .Values.sentinel.service.type "NodePort" }} - port: {{ $valkeyport }} - {{- else}} - port: {{ .Values.sentinel.service.ports.valkey }} - {{- end }} - targetPort: {{ .Values.replica.containerPorts.valkey }} - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.valkey }} - nodePort: {{ .Values.sentinel.service.nodePorts.valkey }} - {{- else if eq .Values.sentinel.service.type "ClusterIP" }} - nodePort: null - {{- else if eq .Values.sentinel.service.type "NodePort" }} - nodePort: {{ $valkeyport }} - {{- end }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} - isPrimary: "true" -{{- end }} -{{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/statefulset.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/statefulset.yaml deleted file mode 100644 index 2ff6ebe5..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/statefulset.yaml +++ /dev/null @@ -1,807 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.valkey -}} -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: node - app.kubernetes.io/part-of: valkey - {{- if or .Values.commonAnnotations .Values.sentinel.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replica.replicaCount }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: node - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - {{- if .Values.replica.updateStrategy }} - updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }} - {{- end }} - {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }} - minReadySeconds: {{ .Values.replica.minReadySeconds }} - {{- end }} - {{- if .Values.replica.podManagementPolicy }} - podManagementPolicy: {{ .Values.replica.podManagementPolicy | quote }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - app.kubernetes.io/component: node - {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} - {{- end }} - annotations: - {{- if (include "valkey.createConfigmap" .) }} - checksum/configmap: {{ pick ( include (print $.Template.BasePath "/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - {{- end }} - checksum/health: {{ pick ( include (print $.Template.BasePath "/health-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - checksum/scripts: {{ pick ( include (print $.Template.BasePath "/scripts-configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - checksum/secret: {{ pick ( include (print $.Template.BasePath "/secret.yaml") . | fromYaml ) "data" | toYaml | sha256sum }} - {{- if .Values.replica.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- include "valkey.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.replica.automountServiceAccountToken }} - {{- if .Values.replica.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "valkey.serviceAccountName" . }} - {{- if .Values.replica.priorityClassName }} - priorityClassName: {{ .Values.replica.priorityClassName | quote }} - {{- end }} - {{- if .Values.replica.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "node" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "node" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.replica.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }} - {{- end }} - {{- if .Values.replica.schedulerName }} - schedulerName: {{ .Values.replica.schedulerName | quote }} - {{- end }} - {{- if .Values.replica.dnsPolicy }} - dnsPolicy: {{ .Values.replica.dnsPolicy }} - {{- end }} - {{- if .Values.replica.dnsConfig }} - dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.dnsConfig "context" $) | nindent 8 }} - {{- end }} - enableServiceLinks: {{ .Values.sentinel.enableServiceLinks }} - terminationGracePeriodSeconds: {{ .Values.sentinel.terminationGracePeriodSeconds }} - {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }} - {{- if or .Values.replica.initContainers $needsVolumePermissions }} - initContainers: - {{- if .Values.replica.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if $needsVolumePermissions }} - - name: volume-permissions - image: {{ include "valkey.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }} - {{- else }} - chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: valkey-data - mountPath: {{ .Values.replica.persistence.path }} - {{- if .Values.replica.persistence.subPath }} - subPath: {{ .Values.replica.persistence.subPath }} - {{- else if .Values.replica.persistence.subPathExpr }} - subPathExpr: {{ .Values.replica.persistence.subPathExpr }} - {{- end }} - {{- end }} - {{- end }} - containers: - - name: valkey - image: {{ template "valkey.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }} - {{- else }} - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -c - - /opt/bitnami/scripts/start-scripts/prestop-valkey.sh - {{- end }} - {{- end }} - {{- if .Values.replica.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.replica.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.replica.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-node.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: VALKEY_PRIMARY_PORT_NUMBER - value: {{ .Values.replica.containerPorts.valkey | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: VALKEY_PASSWORD_FILE - value: "/opt/bitnami/valkey/secrets/valkey-password" - - name: VALKEY_PRIMARY_PASSWORD_FILE - value: "/opt/bitnami/valkey/secrets/valkey-password" - {{- else }} - - name: VALKEY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "valkey.secretName" . }} - key: {{ template "valkey.secretPasswordKey" . }} - - name: VALKEY_PRIMARY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "valkey.secretName" . }} - key: {{ template "valkey.secretPasswordKey" . }} - {{- end }} - {{- end }} - - name: VALKEY_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: VALKEY_TLS_PORT - value: {{ .Values.replica.containerPorts.valkey | quote }} - - name: VALKEY_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: VALKEY_TLS_CERT_FILE - value: {{ template "valkey.tlsCert" . }} - - name: VALKEY_TLS_KEY_FILE - value: {{ template "valkey.tlsCertKey" . }} - - name: VALKEY_TLS_CA_FILE - value: {{ template "valkey.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: VALKEY_TLS_DH_PARAMS_FILE - value: {{ template "valkey.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: VALKEY_PORT - value: {{ .Values.replica.containerPorts.valkey | quote }} - {{- end }} - - name: VALKEY_SENTINEL_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: VALKEY_SENTINEL_TLS_PORT_NUMBER - value: {{ .Values.sentinel.containerPorts.sentinel | quote }} - - name: VALKEY_SENTINEL_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: VALKEY_SENTINEL_TLS_CERT_FILE - value: {{ template "valkey.tlsCert" . }} - - name: VALKEY_SENTINEL_TLS_KEY_FILE - value: {{ template "valkey.tlsCertKey" . }} - - name: VALKEY_SENTINEL_TLS_CA_FILE - value: {{ template "valkey.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: VALKEY_SENTINEL_TLS_DH_PARAMS_FILE - value: {{ template "valkey.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: VALKEY_SENTINEL_PORT - value: {{ .Values.sentinel.containerPorts.sentinel | quote }} - {{- end }} - - name: VALKEY_DATA_DIR - value: {{ .Values.replica.persistence.path }} - {{- if .Values.replica.externalPrimary.enabled }} - - name: VALKEY_EXTERNAL_PRIMARY_HOST - value: {{ .Values.replica.externalPrimary.host | quote }} - - name: VALKEY_EXTERNAL_PRIMARY_PORT - value: {{ .Values.replica.externalPrimary.port | quote }} - {{- end }} - {{- if .Values.replica.extraEnvVars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraEnvVars "context" $ ) | nindent 12 }} - {{- end }} - {{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }} - envFrom: - {{- if .Values.replica.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.replica.extraEnvVarsCM }} - {{- end }} - {{- if .Values.replica.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.replica.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: valkey - containerPort: {{ .Values.replica.containerPorts.valkey }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.replica.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.replica.startupProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - sh - - -c - - /health/ping_liveness_local.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.replica.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.replica.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.replica.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_liveness_local.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.replica.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.replica.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.replica.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_readiness_local.sh {{ .Values.replica.readinessProbe.timeoutSeconds }} - {{- end }} - {{- end }} - {{- if .Values.replica.resources }} - resources: {{- toYaml .Values.replica.resources | nindent 12 }} - {{- else if ne .Values.replica.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.replica.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - - name: sentinel-data - mountPath: /opt/bitnami/valkey-sentinel/etc - {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} - - name: valkey-password - mountPath: /opt/bitnami/valkey/secrets/ - {{- end }} - - name: valkey-data - mountPath: {{ .Values.replica.persistence.path }} - {{- if .Values.replica.persistence.subPath }} - subPath: {{ .Values.replica.persistence.subPath }} - {{- else if .Values.replica.persistence.subPathExpr }} - subPathExpr: {{ .Values.replica.persistence.subPathExpr }} - {{- end }} - - name: config - mountPath: /opt/bitnami/valkey/mounted-etc - - name: empty-dir - mountPath: /opt/bitnami/valkey/etc - subPath: app-conf-dir - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.tls.enabled }} - - name: valkey-certificates - mountPath: /opt/bitnami/valkey/certs - readOnly: true - {{- end }} - {{- if .Values.replica.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - - name: sentinel - image: {{ template "valkey.sentinel.image" . }} - imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.sentinel.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.lifecycleHooks "context" $) | nindent 12 }} - {{- else }} - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -c - - /opt/bitnami/scripts/start-scripts/prestop-sentinel.sh - {{- end }} - {{- end }} - {{- if .Values.sentinel.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.sentinel.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.sentinel.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.sentinel.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-sentinel.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.sentinel.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: VALKEY_PASSWORD_FILE - value: "/opt/bitnami/valkey/secrets/valkey-password" - {{- else }} - - name: VALKEY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "valkey.secretName" . }} - key: {{ template "valkey.secretPasswordKey" . }} - {{- end }} - {{- else }} - - name: ALLOW_EMPTY_PASSWORD - value: "yes" - {{- end }} - - name: VALKEY_SENTINEL_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: VALKEY_SENTINEL_TLS_PORT_NUMBER - value: {{ .Values.sentinel.containerPorts.sentinel | quote }} - - name: VALKEY_SENTINEL_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: VALKEY_SENTINEL_TLS_CERT_FILE - value: {{ template "valkey.tlsCert" . }} - - name: VALKEY_SENTINEL_TLS_KEY_FILE - value: {{ template "valkey.tlsCertKey" . }} - - name: VALKEY_SENTINEL_TLS_CA_FILE - value: {{ template "valkey.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: VALKEY_SENTINEL_TLS_DH_PARAMS_FILE - value: {{ template "valkey.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: VALKEY_SENTINEL_PORT - value: {{ .Values.sentinel.containerPorts.sentinel | quote }} - {{- end }} - {{- if .Values.sentinel.externalPrimary.enabled }} - - name: VALKEY_EXTERNAL_PRIMARY_HOST - value: {{ .Values.sentinel.externalPrimary.host | quote }} - - name: VALKEY_EXTERNAL_PRIMARY_PORT - value: {{ .Values.sentinel.externalPrimary.port | quote }} - {{- end }} - {{- if .Values.sentinel.extraEnvVars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraEnvVars "context" $ ) | nindent 12 }} - {{- end }} - {{- if or .Values.sentinel.extraEnvVarsCM .Values.sentinel.extraEnvVarsSecret }} - envFrom: - {{- if .Values.sentinel.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.sentinel.extraEnvVarsCM }} - {{- end }} - {{- if .Values.sentinel.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.sentinel.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: valkey-sentinel - containerPort: {{ .Values.sentinel.containerPorts.sentinel }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.sentinel.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.sentinel.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.sentinel.startupProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - sh - - -c - - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.sentinel.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.sentinel.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} - {{- end }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.sentinel.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.sentinel.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_sentinel.sh {{ .Values.sentinel.readinessProbe.timeoutSeconds }} - {{- end }} - {{- end }} - {{- if .Values.sentinel.resources }} - resources: {{- toYaml .Values.sentinel.resources | nindent 12 }} - {{- else if ne .Values.sentinel.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.sentinel.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - {{- if .Values.sentinel.service.createPrimary}} - - name: kubectl-shared - mountPath: /etc/shared - {{- end }} - - name: sentinel-data - mountPath: /opt/bitnami/valkey-sentinel/etc - {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} - - name: valkey-password - mountPath: /opt/bitnami/valkey/secrets/ - {{- end }} - - name: valkey-data - mountPath: {{ .Values.replica.persistence.path }} - {{- if .Values.replica.persistence.subPath }} - subPath: {{ .Values.replica.persistence.subPath }} - {{- else if .Values.replica.persistence.subPathExpr }} - subPathExpr: {{ .Values.replica.persistence.subPathExpr }} - {{- end }} - - name: config - mountPath: /opt/bitnami/valkey-sentinel/mounted-etc - {{- if .Values.tls.enabled }} - - name: valkey-certificates - mountPath: /opt/bitnami/valkey/certs - readOnly: true - {{- end }} - {{- if .Values.sentinel.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "valkey.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -c - - | - {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} - export REDIS_PASSWORD="$(< $REDIS_PASSWORD_FILE)" - {{- end }} - redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: REDIS_ALIAS - value: {{ template "common.names.fullname" . }} - - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS - value: {{ printf ":%v" .Values.metrics.containerPorts.http }} - {{- if .Values.auth.enabled }} - - name: REDIS_USER - value: default - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/secrets/valkey-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "valkey.secretName" . }} - key: {{ template "valkey.secretPasswordKey" . }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: REDIS_ADDR - value: valkeys://{{ .Values.metrics.valkeyTargetHost }}:{{ .Values.replica.containerPorts.valkey }} - {{- if .Values.tls.authClients }} - - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE - value: {{ template "valkey.tlsCertKey" . }} - - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE - value: {{ template "valkey.tlsCert" . }} - {{- end }} - - name: REDIS_EXPORTER_TLS_CA_CERT_FILE - value: {{ template "valkey.tlsCACert" . }} - {{- end }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.metrics.containerPorts.http }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- if .Values.metrics.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: metrics - {{- end }} - {{- if .Values.metrics.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} - httpGet: - path: / - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- else if ne .Values.metrics.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} - - name: valkey-password - mountPath: /secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: valkey-certificates - mountPath: /opt/bitnami/valkey/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sentinel.service.createPrimary }} - - name: kubectl-shared - image: {{ template "valkey.kubectl.image" . }} - imagePullPolicy: {{ .Values.kubectl.image.pullPolicy | quote }} - command: {{- toYaml .Values.kubectl.command | nindent 12 }} - {{- if .Values.kubectl.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.kubectl.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: kubectl-shared - mountPath: /etc/shared - - name: kubectl-scripts - mountPath: /opt/bitnami/scripts/kubectl-scripts - {{- if .Values.kubectl.resources }} - resources: {{- toYaml .Values.kubectl.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: start-scripts - configMap: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - defaultMode: 0755 - - name: health - configMap: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- if .Values.sentinel.service.createPrimary}} - - name: kubectl-shared - emptyDir: {} - - name: kubectl-scripts - configMap: - name: {{ printf "%s-kubectl-scripts" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- end }} - {{- if and .Values.auth.enabled .Values.auth.usePasswordFiles }} - - name: valkey-password - {{ if .Values.auth.usePasswordFileFromSecret }} - secret: - secretName: {{ template "valkey.secretName" . }} - items: - - key: {{ template "valkey.secretPasswordKey" . }} - path: valkey-password - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - - name: config - configMap: - name: {{ include "valkey.configmapName" . }} - {{- if not .Values.sentinel.persistence.enabled }} - - name: sentinel-data - {{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }} - emptyDir: - {{- if .Values.sentinel.persistence.medium }} - medium: {{ .Values.sentinel.persistence.medium | quote }} - {{- end }} - {{- if .Values.sentinel.persistence.sizeLimit }} - sizeLimit: {{ .Values.sentinel.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - - name: empty-dir - {{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }} - emptyDir: - {{- if .Values.sentinel.persistence.medium }} - medium: {{ .Values.sentinel.persistence.medium | quote }} - {{- end }} - {{- if .Values.sentinel.persistence.sizeLimit }} - sizeLimit: {{ .Values.sentinel.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.replica.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.sentinel.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: valkey-certificates - secret: - secretName: {{ include "valkey.tlsSecretName" . }} - defaultMode: 256 - {{- end }} - {{- if not .Values.replica.persistence.enabled }} - - name: valkey-data - {{- if or .Values.replica.persistence.medium .Values.replica.persistence.sizeLimit }} - emptyDir: - {{- if .Values.replica.persistence.medium }} - medium: {{ .Values.replica.persistence.medium | quote }} - {{- end }} - {{- if .Values.replica.persistence.sizeLimit }} - sizeLimit: {{ .Values.replica.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- else if .Values.replica.persistence.existingClaim }} - - name: valkey-data - persistentVolumeClaim: - claimName: {{ printf "%s" (tpl .Values.replica.persistence.existingClaim .) }} - {{- else }} - {{- if .Values.sentinel.persistentVolumeClaimRetentionPolicy.enabled }} - persistentVolumeClaimRetentionPolicy: - whenDeleted: {{ .Values.sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted }} - whenScaled: {{ .Values.sentinel.persistentVolumeClaimRetentionPolicy.whenScaled }} - {{- end }} - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: valkey-data - labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }} - app.kubernetes.io/component: node - {{- if .Values.replica.persistence.annotations }} - annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.replica.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.replica.persistence.size | quote }} - {{- if .Values.replica.persistence.selector }} - selector: {{- include "common.tplvalues.render" ( dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }} - {{- if .Values.sentinel.persistence.enabled }} - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: sentinel-data - {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.persistence.labels .Values.commonLabels ) "context" . ) }} - labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} - app.kubernetes.io/component: node - {{- if .Values.sentinel.persistence.annotations }} - annotations: {{- toYaml .Values.sentinel.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.sentinel.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.sentinel.persistence.size | quote }} - {{- if .Values.sentinel.persistence.selector }} - selector: {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.sentinel.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.persistence.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.sentinel.persistence "global" .Values.global) | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/vpa.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/vpa.yaml deleted file mode 100644 index 6e53acb4..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/sentinel/vpa.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.replica.autoscaling.vpa.enabled .Values.sentinel.enabled }} -apiVersion: autoscaling.k8s.io/v1 -kind: VerticalPodAutoscaler -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: replica - app.kubernetes.io/part-of: valkey - {{- if or .Values.replica.autoscaling.vpa.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - resourcePolicy: - containerPolicies: - - containerName: valkey - {{- with .Values.replica.autoscaling.vpa.controlledResources }} - controlledResources: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.replica.autoscaling.vpa.maxAllowed }} - maxAllowed: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.replica.autoscaling.vpa.minAllowed }} - minAllowed: - {{- toYaml . | nindent 8 }} - {{- end }} - - containerName: sentinel - {{- with .Values.replica.autoscaling.vpa.controlledResources }} - controlledResources: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.replica.autoscaling.vpa.maxAllowed }} - maxAllowed: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.replica.autoscaling.vpa.minAllowed }} - minAllowed: - {{- toYaml . | nindent 8 }} - {{- end }} - targetRef: - apiVersion: apps/v1 - kind: "StatefulSet" - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - {{- if .Values.replica.autoscaling.vpa.updatePolicy }} - updatePolicy: - {{- with .Values.replica.autoscaling.vpa.updatePolicy.updateMode }} - updateMode: {{ . }} - {{- end }} - {{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/serviceaccount.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/serviceaccount.yaml deleted file mode 100644 index f52411d6..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/serviceaccount.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.serviceAccount.create .Values.sentinel.enabled }} -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -metadata: - name: {{ template "valkey.serviceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/servicemonitor.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/servicemonitor.yaml deleted file mode 100644 index cb9008bc..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/servicemonitor.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: {{ .Values.metrics.serviceMonitor.port }} - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- toYaml . | nindent 6 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- range .Values.metrics.serviceMonitor.additionalEndpoints }} - - port: {{ .port }} - {{- if .interval }} - interval: {{ .interval }} - {{- end }} - {{- if .scrapeTimeout }} - scrapeTimeout: {{ .scrapeTimeout }} - {{- end }} - {{- if .honorLabels }} - honorLabels: {{ .honorLabels }} - {{- end }} - {{- with $.Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- toYaml . | nindent 6 }} - {{- end }} - {{- if .metricRelabelings }} - metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }} - {{- end }} - {{- if .path }} - path: {{ .path }} - {{- end }} - {{- if .params }} - params: - {{- range $key, $value := .params }} - {{ $key }}: - {{- range $value }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.podTargetLabels }} - podTargetLabels: {{- toYaml .Values.metrics.serviceMonitor.podTargetLabels | nindent 4 }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.sampleLimit }} - sampleLimit: {{ . }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.targetLimit }} - targetLimit: {{ . }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "common.names.namespace" . | quote }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - app.kubernetes.io/component: metrics -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/templates/tls-secret.yaml b/applications/n8n/charts/n8n/charts/valkey/templates/tls-secret.yaml deleted file mode 100644 index 56748368..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/templates/tls-secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if (include "valkey.createTlsSecret" .) }} -{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} -{{- $ca := genCA "valkey-ca" 365 }} -{{- $releaseNamespace := (include "common.names.namespace" .) }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $fullname := include "common.names.fullname" . }} -{{- $serviceName := include "common.names.fullname" . }} -{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} -{{- $primaryServiceName := printf "%s-primary" (include "common.names.fullname" .) }} -{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $primaryServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $primaryServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }} -{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: valkey - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} - tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} - ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} -{{- end }} diff --git a/applications/n8n/charts/n8n/charts/valkey/values.schema.json b/applications/n8n/charts/n8n/charts/valkey/values.schema.json deleted file mode 100644 index 1e2b65f2..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/values.schema.json +++ /dev/null @@ -1,163 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "architecture": { - "type": "string", - "title": "Valkey architecture", - "form": true, - "description": "Allowed values: `standalone` or `replication`", - "enum": ["standalone", "replication"] - }, - "auth": { - "type": "object", - "title": "Authentication configuration", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Use password authentication" - }, - "password": { - "type": "string", - "title": "Valkey password", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set", - "hidden": { - "value": false, - "path": "auth/enabled" - } - } - } - }, - "primary": { - "type": "object", - "title": "Primary replicas settings", - "form": true, - "properties": { - "kind": { - "type": "string", - "title": "Workload Kind", - "form": true, - "description": "Allowed values: `Deployment`, `StatefulSet` or `DaemonSet`", - "enum": ["Deployment", "StatefulSet", "DaemonSet"] - }, - "persistence": { - "type": "object", - "title": "Persistence for primary replicas", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable persistence", - "description": "Enable persistence using Persistent Volume Claims" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "primary/persistence/enabled" - } - } - } - } - } - }, - "replica": { - "type": "object", - "title": "Valkey replicas settings", - "form": true, - "hidden": { - "value": "standalone", - "path": "architecture" - }, - "properties": { - "kind": { - "type": "string", - "title": "Workload Kind", - "form": true, - "description": "Allowed values: `DaemonSet` or `StatefulSet`", - "enum": ["DaemonSet", "StatefulSet"] - }, - "replicaCount": { - "type": "integer", - "form": true, - "title": "Number of Valkey replicas" - }, - "persistence": { - "type": "object", - "title": "Persistence for Valkey replicas", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable persistence", - "description": "Enable persistence using Persistent Volume Claims" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "replica/persistence/enabled" - } - } - } - } - } - }, - "volumePermissions": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" - } - } - }, - "metrics": { - "type": "object", - "form": true, - "title": "Prometheus metrics details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus metrics exporter", - "description": "Create a side-car container to expose Prometheus metrics", - "form": true - }, - "serviceMonitor": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus Operator ServiceMonitor", - "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", - "form": true, - "hidden": { - "value": false, - "path": "metrics/enabled" - } - } - } - } - } - } - } -} diff --git a/applications/n8n/charts/n8n/charts/valkey/values.yaml b/applications/n8n/charts/n8n/charts/valkey/values.yaml deleted file mode 100644 index 557813ea..00000000 --- a/applications/n8n/charts/n8n/charts/valkey/values.yaml +++ /dev/null @@ -1,2137 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) -## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead -## @param global.valkey.password Global Valkey password (overrides `auth.password`) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - defaultStorageClass: "" - storageClass: "" - ## Security parameters - ## - security: - ## @param global.security.allowInsecureImages Allows skipping image verification - allowInsecureImages: false - valkey: - password: "" - ## Compatibility adaptations for Kubernetes platforms - ## - compatibility: - ## Compatibility adaptations for Openshift - ## - openshift: - ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) - ## - adaptSecurityContext: auto -## @section Common parameters -## - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param apiVersions Override Kubernetes API versions reported by .Capabilities -## -apiVersions: [] -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param namespaceOverride String to fully override common.names.namespace -## -namespaceOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param secretAnnotations Annotations to add to secret -## -secretAnnotations: {} -## @param clusterDomain Kubernetes cluster domain name -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] -## @param useHostnames Use hostnames internally when announcing replication. If false, the hostname will be resolved to an IP address -## -useHostnames: true -## @param nameResolutionThreshold Failure threshold for internal hostnames resolution -## -nameResolutionThreshold: 5 -## @param nameResolutionTimeout Timeout seconds between probes for internal hostnames resolution -## -nameResolutionTimeout: 5 -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity -## @section Valkey Image parameters -## - -## Bitnami Valkey image -## ref: https://hub.docker.com/r/bitnami/valkey/tags/ -## @param image.registry [default: REGISTRY_NAME] Valkey image registry -## @param image.repository [default: REPOSITORY_NAME/valkey] Valkey image repository -## @skip image.tag Valkey image tag (immutable tags are recommended) -## @param image.digest Valkey image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag -## @param image.pullPolicy Valkey image pull policy -## @param image.pullSecrets Valkey image pull secrets -## @param image.debug Enable image debug mode -## -image: - registry: docker.io - repository: bitnami/valkey - tag: 8.0.2-debian-12-r6 - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false -## @section Valkey common configuration parameters -## https://github.com/bitnami/containers/tree/main/bitnami/valkey#configuration -## - -## @param architecture Valkey architecture. Allowed values: `standalone` or `replication` -## -architecture: replication -## Valkey Authentication parameters -## ref: https://github.com/bitnami/containers/tree/main/bitnami/valkey#setting-the-server-password-on-first-run -## -auth: - ## @param auth.enabled Enable password authentication - ## - enabled: true - ## @param auth.sentinel Enable password authentication on sentinels too - ## - sentinel: true - ## @param auth.password Valkey password - ## Defaults to a random 10-character alphanumeric string if not set - ## - password: "" - ## @param auth.existingSecret The name of an existing secret with Valkey credentials - ## NOTE: When it's set, the previous `auth.password` parameter is ignored - ## - existingSecret: "" - ## @param auth.existingSecretPasswordKey Password key to be retrieved from existing secret - ## NOTE: ignored unless `auth.existingSecret` parameter is set - ## - existingSecretPasswordKey: "" - ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable - ## - usePasswordFiles: true - ## @param auth.usePasswordFileFromSecret Mount password file from secret - ## - usePasswordFileFromSecret: true -## @param commonConfiguration [string] Common configuration to be added into the ConfigMap -## ref: https://valkey.io/topics/valkey-conf/ -## -commonConfiguration: |- - # Enable AOF https://valkey.io/docs/topics/persistence.html - appendonly yes - # Disable RDB persistence, AOF persistence already enabled. - save "" -## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Valkey nodes -## -existingConfigmap: "" -## @section Valkey primary configuration parameters -## -primary: - ## @param primary.replicaCount Number of Valkey primary instances to deploy (experimental, requires additional configuration) - ## - replicaCount: 1 - ## @param primary.configuration Configuration for Valkey primary nodes - ## ref: https://valkey.io/topics/config - ## - configuration: "" - ## @param primary.disableCommands Array with Valkey commands to disable on primary nodes - ## Commands will be completely disabled by renaming each to an empty string. - ## ref: https://valkey.io/topics/security#disabling-of-specific-commands - ## - disableCommands: - - FLUSHDB - - FLUSHALL - ## @param primary.command Override default container command (useful when using custom images) - ## - command: [] - ## @param primary.args Override default container args (useful when using custom images) - ## - args: [] - ## @param primary.enableServiceLinks Whether information about services should be injected into pod's environment variable - ## - enableServiceLinks: true - ## @param primary.preExecCmds Additional commands to run prior to starting Valkey primary - ## - preExecCmds: [] - ## @param primary.extraFlags Array with additional command line flags for Valkey primary - ## e.g: - ## extraFlags: - ## - "--maxmemory-policy volatile-ttl" - ## - "--repl-backlog-size 1024mb" - ## - extraFlags: [] - ## @param primary.extraEnvVars Array with extra environment variables to add to Valkey primary nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param primary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Valkey primary nodes - ## - extraEnvVarsCM: "" - ## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for Valkey primary nodes - ## - extraEnvVarsSecret: "" - ## @param primary.containerPorts.valkey Container port to open on Valkey primary nodes - ## - containerPorts: - valkey: 6379 - ## Configure extra options for Valkey containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param primary.startupProbe.enabled Enable startupProbe on Valkey primary nodes - ## @param primary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param primary.startupProbe.periodSeconds Period seconds for startupProbe - ## @param primary.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param primary.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param primary.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param primary.livenessProbe.enabled Enable livenessProbe on Valkey primary nodes - ## @param primary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param primary.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param primary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param primary.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param primary.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param primary.readinessProbe.enabled Enable readinessProbe on Valkey primary nodes - ## @param primary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param primary.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param primary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param primary.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param primary.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - ## @param primary.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param primary.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param primary.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## Valkey primary resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param primary.podSecurityContext.enabled Enabled Valkey primary pods' Security Context - ## @param primary.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param primary.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param primary.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param primary.podSecurityContext.fsGroup Set Valkey primary pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param primary.containerSecurityContext.enabled Enabled Valkey primary containers' Security Context - ## @param primary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param primary.containerSecurityContext.runAsUser Set Valkey primary containers' Security Context runAsUser - ## @param primary.containerSecurityContext.runAsGroup Set Valkey primary containers' Security Context runAsGroup - ## @param primary.containerSecurityContext.runAsNonRoot Set Valkey primary containers' Security Context runAsNonRoot - ## @param primary.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate Valkey pod(s) privileges - ## @param primary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem - ## @param primary.containerSecurityContext.seccompProfile.type Set Valkey primary containers' Security Context seccompProfile - ## @param primary.containerSecurityContext.capabilities.drop Set Valkey primary containers' Security Context capabilities to drop - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: ["ALL"] - ## @param primary.kind Use either Deployment, StatefulSet (default) or DaemonSet - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ - ## - kind: StatefulSet - ## @param primary.schedulerName Alternate scheduler for Valkey primary pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param primary.updateStrategy.type Valkey primary statefulset strategy type - ## @skip primary.updateStrategy.rollingUpdate - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment) - ## - type: RollingUpdate - ## @param primary.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update - ## - minReadySeconds: 0 - ## @param primary.priorityClassName Valkey primary pods' priorityClassName - ## - priorityClassName: "" - ## @param primary.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param primary.hostAliases Valkey primary pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param primary.podLabels Extra labels for Valkey primary pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param primary.podAnnotations Annotations for Valkey primary pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param primary.shareProcessNamespace Share a single process namespace between all of the containers in Valkey primary pods - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - ## - shareProcessNamespace: false - ## @param primary.podAffinityPreset Pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param primary.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node primary.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param primary.nodeAffinityPreset.type Node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param primary.nodeAffinityPreset.key Node label key to match. Ignored if `primary.affinity` is set - ## - key: "" - ## @param primary.nodeAffinityPreset.values Node label values to match. Ignored if `primary.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param primary.affinity Affinity for Valkey primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `primary.podAffinityPreset`, `primary.podAntiAffinityPreset`, and `primary.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param primary.nodeSelector Node labels for Valkey primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param primary.tolerations Tolerations for Valkey primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param primary.topologySpreadConstraints Spread Constraints for Valkey primary pod assignment - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## E.g. - ## topologySpreadConstraints: - ## - maxSkew: 1 - ## topologyKey: node - ## whenUnsatisfiable: DoNotSchedule - ## - topologySpreadConstraints: [] - ## @param primary.dnsPolicy DNS Policy for Valkey primary pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsPolicy: ClusterFirst - ## - dnsPolicy: "" - ## @param primary.dnsConfig DNS Configuration for Valkey primary pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsConfig: - ## options: - ## - name: ndots - ## value: "4" - ## - name: single-request-reopen - ## - dnsConfig: {} - ## @param primary.lifecycleHooks for the Valkey primary container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param primary.extraVolumes Optionally specify extra list of additional volumes for the Valkey primary pod(s) - ## - extraVolumes: [] - ## @param primary.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Valkey primary container(s) - ## - extraVolumeMounts: [] - ## @param primary.sidecars Add additional sidecar containers to the Valkey primary pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param primary.initContainers Add additional init containers to the Valkey primary pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Persistence parameters - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## - persistence: - ## @param primary.persistence.enabled Enable persistence on Valkey primary nodes using Persistent Volume Claims - ## - enabled: true - ## @param primary.persistence.medium Provide a medium for `emptyDir` volumes. - ## - medium: "" - ## @param primary.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. - ## - sizeLimit: "" - ## @param primary.persistence.path The path the volume will be mounted at on Valkey primary containers - ## NOTE: Useful when using different Valkey images - ## - path: /data - ## @param primary.persistence.subPath The subdirectory of the volume to mount on Valkey primary containers - ## NOTE: Useful in dev environments - ## - subPath: "" - ## @param primary.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Valkey primary containers - ## - subPathExpr: "" - ## @param primary.persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param primary.persistence.accessModes Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param primary.persistence.size Persistent Volume size - ## - size: 8Gi - ## @param primary.persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param primary.persistence.labels Additional custom labels for the PVC - ## - labels: {} - ## @param primary.persistence.selector Additional labels to match for the PVC - ## e.g: - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param primary.persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param primary.persistence.existingClaim Use a existing PVC which must be created manually before bound - ## NOTE: requires primary.persistence.enabled: true - ## - existingClaim: "" - ## persistentVolumeClaimRetentionPolicy - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention - ## @param primary.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet - ## @param primary.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced - ## @param primary.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted - ## - persistentVolumeClaimRetentionPolicy: - enabled: false - whenScaled: Retain - whenDeleted: Retain - ## Valkey primary service parameters - ## - service: - ## @param primary.service.type Valkey primary service type - ## - type: ClusterIP - ## @param primary.service.ports.valkey Valkey primary service port - ## - ports: - valkey: 6379 - ## @param primary.service.nodePorts.valkey Node port for Valkey primary - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - valkey: "" - ## @param primary.service.externalTrafficPolicy Valkey primary service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param primary.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param primary.service.internalTrafficPolicy Valkey primary service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ - ## - internalTrafficPolicy: Cluster - ## @param primary.service.clusterIP Valkey primary service Cluster IP - ## - clusterIP: "" - ## @param primary.service.loadBalancerIP Valkey primary service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param primary.service.loadBalancerClass primary service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerClass: "" - ## @param primary.service.loadBalancerSourceRanges Valkey primary service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param primary.service.externalIPs Valkey primary service External IPs - ## https://kubernetes.io/docs/concepts/services-networking/service/#external-ips - ## e.g. - ## externalIPs: - ## - 10.10.10.1 - ## - 201.22.30.1 - ## - externalIPs: [] - ## @param primary.service.annotations Additional custom annotations for Valkey primary service - ## - annotations: {} - ## @param primary.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param primary.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param primary.terminationGracePeriodSeconds Integer setting the termination grace period for the valkey-primary pods - ## - terminationGracePeriodSeconds: 30 - ## ServiceAccount configuration - ## - serviceAccount: - ## @param primary.serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param primary.serviceAccount.name The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the common.names.fullname template - ## - name: "" - ## @param primary.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server - ## - automountServiceAccountToken: false - ## @param primary.serviceAccount.annotations Additional custom annotations for the ServiceAccount - ## - annotations: {} - ## Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb - ## @param primary.pdb.create Enable/disable a Pod Disruption Budget creation - ## @param primary.pdb.minAvailable [object] Minimum number/percentage of pods that should remain scheduled - ## @param primary.pdb.maxUnavailable [object] Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `primary.pdb.minAvailable` and `primary.pdb.maxUnavailable` are empty. - ## - pdb: - create: true - minAvailable: "" - maxUnavailable: "" - -## @section Valkey replicas configuration parameters -## -replica: - ## @param replica.kind Use either DaemonSet or StatefulSet (default) - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ - ## - kind: StatefulSet - ## @param replica.replicaCount Number of Valkey replicas to deploy - ## - replicaCount: 3 - ## @param replica.configuration Configuration for Valkey replicas nodes - ## ref: https://valkey.io/topics/config - ## - configuration: "" - ## @param replica.disableCommands Array with Valkey commands to disable on replicas nodes - ## Commands will be completely disabled by renaming each to an empty string. - ## ref: https://valkey.io/topics/security#disabling-of-specific-commands - ## - disableCommands: - - FLUSHDB - - FLUSHALL - ## @param replica.command Override default container command (useful when using custom images) - ## - command: [] - ## @param replica.args Override default container args (useful when using custom images) - ## - args: [] - ## @param replica.enableServiceLinks Whether information about services should be injected into pod's environment variable - ## - enableServiceLinks: true - ## @param replica.preExecCmds Additional commands to run prior to starting Valkey replicas - ## - preExecCmds: [] - ## @param replica.extraFlags Array with additional command line flags for Valkey replicas - ## e.g: - ## extraFlags: - ## - "--maxmemory-policy volatile-ttl" - ## - "--repl-backlog-size 1024mb" - ## - extraFlags: [] - ## @param replica.extraEnvVars Array with extra environment variables to add to Valkey replicas nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param replica.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Valkey replicas nodes - ## - extraEnvVarsCM: "" - ## @param replica.extraEnvVarsSecret Name of existing Secret containing extra env vars for Valkey replicas nodes - ## - extraEnvVarsSecret: "" - ## @param replica.externalPrimary.enabled Use external primary for bootstrapping - ## @param replica.externalPrimary.host External primary host to bootstrap from - ## @param replica.externalPrimary.port Port for Valkey service external primary host - ## - externalPrimary: - enabled: false - host: "" - port: 6379 - ## @param replica.containerPorts.valkey Container port to open on Valkey replicas nodes - ## - containerPorts: - valkey: 6379 - ## Configure extra options for Valkey containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param replica.startupProbe.enabled Enable startupProbe on Valkey replicas nodes - ## @param replica.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param replica.startupProbe.periodSeconds Period seconds for startupProbe - ## @param replica.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param replica.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param replica.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 22 - ## @param replica.livenessProbe.enabled Enable livenessProbe on Valkey replicas nodes - ## @param replica.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param replica.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param replica.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param replica.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param replica.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param replica.readinessProbe.enabled Enable readinessProbe on Valkey replicas nodes - ## @param replica.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param replica.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param replica.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param replica.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param replica.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - ## @param replica.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param replica.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param replica.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## Valkey replicas resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param replica.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param replica.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param replica.podSecurityContext.enabled Enabled Valkey replicas pods' Security Context - ## @param replica.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param replica.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param replica.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param replica.podSecurityContext.fsGroup Set Valkey replicas pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param replica.containerSecurityContext.enabled Enabled Valkey replicas containers' Security Context - ## @param replica.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param replica.containerSecurityContext.runAsUser Set Valkey replicas containers' Security Context runAsUser - ## @param replica.containerSecurityContext.runAsGroup Set Valkey replicas containers' Security Context runAsGroup - ## @param replica.containerSecurityContext.runAsNonRoot Set Valkey replicas containers' Security Context runAsNonRoot - ## @param replica.containerSecurityContext.allowPrivilegeEscalation Set Valkey replicas pod's Security Context allowPrivilegeEscalation - ## @param replica.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem - ## @param replica.containerSecurityContext.seccompProfile.type Set Valkey replicas containers' Security Context seccompProfile - ## @param replica.containerSecurityContext.capabilities.drop Set Valkey replicas containers' Security Context capabilities to drop - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: ["ALL"] - ## @param replica.schedulerName Alternate scheduler for Valkey replicas pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param replica.updateStrategy.type Valkey replicas statefulset strategy type - ## @skip replica.updateStrategy.rollingUpdate - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment) - ## - type: RollingUpdate - ## @param replica.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update - ## - minReadySeconds: 0 - ## @param replica.priorityClassName Valkey replicas pods' priorityClassName - ## - priorityClassName: "" - ## @param replica.podManagementPolicy podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: "" - ## @param replica.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param replica.hostAliases Valkey replicas pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param replica.podLabels Extra labels for Valkey replicas pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param replica.podAnnotations Annotations for Valkey replicas pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param replica.shareProcessNamespace Share a single process namespace between all of the containers in Valkey replicas pods - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - ## - shareProcessNamespace: false - ## @param replica.podAffinityPreset Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param replica.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param replica.nodeAffinityPreset.type Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param replica.nodeAffinityPreset.key Node label key to match. Ignored if `replica.affinity` is set - ## - key: "" - ## @param replica.nodeAffinityPreset.values Node label values to match. Ignored if `replica.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param replica.affinity Affinity for Valkey replicas pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `replica.podAffinityPreset`, `replica.podAntiAffinityPreset`, and `replica.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param replica.nodeSelector Node labels for Valkey replicas pods assignment - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param replica.tolerations Tolerations for Valkey replicas pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param replica.topologySpreadConstraints Spread Constraints for Valkey replicas pod assignment - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## E.g. - ## topologySpreadConstraints: - ## - maxSkew: 1 - ## topologyKey: node - ## whenUnsatisfiable: DoNotSchedule - ## - topologySpreadConstraints: [] - ## @param replica.dnsPolicy DNS Policy for Valkey replica pods - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsPolicy: ClusterFirst - ## - dnsPolicy: "" - ## @param replica.dnsConfig DNS Configuration for Valkey replica pods - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsConfig: - ## options: - ## - name: ndots - ## value: "4" - ## - name: single-request-reopen - ## - dnsConfig: {} - ## @param replica.lifecycleHooks for the Valkey replica container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param replica.extraVolumes Optionally specify extra list of additional volumes for the Valkey replicas pod(s) - ## - extraVolumes: [] - ## @param replica.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Valkey replicas container(s) - ## - extraVolumeMounts: [] - ## @param replica.sidecars Add additional sidecar containers to the Valkey replicas pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param replica.initContainers Add additional init containers to the Valkey replicas pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Persistence Parameters - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## - persistence: - ## @param replica.persistence.enabled Enable persistence on Valkey replicas nodes using Persistent Volume Claims - ## - enabled: true - ## @param replica.persistence.medium Provide a medium for `emptyDir` volumes. - ## - medium: "" - ## @param replica.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. - ## - sizeLimit: "" - ## @param replica.persistence.path The path the volume will be mounted at on Valkey replicas containers - ## NOTE: Useful when using different Valkey images - ## - path: /data - ## @param replica.persistence.subPath The subdirectory of the volume to mount on Valkey replicas containers - ## NOTE: Useful in dev environments - ## - subPath: "" - ## @param replica.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Valkey replicas containers - ## - subPathExpr: "" - ## @param replica.persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param replica.persistence.accessModes Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param replica.persistence.size Persistent Volume size - ## - size: 8Gi - ## @param replica.persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param replica.persistence.labels Additional custom labels for the PVC - ## - labels: {} - ## @param replica.persistence.selector Additional labels to match for the PVC - ## e.g: - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param replica.persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param replica.persistence.existingClaim Use a existing PVC which must be created manually before bound - ## NOTE: requires replica.persistence.enabled: true - ## - existingClaim: "" - ## persistentVolumeClaimRetentionPolicy - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention - ## @param replica.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet - ## @param replica.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced - ## @param replica.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted - ## - persistentVolumeClaimRetentionPolicy: - enabled: false - whenScaled: Retain - whenDeleted: Retain - ## Valkey replicas service parameters - ## - service: - ## @param replica.service.type Valkey replicas service type - ## - type: ClusterIP - ## @param replica.service.ports.valkey Valkey replicas service port - ## - ports: - valkey: 6379 - ## @param replica.service.nodePorts.valkey Node port for Valkey replicas - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - valkey: "" - ## @param replica.service.externalTrafficPolicy Valkey replicas service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param replica.service.internalTrafficPolicy Valkey replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ - ## - internalTrafficPolicy: Cluster - ## @param replica.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param replica.service.clusterIP Valkey replicas service Cluster IP - ## - clusterIP: "" - ## @param replica.service.loadBalancerIP Valkey replicas service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param replica.service.loadBalancerClass replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerClass: "" - ## @param replica.service.loadBalancerSourceRanges Valkey replicas service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param replica.service.annotations Additional custom annotations for Valkey replicas service - ## - annotations: {} - ## @param replica.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param replica.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param replica.terminationGracePeriodSeconds Integer setting the termination grace period for the valkey-replicas pods - ## - terminationGracePeriodSeconds: 30 - ## @section Autoscaling - ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ - ## - autoscaling: - vpa: - ## @param replica.autoscaling.vpa.enabled Enable VPA - ## - enabled: false - ## @param replica.autoscaling.vpa.annotations Annotations for VPA resource - ## - annotations: {} - ## @param replica.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory - ## - controlledResources: [] - ## @param replica.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod - ## cpu: 200m - ## memory: 100Mi - maxAllowed: {} - ## @param replica.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod - ## cpu: 200m - ## memory: 100Mi - minAllowed: {} - ## @section VPA update policy - ## - updatePolicy: - ## @param replica.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod - ## Possible values are "Off", "Initial", "Recreate", and "Auto". - ## - updateMode: Auto - hpa: - ## @param replica.autoscaling.hpa.enabled Enable HPA - ## - enabled: false - ## @param replica.autoscaling.hpa.minReplicas Minimum number of replicas - ## - minReplicas: "" - ## @param replica.autoscaling.hpa.maxReplicas Maximum number of replicas - ## - maxReplicas: "" - ## @param replica.autoscaling.hpa.targetCPU Target CPU utilization percentage - ## - targetCPU: "" - ## @param replica.autoscaling.hpa.targetMemory Target Memory utilization percentage - ## - targetMemory: "" - ## ServiceAccount configuration - ## - serviceAccount: - ## @param replica.serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param replica.serviceAccount.name The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the common.names.fullname template - ## - name: "" - ## @param replica.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server - ## - automountServiceAccountToken: false - ## @param replica.serviceAccount.annotations Additional custom annotations for the ServiceAccount - ## - annotations: {} - ## Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb - ## @param replica.pdb.create Enable/disable a Pod Disruption Budget creation - ## @param replica.pdb.minAvailable [object] Minimum number/percentage of pods that should remain scheduled - ## @param replica.pdb.maxUnavailable [object] Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `replica.pdb.minAvailable` and `replica.pdb.maxUnavailable` are empty. - ## - pdb: - create: true - minAvailable: "" - maxUnavailable: "" - -## @section Valkey Sentinel configuration parameters -## - -sentinel: - ## @param sentinel.enabled Use Valkey Sentinel on Valkey pods. - ## IMPORTANT: this will disable the primary and replicas services and - ## create a single Valkey service exposing both the Valkey and Sentinel ports - ## - enabled: false - ## Bitnami Valkey Sentinel image version - ## ref: https://hub.docker.com/r/bitnami/valkey-sentinel/tags/ - ## @param sentinel.image.registry [default: REGISTRY_NAME] Valkey Sentinel image registry - ## @param sentinel.image.repository [default: REPOSITORY_NAME/valkey-sentinel] Valkey Sentinel image repository - ## @skip sentinel.image.tag Valkey Sentinel image tag (immutable tags are recommended) - ## @param sentinel.image.digest Valkey Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param sentinel.image.pullPolicy Valkey Sentinel image pull policy - ## @param sentinel.image.pullSecrets Valkey Sentinel image pull secrets - ## @param sentinel.image.debug Enable image debug mode - ## - image: - registry: docker.io - repository: bitnami/valkey-sentinel - tag: 8.0.2-debian-12-r6 - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false - ## @param sentinel.annotations Additional custom annotations for Valkey Sentinel resource - ## - annotations: {} - ## @param sentinel.primarySet Primary set name - ## - primarySet: myprimary - ## @param sentinel.quorum Sentinel Quorum - ## - quorum: 2 - ## @param sentinel.getPrimaryTimeout Amount of time to allow before get_sentinel_primary_info() times out. - ## - getPrimaryTimeout: 90 - ## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. - ## This also prevents any new replica from starting until the last remaining replica is elected as primary to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data. - ## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000. - ## - automateClusterRecovery: false - ## @param sentinel.valkeyShutdownWaitFailover Whether the Valkey primary container waits for the failover at shutdown (in addition to the Valkey Sentinel container). - ## - valkeyShutdownWaitFailover: true - ## Sentinel timing restrictions - ## @param sentinel.downAfterMilliseconds Timeout for detecting a Valkey node is down - ## @param sentinel.failoverTimeout Timeout for performing a election failover - ## - downAfterMilliseconds: 60000 - failoverTimeout: 180000 - ## @param sentinel.parallelSyncs Number of replicas that can be reconfigured in parallel to use the new primary after a failover - ## - parallelSyncs: 1 - ## @param sentinel.configuration Configuration for Valkey Sentinel nodes - ## ref: https://valkey.io/topics/sentinel - ## - configuration: "" - ## @param sentinel.command Override default container command (useful when using custom images) - ## - command: [] - ## @param sentinel.args Override default container args (useful when using custom images) - ## - args: [] - ## @param sentinel.enableServiceLinks Whether information about services should be injected into pod's environment variable - ## - enableServiceLinks: true - ## @param sentinel.preExecCmds Additional commands to run prior to starting Valkey Sentinel - ## - preExecCmds: [] - ## @param sentinel.extraEnvVars Array with extra environment variables to add to Valkey Sentinel nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param sentinel.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Valkey Sentinel nodes - ## - extraEnvVarsCM: "" - ## @param sentinel.extraEnvVarsSecret Name of existing Secret containing extra env vars for Valkey Sentinel nodes - ## - extraEnvVarsSecret: "" - ## @param sentinel.externalPrimary.enabled Use external primary for bootstrapping - ## @param sentinel.externalPrimary.host External primary host to bootstrap from - ## @param sentinel.externalPrimary.port Port for Valkey service external primary host - ## - externalPrimary: - enabled: false - host: "" - port: 6379 - ## @param sentinel.containerPorts.sentinel Container port to open on Valkey Sentinel nodes - ## - containerPorts: - sentinel: 26379 - ## Configure extra options for Valkey containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param sentinel.startupProbe.enabled Enable startupProbe on Valkey Sentinel nodes - ## @param sentinel.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param sentinel.startupProbe.periodSeconds Period seconds for startupProbe - ## @param sentinel.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param sentinel.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param sentinel.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 22 - ## @param sentinel.livenessProbe.enabled Enable livenessProbe on Valkey Sentinel nodes - ## @param sentinel.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param sentinel.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param sentinel.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param sentinel.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param sentinel.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - ## @param sentinel.readinessProbe.enabled Enable readinessProbe on Valkey Sentinel nodes - ## @param sentinel.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param sentinel.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param sentinel.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param sentinel.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param sentinel.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 6 - ## @param sentinel.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param sentinel.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param sentinel.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## Persistence parameters - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## - persistence: - ## @param sentinel.persistence.enabled Enable persistence on Valkey sentinel nodes using Persistent Volume Claims (Experimental) - ## - enabled: false - ## @param sentinel.persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param sentinel.persistence.accessModes Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param sentinel.persistence.size Persistent Volume size - ## - size: 100Mi - ## @param sentinel.persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param sentinel.persistence.labels Additional custom labels for the PVC - ## - labels: {} - ## @param sentinel.persistence.selector Additional labels to match for the PVC - ## e.g: - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param sentinel.persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param sentinel.persistence.medium Provide a medium for `emptyDir` volumes. - ## - medium: "" - ## @param sentinel.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. - ## - sizeLimit: "" - ## persistentVolumeClaimRetentionPolicy - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention - ## @param sentinel.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet - ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced - ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted - ## - persistentVolumeClaimRetentionPolicy: - enabled: false - whenScaled: Retain - whenDeleted: Retain - ## Valkey Sentinel resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param sentinel.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param sentinel.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param sentinel.containerSecurityContext.enabled Enabled Valkey Sentinel containers' Security Context - ## @param sentinel.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param sentinel.containerSecurityContext.runAsUser Set Valkey Sentinel containers' Security Context runAsUser - ## @param sentinel.containerSecurityContext.runAsGroup Set Valkey Sentinel containers' Security Context runAsGroup - ## @param sentinel.containerSecurityContext.runAsNonRoot Set Valkey Sentinel containers' Security Context runAsNonRoot - ## @param sentinel.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem - ## @param sentinel.containerSecurityContext.allowPrivilegeEscalation Set Valkey Sentinel containers' Security Context allowPrivilegeEscalation - ## @param sentinel.containerSecurityContext.seccompProfile.type Set Valkey Sentinel containers' Security Context seccompProfile - ## @param sentinel.containerSecurityContext.capabilities.drop Set Valkey Sentinel containers' Security Context capabilities to drop - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: ["ALL"] - ## @param sentinel.lifecycleHooks for the Valkey sentinel container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param sentinel.extraVolumes Optionally specify extra list of additional volumes for the Valkey Sentinel - ## - extraVolumes: [] - ## @param sentinel.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Valkey Sentinel container(s) - ## - extraVolumeMounts: [] - ## Valkey Sentinel service parameters - ## - service: - ## @param sentinel.service.type Valkey Sentinel service type - ## - type: ClusterIP - ## @param sentinel.service.ports.valkey Valkey service port for Valkey - ## @param sentinel.service.ports.sentinel Valkey service port for Valkey Sentinel - ## - ports: - valkey: 6379 - sentinel: 26379 - ## @param sentinel.service.nodePorts.valkey Node port for Valkey - ## @param sentinel.service.nodePorts.sentinel Node port for Sentinel - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## NOTE: choose port between <30000-32767> - ## NOTE: By leaving these values blank, they will be generated by ports-configmap - ## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.valkey and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port - ## - nodePorts: - valkey: "" - sentinel: "" - ## @param sentinel.service.externalTrafficPolicy Valkey Sentinel service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param sentinel.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param sentinel.service.clusterIP Valkey Sentinel service Cluster IP - ## - clusterIP: "" - - ## @param sentinel.service.createPrimary Enable primary service pointing to the current primary (experimental) - ## NOTE: rbac.create need to be set to true - ## - createPrimary: false - - ## @param sentinel.service.loadBalancerIP Valkey Sentinel service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param sentinel.service.loadBalancerClass sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerClass: "" - ## @param sentinel.service.loadBalancerSourceRanges Valkey Sentinel service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param sentinel.service.annotations Additional custom annotations for Valkey Sentinel service - ## - annotations: {} - ## @param sentinel.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param sentinel.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## Headless service properties - ## - headless: - ## @param sentinel.service.headless.annotations Annotations for the headless service. - ## - annotations: {} - ## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the valkey-node pods - ## - terminationGracePeriodSeconds: 30 -## @section Other Parameters -## - -## @param serviceBindings.enabled Create secret for service binding (Experimental) -## Ref: https://servicebinding.io/service-provider/ -## -serviceBindings: - enabled: false -## Network Policy configuration -## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - ## - enabled: true - ## @param networkPolicy.allowExternal Don't require client label for connections - ## When set to false, only pods with the correct client label will have network access to the ports - ## Valkey is listening on. When true, Valkey will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraIngress: [] - ## @param networkPolicy.extraEgress Add extra egress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param networkPolicy.ingressNSMatchLabels Labels to match to allow traffic from other namespaces - ## @param networkPolicy.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} - metrics: - ## @param networkPolicy.metrics.allowExternal Don't require client label for connections for metrics endpoint - ## When set to false, only pods with the correct client label will have network access to the metrics port - ## - allowExternal: true - ## @param networkPolicy.metrics.ingressNSMatchLabels Labels to match to allow traffic from other namespaces to metrics endpoint - ## @param networkPolicy.metrics.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces to metrics endpoint - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## PodSecurityPolicy configuration -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later - ## - create: false - ## @param podSecurityPolicy.enabled Enable PodSecurityPolicy's RBAC rules - ## - enabled: false -## RBAC configuration -## -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - ## - create: false - ## @param rbac.rules Custom RBAC rules to set - ## e.g: - ## rules: - ## - apiGroups: - ## - "" - ## resources: - ## - pods - ## verbs: - ## - get - ## - list - ## - rules: [] -## ServiceAccount configuration -## -serviceAccount: - ## @param serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param serviceAccount.name The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the common.names.fullname template - ## - name: "" - ## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server - ## - automountServiceAccountToken: false - ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount - ## - annotations: {} -## Redis® Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## @param pdb DEPRECATED Please use `primary.pdb` and `replica.pdb` values instead -## -pdb: {} -## TLS configuration -## -tls: - ## @param tls.enabled Enable TLS traffic - ## - enabled: false - ## @param tls.authClients Require clients to authenticate - ## - authClients: true - ## @param tls.autoGenerated Enable autogenerated certificates - ## - autoGenerated: false - ## @param tls.existingSecret The name of the existing secret that contains the TLS certificates - ## - existingSecret: "" - ## @param tls.certFilename Certificate filename - ## - certFilename: "" - ## @param tls.certKeyFilename Certificate Key filename - ## - certKeyFilename: "" - ## @param tls.certCAFilename CA Certificate filename - ## - certCAFilename: "" - ## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers) - ## - dhParamsFilename: "" -## @section Metrics Parameters -## -metrics: - ## @param metrics.enabled Start a sidecar prometheus exporter to expose Valkey metrics - ## - enabled: false - ## Bitnami Valkey Exporter image - ## ref: https://hub.docker.com/r/bitnami/valkey-exporter/tags/ - ## @param metrics.image.registry [default: REGISTRY_NAME] Valkey Exporter image registry - ## @param metrics.image.repository [default: REPOSITORY_NAME/valkey-exporter] Valkey Exporter image repository - ## @skip metrics.image.tag Valkey Exporter image tag (immutable tags are recommended) - ## @param metrics.image.digest Valkey Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param metrics.image.pullPolicy Valkey Exporter image pull policy - ## @param metrics.image.pullSecrets Valkey Exporter image pull secrets - ## - image: - registry: docker.io - repository: bitnami/redis-exporter - tag: 1.69.0-debian-12-r1 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.containerPorts.http Metrics HTTP container port - ## - containerPorts: - http: 9121 - ## Configure extra options for Valkey containers' liveness, readiness & startup probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - ## @param metrics.startupProbe.enabled Enable startupProbe on Valkey replicas nodes - ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe - ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param metrics.livenessProbe.enabled Enable livenessProbe on Valkey replicas nodes - ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param metrics.readinessProbe.enabled Enable readinessProbe on Valkey replicas nodes - ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - ## @param metrics.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param metrics.command Override default metrics container init command (useful when using custom images) - ## - command: [] - ## @param metrics.valkeyTargetHost A way to specify an alternative Valkey hostname - ## Useful for certificate CN/SAN matching - ## - valkeyTargetHost: "localhost" - ## @param metrics.extraArgs Extra arguments for Valkey exporter, for example: - ## e.g.: - ## extraArgs: - ## check-keys: myKey,myOtherKey - ## - extraArgs: {} - ## @param metrics.extraEnvVars Array with extra environment variables to add to Valkey exporter - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param metrics.containerSecurityContext.enabled Enabled Valkey exporter containers' Security Context - ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param metrics.containerSecurityContext.runAsUser Set Valkey exporter containers' Security Context runAsUser - ## @param metrics.containerSecurityContext.runAsGroup Set Valkey exporter containers' Security Context runAsGroup - ## @param metrics.containerSecurityContext.runAsNonRoot Set Valkey exporter containers' Security Context runAsNonRoot - ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set Valkey exporter containers' Security Context allowPrivilegeEscalation - ## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem - ## @param metrics.containerSecurityContext.seccompProfile.type Set Valkey exporter containers' Security Context seccompProfile - ## @param metrics.containerSecurityContext.capabilities.drop Set Valkey exporter containers' Security Context capabilities to drop - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: ["ALL"] - ## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Valkey metrics sidecar - ## - extraVolumes: [] - ## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Valkey metrics sidecar - ## - extraVolumeMounts: [] - ## Valkey exporter resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## @param metrics.podLabels Extra labels for Valkey exporter pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param metrics.podAnnotations [object] Annotations for Valkey exporter pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9121" - ## Valkey exporter service parameters - ## - service: - ## @param metrics.service.enabled Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor - ## - enabled: true - ## @param metrics.service.type Valkey exporter service type - ## - type: ClusterIP - ## @param metrics.service.ports.http Valkey exporter service port - ## - ports: - http: 9121 - ## @param metrics.service.externalTrafficPolicy Valkey exporter service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param metrics.service.loadBalancerIP Valkey exporter service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param metrics.service.loadBalancerClass exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerClass: "" - ## @param metrics.service.loadBalancerSourceRanges Valkey exporter service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param metrics.service.annotations Additional custom annotations for Valkey exporter service - ## - annotations: {} - ## @param metrics.service.clusterIP Valkey exporter service Cluster IP - ## - clusterIP: "" - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - serviceMonitor: - ## @param metrics.serviceMonitor.port the service port to scrape metrics from - ## - port: http-metrics - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created - ## - namespace: "" - ## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping. - ## - relabelings: [] - ## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion. - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus - ## - additionalLabels: {} - ## @param metrics.serviceMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics - ## - podTargetLabels: [] - ## @param metrics.serviceMonitor.sampleLimit Limit of how many samples should be scraped from every Pod - ## - sampleLimit: false - ## @param metrics.serviceMonitor.targetLimit Limit of how many targets should be scraped - ## - targetLimit: false - ## @param metrics.serviceMonitor.additionalEndpoints Additional endpoints to scrape (e.g sentinel) - ## - additionalEndpoints: [] - # uncomment in order to scrape sentinel metrics, also to in order distinguish between Sentinel and Valkey container metrics - # add metricRelabelings with label like app=valkey to main valkey pod-monitor port - # - interval: "30s" - # path: "/scrape" - # port: "metrics" - # params: - # target: ["localhost:26379"] - # metricRelabelings: - # - targetLabel: "app" - # replacement: "sentinel" - ## Prometheus Pod Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#podmonitor - ## - podMonitor: - ## @param metrics.podMonitor.port the pod port to scrape metrics from - ## - port: metrics - ## @param metrics.podMonitor.enabled Create PodMonitor resource(s) for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.podMonitor.namespace The namespace in which the PodMonitor will be created - ## - namespace: "" - ## @param metrics.podMonitor.interval The interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.podMonitor.scrapeTimeout The timeout after which the scrape is ended - ## - scrapeTimeout: "" - ## @param metrics.podMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping. - ## - relabelings: [] - ## @param metrics.podMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion. - ## - metricRelabelings: [] - # - targetLabel: "app" - # replacement: "valkey" - ## @param metrics.podMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.podMonitor.additionalLabels Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus - ## - additionalLabels: {} - ## @param metrics.podMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics - ## - podTargetLabels: [] - ## @param metrics.podMonitor.sampleLimit Limit of how many samples should be scraped from every Pod - ## - sampleLimit: false - ## @param metrics.podMonitor.targetLimit Limit of how many targets should be scraped - ## - targetLimit: false - ## @param metrics.podMonitor.additionalEndpoints Additional endpoints to scrape (e.g sentinel) - ## - additionalEndpoints: [] - # - interval: "30s" - # path: "/scrape" - # port: "metrics" - # params: - # target: ["localhost:26379"] - # metricRelabelings: - # - targetLabel: "app" - # replacement: "sentinel" - ## Custom PrometheusRule to be defined - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.prometheusRule.namespace The namespace in which the prometheusRule will be created - ## - namespace: "" - ## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule - ## - additionalLabels: {} - ## @param metrics.prometheusRule.rules Custom Prometheus rules - ## e.g: - ## rules: - ## - alert: ValkeyDown - ## expr: valkey_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0 - ## for: 2m - ## labels: - ## severity: error - ## annotations: - ## summary: Valkey instance {{ "{{ $labels.instance }}" }} down - ## description: Valkey instance {{ "{{ $labels.instance }}" }} is down - ## - alert: ValkeyMemoryHigh - ## expr: > - ## valkey_memory_used_bytes{service="{{ template "common.names.fullname" . }}-metrics"} * 100 - ## / - ## valkey_memory_max_bytes{service="{{ template "common.names.fullname" . }}-metrics"} - ## > 90 - ## for: 2m - ## labels: - ## severity: error - ## annotations: - ## summary: Valkey instance {{ "{{ $labels.instance }}" }} is using too much memory - ## description: | - ## Valkey instance {{ "{{ $labels.instance }}" }} is using {{ "{{ $value }}" }}% of its available memory. - ## - alert: ValkeyKeyEviction - ## expr: | - ## increase(valkey_evicted_keys_total{service="{{ template "common.names.fullname" . }}-metrics"}[5m]) > 0 - ## for: 1s - ## labels: - ## severity: error - ## annotations: - ## summary: Valkey instance {{ "{{ $labels.instance }}" }} has evicted keys - ## description: | - ## Valkey instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes. - ## - rules: [] -## @section Init Container Parameters -## - -## 'volumePermissions' init container parameters -## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values -## based on the *podSecurityContext/*containerSecurityContext parameters -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` - ## - enabled: false - ## OS Shell + Utility image - ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ - ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry - ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository - ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) - ## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy - ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets - ## - image: - registry: docker.io - repository: bitnami/os-shell - tag: 12-debian-12-r40 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container's resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Init container Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser - ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the - ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) - ## - containerSecurityContext: - seLinuxOptions: {} - runAsUser: 0 - -## Kubectl InitContainer -## used by Sentinel to update the isPrimary label on the Valkey(TM) pods -## -kubectl: - ## Bitnami Kubectl image version - ## ref: https://hub.docker.com/r/bitnami/kubectl/tags/ - ## @param kubectl.image.registry [default: REGISTRY_NAME] Kubectl image registry - ## @param kubectl.image.repository [default: REPOSITORY_NAME/kubectl] Kubectl image repository - ## @skip kubectl.image.tag Kubectl image tag (immutable tags are recommended), by default, using the current version - ## @param kubectl.image.digest Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param kubectl.image.pullPolicy Kubectl image pull policy - ## @param kubectl.image.pullSecrets Kubectl pull secrets - ## - image: - registry: docker.io - repository: bitnami/kubectl - tag: 1.32.3-debian-12-r1 - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param kubectl.command kubectl command to execute - ## - command: ["/opt/bitnami/scripts/kubectl-scripts/update-primary-label.sh"] - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param kubectl.containerSecurityContext.enabled Enabled kubectl containers' Security Context - ## @param kubectl.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param kubectl.containerSecurityContext.runAsUser Set kubectl containers' Security Context runAsUser - ## @param kubectl.containerSecurityContext.runAsGroup Set kubectl containers' Security Context runAsGroup - ## @param kubectl.containerSecurityContext.runAsNonRoot Set kubectl containers' Security Context runAsNonRoot - ## @param kubectl.containerSecurityContext.allowPrivilegeEscalation Set kubectl containers' Security Context allowPrivilegeEscalation - ## @param kubectl.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem - ## @param kubectl.containerSecurityContext.seccompProfile.type Set kubectl containers' Security Context seccompProfile - ## @param kubectl.containerSecurityContext.capabilities.drop Set kubectl containers' Security Context capabilities to drop - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: ["ALL"] - ## Bitnami Kubectl resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param kubectl.resources.limits The resources limits for the kubectl containers - ## @param kubectl.resources.requests The requested resources for the kubectl containers - ## - resources: - limits: {} - requests: {} -## @section useExternalDNS Parameters -## -## @param useExternalDNS.enabled Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable. -## @param useExternalDNS.additionalAnnotations Extra annotations to be utilized when `external-dns` is enabled. -## @param useExternalDNS.annotationKey The annotation key utilized when `external-dns` is enabled. Setting this to `false` will disable annotations. -## @param useExternalDNS.suffix The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. -## -useExternalDNS: - enabled: false - suffix: "" - annotationKey: external-dns.alpha.kubernetes.io/ - additionalAnnotations: {} From b6bf48584b341d8b9a5007be77feadef340e3b38 Mon Sep 17 00:00:00 2001 From: Gerard Nguyen Date: Wed, 16 Apr 2025 08:42:09 +1000 Subject: [PATCH 08/10] misc updates --- applications/n8n/charts/n8n-values.yaml | 4 ++++ applications/n8n/justfile | 1 + 2 files changed, 5 insertions(+) diff --git a/applications/n8n/charts/n8n-values.yaml b/applications/n8n/charts/n8n-values.yaml index 1e143f0d..08796e13 100644 --- a/applications/n8n/charts/n8n-values.yaml +++ b/applications/n8n/charts/n8n-values.yaml @@ -65,3 +65,7 @@ extraManifests: memory: "512Mi" storage: size: 1Gi +replicated: + integration: + licenseID: 2vmioMX0kJSNJm8CdNtrvx3rjUl + enabled: true diff --git a/applications/n8n/justfile b/applications/n8n/justfile index 20fabd89..40751ecc 100644 --- a/applications/n8n/justfile +++ b/applications/n8n/justfile @@ -14,6 +14,7 @@ setup: install: @echo "Add DEV customer to n8n-values.yaml..." + just set-replicated-values @echo "Installing all charts..." terraform apply --auto-approve From a41669b62676663b16bfdb8bc5b4b0f9842d4477 Mon Sep 17 00:00:00 2001 From: Gerard Nguyen Date: Wed, 16 Apr 2025 10:59:54 +1000 Subject: [PATCH 09/10] update README --- applications/n8n/charts/n8n-values.yaml | 4 ---- applications/n8n/docs/workflow.md | 12 ++++++++++++ applications/n8n/justfile | 3 +++ 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/applications/n8n/charts/n8n-values.yaml b/applications/n8n/charts/n8n-values.yaml index 08796e13..1e143f0d 100644 --- a/applications/n8n/charts/n8n-values.yaml +++ b/applications/n8n/charts/n8n-values.yaml @@ -65,7 +65,3 @@ extraManifests: memory: "512Mi" storage: size: 1Gi -replicated: - integration: - licenseID: 2vmioMX0kJSNJm8CdNtrvx3rjUl - enabled: true diff --git a/applications/n8n/docs/workflow.md b/applications/n8n/docs/workflow.md index e1c7926a..ae76b6a3 100644 --- a/applications/n8n/docs/workflow.md +++ b/applications/n8n/docs/workflow.md @@ -61,6 +61,18 @@ just install just destroy ``` +### just setup +This command will create a Replicated DEV customer, so that we can test integration with Replicated SDK. The newly created customer id + license id will be persisted into `.env` file to be used by other tasks. +It will then run `helm dependency update` to download subcharts used by `n8n` chart. +Finally, it will run `terraform init` to initialize the Terraform providers (Helm) used to install charts + +### just install +This command will inject the `license id` created earlier into the `n8n` values so that the Replicated SDK installation will be successful. +It will then run `terraform apply` to install all the charts specified in the Terraform code. + +### just destroy +This command will delete all installed charts as well as delete the test customer. + ## Evaluation **What Worked Well:** diff --git a/applications/n8n/justfile b/applications/n8n/justfile index 40751ecc..0fd1c001 100644 --- a/applications/n8n/justfile +++ b/applications/n8n/justfile @@ -9,6 +9,9 @@ setup: @echo "CUSTOMER_ID=$(replicated customer inspect --customer {{customer_name}} --output json | jq -r '.id')" >> .env @echo "LICENSE_ID=$(replicated customer inspect --customer {{customer_name}} --output json | jq -r '.installationId')" >> .env + @echo "Update sub-charts dependencies..." + just helm-dep-update + @echo "Setting up Terraform..." terraform init From f88eeb537f1b6b9356c7d3f5d50ab20a21f5c7db Mon Sep 17 00:00:00 2001 From: Gerard Nguyen Date: Mon, 28 Apr 2025 09:17:34 +1000 Subject: [PATCH 10/10] remove memory_bank --- .../wf_chart_replicated_integration.md | 25 ---------- .../memory_bank/wf_helm_dependency_update.md | 25 ---------- .../wf_helm_template_verification.md | 25 ---------- .../wf_n8n_terraform_chart_deployment.md | 50 ------------------- .../wf_replicated_release_automation.md | 24 --------- .../wf_repository_structure_update.md | 30 ----------- .../wf_terraform_helm_dependency_fix.md | 24 --------- .../memory_bank/wf_terraform_output_task.md | 23 --------- .../wf_update_replicated_values.md | 40 --------------- 9 files changed, 266 deletions(-) delete mode 100644 applications/n8n/memory_bank/wf_chart_replicated_integration.md delete mode 100644 applications/n8n/memory_bank/wf_helm_dependency_update.md delete mode 100644 applications/n8n/memory_bank/wf_helm_template_verification.md delete mode 100644 applications/n8n/memory_bank/wf_n8n_terraform_chart_deployment.md delete mode 100644 applications/n8n/memory_bank/wf_replicated_release_automation.md delete mode 100644 applications/n8n/memory_bank/wf_repository_structure_update.md delete mode 100644 applications/n8n/memory_bank/wf_terraform_helm_dependency_fix.md delete mode 100644 applications/n8n/memory_bank/wf_terraform_output_task.md delete mode 100644 applications/n8n/memory_bank/wf_update_replicated_values.md diff --git a/applications/n8n/memory_bank/wf_chart_replicated_integration.md b/applications/n8n/memory_bank/wf_chart_replicated_integration.md deleted file mode 100644 index 141254e6..00000000 --- a/applications/n8n/memory_bank/wf_chart_replicated_integration.md +++ /dev/null @@ -1,25 +0,0 @@ -## Current tasks from user prompt -- Update the n8n Helm chart with a new dependency for Replicated SDK - -## Plan (simple) -1. Understand the current Chart.yaml structure -2. Add the Replicated SDK dependency to the dependencies section -3. Ensure the new dependency is properly formatted and follows the same pattern as existing dependencies - -## Steps -1. Examine the current Chart.yaml file to understand its structure and dependencies -2. Add the new Replicated SDK dependency with the specified repository and version -3. Ensure proper formatting and indentation is maintained -4. Verify the changes - -## Things done -- Examined the current Chart.yaml file structure -- Added the Replicated SDK dependency to the dependencies section with: - - name: replicated - - repository: oci://registry.replicated.com/library - - version: 1.5.0 - -## TODOs -- Verify if any values configuration is needed for the Replicated SDK -- Check if there are any specific conditions to add for the Replicated SDK -- Ensure compatibility between n8n chart and the Replicated SDK \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_helm_dependency_update.md b/applications/n8n/memory_bank/wf_helm_dependency_update.md deleted file mode 100644 index c4e51c55..00000000 --- a/applications/n8n/memory_bank/wf_helm_dependency_update.md +++ /dev/null @@ -1,25 +0,0 @@ -# Helm Dependency Update for n8n Chart - -## Current tasks from user prompt -- Create a new task to run helm dependency update for the n8n chart -- Update the task to first log out from the Replicated registry before running helm dependency update - -## Plan (simple) -1. Add a new task in the justfile to run helm dependency update for the n8n chart -2. Include helm registry logout for registry.replicated.com before running the update -3. Ensure the command navigates to the correct directory where Chart.yaml is located before running the helm dependency update command - -## Steps -1. Create or update the justfile with a new task called 'helm-dep-update' -2. Add command to log out from registry.replicated.com -3. Make the task execute the helm dependency update command in the charts/n8n directory -4. Add appropriate echo commands to provide feedback during execution - -## Things done -- Created a new task 'helm-dep-update' in the justfile -- Added command to log out from registry.replicated.com first -- The task navigates to charts/n8n directory and runs 'helm dependency update' -- Added feedback messages to show when each command is running - -## TODOs -- Test the task by running 'just helm-dep-update' \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_helm_template_verification.md b/applications/n8n/memory_bank/wf_helm_template_verification.md deleted file mode 100644 index 31995287..00000000 --- a/applications/n8n/memory_bank/wf_helm_template_verification.md +++ /dev/null @@ -1,25 +0,0 @@ -# Workflow: Helm Template Verification - -## Current tasks from user prompt -- Add a new task to run helm template to verify current values - -## Plan (simple) -- Add a new recipe to the justfile that executes `helm template` command -- The command should use the n8n chart directory and the values file -- The output should be displayed or redirected to a file for review -- This will allow verification of the rendered Kubernetes manifests before actually deploying - -## Steps -1. Examine the current justfile structure -2. Add a new recipe called `helm-template` or similar -3. Implement the command to run helm template with appropriate parameters -4. Test the command to ensure it works properly - -## Things done -- Added a new `helm-template` recipe to the justfile that executes `helm template n8n ./charts/n8n -f ./charts/n8n-values.yaml --debug` -- The command will render all templates with the current values file without actually installing anything -- Added the `--debug` flag to provide more detailed output for better verification - -## TODOs -- Test the command by running `just helm-template` -- Consider adding an option to save output to a file for review \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_n8n_terraform_chart_deployment.md b/applications/n8n/memory_bank/wf_n8n_terraform_chart_deployment.md deleted file mode 100644 index 5c36649d..00000000 --- a/applications/n8n/memory_bank/wf_n8n_terraform_chart_deployment.md +++ /dev/null @@ -1,50 +0,0 @@ -## Current tasks from user prompt -- Create a Terraform main.tf file that installs remote charts (cloudnativepg, traefik) and local n8n chart -- Ensure n8n chart depends on other charts -- Ensure cloudnativepg is in the same namespace as n8n chart -- Update n8n configuration to load values from n8n-values.yaml file -- Set n8n encryption_key using Terraform random_password resource - -## Plan (simple) -1. Explore the local n8n chart structure to understand its configuration -2. Create a Terraform configuration that: - - Sets up required providers and versions - - Creates a namespace for n8n - - Installs CloudNativePG in the n8n namespace - - Installs Traefik in its own namespace - - Installs the local n8n chart with proper dependencies - - Configures a PostgreSQL database for n8n using CloudNativePG -3. Update the n8n configuration to load values from n8n-values.yaml file -4. Set the n8n encryption_key using the Terraform random_password resource - -## Steps -1. Analyze the structure of the local n8n chart to understand its dependencies and configuration options -2. Create main.tf with terraform configuration blocks and required providers -3. Set up namespace resource for n8n -4. Add helm_release resource for CloudNativePG chart in the n8n namespace -5. Add helm_release resource for Traefik chart -6. Add helm_release resource for local n8n chart with proper dependencies -7. Configure PostgreSQL cluster using CloudNativePG operator -8. Set up secrets and random passwords for secure configuration -9. Update n8n helm_release to load values from n8n-values.yaml file instead of inline values -10. Add set_sensitive block to set the encryption_key using the random_password resource - -## Things done -- Examined the n8n chart structure to understand its configuration -- Created main.tf file with: - - Required providers configuration (helm, kubernetes) - - Namespace creation for n8n - - CloudNativePG chart installation in n8n namespace - - Traefik chart installation in separate namespace - - Local n8n chart installation with dependencies on other charts - - PostgreSQL cluster configuration using CloudNativePG - - Random password generation for secure configuration - - Database credentials secret -- Updated the n8n helm_release to load values from the n8n-values.yaml file instead of using inline values -- Added set_sensitive block to set the encryption_key using the random_password resource - -## TODOs -- Verify the configuration against specific cluster requirements -- Consider adding HorizontalPodAutoscaler for production environments -- Add backup configuration for the PostgreSQL database -- Configure persistent storage for n8n if needed beyond default settings \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_replicated_release_automation.md b/applications/n8n/memory_bank/wf_replicated_release_automation.md deleted file mode 100644 index a9bf71e3..00000000 --- a/applications/n8n/memory_bank/wf_replicated_release_automation.md +++ /dev/null @@ -1,24 +0,0 @@ -# Replicated Release Automation - -## Current tasks from user prompt -- Add a task to the justfile to call dagger for creating a replicated release - -## Plan (simple) -Create a new task in the justfile that allows users to create a replicated release with Dagger using specified version and channel parameters. The task will leverage environment variables for sensitive information (API token). - -## Steps -1. Read the existing justfile to understand current structure -2. Add a new task called `create-replicated-release` that accepts version and channel parameters -3. Make sure the task uses environment variables for sensitive tokens -4. Test the implementation - -## Things done -- Added `create-replicated-release` task to the justfile that: - - Takes version and channel as parameters - - Uses environment variable for REPLICATED_API_TOKEN - - Calls dagger with appropriate parameters - -## TODOs -- Verify the implementation works as expected -- Consider adding documentation about this task in the workflow documentation -- Consider adding input validation or help text for parameter usage \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_repository_structure_update.md b/applications/n8n/memory_bank/wf_repository_structure_update.md deleted file mode 100644 index 85238c3d..00000000 --- a/applications/n8n/memory_bank/wf_repository_structure_update.md +++ /dev/null @@ -1,30 +0,0 @@ -# Repository Structure Update Workflow - -## Current tasks from user prompt -- Update project repository structure documentation to reflect current content - -## Plan (simple) -1. Examine the current repository structure by listing directories and files -2. Compare the actual structure with what's described in workflow.md -3. Update the workflow.md file with the accurate project structure -4. Validate the updated documentation matches the actual structure - -## Steps -1. List contents of root directory -2. List contents of applications/n8n directory -3. Check each relevant subdirectory to understand the full structure -4. Update the project repository structure section in workflow.md -5. Ensure the documentation is accurate and complete - -## Things done -- Listed root directory contents -- Listed applications/n8n directory contents -- Listed applications/n8n/memory_bank contents -- Listed applications/n8n/charts contents -- Checked n8n chart structure and templates -- Examined dagger directory structure -- Updated Project Repository Structure section in workflow.md to reflect current content -- Added more detailed documentation of template files and directory structure - -## TODOs -- None - task completed \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_terraform_helm_dependency_fix.md b/applications/n8n/memory_bank/wf_terraform_helm_dependency_fix.md deleted file mode 100644 index ca5fcaf0..00000000 --- a/applications/n8n/memory_bank/wf_terraform_helm_dependency_fix.md +++ /dev/null @@ -1,24 +0,0 @@ -## Current tasks from user prompt -- Fix Terraform failing to detect changes to the Helm chart dependencies (replicated) -- Make sure Terraform runs helm upgrade with the new changes - -## Plan (simple) -1. Understand why Terraform is not detecting the changes to Chart.yaml -2. Find a solution to make Terraform aware of the new dependency -3. Apply the changes to ensure Terraform performs helm upgrade correctly - -## Steps -1. Check the current Terraform configuration for the Helm release -2. Look for any mechanisms to update dependencies before applying -3. Identify if we need to add a lifecycle or trigger mechanism to detect changes -4. Implement the solution - -## Things done -- Identified that the Helm chart has a new dependency "replicated" added to Chart.yaml -- Found a justfile command `helm-dep-update` that updates Helm dependencies for the n8n chart -- Added a local-exec provisioner to the Terraform helm_release resource to run helm dependency update before applying -- Added recreate_pods = timestamp() to force Terraform to redeploy when Chart.yaml changes, making it recognize the changes to dependencies - -## TODOs -- Run `terraform apply` to test if the solution works -- Verify that the Helm chart is deployed with the replicated dependency \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_terraform_output_task.md b/applications/n8n/memory_bank/wf_terraform_output_task.md deleted file mode 100644 index bd614740..00000000 --- a/applications/n8n/memory_bank/wf_terraform_output_task.md +++ /dev/null @@ -1,23 +0,0 @@ -# Terraform Output Task Workflow - -## Current tasks from user prompt -- Add a new task to do a terraform output in the justfile - -## Plan (simple) -1. Understand the current justfile structure -2. Add a new task called terraform-output to run the terraform output command -3. Ensure it follows the same pattern as other existing terraform-related tasks - -## Steps -1. Read the current justfile to understand its structure -2. Identify the appropriate location to add the new terraform-output task -3. Add the new task to the justfile -4. Test to ensure it works as expected (if needed) - -## Things done -- Read the current justfile and understood its structure -- Added the terraform-output task after the set-replicated-values task -- The task includes an echo statement and the terraform output command - -## TODOs -- None - task completed \ No newline at end of file diff --git a/applications/n8n/memory_bank/wf_update_replicated_values.md b/applications/n8n/memory_bank/wf_update_replicated_values.md deleted file mode 100644 index 09649ed8..00000000 --- a/applications/n8n/memory_bank/wf_update_replicated_values.md +++ /dev/null @@ -1,40 +0,0 @@ -# Current tasks from user prompt -- Update the justfile with a new task `update-replicated-values` that accepts `customer_name` and `channel_name` parameters -- The task should: - 1. Create a replicated customer with the given name and channel - 2. Extract the license ID - 3. Login to the replicated registry with the license ID - 4. Show values from the replicated Helm chart - 5. Extract the global block and append to n8n-values.yaml - 6. Logout from the replicated registry -- Update the justfile task to append the entire global block, not just the content under global - -# Plan (simple) -1. Read the existing justfile to understand the format and pattern -2. Create a new task called update-replicated-values with the required parameters -3. Implement the commands as specified in the user's request -4. Ensure proper formatting and consistent style with the existing justfile -5. Update the yq command to preserve the global structure when appending to n8n-values.yaml - -# Steps -1. Read the existing justfile -2. Create a new task update-replicated-values with customer_name and channel_name parameters -3. Implement the command sequence with proper echo statements for feedback -4. Add the new task to the justfile -5. Update the yq command to use '{global: .global}' pattern instead of just '.global' - -# Things done -- Read the existing justfile -- Reviewed the workflow documentation to understand context -- Created the new update-replicated-values task in the justfile with all required functionality: - - Creating a replicated customer with name and channel - - Extracting the license ID using grep and awk - - Logging into the replicated registry - - Showing values from the replicated Helm chart - - Extracting the global block and appending to n8n-values.yaml - - Logging out from the replicated registry -- Updated the yq command to preserve the global structure when appending to n8n-values.yaml - - Changed from `yq '.global'` to `yq '{global: .global}'` - -# TODOs -- None - all tasks completed \ No newline at end of file