sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

디렉토리 구조 및 각 서비스 추가

Browse Source
This commit is contained in:
dsk-minchulahn
2024-01-03 17:29:11 +09:00
parent 98de2a7627
commit d601d0f259
1632 changed files with 207616 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
helm/openebs/charts/mayastor/.helmignore Normal file
View File

@@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
*.md

18
helm/openebs/charts/mayastor/Chart.lock Normal file
View File

@@ -0,0 +1,18 @@
dependencies:
- name: etcd
repository: https://charts.bitnami.com/bitnami
version: 8.6.0
- name: jaeger-operator
repository: https://jaegertracing.github.io/helm-charts
version: 2.25.0
- name: loki-stack
repository: https://grafana.github.io/helm-charts
version: 2.6.4
- name: nats
repository: https://nats-io.github.io/k8s/helm/charts/
version: 0.19.14
- name: localpv-provisioner
repository: https://openebs.github.io/dynamic-localpv-provisioner
version: 3.4.1
digest: sha256:0a43736883b9088fad4cd9e013abc88a470fb9d0e5cba50ce63c98172522a3fc
generated: "2023-09-05T10:04:06.785720699Z"

26
helm/openebs/charts/mayastor/Chart.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: v2
appVersion: 2.4.0
dependencies:
- name: etcd
repository: https://charts.bitnami.com/bitnami
version: 8.6.0
- condition: base.jaeger.enabled
name: jaeger-operator
repository: https://jaegertracing.github.io/helm-charts
version: 2.25.0
- condition: loki-stack.enabled
name: loki-stack
repository: https://grafana.github.io/helm-charts
version: 2.6.4
- condition: eventing.enabled
name: nats
repository: https://nats-io.github.io/k8s/helm/charts/
version: 0.19.14
- condition: localpv-provisioner.enabled
name: localpv-provisioner
repository: https://openebs.github.io/dynamic-localpv-provisioner
version: 3.4.1
description: Mayastor Helm chart for Kubernetes
name: mayastor
type: application
version: 2.4.0

58
helm/openebs/charts/mayastor/README.md.tmpl Normal file
View File

@@ -0,0 +1,58 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
## Installation Guide
### Prerequisites
- Make sure the [system requirement pre-requisites](https://mayastor.gitbook.io/introduction/quickstart/prerequisites) are met.
- Label the storage nodes same as the mayastor.nodeSelector in values.yaml
- Create the namespace you want the chart to be installed, or pass the `--create-namespace` flag in the `helm install` command.
```sh
kubectl create ns <mayastor-namespace>
```
- Create secret if downloading the container images from a private repo.
```sh
kubectl create secret docker-registry <same-as-base.imagePullSecrets.secrets> --docker-server="https://index.docker.io/v1/" --docker-username="<user-name>" --docker-password="<password>" --docker-email="<user-email>" -n <mayastor-namespace>
```
### Installing the chart via the git repo
Clone the mayastor charts repo.
Sync the chart dependencies
```console
$ helm dependency update
```
Install the mayastor chart using the command.
```console
$ helm install mayastor . -n <mayastor-namespace>
```
### Installing the Chart via Helm Registry
To install the chart with the release name `my-release`:
```console
$ helm repo add openebs https://openebs.github.io/mayastor-extensions/
$ helm install my-release openebs/{{ template "chart.name" . }}
```
## Chart Dependencies
{{ template "chart.requirementsTable" . }}
{{ template "chart.valuesHeader" . }}
| Key | Description | Default |
|-----|-------------|:-------:|
{{ range .Values }}
{{- if or .Description .AutoDescription -}}
{{ if eq .Type "object" -}}
| {{ .Key | replace "." ".&ZeroWidthSpace;" }} | {{ .Description | default .AutoDescription }} | <pre>{{ replace "}" "<br>}" (replace "{" "{<br>" (replace "," ",<br>" (toJson (fromJson (trimAll "`" (.Default | default .AutoDefault)))))) }}</pre> |
{{ else -}}
| {{ .Key | replace "." ".&ZeroWidthSpace;" }} | {{ .Description | default .AutoDescription }} | {{ .Default | default .AutoDefault }} |
{{ end -}}
{{ end }}
{{- end }}

21
helm/openebs/charts/mayastor/charts/etcd/.helmignore Normal file
View File

@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

6
helm/openebs/charts/mayastor/charts/etcd/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 2.2.2
digest: sha256:49ca75cf23ba5eb7df4becef52580f98c8bd8194eb80368b9d7b875f6eefa8e5
generated: "2022-12-19T15:22:40.567625269Z"

29
helm/openebs/charts/mayastor/charts/etcd/Chart.yaml Normal file
View File

@@ -0,0 +1,29 @@
annotations:
category: Database
apiVersion: v2
appVersion: 3.5.6
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
tags:
- bitnami-common
version: 2.x.x
description: etcd is a distributed key-value store designed to securely store data
across a cluster. etcd is widely used in production on account of its reliability,
fault-tolerance and ease of use.
home: https://github.com/bitnami/charts/tree/main/bitnami/etcd
icon: https://bitnami.com/assets/stacks/etcd/img/etcd-stack-220x234.png
keywords:
- etcd
- cluster
- database
- cache
- key-value
maintainers:
- name: Bitnami
url: https://github.com/bitnami/charts
name: etcd
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/etcd
- https://coreos.com/etcd/
version: 8.6.0

545
helm/openebs/charts/mayastor/charts/etcd/README.md Normal file
View File

@@ -0,0 +1,545 @@
<!--- app-name: Etcd -->
# Etcd packaged by Bitnami
etcd is a distributed key-value store designed to securely store data across a cluster. etcd is widely used in production on account of its reliability, fault-tolerance and ease of use.
[Overview of Etcd](https://etcd.io/)
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
## TL;DR
```console
$ helm repo add my-repo https://charts.bitnami.com/bitnami
$ helm install my-release my-repo/etcd
```
## Introduction
This chart bootstraps a [etcd](https://github.com/bitnami/containers/tree/main/bitnami/etcd) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
## Prerequisites
- Kubernetes 1.19+
- Helm 3.2.0+
- PV provisioner support in the underlying infrastructure
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm repo add my-repo https://charts.bitnami.com/bitnami
$ helm install my-release my-repo/etcd
```
These commands deploy etcd on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Parameters
### Global parameters
| Name | Description | Value |
| ------------------------- | ----------------------------------------------- | ----- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
### Common parameters
| Name | Description | Value |
| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- |
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` |
| `fullnameOverride` | String to fully override common.names.fullname template | `""` |
| `commonLabels` | Labels to add to all deployed objects | `{}` |
| `commonAnnotations` | Annotations to add to all deployed objects | `{}` |
| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
### etcd parameters
| Name | Description | Value |
| -------------------------------------- | ----------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | etcd image registry | `docker.io` |
| `image.repository` | etcd image name | `bitnami/etcd` |
| `image.tag` | etcd image tag | `3.5.6-debian-11-r10` |
| `image.digest` | etcd image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | etcd image pull policy | `IfNotPresent` |
| `image.pullSecrets` | etcd image pull secrets | `[]` |
| `image.debug` | Enable image debug mode | `false` |
| `auth.rbac.create` | Switch to enable RBAC authentication | `true` |
| `auth.rbac.allowNoneAuthentication` | Allow to use etcd without configuring RBAC authentication | `true` |
| `auth.rbac.rootPassword` | Root user password. The root user is always `root` | `""` |
| `auth.rbac.existingSecret` | Name of the existing secret containing credentials for the root user | `""` |
| `auth.rbac.existingSecretPasswordKey` | Name of key containing password to be retrieved from the existing secret | `""` |
| `auth.token.type` | Authentication token type. Allowed values: 'simple' or 'jwt' | `jwt` |
| `auth.token.privateKey.filename` | Name of the file containing the private key for signing the JWT token | `jwt-token.pem` |
| `auth.token.privateKey.existingSecret` | Name of the existing secret containing the private key for signing the JWT token | `""` |
| `auth.token.signMethod` | JWT token sign method | `RS256` |
| `auth.token.ttl` | JWT token TTL | `10m` |
| `auth.client.secureTransport` | Switch to encrypt client-to-server communications using TLS certificates | `false` |
| `auth.client.useAutoTLS` | Switch to automatically create the TLS certificates | `false` |
| `auth.client.existingSecret` | Name of the existing secret containing the TLS certificates for client-to-server communications | `""` |
| `auth.client.enableAuthentication` | Switch to enable host authentication using TLS certificates. Requires existing secret | `false` |
| `auth.client.certFilename` | Name of the file containing the client certificate | `cert.pem` |
| `auth.client.certKeyFilename` | Name of the file containing the client certificate private key | `key.pem` |
| `auth.client.caFilename` | Name of the file containing the client CA certificate | `""` |
| `auth.peer.secureTransport` | Switch to encrypt server-to-server communications using TLS certificates | `false` |
| `auth.peer.useAutoTLS` | Switch to automatically create the TLS certificates | `false` |
| `auth.peer.existingSecret` | Name of the existing secret containing the TLS certificates for server-to-server communications | `""` |
| `auth.peer.enableAuthentication` | Switch to enable host authentication using TLS certificates. Requires existing secret | `false` |
| `auth.peer.certFilename` | Name of the file containing the peer certificate | `cert.pem` |
| `auth.peer.certKeyFilename` | Name of the file containing the peer certificate private key | `key.pem` |
| `auth.peer.caFilename` | Name of the file containing the peer CA certificate | `""` |
| `autoCompactionMode` | Auto compaction mode, by default periodic. Valid values: "periodic", "revision". | `""` |
| `autoCompactionRetention` | Auto compaction retention for mvcc key value store in hour, by default 0, means disabled | `""` |
| `initialClusterState` | Initial cluster state. Allowed values: 'new' or 'existing' | `""` |
| `logLevel` | Sets the log level for the etcd process. Allowed values: 'debug', 'info', 'warn', 'error', 'panic', 'fatal' | `info` |
| `maxProcs` | Limits the number of operating system threads that can execute user-level | `""` |
| `removeMemberOnContainerTermination` | Use a PreStop hook to remove the etcd members from the etcd cluster on container termination | `true` |
| `configuration` | etcd configuration. Specify content for etcd.conf.yml | `""` |
| `existingConfigmap` | Existing ConfigMap with etcd configuration | `""` |
| `extraEnvVars` | Extra environment variables to be set on etcd container | `[]` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` |
| `command` | Default container command (useful when using custom images) | `[]` |
| `args` | Default container args (useful when using custom images) | `[]` |
### etcd statefulset parameters
| Name | Description | Value |
| --------------------------------------------------- | ----------------------------------------------------------------------------------------- | --------------- |
| `replicaCount` | Number of etcd replicas to deploy | `1` |
| `updateStrategy.type` | Update strategy type, can be set to RollingUpdate or OnDelete. | `RollingUpdate` |
| `podManagementPolicy` | Pod management policy for the etcd statefulset | `Parallel` |
| `hostAliases` | etcd pod host aliases | `[]` |
| `lifecycleHooks` | Override default etcd container hooks | `{}` |
| `containerPorts.client` | Client port to expose at container level | `2379` |
| `containerPorts.peer` | Peer port to expose at container level | `2380` |
| `podSecurityContext.enabled` | Enabled etcd pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set etcd pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled etcd containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set etcd container's Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set etcd container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as nonprivilege | `false` |
| `resources.limits` | The resources limits for the etcd container | `{}` |
| `resources.requests` | The requested resources for the etcd container | `{}` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `startupProbe.enabled` | Enable startupProbe | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `customLivenessProbe` | Override default liveness probe | `{}` |
| `customReadinessProbe` | Override default readiness probe | `{}` |
| `customStartupProbe` | Override default startup probe | `{}` |
| `extraVolumes` | Optionally specify extra list of additional volumes for etcd pods | `[]` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for etcd container(s) | `[]` |
| `initContainers` | Add additional init containers to the etcd pods | `[]` |
| `sidecars` | Add additional sidecar containers to the etcd pods | `[]` |
| `podAnnotations` | Annotations for etcd pods | `{}` |
| `podLabels` | Extra labels for etcd pods | `{}` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `affinity` | Affinity for pod assignment | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Tolerations for pod assignment | `[]` |
| `terminationGracePeriodSeconds` | Seconds the pod needs to gracefully terminate | `""` |
| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `priorityClassName` | Name of the priority class to be used by etcd pods | `""` |
| `runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` |
| `shareProcessNamespace` | Enable shared process namespace in a pod. | `false` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` |
| `persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` |
| `persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` |
### Traffic exposure parameters
| Name | Description | Value |
| ---------------------------------- | ---------------------------------------------------------------------------------- | ----------- |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.enabled` | create second service if equal true | `true` |
| `service.clusterIP` | Kubernetes service Cluster IP | `""` |
| `service.ports.client` | etcd client port | `2379` |
| `service.ports.peer` | etcd peer port | `2380` |
| `service.nodePorts.client` | Specify the nodePort client value for the LoadBalancer and NodePort service types. | `""` |
| `service.nodePorts.peer` | Specify the nodePort peer value for the LoadBalancer and NodePort service types. | `""` |
| `service.clientPortNameOverride` | etcd client port name override | `""` |
| `service.peerPortNameOverride` | etcd peer port name override | `""` |
| `service.loadBalancerIP` | loadBalancerIP for the etcd service (optional, cloud specific) | `""` |
| `service.loadBalancerSourceRanges` | Load Balancer source ranges | `[]` |
| `service.externalIPs` | External IPs | `[]` |
| `service.externalTrafficPolicy` | %%MAIN_CONTAINER_NAME%% service external traffic policy | `Cluster` |
| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `service.annotations` | Additional annotations for the etcd service | `{}` |
| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
### Persistence parameters
| Name | Description | Value |
| -------------------------- | --------------------------------------------------------------- | ------------------- |
| `persistence.enabled` | If true, use a Persistent Volume Claim. If false, use emptyDir. | `true` |
| `persistence.storageClass` | Persistent Volume Storage Class | `""` |
| `persistence.annotations` | Annotations for the PVC | `{}` |
| `persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` |
| `persistence.size` | PVC Storage Request for etcd data volume | `8Gi` |
| `persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
### Volume Permissions parameters
| Name | Description | Value |
| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r63` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
### Network Policy parameters
| Name | Description | Value |
| --------------------------------------- | ---------------------------------------------------------- | ------- |
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### Metrics parameters
| Name | Description | Value |
| ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------ |
| `metrics.enabled` | Expose etcd metrics | `false` |
| `metrics.podAnnotations` | Annotations for the Prometheus metrics on etcd pods | `{}` |
| `metrics.podMonitor.enabled` | Create PodMonitor Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.podMonitor.namespace` | Namespace in which Prometheus is running | `monitoring` |
| `metrics.podMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` |
| `metrics.podMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `30s` |
| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitors will be discovered by Prometheus | `{}` |
| `metrics.podMonitor.scheme` | Scheme to use for scraping | `http` |
| `metrics.podMonitor.tlsConfig` | TLS configuration used for scrape endpoints used by Prometheus | `{}` |
| `metrics.podMonitor.relabelings` | Prometheus relabeling rules | `[]` |
| `metrics.prometheusRule.enabled` | Create a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
### Snapshotting parameters
| Name | Description | Value |
| ----------------------------------------------- | ----------------------------------------------------------------------- | -------------- |
| `startFromSnapshot.enabled` | Initialize new cluster recovering an existing snapshot | `false` |
| `startFromSnapshot.existingClaim` | Existing PVC containing the etcd snapshot | `""` |
| `startFromSnapshot.snapshotFilename` | Snapshot filename | `""` |
| `disasterRecovery.enabled` | Enable auto disaster recovery by periodically snapshotting the keyspace | `false` |
| `disasterRecovery.cronjob.schedule` | Schedule in Cron format to save snapshots | `*/30 * * * *` |
| `disasterRecovery.cronjob.historyLimit` | Number of successful finished jobs to retain | `1` |
| `disasterRecovery.cronjob.snapshotHistoryLimit` | Number of etcd snapshots to retain, tagged by date | `1` |
| `disasterRecovery.cronjob.podAnnotations` | Pod annotations for cronjob pods | `{}` |
| `disasterRecovery.cronjob.resources.limits` | Cronjob container resource limits | `{}` |
| `disasterRecovery.cronjob.resources.requests` | Cronjob container resource requests | `{}` |
| `disasterRecovery.cronjob.nodeSelector` | Node labels for cronjob pods assignment | `{}` |
| `disasterRecovery.cronjob.tolerations` | Tolerations for cronjob pods assignment | `[]` |
| `disasterRecovery.pvc.existingClaim` | A manually managed Persistent Volume and Claim | `""` |
| `disasterRecovery.pvc.size` | PVC Storage Request | `2Gi` |
| `disasterRecovery.pvc.storageClassName` | Storage Class for snapshots volume | `nfs` |
### Service account parameters
| Name | Description | Value |
| --------------------------------------------- | ------------------------------------------------------------ | ------- |
| `serviceAccount.create` | Enable/disable service account creation | `false` |
| `serviceAccount.name` | Name of the service account to create or use | `""` |
| `serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of service account token | `true` |
| `serviceAccount.annotations` | Additional annotations to be included on the service account | `{}` |
| `serviceAccount.labels` | Additional labels to be included on the service account | `{}` |
### Other parameters
| Name | Description | Value |
| -------------------- | -------------------------------------------------------------- | ------ |
| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` |
| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `51%` |
| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install my-release \
--set auth.rbac.rootPassword=secretpassword my-repo/etcd
```
The above command sets the etcd `root` account password to `secretpassword`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
$ helm install my-release -f values.yaml my-repo/etcd
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details
### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Cluster configuration
The Bitnami etcd chart can be used to bootstrap an etcd cluster, easy to scale and with available features to implement disaster recovery.
Refer to the [chart documentation](https://docs.bitnami.com/kubernetes/infrastructure/etcd/get-started/understand-default-configuration/) for more information about all these details.
### Enable security for etcd
The etcd chart can be configured with Role-based access control and TLS encryption to improve its security.
[Learn more about security in the chart documentation](https://docs.bitnami.com/kubernetes/infrastructure/etcd/administration/enable-security/).
### Persistence
The [Bitnami etcd](https://github.com/bitnami/containers/tree/main/bitnami/etcd) image stores the etcd data at the `/bitnami/etcd` path of the container. Persistent Volume Claims are used to keep the data across statefulsets.
The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning by default. An existing PersistentVolumeClaim can also be defined for this purpose.
If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/).
### Backup and restore the etcd keyspace
The Bitnami etcd chart provides mechanisms to bootstrap the etcd cluster restoring an existing snapshot before initializing.
[Learn more about backup/restore features in the chart documentation](https://docs.bitnami.com/kubernetes/infrastructure/etcd/administration/backup-restore/).
### Exposing etcd metrics
The metrics exposed by etcd can be exposed to be scraped by Prometheus. This can be done by adding the required annotations for Prometheus to discover the metrics endpoints or creating a PodMonitor entry if you are using the Prometheus Operator.
[Learn more about exposing metrics in the chart documentation](https://docs.bitnami.com/kubernetes/infrastructure/etcd/administration/enable-metrics/).
### Using custom configuration
In order to use custom configuration parameters, two options are available:
- Using environment variables: etcd allows setting environment variables that map to configuration settings. In order to set extra environment variables, you can use the `extraEnvVars` property. Alternatively, you can use a ConfigMap or a Secret with the environment variables using the `extraEnvVarsCM` or the `extraEnvVarsSecret` properties.
```yaml
extraEnvVars:
- name: ETCD_AUTO_COMPACTION_RETENTION
value: "0"
- name: ETCD_HEARTBEAT_INTERVAL
value: "150"
```
- Using a custom `etcd.conf.yml`: The etcd chart allows mounting a custom `etcd.conf.yml` file as ConfigMap. In order to so, you can use the `configuration` property. Alternatively, you can use an existing ConfigMap using the `existingConfigmap` parameter.
### Auto Compaction
Since etcd keeps an exact history of its keyspace, this history should be periodically compacted to avoid performance degradation and eventual storage space exhaustion. Compacting the keyspace history drops all information about keys superseded prior to a given keyspace revision. The space used by these keys then becomes available for additional writes to the keyspace.
`autoCompactionMode`, by default periodic. Valid values: "periodic", "revision".
- 'periodic' for duration based retention, defaulting to hours if no time unit is provided (e.g. "5m").
- 'revision' for revision number based retention.
`autoCompactionRetention` for mvcc key value store in hour, by default 0, means disabled.
You can enable auto compaction by using following parameters:
```console
autoCompactionMode=periodic
autoCompactionRetention=10m
```
### Sidecars and Init Containers
If you have a need for additional containers to run within the same pod as the etcd app (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec.
```yaml
sidecars:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
```
Similarly, you can add extra init containers using the `initContainers` parameter.
```yaml
initContainers:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
```
### Deploying extra resources
There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter.
### Setting Pod's affinity
This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters.
## Troubleshooting
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
## Upgrading
### To 8.0.0
This version reverts the change in the previous major bump ([7.0.0](https://github.com/bitnami/charts/tree/main/bitnami/etcd#to-700)). Now the default `etcd` branch is `3.5` again once confirmed by the [etcd developers](https://github.com/etcd-io/etcd/tree/main/CHANGELOG#production-recommendation) that this version is production-ready once solved the data corruption issue.
### To 7.0.0
This version changes the default `etcd` branch to `3.4` as suggested by [etcd developers](https://github.com/etcd-io/etcd/tree/main/CHANGELOG#production-recommendation). In order to migrate the data follow the official etcd instructions.
### To 6.0.0
This version introduces several features and performance improvements:
- The statefulset can now be scaled using `kubectl scale` command. Using `helm upgrade` to recalculate available endpoints is no longer needed.
- The scripts used for bootstrapping, runtime reconfiguration, and disaster recovery have been refactored and moved to the etcd container (see [this PR](https://github.com/bitnami/bitnami-docker-etcd/pull/13)) with two purposes: removing technical debt & improving the stability.
- Several parameters were reorganized to simplify the structure and follow the same standard used on other Bitnami charts:
- `etcd.initialClusterState` is renamed to `initialClusterState`.
- `statefulset.replicaCount` is renamed to `replicaCount`.
- `statefulset.podManagementPolicy` is renamed to `podManagementPolicy`.
- `statefulset.updateStrategy` and `statefulset.rollingUpdatePartition` are merged into `updateStrategy`.
- `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`.
- `configFileConfigMap` is deprecated in favor of `configuration` and `existingConfigmap`.
- `envVarsConfigMap` is deprecated in favor of `extraEnvVars`, `extraEnvVarsCM` and `extraEnvVarsSecret`.
- `allowNoneAuthentication` is renamed to `auth.rbac.allowNoneAuthentication`.
- New parameters/features were added:
- `extraDeploy` to deploy any extra desired object.
- `initContainers` and `sidecars` to define custom init containers and sidecars.
- `extraVolumes` and `extraVolumeMounts` to define custom volumes and mount points.
- Probes can be now customized, and support to startup probes is added.
- LifecycleHooks can be customized using `lifecycleHooks` parameter.
- The default command/args can be customized using `command` and `args` parameters.
- Metrics integration with Prometheus Operator does no longer use a ServiceMonitor object, but a PodMonitor instead.
Consequences:
- Backwards compatibility is not guaranteed unless you adapt you **values.yaml** according to the changes described above.
### To 5.2.0
This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade.
### To 5.0.0
[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/etcd/administration/upgrade-helm3/).
### To 4.4.14
In this release we addressed a vulnerability that showed the `ETCD_ROOT_PASSWORD` environment variable in the application logs. Users are advised to update immediately. More information in [this issue](https://github.com/bitnami/charts/issues/1901).
### To 3.0.0
Backwards compatibility is not guaranteed. The following notables changes were included:
- **etcdctl** uses v3 API.
- Adds support for auto disaster recovery.
- Labels are adapted to follow the Helm charts best practices.
To upgrade from previous charts versions, create a snapshot of the keyspace and restore it in a new etcd cluster. Only v3 API data can be restored.
You can use the command below to upgrade your chart by starting a new cluster using an existing snapshot, available in an existing PVC, to initialize the members:
```console
$ helm install new-release my-repo/etcd \
--set statefulset.replicaCount=3 \
--set persistence.enabled=true \
--set persistence.size=8Gi \
--set startFromSnapshot.enabled=true \
--set startFromSnapshot.existingClaim=my-claim \
--set startFromSnapshot.snapshotFilename=my-snapshot.db
```
### To 1.0.0
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is etcd:
```console
$ kubectl delete statefulset etcd --cascade=false
```
## License
Copyright &copy; 2022 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

22
helm/openebs/charts/mayastor/charts/etcd/charts/common/.helmignore Normal file
View File

@@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

23
helm/openebs/charts/mayastor/charts/etcd/charts/common/Chart.yaml Normal file
View File

@@ -0,0 +1,23 @@
annotations:
category: Infrastructure
apiVersion: v2
appVersion: 2.2.2
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
icon: https://bitnami.com/downloads/logos/bitnami-mark.png
keywords:
- common
- helper
- template
- function
- bitnami
maintainers:
- name: Bitnami
url: https://github.com/bitnami/charts
name: common
sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
version: 2.2.2

351
helm/openebs/charts/mayastor/charts/etcd/charts/common/README.md Normal file
View File

@@ -0,0 +1,351 @@
# Bitnami Common Library Chart
A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts.
## TL;DR
```yaml
dependencies:
- name: common
version: 1.x.x
repository: https://charts.bitnami.com/bitnami
```
```bash
$ helm dependency update
```
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}
data:
myvalue: "Hello World"
```
## Introduction
This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
## Prerequisites
- Kubernetes 1.19+
- Helm 3.2.0+
## Parameters
The following table lists the helpers available in the library which are scoped in different sections.
### Affinities
| Helper identifier | Description | Expected Input |
|-------------------------------|------------------------------------------------------|------------------------------------------------|
| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` |
### Capabilities
| Helper identifier | Description | Expected Input |
|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context |
| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context |
| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context |
| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context |
| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
### Errors
| Helper identifier | Description | Expected Input |
|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
### Images
| Helper identifier | Description | Expected Input |
|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
### Ingress
| Helper identifier | Description | Expected Input |
|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` |
### Labels
| Helper identifier | Description | Expected Input |
|-----------------------------|-----------------------------------------------------------------------------|-------------------|
| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context |
### Names
| Helper identifier | Description | Expected Input |
|-----------------------------------|-----------------------------------------------------------------------|-------------------|
| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context |
| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context |
| `common.names.chart` | Chart name plus version | `.` Chart context |
### Secrets
| Helper identifier | Description | Expected Input |
|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
### Storage
| Helper identifier | Description | Expected Input |
|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
### TplValues
| Helper identifier | Description | Expected Input |
|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
### Utils
| Helper identifier | Description | Expected Input |
|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
### Validations
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. |
| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis&reg; are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB&reg; are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
### Warnings
| Helper identifier | Description | Expected Input |
|------------------------------|----------------------------------|------------------------------------------------------------|
| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
## Special input schemas
### ImageRoot
```yaml
registry:
type: string
description: Docker registry where the image is located
example: docker.io
repository:
type: string
description: Repository and image name
example: bitnami/nginx
tag:
type: string
description: image tag
example: 1.16.1-debian-10-r63
pullPolicy:
type: string
description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
pullSecrets:
type: array
items:
type: string
description: Optionally specify an array of imagePullSecrets (evaluated as templates).
debug:
type: boolean
description: Set to true if you would like to see extra information on logs
example: false
## An instance would be:
# registry: docker.io
# repository: bitnami/nginx
# tag: 1.16.1-debian-10-r63
# pullPolicy: IfNotPresent
# debug: false
```
### Persistence
```yaml
enabled:
type: boolean
description: Whether enable persistence.
example: true
storageClass:
type: string
description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning.
example: "-"
accessMode:
type: string
description: Access mode for the Persistent Volume Storage.
example: ReadWriteOnce
size:
type: string
description: Size the Persistent Volume Storage.
example: 8Gi
path:
type: string
description: Path to be persisted.
example: /bitnami
## An instance would be:
# enabled: true
# storageClass: "-"
# accessMode: ReadWriteOnce
# size: 8Gi
# path: /bitnami
```
### ExistingSecret
```yaml
name:
type: string
description: Name of the existing secret.
example: mySecret
keyMapping:
description: Mapping between the expected key name and the name of the key in the existing secret.
type: object
## An instance would be:
# name: mySecret
# keyMapping:
# password: myPasswordKey
```
#### Example of use
When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets.
```yaml
# templates/secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
labels:
app: {{ include "common.names.fullname" . }}
type: Opaque
data:
password: {{ .Values.password | b64enc | quote }}
# templates/dpl.yaml
---
...
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }}
...
# values.yaml
---
name: mySecret
keyMapping:
password: myPasswordKey
```
### ValidateValue
#### NOTES.txt
```console
{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
```
If we force those values to be empty we will see some alerts
```console
$ helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value:
export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d)
```
## Upgrading
### To 1.0.0
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
**What changes were introduced in this major version?**
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
**Considerations when upgrading to this version**
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
**Useful links**
- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
- https://helm.sh/docs/topics/v2_v3_migration/
- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
## License
Copyright &copy; 2022 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

106
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/_affinities.tpl Normal file
View File

@@ -0,0 +1,106 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return a soft nodeAffinity definition
{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes.soft" -}}
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: {{ .key }}
operator: In
values:
{{- range .values }}
- {{ . | quote }}
{{- end }}
weight: 1
{{- end -}}
{{/*
Return a hard nodeAffinity definition
{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes.hard" -}}
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: {{ .key }}
operator: In
values:
{{- range .values }}
- {{ . | quote }}
{{- end }}
{{- end -}}
{{/*
Return a nodeAffinity definition
{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes" -}}
{{- if eq .type "soft" }}
{{- include "common.affinities.nodes.soft" . -}}
{{- else if eq .type "hard" }}
{{- include "common.affinities.nodes.hard" . -}}
{{- end -}}
{{- end -}}
{{/*
Return a topologyKey definition
{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}}
*/}}
{{- define "common.affinities.topologyKey" -}}
{{ .topologyKey | default "kubernetes.io/hostname" -}}
{{- end -}}
{{/*
Return a soft podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}}
*/}}
{{- define "common.affinities.pods.soft" -}}
{{- $component := default "" .component -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := $extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
weight: 1
{{- end -}}
{{/*
Return a hard podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}}
*/}}
{{- define "common.affinities.pods.hard" -}}
{{- $component := default "" .component -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := $extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
{{- end -}}
{{/*
Return a podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.pods" -}}
{{- if eq .type "soft" }}
{{- include "common.affinities.pods.soft" . -}}
{{- else if eq .type "hard" }}
{{- include "common.affinities.pods.hard" . -}}
{{- end -}}
{{- end -}}

154
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/_capabilities.tpl Normal file
View File

@@ -0,0 +1,154 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the target Kubernetes version
*/}}
{{- define "common.capabilities.kubeVersion" -}}
{{- if .Values.global }}
{{- if .Values.global.kubeVersion }}
{{- .Values.global.kubeVersion -}}
{{- else }}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
{{- end -}}
{{- else }}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for poddisruptionbudget.
*/}}
{{- define "common.capabilities.policy.apiVersion" -}}
{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "policy/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "common.capabilities.networkPolicy.apiVersion" -}}
{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for cronjob.
*/}}
{{- define "common.capabilities.cronjob.apiVersion" -}}
{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "batch/v1beta1" -}}
{{- else -}}
{{- print "batch/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "common.capabilities.deployment.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for statefulset.
*/}}
{{- define "common.capabilities.statefulset.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apps/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "common.capabilities.ingress.apiVersion" -}}
{{- if .Values.ingress -}}
{{- if .Values.ingress.apiVersion -}}
{{- .Values.ingress.apiVersion -}}
{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end }}
{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for RBAC resources.
*/}}
{{- define "common.capabilities.rbac.apiVersion" -}}
{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "rbac.authorization.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for CRDs.
*/}}
{{- define "common.capabilities.crd.apiVersion" -}}
{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiextensions.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "apiextensions.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for APIService.
*/}}
{{- define "common.capabilities.apiService.apiVersion" -}}
{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiregistration.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "apiregistration.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for Horizontal Pod Autoscaler.
*/}}
{{- define "common.capabilities.hpa.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}}
{{- if .beta2 -}}
{{- print "autoscaling/v2beta2" -}}
{{- else -}}
{{- print "autoscaling/v2beta1" -}}
{{- end -}}
{{- else -}}
{{- print "autoscaling/v2" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if the used Helm version is 3.3+.
A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure.
This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error.
**To be removed when the catalog's minimun Helm version is 3.3**
*/}}
{{- define "common.capabilities.supportsHelmVersion" -}}
{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }}
{{- true -}}
{{- end -}}
{{- end -}}

23
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/_errors.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Through error when upgrading using empty passwords values that must not be empty.
Usage:
{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}}
{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }}
Required password params:
- validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error.
- context - Context - Required. Parent context.
*/}}
{{- define "common.errors.upgrade.passwords.empty" -}}
{{- $validationErrors := join "" .validationErrors -}}
{{- if and $validationErrors .context.Release.IsUpgrade -}}
{{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}}
{{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}}
{{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}}
{{- $errorString = print $errorString "\n%s" -}}
{{- printf $errorString $validationErrors | fail -}}
{{- end -}}
{{- end -}}

76
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/_images.tpl Normal file
View File

@@ -0,0 +1,76 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper image name
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }}
*/}}
{{- define "common.images.image" -}}
{{- $registryName := .imageRoot.registry -}}
{{- $repositoryName := .imageRoot.repository -}}
{{- $separator := ":" -}}
{{- $termination := .imageRoot.tag | toString -}}
{{- if .global }}
{{- if .global.imageRegistry }}
{{- $registryName = .global.imageRegistry -}}
{{- end -}}
{{- end -}}
{{- if .imageRoot.digest }}
{{- $separator = "@" -}}
{{- $termination = .imageRoot.digest | toString -}}
{{- end -}}
{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead)
{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }}
*/}}
{{- define "common.images.pullSecrets" -}}
{{- $pullSecrets := list }}
{{- if .global }}
{{- range .global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .pullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names evaluating values as templates
{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }}
*/}}
{{- define "common.images.renderPullSecrets" -}}
{{- $pullSecrets := list }}
{{- $context := .context }}
{{- if $context.Values.global }}
{{- range $context.Values.global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .pullSecrets -}}
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}

68
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/_ingress.tpl Normal file
View File

@@ -0,0 +1,68 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Generate backend entry that is compatible with all Kubernetes API versions.
Usage:
{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }}
Params:
- serviceName - String. Name of an existing service backend
- servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer.
- context - Dict - Required. The context for the template evaluation.
*/}}
{{- define "common.ingress.backend" -}}
{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}}
{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}}
serviceName: {{ .serviceName }}
servicePort: {{ .servicePort }}
{{- else -}}
service:
name: {{ .serviceName }}
port:
{{- if typeIs "string" .servicePort }}
name: {{ .servicePort }}
{{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }}
number: {{ .servicePort | int }}
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Print "true" if the API pathType field is supported
Usage:
{{ include "common.ingress.supportsPathType" . }}
*/}}
{{- define "common.ingress.supportsPathType" -}}
{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- print "false" -}}
{{- else -}}
{{- print "true" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if the ingressClassname field is supported
Usage:
{{ include "common.ingress.supportsIngressClassname" . }}
*/}}
{{- define "common.ingress.supportsIngressClassname" -}}
{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "false" -}}
{{- else -}}
{{- print "true" -}}
{{- end -}}
{{- end -}}
{{/*
Return true if cert-manager required annotations for TLS signed
certificates are set in the Ingress annotations
Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
Usage:
{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }}
*/}}
{{- define "common.ingress.certManagerRequest" -}}
{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }}
{{- true -}}
{{- end -}}
{{- end -}}

18
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/_labels.tpl Normal file
View File

@@ -0,0 +1,18 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Kubernetes standard labels
*/}}
{{- define "common.labels.standard" -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
helm.sh/chart: {{ include "common.names.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
*/}}
{{- define "common.labels.matchLabels" -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}

66
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/_names.tpl Normal file
View File

@@ -0,0 +1,66 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "common.names.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "common.names.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "common.names.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified dependency name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
Usage:
{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }}
*/}}
{{- define "common.names.dependency.fullname" -}}
{{- if .chartValues.fullnameOverride -}}
{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .chartName .chartValues.nameOverride -}}
{{- if contains $name .context.Release.Name -}}
{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts.
*/}}
{{- define "common.names.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a fully qualified app name adding the installation's namespace.
*/}}
{{- define "common.names.fullname.namespace" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}

165
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/_secrets.tpl Normal file
View File

@@ -0,0 +1,165 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Generate secret name.
Usage:
{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }}
Params:
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret
- defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment.
- context - Dict - Required. The context for the template evaluation.
*/}}
{{- define "common.secrets.name" -}}
{{- $name := (include "common.names.fullname" .context) -}}
{{- if .defaultNameSuffix -}}
{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- with .existingSecret -}}
{{- if not (typeIs "string" .) -}}
{{- with .name -}}
{{- $name = . -}}
{{- end -}}
{{- else -}}
{{- $name = . -}}
{{- end -}}
{{- end -}}
{{- printf "%s" $name -}}
{{- end -}}
{{/*
Generate secret key.
Usage:
{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }}
Params:
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret
- key - String - Required. Name of the key in the secret.
*/}}
{{- define "common.secrets.key" -}}
{{- $key := .key -}}
{{- if .existingSecret -}}
{{- if not (typeIs "string" .existingSecret) -}}
{{- if .existingSecret.keyMapping -}}
{{- $key = index .existingSecret.keyMapping $.key -}}
{{- end -}}
{{- end }}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}
{{/*
Generate secret password or retrieve one if already created.
Usage:
{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- key - String - Required - Name of the key in the secret.
- providedValues - List<String> - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
- length - int - Optional - Length of the generated random password.
- strong - Boolean - Optional - Whether to add symbols to the generated random password.
- chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
- context - Context - Required - Parent context.
The order in which this function returns a secret password:
1. Already existing 'Secret' resource
(If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
2. Password provided via the values.yaml
(If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned)
3. Randomly generated secret password
(A new random secret password with the length specified in the 'length' parameter will be generated and returned)
*/}}
{{- define "common.secrets.passwords.manage" -}}
{{- $password := "" }}
{{- $subchart := "" }}
{{- $chartName := default "" .chartName }}
{{- $passwordLength := default 10 .length }}
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
{{- if $secretData }}
{{- if hasKey $secretData .key }}
{{- $password = index $secretData .key | quote }}
{{- else }}
{{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
{{- end -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString | b64enc | quote }}
{{- else }}
{{- if .context.Values.enabled }}
{{- $subchart = $chartName }}
{{- end -}}
{{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}}
{{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
{{- $passwordValidationErrors := list $requiredPasswordError -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}}
{{- if .strong }}
{{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
{{- $password = randAscii $passwordLength }}
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
{{- else }}
{{- $password = randAlphaNum $passwordLength | b64enc | quote }}
{{- end }}
{{- end -}}
{{- printf "%s" $password -}}
{{- end -}}
{{/*
Reuses the value from an existing secret, otherwise sets its value to a default value.
Usage:
{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- key - String - Required - Name of the key in the secret.
- defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
- context - Context - Required - Parent context.
*/}}
{{- define "common.secrets.lookup" -}}
{{- $value := "" -}}
{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}}
{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}}
{{- if and $secretData (hasKey $secretData .key) -}}
{{- $value = index $secretData .key -}}
{{- else -}}
{{- $value = $defaultValue | toString | b64enc -}}
{{- end -}}
{{- printf "%s" $value -}}
{{- end -}}
{{/*
Returns whether a previous generated secret already exists
Usage:
{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- context - Context - Required - Parent context.
*/}}
{{- define "common.secrets.exists" -}}
{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }}
{{- if $secret }}
{{- true -}}
{{- end -}}
{{- end -}}

23
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/_storage.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper Storage Class
{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }}
*/}}
{{- define "common.storage.class" -}}
{{- $storageClass := .persistence.storageClass -}}
{{- if .global -}}
{{- if .global.storageClass -}}
{{- $storageClass = .global.storageClass -}}
{{- end -}}
{{- end -}}
{{- if $storageClass -}}
{{- if (eq "-" $storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" $storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}

13
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/_tplvalues.tpl Normal file
View File

@@ -0,0 +1,13 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Renders a value that contains template.
Usage:
{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "common.tplvalues.render" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}

62
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/_utils.tpl Normal file
View File

@@ -0,0 +1,62 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Print instructions to get a secret value.
Usage:
{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }}
*/}}
{{- define "common.utils.secret.getvalue" -}}
{{- $varname := include "common.utils.fieldToEnvVar" . -}}
export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d)
{{- end -}}
{{/*
Build env var name given a field
Usage:
{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }}
*/}}
{{- define "common.utils.fieldToEnvVar" -}}
{{- $fieldNameSplit := splitList "-" .field -}}
{{- $upperCaseFieldNameSplit := list -}}
{{- range $fieldNameSplit -}}
{{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}}
{{- end -}}
{{ join "_" $upperCaseFieldNameSplit }}
{{- end -}}
{{/*
Gets a value from .Values given
Usage:
{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }}
*/}}
{{- define "common.utils.getValueFromKey" -}}
{{- $splitKey := splitList "." .key -}}
{{- $value := "" -}}
{{- $latestObj := $.context.Values -}}
{{- range $splitKey -}}
{{- if not $latestObj -}}
{{- printf "please review the entire path of '%s' exists in values" $.key | fail -}}
{{- end -}}
{{- $value = ( index $latestObj . ) -}}
{{- $latestObj = $value -}}
{{- end -}}
{{- printf "%v" (default "" $value) -}}
{{- end -}}
{{/*
Returns first .Values key with a defined value or first of the list if all non-defined
Usage:
{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }}
*/}}
{{- define "common.utils.getKeyFromList" -}}
{{- $key := first .keys -}}
{{- $reverseKeys := reverse .keys }}
{{- range $reverseKeys }}
{{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }}
{{- if $value -}}
{{- $key = . }}
{{- end -}}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}

14
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/_warnings.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Warning about using rolling tag.
Usage:
{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }}
*/}}
{{- define "common.warnings.rollingTag" -}}
{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}
{{- end -}}

72
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_cassandra.tpl Normal file
View File

@@ -0,0 +1,72 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate Cassandra required passwords are not empty.
Usage:
{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret"
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.cassandra.passwords" -}}
{{- $existingSecret := include "common.cassandra.values.existingSecret" . -}}
{{- $enabled := include "common.cassandra.values.enabled" . -}}
{{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}}
{{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.cassandra.values.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.cassandra.values.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.cassandra.dbUser.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.dbUser.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled cassandra.
Usage:
{{ include "common.cassandra.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.cassandra.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.cassandra.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key dbUser
Usage:
{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.cassandra.values.key.dbUser" -}}
{{- if .subchart -}}
cassandra.dbUser
{{- else -}}
dbUser
{{- end -}}
{{- end -}}

103
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_mariadb.tpl Normal file
View File

@@ -0,0 +1,103 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MariaDB required passwords are not empty.
Usage:
{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret"
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mariadb.passwords" -}}
{{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mariadb.values.enabled" . -}}
{{- $architecture := include "common.mariadb.values.architecture" . -}}
{{- $authPrefix := include "common.mariadb.values.key.auth" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- if not (empty $valueUsername) -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replication") -}}
{{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mariadb.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mariadb.
Usage:
{{ include "common.mariadb.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mariadb.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mariadb.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mariadb.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.key.auth" -}}
{{- if .subchart -}}
mariadb.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}

108
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_mongodb.tpl Normal file
View File

@@ -0,0 +1,108 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MongoDB&reg; required passwords are not empty.
Usage:
{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MongoDB&reg; values are stored, e.g: "mongodb-passwords-secret"
- subchart - Boolean - Optional. Whether MongoDB&reg; is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mongodb.passwords" -}}
{{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mongodb.values.enabled" . -}}
{{- $authPrefix := include "common.mongodb.values.key.auth" . -}}
{{- $architecture := include "common.mongodb.values.architecture" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyDatabase := printf "%s.database" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}}
{{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}}
{{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }}
{{- if and $valueUsername $valueDatabase -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replicaset") -}}
{{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mongodb.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mongodb.
Usage:
{{ include "common.mongodb.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mongodb.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mongodb.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDB&reg; is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.key.auth" -}}
{{- if .subchart -}}
mongodb.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDB&reg; is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mongodb.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}

103
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_mysql.tpl Normal file
View File

@@ -0,0 +1,103 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MySQL required passwords are not empty.
Usage:
{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret"
- subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mysql.passwords" -}}
{{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mysql.values.enabled" . -}}
{{- $architecture := include "common.mysql.values.architecture" . -}}
{{- $authPrefix := include "common.mysql.values.key.auth" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- if not (empty $valueUsername) -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replication") -}}
{{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
*/}}
{{- define "common.mysql.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mysql.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mysql.
Usage:
{{ include "common.mysql.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mysql.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mysql.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
*/}}
{{- define "common.mysql.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mysql.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
*/}}
{{- define "common.mysql.values.key.auth" -}}
{{- if .subchart -}}
mysql.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}

129
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_postgresql.tpl Normal file
View File

@@ -0,0 +1,129 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate PostgreSQL required passwords are not empty.
Usage:
{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret"
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.postgresql.passwords" -}}
{{- $existingSecret := include "common.postgresql.values.existingSecret" . -}}
{{- $enabled := include "common.postgresql.values.enabled" . -}}
{{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}}
{{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}}
{{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}}
{{- if (eq $enabledReplication "true") -}}
{{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to decide whether evaluate global values.
Usage:
{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }}
Params:
- key - String - Required. Field to be evaluated within global, e.g: "existingSecret"
*/}}
{{- define "common.postgresql.values.use.global" -}}
{{- if .context.Values.global -}}
{{- if .context.Values.global.postgresql -}}
{{- index .context.Values.global.postgresql .key | quote -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.postgresql.values.existingSecret" (dict "context" $) }}
*/}}
{{- define "common.postgresql.values.existingSecret" -}}
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}}
{{- if .subchart -}}
{{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}}
{{- else -}}
{{- default (.context.Values.existingSecret | quote) $globalValue -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled postgresql.
Usage:
{{ include "common.postgresql.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.postgresql.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.postgresql.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key postgressPassword.
Usage:
{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.key.postgressPassword" -}}
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}}
{{- if not $globalValue -}}
{{- if .subchart -}}
postgresql.postgresqlPassword
{{- else -}}
postgresqlPassword
{{- end -}}
{{- else -}}
global.postgresql.postgresqlPassword
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled.replication.
Usage:
{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.enabled.replication" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.postgresql.replication.enabled -}}
{{- else -}}
{{- printf "%v" .context.Values.replication.enabled -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key replication.password.
Usage:
{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.key.replicationPassword" -}}
{{- if .subchart -}}
postgresql.replication.password
{{- else -}}
replication.password
{{- end -}}
{{- end -}}

76
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_redis.tpl Normal file
View File

@@ -0,0 +1,76 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate Redis&reg; required passwords are not empty.
Usage:
{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret"
- subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.redis.passwords" -}}
{{- $enabled := include "common.redis.values.enabled" . -}}
{{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}}
{{- $standarizedVersion := include "common.redis.values.standarized.version" . }}
{{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }}
{{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }}
{{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }}
{{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}}
{{- if eq $useAuth "true" -}}
{{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled redis.
Usage:
{{ include "common.redis.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.redis.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.redis.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right prefix path for the values
Usage:
{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
*/}}
{{- define "common.redis.values.keys.prefix" -}}
{{- if .subchart -}}redis.{{- else -}}{{- end -}}
{{- end -}}
{{/*
Checks whether the redis chart's includes the standarizations (version >= 14)
Usage:
{{ include "common.redis.values.standarized.version" (dict "context" $) }}
*/}}
{{- define "common.redis.values.standarized.version" -}}
{{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}}
{{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }}
{{- if $standarizedAuthValues -}}
{{- true -}}
{{- end -}}
{{- end -}}

46
helm/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_validations.tpl Normal file
View File

@@ -0,0 +1,46 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate values must not be empty.
Usage:
{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
*/}}
{{- define "common.validations.values.multiple.empty" -}}
{{- range .required -}}
{{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}}
{{- end -}}
{{- end -}}
{{/*
Validate a value must not be empty.
Usage:
{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
- subchart - String - Optional - Name of the subchart that the validated password is part of.
*/}}
{{- define "common.validations.values.single.empty" -}}
{{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }}
{{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }}
{{- if not $value -}}
{{- $varname := "my-value" -}}
{{- $getCurrentValue := "" -}}
{{- if and .secret .field -}}
{{- $varname = include "common.utils.fieldToEnvVar" . -}}
{{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}}
{{- end -}}
{{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}}
{{- end -}}
{{- end -}}

5
helm/openebs/charts/mayastor/charts/etcd/charts/common/values.yaml Normal file
View File

@@ -0,0 +1,5 @@
## bitnami/common
## It is required by CI/CD tools and processes.
## @skip exampleValue
##
exampleValue: common-chart

119
helm/openebs/charts/mayastor/charts/etcd/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,119 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.auth.rbac.allowNoneAuthentication }}
-------------------------------------------------------------------------------
WARNING
By specifying "service.type=LoadBalancer", "auth.rbac.enabled=false" and
"auth.rbac.allowNoneAuthentication=true" you have most likely exposed the etcd
service externally without any authentication mechanism.
For security reasons, we strongly suggest that you switch to "ClusterIP" or
"NodePort". As alternative, you can also switch to "auth.rbac.enabled=true"
providing a valid password on "auth.rbac.rootPassword" parameter.
-------------------------------------------------------------------------------
{{- end }}
** Please be patient while the chart is being deployed **
{{- if .Values.diagnosticMode.enabled }}
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
Get the list of pods by executing:
kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
Access the pod you want to debug by executing
kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash
In order to replicate the container startup scripts execute this command:
/opt/bitnami/scripts/etcd/entrypoint.sh /opt/bitnami/scripts/etcd/run.sh
{{- else }}
etcd can be accessed via port {{ coalesce .Values.service.ports.client .Values.service.port }} on the following DNS name from within your cluster:
{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
To create a pod that you can use as a etcd client run the following command:
kubectl run {{ template "common.names.fullname" . }}-client --restart='Never' --image {{ template "etcd.image" . }}{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }} --env ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath="{.data.etcd-root-password}" | base64 -d){{- end }} --env ETCDCTL_ENDPOINTS="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ coalesce .Values.service.ports.client .Values.service.port }}" --namespace {{ .Release.Namespace }} --command -- sleep infinity
Then, you can set/get a key using the commands below:
kubectl exec --namespace {{ .Release.Namespace }} -it {{ template "common.names.fullname" . }}-client -- bash
{{- $etcdAuthOptions := include "etcd.authOptions" . }}
etcdctl {{ $etcdAuthOptions }} put /message Hello
etcdctl {{ $etcdAuthOptions }} get /message
To connect to your etcd server from outside the cluster execute the following commands:
{{- if contains "NodePort" .Values.service.type }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})
echo "etcd URL: http://$NODE_IP:$NODE_PORT/"
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
echo "etcd URL: http://$SERVICE_IP:{{ coalesce .Values.service.ports.client .Values.service.port }}/"
{{- else if contains "ClusterIP" .Values.service.type }}
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ coalesce .Values.service.ports.client .Values.service.port }}:{{ coalesce .Values.service.ports.client .Values.service.port }} &
echo "etcd URL: http://127.0.0.1:{{ coalesce .Values.service.ports.client .Values.service.port }}"
{{- end }}
{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }}
* As rbac is enabled you should add the flag `--user root:$ETCD_ROOT_PASSWORD` to the etcdctl commands. Use the command below to export the password:
export ETCD_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath="{.data.etcd-root-password}" | base64 -d)
{{- end }}
{{- if .Values.auth.client.secureTransport }}
{{- if .Values.auth.client.useAutoTLS }}
* As TLS is enabled you should add the flag `--cert-file /bitnami/etcd/data/fixtures/client/cert.pem --key-file /bitnami/etcd/data/fixtures/client/key.pem` to the etcdctl commands.
{{- else }}
* As TLS is enabled you should add the flag `--cert-file /opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certFilename }} --key-file /opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certKeyFilename }}` to the etcdctl commands.
{{- end }}
* You should also export a proper etcdctl endpoint using the https schema. Eg.
export ETCDCTL_ENDPOINTS=https://{{ template "common.names.fullname" . }}-0:{{ coalesce .Values.service.ports.client .Values.service.port }}
{{- end }}
{{- if .Values.auth.client.enableAuthentication }}
* As TLS host authentication is enabled you should add the flag `--ca-file /opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}` to the etcdctl commands.
{{- end }}
{{- end }}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{- include "etcd.validateValues" . }}
{{- $requiredPassword := list -}}
{{- $secretName := include "etcd.secretName" . -}}
{{- if and (or .Values.auth.rbac.create .Values.auth.rbac.enabled) (not .Values.auth.rbac.existingSecret) -}}
{{- $requiredEtcdPassword := dict "valueKey" "auth.rbac.rootPassword" "secret" $secretName "field" "etcd-root-password" -}}
{{- $requiredPassword = append $requiredPassword $requiredEtcdPassword -}}
{{- end -}}
{{- $requiredEtcdPasswordErrors := include "common.validations.values.multiple.empty" (dict "required" $requiredPassword "context" $) -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $requiredEtcdPasswordErrors) "context" $) -}}

205
helm/openebs/charts/mayastor/charts/etcd/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,205 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper etcd image name
*/}}
{{- define "etcd.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "etcd.volumePermissions.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "etcd.imagePullSecrets" -}}
{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper etcd peer protocol
*/}}
{{- define "etcd.peerProtocol" -}}
{{- if .Values.auth.peer.secureTransport -}}
{{- print "https" -}}
{{- else -}}
{{- print "http" -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper etcd client protocol
*/}}
{{- define "etcd.clientProtocol" -}}
{{- if .Values.auth.client.secureTransport -}}
{{- print "https" -}}
{{- else -}}
{{- print "http" -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper etcdctl authentication options
*/}}
{{- define "etcd.authOptions" -}}
{{- $rbacOption := "--user root:$ROOT_PASSWORD" -}}
{{- $certsOption := " --cert $ETCD_CERT_FILE --key $ETCD_KEY_FILE" -}}
{{- $autoCertsOption := " --cert /bitnami/etcd/data/fixtures/client/cert.pem --key /bitnami/etcd/data/fixtures/client/key.pem" -}}
{{- $caOption := " --cacert $ETCD_TRUSTED_CA_FILE" -}}
{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled -}}
{{- printf "%s" $rbacOption -}}
{{- end -}}
{{- if and .Values.auth.client.secureTransport .Values.auth.client.useAutoTLS -}}
{{- printf "%s" $autoCertsOption -}}
{{- else if and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS) -}}
{{- printf "%s" $certsOption -}}
{{- if .Values.auth.client.enableAuthentication -}}
{{- printf "%s" $caOption -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the etcd configuration configmap
*/}}
{{- define "etcd.configmapName" -}}
{{- if .Values.existingConfigmap -}}
{{- printf "%s" (tpl .Values.existingConfigmap $) | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a configmap object should be created
*/}}
{{- define "etcd.createConfigmap" -}}
{{- if and .Values.configuration (not .Values.existingConfigmap) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the secret with etcd credentials
*/}}
{{- define "etcd.secretName" -}}
{{- if .Values.auth.rbac.existingSecret -}}
{{- printf "%s" .Values.auth.rbac.existingSecret | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the secret password key to be retrieved from etcd secret.
*/}}
{{- define "etcd.secretPasswordKey" -}}
{{- if and .Values.auth.rbac.existingSecret .Values.auth.rbac.existingSecretPasswordKey -}}
{{- printf "%s" .Values.auth.rbac.existingSecretPasswordKey -}}
{{- else -}}
{{- printf "etcd-root-password" -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a secret object should be created for the etcd token private key
*/}}
{{- define "etcd.token.createSecret" -}}
{{- if and (eq .Values.auth.token.type "jwt") (empty .Values.auth.token.privateKey.existingSecret) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the secret with etcd token private key
*/}}
{{- define "etcd.token.secretName" -}}
{{- if .Values.auth.token.privateKey.existingSecret -}}
{{- printf "%s" .Values.auth.token.privateKey.existingSecret | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-jwt-token" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper Disaster Recovery PVC name
*/}}
{{- define "etcd.disasterRecovery.pvc.name" -}}
{{- if .Values.disasterRecovery.pvc.existingClaim -}}
{{- printf "%s" (tpl .Values.disasterRecovery.pvc.existingClaim $) | trunc 63 | trimSuffix "-" -}}
{{- else if .Values.startFromSnapshot.existingClaim -}}
{{- printf "%s" (tpl .Values.startFromSnapshot.existingClaim $) | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-snapshotter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "etcd.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name | trunc 63 | trimSuffix "-" }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name | trunc 63 | trimSuffix "-" }}
{{- end -}}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "etcd.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "etcd.validateValues.startFromSnapshot.existingClaim" .) -}}
{{- $messages := append $messages (include "etcd.validateValues.startFromSnapshot.snapshotFilename" .) -}}
{{- $messages := append $messages (include "etcd.validateValues.disasterRecovery" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/* Validate values of etcd - an existing claim must be provided when startFromSnapshot is enabled */}}
{{- define "etcd.validateValues.startFromSnapshot.existingClaim" -}}
{{- if and .Values.startFromSnapshot.enabled (not .Values.startFromSnapshot.existingClaim) (not .Values.disasterRecovery.enabled) -}}
etcd: startFromSnapshot.existingClaim
An existing claim must be provided when startFromSnapshot is enabled and disasterRecovery is disabled!!
Please provide it (--set startFromSnapshot.existingClaim="xxxx")
{{- end -}}
{{- end -}}
{{/* Validate values of etcd - the snapshot filename must be provided when startFromSnapshot is enabled */}}
{{- define "etcd.validateValues.startFromSnapshot.snapshotFilename" -}}
{{- if and .Values.startFromSnapshot.enabled (not .Values.startFromSnapshot.snapshotFilename) (not .Values.disasterRecovery.enabled) -}}
etcd: startFromSnapshot.snapshotFilename
The snapshot filename must be provided when startFromSnapshot is enabled and disasterRecovery is disabled!!
Please provide it (--set startFromSnapshot.snapshotFilename="xxxx")
{{- end -}}
{{- end -}}
{{/* Validate values of etcd - persistence must be enabled when disasterRecovery is enabled */}}
{{- define "etcd.validateValues.disasterRecovery" -}}
{{- if and .Values.disasterRecovery.enabled (not .Values.persistence.enabled) -}}
etcd: disasterRecovery
Persistence must be enabled when disasterRecovery is enabled!!
Please enable persistence (--set persistence.enabled=true)
{{- end -}}
{{- end -}}
{{- define "etcd.token.jwtToken" -}}
{{- if (include "etcd.token.createSecret" .) -}}
{{- $jwtToken := lookup "v1" "Secret" .Release.Namespace (printf "%s-jwt-token" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" ) -}}
{{- if $jwtToken -}}
{{ index $jwtToken "data" "jwt-token.pem" | b64dec }}
{{- else -}}
{{ genPrivateKey "rsa" }}
{{- end -}}
{{- end -}}
{{- end -}}

17
helm/openebs/charts/mayastor/charts/etcd/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if (include "etcd.createConfigmap" .) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
etcd.conf.yml: |-
{{- include "common.tplvalues.render" ( dict "value" .Values.configuration "context" $ ) | nindent 4 }}
{{- end }}

132
helm/openebs/charts/mayastor/charts/etcd/templates/cronjob.yaml Normal file
View File

@@ -0,0 +1,132 @@
{{- if .Values.disasterRecovery.enabled -}}
apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }}
kind: CronJob
metadata:
name: {{ printf "%s-snapshotter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
concurrencyPolicy: Forbid
schedule: {{ .Values.disasterRecovery.cronjob.schedule | quote }}
successfulJobsHistoryLimit: {{ .Values.disasterRecovery.cronjob.historyLimit }}
jobTemplate:
spec:
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 12 }}
app.kubernetes.io/component: snapshotter
{{- if .Values.disasterRecovery.cronjob.podAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.disasterRecovery.cronjob.podAnnotations "context" $) | nindent 12 }}
{{- end }}
spec:
{{- if .Values.disasterRecovery.cronjob.nodeSelector }}
nodeSelector: {{- toYaml .Values.disasterRecovery.cronjob.nodeSelector | nindent 12 }}
{{- end }}
{{- if .Values.disasterRecovery.cronjob.tolerations }}
tolerations: {{- toYaml .Values.disasterRecovery.cronjob.tolerations | nindent 12 }}
{{- end }}
{{- include "etcd.imagePullSecrets" . | nindent 10 }}
restartPolicy: OnFailure
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if and .Values.volumePermissions.enabled (or .Values.podSecurityContext.enabled .Values.containerSecurityContext.enabled) }}
initContainers:
- name: volume-permissions
image: {{ include "etcd.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /snapshots
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.resources "context" $) | nindent 16 }}
{{- end }}
volumeMounts:
- name: snapshot-volume
mountPath: /snapshots
{{- end }}
containers:
- name: etcd-snapshotter
image: {{ include "etcd.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 16 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 16 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 16 }}
{{- else }}
command:
- /opt/bitnami/scripts/etcd/snapshot.sh
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: ETCDCTL_API
value: "3"
- name: ETCD_ON_K8S
value: "yes"
- name: MY_STS_NAME
value: {{ include "common.names.fullname" . | quote }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $etcdFullname := include "common.names.fullname" . }}
{{- $etcdHeadlessServiceName := (printf "%s-%s" $etcdFullname "headless" | trunc 63 | trimSuffix "-") }}
{{- $clusterDomain := .Values.clusterDomain }}
- name: ETCD_CLUSTER_DOMAIN
value: {{ printf "%s.%s.svc.%s" $etcdHeadlessServiceName $releaseNamespace $clusterDomain | quote }}
- name: ETCD_SNAPSHOT_HISTORY_LIMIT
value: {{ .Values.disasterRecovery.cronjob.snapshotHistoryLimit | quote }}
{{- if .Values.auth.client.secureTransport }}
- name: ETCD_CERT_FILE
value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certFilename }}"
- name: ETCD_KEY_FILE
value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certKeyFilename }}"
{{- if .Values.auth.client.enableAuthentication }}
- name: ETCD_CLIENT_CERT_AUTH
value: "true"
- name: ETCD_TRUSTED_CA_FILE
value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}"
{{- else if .Values.auth.client.caFilename }}
- name: ETCD_TRUSTED_CA_FILE
value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}"
{{- end }}
{{- end }}
{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }}
- name: ETCD_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "etcd.secretName" . }}
key: {{ include "etcd.secretPasswordKey" . }}
{{- end }}
{{- if .Values.disasterRecovery.cronjob.resources }}
resources: {{- toYaml .Values.disasterRecovery.cronjob.resources | nindent 16 }}
{{- end }}
volumeMounts:
- name: snapshot-volume
mountPath: /snapshots
{{- if .Values.auth.client.secureTransport }}
- name: certs
mountPath: /opt/bitnami/etcd/certs/client
readOnly: true
{{- end }}
volumes:
{{- if .Values.auth.client.secureTransport }}
- name: certs
secret:
secretName: {{ required "A secret containinig the client certificates is required" (tpl .Values.auth.client.existingSecret .) }}
defaultMode: 256
{{- end }}
- name: snapshot-volume
persistentVolumeClaim:
claimName: {{ include "etcd.disasterRecovery.pvc.name" . }}
{{- end }}

4
helm/openebs/charts/mayastor/charts/etcd/templates/extra-list.yaml Normal file
View File

@@ -0,0 +1,4 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

81
helm/openebs/charts/mayastor/charts/etcd/templates/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,81 @@
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels: {{- include "common.labels.standard" . | nindent 6 }}
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 6 }}
{{- end }}
policyTypes:
- Ingress
- Egress
egress:
# Allow dns resolution
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
# Allow outbound connections to other cluster pods
- ports:
- port: {{ .Values.containerPorts.client }}
- port: {{ .Values.containerPorts.peer }}
to:
- podSelector:
matchLabels: {{- include "common.labels.standard" . | nindent 14 }}
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- end }}
ingress:
# Allow inbound connections
- ports:
- port: {{ .Values.containerPorts.client }}
- port: {{ .Values.containerPorts.peer }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
- podSelector:
matchLabels: {{- include "common.labels.standard" . | nindent 14 }}
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.metrics.enabled }}
# Allow prometheus scrapes for metrics
- ports:
- port: 2379
{{- end }}
{{- if .Values.networkPolicy.extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

23
helm/openebs/charts/mayastor/charts/etcd/templates/pdb.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if .Values.pdb.create }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.pdb.minAvailable }}
minAvailable: {{ .Values.pdb.minAvailable }}
{{- end }}
{{- if .Values.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.pdb.maxUnavailable }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- end }}

42
helm/openebs/charts/mayastor/charts/etcd/templates/podmonitor.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if and .Values.metrics.enabled .Values.metrics.podMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ ternary .Values.metrics.podMonitor.namespace .Release.Namespace (not (empty .Values.metrics.podMonitor.namespace)) }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.metrics.podMonitor.additionalLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podMetricsEndpoints:
- port: client
path: /metrics
{{- if .Values.metrics.podMonitor.interval }}
interval: {{ .Values.metrics.podMonitor.interval }}
{{- end }}
{{- if .Values.metrics.podMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.podMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.podMonitor.scheme }}
scheme: {{ .Values.metrics.podMonitor.scheme }}
{{- end }}
{{- if .Values.metrics.podMonitor.tlsConfig }}
tlsConfig: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podMonitor.tlsConfig "context" $ ) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.podMonitor.relabelings }}
relabelings:
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- end }}

26
helm/openebs/charts/mayastor/charts/etcd/templates/prometheusrule.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ include "common.names.fullname" . }}
{{- if .Values.metrics.prometheusRule.namespace }}
namespace: {{ .Values.metrics.prometheusRule.namespace }}
{{- else }}
namespace: {{ .Release.Namespace }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.metrics.prometheusRule.additionalLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
groups:
- name: {{ include "common.names.fullname" . }}
rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 6 }}
{{- end }}

21
helm/openebs/charts/mayastor/charts/etcd/templates/secrets.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if and (or .Values.auth.rbac.create .Values.auth.rbac.enabled) (not .Values.auth.rbac.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
{{- if .Values.auth.rbac.rootPassword }}
etcd-root-password: {{ .Values.auth.rbac.rootPassword | b64enc | quote }}
{{- else }}
etcd-root-password: {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
{{- end }}

24
helm/openebs/charts/mayastor/charts/etcd/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ include "etcd.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.serviceAccount.labels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.labels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.serviceAccount.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

21
helm/openebs/charts/mayastor/charts/etcd/templates/snapshot-pvc.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if and .Values.disasterRecovery.enabled (not .Values.disasterRecovery.pvc.existingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ printf "%s-snapshotter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.disasterRecovery.pvc.size | quote }}
storageClassName: {{ .Values.disasterRecovery.pvc.storageClassName | quote }}
{{- end -}}

419
helm/openebs/charts/mayastor/charts/etcd/templates/statefulset.yaml Normal file
View File

@@ -0,0 +1,419 @@
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
podManagementPolicy: {{ .Values.podManagementPolicy }}
updateStrategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if .Values.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- if (include "etcd.createConfigmap" .) }}
checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if (include "etcd.token.createSecret" .) }}
checksum/token-secret: {{ include (print $.Template.BasePath "/token-secrets.yaml") . | sha256sum }}
{{- end }}
spec:
{{- include "etcd.imagePullSecrets" . | nindent 6 }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- if .Values.runtimeClassName }}
runtimeClassName: {{ .Values.runtimeClassName }}
{{- end }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.shareProcessNamespace }}
shareProcessNamespace: {{ .Values.shareProcessNamespace }}
{{- end }}
serviceAccountName: {{ include "etcd.serviceAccountName" $ | quote }}
{{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) }}
initContainers:
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
- name: volume-permissions
image: {{ include "etcd.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /bitnami/etcd
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.resources "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/etcd
{{- end }}
{{- end }}
containers:
{{- $replicaCount := int .Values.replicaCount }}
{{- $peerPort := int .Values.containerPorts.peer }}
{{- $etcdFullname := include "common.names.fullname" . }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $etcdHeadlessServiceName := (printf "%s-%s" $etcdFullname "headless" | trunc 63 | trimSuffix "-") }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $etcdPeerProtocol := include "etcd.peerProtocol" . }}
{{- $etcdClientProtocol := include "etcd.clientProtocol" . }}
- name: etcd
image: {{ include "etcd.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_STS_NAME
value: {{ include "common.names.fullname" . | quote }}
- name: ETCDCTL_API
value: "3"
- name: ETCD_ON_K8S
value: "yes"
- name: ETCD_START_FROM_SNAPSHOT
value: {{ ternary "yes" "no" .Values.startFromSnapshot.enabled | quote }}
- name: ETCD_DISASTER_RECOVERY
value: {{ ternary "yes" "no" .Values.disasterRecovery.enabled | quote }}
- name: ETCD_NAME
value: "$(MY_POD_NAME)"
- name: ETCD_DATA_DIR
value: "/bitnami/etcd/data"
- name: ETCD_LOG_LEVEL
value: {{ ternary "debug" .Values.logLevel .Values.image.debug | quote }}
- name: ALLOW_NONE_AUTHENTICATION
value: {{ ternary "yes" "no" (and (not (or .Values.auth.rbac.create .Values.auth.rbac.enabled)) .Values.auth.rbac.allowNoneAuthentication) | quote }}
{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }}
- name: ETCD_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "etcd.secretName" . }}
key: {{ include "etcd.secretPasswordKey" . }}
{{- end }}
- name: ETCD_AUTH_TOKEN
{{- if eq .Values.auth.token.type "jwt" }}
value: {{ printf "jwt,priv-key=/opt/bitnami/etcd/certs/token/%s,sign-method=%s,ttl=%s" .Values.auth.token.privateKey.filename .Values.auth.token.signMethod .Values.auth.token.ttl | quote }}
{{- else if eq .Values.auth.token.type "simple" }}
value: "simple"
{{- end }}
- name: ETCD_ADVERTISE_CLIENT_URLS
value: "{{ $etcdClientProtocol }}://$(MY_POD_NAME).{{ $etcdHeadlessServiceName }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ .Values.containerPorts.client }},{{ $etcdClientProtocol }}://{{ $etcdFullname }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ coalesce .Values.service.ports.client .Values.service.port }}"
- name: ETCD_LISTEN_CLIENT_URLS
value: "{{ $etcdClientProtocol }}://0.0.0.0:{{ .Values.containerPorts.client }}"
- name: ETCD_INITIAL_ADVERTISE_PEER_URLS
value: "{{ $etcdPeerProtocol }}://$(MY_POD_NAME).{{ $etcdHeadlessServiceName }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ .Values.containerPorts.peer }}"
- name: ETCD_LISTEN_PEER_URLS
value: "{{ $etcdPeerProtocol }}://0.0.0.0:{{ .Values.containerPorts.peer }}"
{{- if .Values.autoCompactionMode }}
- name: ETCD_AUTO_COMPACTION_MODE
value: {{ .Values.autoCompactionMode | quote }}
{{- end }}
{{- if .Values.autoCompactionRetention }}
- name: ETCD_AUTO_COMPACTION_RETENTION
value: {{ .Values.autoCompactionRetention | quote }}
{{- end }}
{{- if .Values.maxProcs }}
- name: GOMAXPROCS
value: {{ .Values.maxProcs }}
{{- end }}
{{- if gt $replicaCount 1 }}
- name: ETCD_INITIAL_CLUSTER_TOKEN
value: "etcd-cluster-k8s"
- name: ETCD_INITIAL_CLUSTER_STATE
value: {{ default (ternary "new" "existing" .Release.IsInstall) .Values.initialClusterState | quote }}
{{- $initialCluster := list }}
{{- range $e, $i := until $replicaCount }}
{{- $initialCluster = append $initialCluster (printf "%s-%d=%s://%s-%d.%s.%s.svc.%s:%d" $etcdFullname $i $etcdPeerProtocol $etcdFullname $i $etcdHeadlessServiceName $releaseNamespace $clusterDomain $peerPort) }}
{{- end }}
- name: ETCD_INITIAL_CLUSTER
value: {{ join "," $initialCluster | quote }}
{{- end }}
- name: ETCD_CLUSTER_DOMAIN
value: {{ printf "%s.%s.svc.%s" $etcdHeadlessServiceName $releaseNamespace $clusterDomain | quote }}
{{- if and .Values.auth.client.secureTransport .Values.auth.client.useAutoTLS }}
- name: ETCD_AUTO_TLS
value: "true"
{{- else if .Values.auth.client.secureTransport }}
- name: ETCD_CERT_FILE
value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certFilename }}"
- name: ETCD_KEY_FILE
value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certKeyFilename }}"
{{- if .Values.auth.client.enableAuthentication }}
- name: ETCD_CLIENT_CERT_AUTH
value: "true"
- name: ETCD_TRUSTED_CA_FILE
value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}"
{{- else if .Values.auth.client.caFilename }}
- name: ETCD_TRUSTED_CA_FILE
value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}"
{{- end }}
{{- end }}
{{- if and .Values.auth.peer.secureTransport .Values.auth.peer.useAutoTLS }}
- name: ETCD_PEER_AUTO_TLS
value: "true"
{{- else if .Values.auth.peer.secureTransport }}
- name: ETCD_PEER_CERT_FILE
value: "/opt/bitnami/etcd/certs/peer/{{ .Values.auth.peer.certFilename }}"
- name: ETCD_PEER_KEY_FILE
value: "/opt/bitnami/etcd/certs/peer/{{ .Values.auth.peer.certKeyFilename }}"
{{- if .Values.auth.peer.enableAuthentication }}
- name: ETCD_PEER_CLIENT_CERT_AUTH
value: "true"
- name: ETCD_PEER_TRUSTED_CA_FILE
value: "/opt/bitnami/etcd/certs/peer/{{ .Values.auth.peer.caFilename | default "ca.crt" }}"
{{- else if .Values.auth.peer.caFilename }}
- name: ETCD_PEER_TRUSTED_CA_FILE
value: "/opt/bitnami/etcd/certs/peer/{{ .Values.auth.peer.caFilename | default "ca.crt" }}"
{{- end }}
{{- end }}
{{- if .Values.startFromSnapshot.enabled }}
- name: ETCD_INIT_SNAPSHOT_FILENAME
value: {{ .Values.startFromSnapshot.snapshotFilename | quote }}
- name: ETCD_INIT_SNAPSHOTS_DIR
value: {{ ternary "/snapshots" "/init-snapshot" (and .Values.disasterRecovery.enabled (not .Values.disasterRecovery.pvc.existingClaim)) | quote }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
ports:
- name: client
containerPort: {{ .Values.containerPorts.client }}
protocol: TCP
- name: peer
containerPort: {{ .Values.containerPorts.peer }}
protocol: TCP
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.livenessProbe.enabled }}
livenessProbe:
exec:
command:
- /opt/bitnami/scripts/etcd/healthcheck.sh
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.readinessProbe.enabled }}
readinessProbe:
exec:
command:
- /opt/bitnami/scripts/etcd/healthcheck.sh
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- end }}
{{- if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.startupProbe.enabled }}
startupProbe:
exec:
command:
- /opt/bitnami/scripts/etcd/healthcheck.sh
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.startupProbe.successThreshold }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
{{- end }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- else if and (gt $replicaCount 1) .Values.removeMemberOnContainerTermination }}
lifecycle:
preStop:
exec:
command:
- /opt/bitnami/scripts/etcd/prestop.sh
{{- end }}
{{- end }}
{{- if .Values.resources }}
resources: {{- include "common.tplvalues.render" (dict "value" .Values.resources "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/etcd
{{- if eq .Values.auth.token.type "jwt" }}
- name: etcd-jwt-token
mountPath: /opt/bitnami/etcd/certs/token/
readOnly: true
{{- end }}
{{- if or (and .Values.startFromSnapshot.enabled (not .Values.disasterRecovery.enabled)) (and .Values.disasterRecovery.enabled .Values.startFromSnapshot.enabled .Values.disasterRecovery.pvc.existingClaim) }}
- name: init-snapshot-volume
mountPath: /init-snapshot
{{- end }}
{{- if or .Values.disasterRecovery.enabled (and .Values.disasterRecovery.enabled .Values.startFromSnapshot.enabled) }}
- name: snapshot-volume
mountPath: /snapshots
{{- end }}
{{- if or .Values.configuration .Values.existingConfigmap }}
- name: etcd-config
mountPath: /opt/bitnami/etcd/conf/
{{- end }}
{{- if or .Values.auth.client.enableAuthentication (and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS )) }}
- name: etcd-client-certs
mountPath: /opt/bitnami/etcd/certs/client/
readOnly: true
{{- end }}
{{- if or .Values.auth.peer.enableAuthentication (and .Values.auth.peer.secureTransport (not .Values.auth.peer.useAutoTLS )) }}
- name: etcd-peer-certs
mountPath: /opt/bitnami/etcd/certs/peer/
readOnly: true
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if eq .Values.auth.token.type "jwt" }}
- name: etcd-jwt-token
secret:
secretName: {{ include "etcd.token.secretName" . }}
defaultMode: 256
{{- end }}
{{- if or (and .Values.startFromSnapshot.enabled (not .Values.disasterRecovery.enabled)) (and .Values.disasterRecovery.enabled .Values.startFromSnapshot.enabled .Values.disasterRecovery.pvc.existingClaim) }}
- name: init-snapshot-volume
persistentVolumeClaim:
claimName: {{ .Values.startFromSnapshot.existingClaim }}
{{- end }}
{{- if or .Values.disasterRecovery.enabled (and .Values.disasterRecovery.enabled .Values.startFromSnapshot.enabled) }}
- name: snapshot-volume
persistentVolumeClaim:
claimName: {{ include "etcd.disasterRecovery.pvc.name" . }}
{{- end }}
{{- if or .Values.configuration .Values.existingConfigmap }}
- name: etcd-config
configMap:
name: {{ include "etcd.configmapName" . }}
{{- end }}
{{- if or .Values.auth.client.enableAuthentication (and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS )) }}
- name: etcd-client-certs
secret:
secretName: {{ required "A secret containing the client certificates is required" (tpl .Values.auth.client.existingSecret .) }}
defaultMode: 256
{{- end }}
{{- if or .Values.auth.peer.enableAuthentication (and .Values.auth.peer.secureTransport (not .Values.auth.peer.useAutoTLS )) }}
- name: etcd-peer-certs
secret:
secretName: {{ required "A secret containing the peer certificates is required" (tpl .Values.auth.peer.existingSecret .) }}
defaultMode: 256
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- else }}
{{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }}
persistentVolumeClaimRetentionPolicy:
whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }}
whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }}
{{- end }}
volumeClaimTemplates:
- metadata:
name: data
{{- if .Values.persistence.annotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.selector }}
selector: {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.selector "context" $) | nindent 10 }}
{{- end }}
{{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }}
{{- end }}

42
helm/openebs/charts/mayastor/charts/etcd/templates/svc-headless.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
{{- if .Values.service.clientPortNameOverride }}
{{- if .Values.auth.client.secureTransport }}
- name: {{ .Values.service.clientPortNameOverride }}-ssl
{{- else }}
- name: {{ .Values.service.clientPortNameOverride }}
{{- end }}
{{- else }}
- name: client
{{- end }}
port: {{ .Values.containerPorts.client }}
targetPort: client
{{- if .Values.service.peerPortNameOverride }}
{{- if .Values.auth.peer.secureTransport }}
- name: {{ .Values.service.peerPortNameOverride }}-ssl
{{- else }}
- name: {{ .Values.service.peerPortNameOverride }}
{{- end }}
{{- else }}
- name: peer
{{- end }}
port: {{ .Values.containerPorts.peer }}
targetPort: peer
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}

62
helm/openebs/charts/mayastor/charts/etcd/templates/svc.yaml Normal file
View File

@@ -0,0 +1,62 @@
{{- if .Values.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if .Values.service.externalIPs }}
externalIPs: {{- toYaml .Values.service.externalIPs | nindent 4 }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
ports:
- name: {{ default "client" .Values.service.clientPortNameOverride | quote }}
port: {{ coalesce .Values.service.ports.client .Values.service.port }}
targetPort: client
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty (coalesce .Values.service.nodePorts.client .Values.service.nodePorts.clientPort))) }}
nodePort: {{ coalesce .Values.service.nodePorts.client .Values.service.nodePorts.clientPort }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
- name: {{ default "peer" .Values.service.peerPortNameOverride | quote }}
port: {{ coalesce .Values.service.ports.peer .Values.service.peerPort }}
targetPort: peer
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty (coalesce .Values.service.nodePorts.peer .Values.service.nodePorts.peerPort))) }}
nodePort: {{ coalesce .Values.service.nodePorts.peer .Values.service.nodePorts.peerPort }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
{{- end }}

14
helm/openebs/charts/mayastor/charts/etcd/templates/token-secrets.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if (include "etcd.token.createSecret" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-jwt-token" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
jwt-token.pem: {{ include "etcd.token.jwtToken" . | b64enc | quote }}
{{- end }}

887
helm/openebs/charts/mayastor/charts/etcd/values.yaml Normal file
View File

@@ -0,0 +1,887 @@
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
##
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets [array] Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## @section Common parameters
##
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname template
##
fullnameOverride: ""
## @param commonLabels [object] Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations [object] Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param clusterDomain Default Kubernetes cluster domain
##
clusterDomain: cluster.local
## @param extraDeploy [array] Array of extra objects to deploy with the release
##
extraDeploy: []
## Enable diagnostic mode in the deployment
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the deployment
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the deployment
##
args:
- infinity
## @section etcd parameters
##
## Bitnami etcd image version
## ref: https://hub.docker.com/r/bitnami/etcd/tags/
## @param image.registry etcd image registry
## @param image.repository etcd image name
## @param image.tag etcd image tag
## @param image.digest etcd image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
##
image:
registry: docker.io
repository: bitnami/etcd
tag: 3.5.6-debian-11-r10
digest: ""
## @param image.pullPolicy etcd image pull policy
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## @param image.pullSecrets [array] etcd image pull secrets
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param image.debug Enable image debug mode
## Set to true if you would like to see extra information on logs
##
debug: false
## Authentication parameters
##
auth:
## Role-based access control parameters
## ref: https://etcd.io/docs/current/op-guide/authentication/
##
rbac:
## @param auth.rbac.create Switch to enable RBAC authentication
##
create: true
## @param auth.rbac.allowNoneAuthentication Allow to use etcd without configuring RBAC authentication
##
allowNoneAuthentication: true
## @param auth.rbac.rootPassword Root user password. The root user is always `root`
##
rootPassword: ""
## @param auth.rbac.existingSecret Name of the existing secret containing credentials for the root user
##
existingSecret: ""
## @param auth.rbac.existingSecretPasswordKey Name of key containing password to be retrieved from the existing secret
##
existingSecretPasswordKey: ""
## Authentication token
## ref: https://etcd.io/docs/latest/learning/design-auth-v3/#two-types-of-tokens-simple-and-jwt
##
token:
## @param auth.token.type Authentication token type. Allowed values: 'simple' or 'jwt'
## ref: https://etcd.io/docs/latest/op-guide/configuration/#--auth-token
##
type: jwt
## @param auth.token.privateKey.filename Name of the file containing the private key for signing the JWT token
## @param auth.token.privateKey.existingSecret Name of the existing secret containing the private key for signing the JWT token
## NOTE: Ignored if auth.token.type=simple
## NOTE: A secret containing a private key will be auto-generated if an existing one is not provided.
##
privateKey:
filename: jwt-token.pem
existingSecret: ""
## @param auth.token.signMethod JWT token sign method
## NOTE: Ignored if auth.token.type=simple
##
signMethod: RS256
## @param auth.token.ttl JWT token TTL
## NOTE: Ignored if auth.token.type=simple
##
ttl: 10m
## TLS authentication for client-to-server communications
## ref: https://etcd.io/docs/current/op-guide/security/
##
client:
## @param auth.client.secureTransport Switch to encrypt client-to-server communications using TLS certificates
##
secureTransport: false
## @param auth.client.useAutoTLS Switch to automatically create the TLS certificates
##
useAutoTLS: false
## @param auth.client.existingSecret Name of the existing secret containing the TLS certificates for client-to-server communications
##
existingSecret: ""
## @param auth.client.enableAuthentication Switch to enable host authentication using TLS certificates. Requires existing secret
##
enableAuthentication: false
## @param auth.client.certFilename Name of the file containing the client certificate
##
certFilename: cert.pem
## @param auth.client.certKeyFilename Name of the file containing the client certificate private key
##
certKeyFilename: key.pem
## @param auth.client.caFilename Name of the file containing the client CA certificate
## If not specified and `auth.client.enableAuthentication=true` or `auth.rbac.enabled=true`, the default is is `ca.crt`
##
caFilename: ""
## TLS authentication for server-to-server communications
## ref: https://etcd.io/docs/current/op-guide/security/
##
peer:
## @param auth.peer.secureTransport Switch to encrypt server-to-server communications using TLS certificates
##
secureTransport: false
## @param auth.peer.useAutoTLS Switch to automatically create the TLS certificates
##
useAutoTLS: false
## @param auth.peer.existingSecret Name of the existing secret containing the TLS certificates for server-to-server communications
##
existingSecret: ""
## @param auth.peer.enableAuthentication Switch to enable host authentication using TLS certificates. Requires existing secret
##
enableAuthentication: false
## @param auth.peer.certFilename Name of the file containing the peer certificate
##
certFilename: cert.pem
## @param auth.peer.certKeyFilename Name of the file containing the peer certificate private key
##
certKeyFilename: key.pem
## @param auth.peer.caFilename Name of the file containing the peer CA certificate
## If not specified and `auth.peer.enableAuthentication=true` or `rbac.enabled=true`, the default is is `ca.crt`
##
caFilename: ""
## @param autoCompactionMode Auto compaction mode, by default periodic. Valid values: "periodic", "revision".
## - 'periodic' for duration based retention, defaulting to hours if no time unit is provided (e.g. 5m).
## - 'revision' for revision number based retention.
##
autoCompactionMode: ""
## @param autoCompactionRetention Auto compaction retention for mvcc key value store in hour, by default 0, means disabled
##
autoCompactionRetention: ""
## @param initialClusterState Initial cluster state. Allowed values: 'new' or 'existing'
## If this values is not set, the default values below are set:
## - 'new': when installing the chart ('helm install ...')
## - 'existing': when upgrading the chart ('helm upgrade ...')
##
initialClusterState: ""
## @param logLevel Sets the log level for the etcd process. Allowed values: 'debug', 'info', 'warn', 'error', 'panic', 'fatal'
##
logLevel: "info"
## @param maxProcs Limits the number of operating system threads that can execute user-level
## Go code simultaneously by setting GOMAXPROCS environment variable
## ref: https://golang.org/pkg/runtime
##
maxProcs: ""
## @param removeMemberOnContainerTermination Use a PreStop hook to remove the etcd members from the etcd cluster on container termination
## they the containers are terminated
## NOTE: Ignored if lifecycleHooks is set or replicaCount=1
##
removeMemberOnContainerTermination: true
## @param configuration etcd configuration. Specify content for etcd.conf.yml
## e.g:
## configuration: |-
## foo: bar
## baz:
##
configuration: ""
## @param existingConfigmap Existing ConfigMap with etcd configuration
## NOTE: When it's set the configuration parameter is ignored
##
existingConfigmap: ""
## @param extraEnvVars [array] Extra environment variables to be set on etcd container
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars
##
extraEnvVarsSecret: ""
## @param command [array] Default container command (useful when using custom images)
##
command: []
## @param args [array] Default container args (useful when using custom images)
##
args: []
## @section etcd statefulset parameters
##
## @param replicaCount Number of etcd replicas to deploy
##
replicaCount: 1
## Update strategy
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
## @param updateStrategy.type Update strategy type, can be set to RollingUpdate or OnDelete.
##
updateStrategy:
type: RollingUpdate
## @param podManagementPolicy Pod management policy for the etcd statefulset
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
##
podManagementPolicy: Parallel
## @param hostAliases [array] etcd pod host aliases
## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param lifecycleHooks [object] Override default etcd container hooks
##
lifecycleHooks: {}
## etcd container ports to open
## @param containerPorts.client Client port to expose at container level
## @param containerPorts.peer Peer port to expose at container level
##
containerPorts:
client: 2379
peer: 2380
## etcd pods' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled etcd pods' Security Context
## @param podSecurityContext.fsGroup Set etcd pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroup: 1001
## etcd containers' SecurityContext
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled etcd containers' Security Context
## @param containerSecurityContext.runAsUser Set etcd container's Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set etcd container's Security Context runAsNonRoot
## @param containerSecurityContext.allowPrivilegeEscalation Force the child process to be run as nonprivilege
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
## etcd containers' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param resources.limits [object] The resources limits for the etcd container
## @param resources.requests [object] The requested resources for the etcd container
##
resources:
## Example:
## limits:
## cpu: 500m
## memory: 1Gi
##
limits: {}
requests: {}
## Configure extra options for liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
## Configure extra options for readiness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
## Configure extra options for liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param startupProbe.enabled Enable startupProbe
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 60
## @param customLivenessProbe [object] Override default liveness probe
##
customLivenessProbe: {}
## @param customReadinessProbe [object] Override default readiness probe
##
customReadinessProbe: {}
## @param customStartupProbe [object] Override default startup probe
##
customStartupProbe: {}
## @param extraVolumes [array] Optionally specify extra list of additional volumes for etcd pods
##
extraVolumes: []
## @param extraVolumeMounts [array] Optionally specify extra list of additional volumeMounts for etcd container(s)
##
extraVolumeMounts: []
## @param initContainers [array] Add additional init containers to the etcd pods
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
initContainers: []
## @param sidecars [array] Add additional sidecar containers to the etcd pods
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param podAnnotations [object] Annotations for etcd pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podLabels [object] Extra labels for etcd pods
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
## @param nodeAffinityPreset.values [array] Node label values to match. Ignored if `affinity` is set.
##
nodeAffinityPreset:
type: ""
## e.g:
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## e.g:
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity [object] Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector [object] Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param tolerations [array] Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param terminationGracePeriodSeconds Seconds the pod needs to gracefully terminate
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution
##
terminationGracePeriodSeconds: ""
## @param schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param priorityClassName Name of the priority class to be used by etcd pods
## Priority class needs to be created beforehand
## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
## @param runtimeClassName Name of the runtime class to be used by pod(s)
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
##
runtimeClassName: ""
## @param shareProcessNamespace Enable shared process namespace in a pod.
## If set to false (default), each container will run in separate namespace, etcd will have PID=1.
## If set to true, the /pause will run as init process and will reap any zombie PIDs,
## for example, generated by a custom exec probe running longer than a probe timeoutSeconds.
## Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
##
shareProcessNamespace: false
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## persistentVolumeClaimRetentionPolicy
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
persistentVolumeClaimRetentionPolicy:
enabled: false
whenScaled: Retain
whenDeleted: Retain
## @section Traffic exposure parameters
##
service:
## @param service.type Kubernetes Service type
##
type: ClusterIP
## @param service.enabled create second service if equal true
##
enabled: true
## @param service.clusterIP Kubernetes service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.ports.client etcd client port
## @param service.ports.peer etcd peer port
##
ports:
client: 2379
peer: 2380
## @param service.nodePorts.client Specify the nodePort client value for the LoadBalancer and NodePort service types.
## @param service.nodePorts.peer Specify the nodePort peer value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePorts:
client: ""
peer: ""
## @param service.clientPortNameOverride etcd client port name override
##
clientPortNameOverride: ""
## @param service.peerPortNameOverride etcd peer port name override
##
peerPortNameOverride: ""
## @param service.loadBalancerIP loadBalancerIP for the etcd service (optional, cloud specific)
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.loadBalancerSourceRanges [array] Load Balancer source ranges
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param service.externalIPs [array] External IPs
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
##
externalIPs: []
## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.annotations [object] Additional annotations for the etcd service
##
annotations: {}
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## @section Persistence parameters
##
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## @param persistence.enabled If true, use a Persistent Volume Claim. If false, use emptyDir.
##
enabled: true
## @param persistence.storageClass Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
##
## @param persistence.annotations [object] Annotations for the PVC
##
annotations: {}
## @param persistence.accessModes Persistent Volume Access Modes
##
accessModes:
- ReadWriteOnce
## @param persistence.size PVC Storage Request for etcd data volume
##
size: 8Gi
## @param persistence.selector [object] Selector to match an existing Persistent Volume
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector
##
selector: {}
## @section Volume Permissions parameters
##
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup`
##
enabled: false
## @param volumePermissions.image.registry Init container volume-permissions image registry
## @param volumePermissions.image.repository Init container volume-permissions image name
## @param volumePermissions.image.tag Init container volume-permissions image tag
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
##
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r63
digest: ""
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
##
pullPolicy: IfNotPresent
## @param volumePermissions.image.pullSecrets [array] Specify docker-registry secret names as an array
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Init container' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param volumePermissions.resources.limits [object] Init container volume-permissions resource limits
## @param volumePermissions.resources.requests [object] Init container volume-permissions resource requests
##
resources:
## Example:
## limits:
## cpu: 500m
## memory: 1Gi
##
limits: {}
requests: {}
## @section Network Policy parameters
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
##
enabled: false
## @param networkPolicy.allowExternal Don't require client label for connections
## When set to false, only pods with the correct client label will have network access to the ports
## etcd is listening on. When true, etcd will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraIngress: []
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @section Metrics parameters
##
metrics:
## @param metrics.enabled Expose etcd metrics
##
enabled: false
## @param metrics.podAnnotations [object] Annotations for the Prometheus metrics on etcd pods
##
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.containerPorts.client }}"
## Prometheus Service Monitor
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
podMonitor:
## @param metrics.podMonitor.enabled Create PodMonitor Resource for scraping metrics using PrometheusOperator
##
enabled: false
## @param metrics.podMonitor.namespace Namespace in which Prometheus is running
##
namespace: monitoring
## @param metrics.podMonitor.interval Specify the interval at which metrics should be scraped
##
interval: 30s
## @param metrics.podMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
##
scrapeTimeout: 30s
## @param metrics.podMonitor.additionalLabels [object] Additional labels that can be used so PodMonitors will be discovered by Prometheus
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
##
additionalLabels: {}
## @param metrics.podMonitor.scheme Scheme to use for scraping
##
scheme: http
## @param metrics.podMonitor.tlsConfig [object] TLS configuration used for scrape endpoints used by Prometheus
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
## e.g:
## tlsConfig:
## ca:
## secret:
## name: existingSecretName
##
tlsConfig: {}
## @param metrics.podMonitor.relabelings [array] Prometheus relabeling rules
##
relabelings: []
## Prometheus Operator PrometheusRule configuration
##
prometheusRule:
## @param metrics.prometheusRule.enabled Create a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`)
##
enabled: false
## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace)
##
namespace: ""
## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus
##
additionalLabels: {}
## @param metrics.prometheusRule.rules Prometheus Rule definitions
# - alert: ETCD has no leader
# annotations:
# summary: "ETCD has no leader"
# description: "pod {{`{{`}} $labels.pod {{`}}`}} state error, can't connect leader"
# for: 1m
# expr: etcd_server_has_leader == 0
# labels:
# severity: critical
# group: PaaS
##
rules: []
## @section Snapshotting parameters
##
## Start a new etcd cluster recovering the data from an existing snapshot before bootstrapping
##
startFromSnapshot:
## @param startFromSnapshot.enabled Initialize new cluster recovering an existing snapshot
##
enabled: false
## @param startFromSnapshot.existingClaim Existing PVC containing the etcd snapshot
##
existingClaim: ""
## @param startFromSnapshot.snapshotFilename Snapshot filename
##
snapshotFilename: ""
## Enable auto disaster recovery by periodically snapshotting the keyspace:
## - It creates a cronjob to periodically snapshotting the keyspace
## - It also creates a ReadWriteMany PVC to store the snapshots
## If the cluster permanently loses more than (N-1)/2 members, it tries to
## recover itself from the last available snapshot.
##
disasterRecovery:
## @param disasterRecovery.enabled Enable auto disaster recovery by periodically snapshotting the keyspace
##
enabled: false
cronjob:
## @param disasterRecovery.cronjob.schedule Schedule in Cron format to save snapshots
## See https://en.wikipedia.org/wiki/Cron
##
schedule: "*/30 * * * *"
## @param disasterRecovery.cronjob.historyLimit Number of successful finished jobs to retain
##
historyLimit: 1
## @param disasterRecovery.cronjob.snapshotHistoryLimit Number of etcd snapshots to retain, tagged by date
##
snapshotHistoryLimit: 1
## @param disasterRecovery.cronjob.podAnnotations [object] Pod annotations for cronjob pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Configure resource requests and limits for snapshotter containers
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param disasterRecovery.cronjob.resources.limits [object] Cronjob container resource limits
## @param disasterRecovery.cronjob.resources.requests [object] Cronjob container resource requests
##
resources:
## Example:
## limits:
## cpu: 500m
## memory: 1Gi
##
limits: {}
requests: {}
## @param disasterRecovery.cronjob.nodeSelector Node labels for cronjob pods assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param disasterRecovery.cronjob.tolerations Tolerations for cronjob pods assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
pvc:
## @param disasterRecovery.pvc.existingClaim A manually managed Persistent Volume and Claim
## If defined, PVC must be created manually before volume will be bound
## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart
##
existingClaim: ""
## @param disasterRecovery.pvc.size PVC Storage Request
##
size: 2Gi
## @param disasterRecovery.pvc.storageClassName Storage Class for snapshots volume
##
storageClassName: nfs
## @section Service account parameters
##
serviceAccount:
## @param serviceAccount.create Enable/disable service account creation
##
create: false
## @param serviceAccount.name Name of the service account to create or use
##
name: ""
## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of service account token
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
##
automountServiceAccountToken: true
## @param serviceAccount.annotations [object] Additional annotations to be included on the service account
##
annotations: {}
## @param serviceAccount.labels [object] Additional labels to be included on the service account
##
labels: {}
## @section Other parameters
##
## etcd Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
##
pdb:
## @param pdb.create Enable/disable a Pod Disruption Budget creation
##
create: true
## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
##
minAvailable: 51%
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
##
maxUnavailable: ""

21
helm/openebs/charts/mayastor/charts/jaeger-operator/.helmignore Normal file
View File

@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

14
helm/openebs/charts/mayastor/charts/jaeger-operator/Chart.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
appVersion: 1.24.0
description: jaeger-operator Helm chart for Kubernetes
home: https://www.jaegertracing.io/
icon: https://www.jaegertracing.io/img/jaeger-icon-reverse-color.svg
maintainers:
- email: ctadeu@gmail.com
name: cpanato
- email: batazor111@gmail.com
name: batazor
name: jaeger-operator
sources:
- https://github.com/jaegertracing/jaeger-operator
version: 2.25.0

128
helm/openebs/charts/mayastor/charts/jaeger-operator/README.md Normal file
View File

@@ -0,0 +1,128 @@
# jaeger-operator
[jaeger-operator](https://github.com/jaegertracing/jaeger-operator) is a Kubernetes operator.
## Install
```console
$ helm install jaegertracing/jaeger-operator
```
## Introduction
This chart bootstraps a jaeger-operator deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Kubernetes 1.19+
## Installing the Chart
Add the Jaeger Tracing Helm repository:
```console
$ helm repo add jaegertracing https://jaegertracing.github.io/helm-charts
```
To install the chart with the release name `my-release`:
```console
$ helm install --name my-release jaegertracing/jaeger-operator
```
The command deploys jaeger-operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following table lists the configurable parameters of the jaeger-operator chart and their default values.
| Parameter | Description | Default |
| :---------------------- | :---------------------------------------------------------------------------------------------------------- | :------------------------------ |
| `extraLabels` | Additional labels to jaeger-operator deployment | `{}`
| `image.repository` | Controller container image repository | `jaegertracing/jaeger-operator` |
| `image.tag` | Controller container image tag | `1.24.0` |
| `image.pullPolicy` | Controller container image pull policy | `IfNotPresent` |
| `jaeger.create` | Jaeger instance will be created | `false` |
| `jaeger.spec` | Jaeger instance specification | `{}` |
| `crd.install` | CustomResourceDefinition will be installed | `true` |
| `rbac.create` | All required roles and rolebindings will be created | `true` |
| `serviceAccount.create` | Service account to use | `true` |
| `rbac.pspEnabled` | Pod security policy for pod will be created and included in rbac role | `false` |
| `rbac.clusterRole` | ClusterRole will be used by operator ServiceAccount | `false` |
| `serviceAccount.name` | Service account name to use. If not set and create is true, a name is generated using the fullname template | `nil` |
| `extraEnv` | Additional environment variables passed to the operator. For example: name: LOG-LEVEL value: debug | `[]` |
| `resources` | K8s pod resources | `None` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Toleration labels for pod assignment | `[]` |
| `affinity` | Affinity settings for pod assignment | `{}` |
| `securityContext` | Security context for pod | `{}` |
| `priorityClassName` | Priority class name for the pod | `None` |
Specify each parameter you'd like to override using a YAML file as described above in the [installation](#installing-the-chart) section.
You can also specify any non-array parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install jaegertracing/jaeger-operator --name my-release \
--set rbac.create=false
```
## After the Helm Installation
### Creating a new Jaeger instance
The simplest possible way to install is by creating a YAML file like the following:
```YAML
apiVersion: jaegertracing.io/v1
kind: Jaeger
metadata:
name: simplest
```
The YAML file can then be used with `kubectl`:
```console
$ kubectl apply -f simplest.yaml
```
### Creating a new Jaeger with ElasticSearch
To do that you need to have an ElasticSearch installed in your Kubernetes cluster or install one using the [Helm Chart](https://github.com/helm/charts/tree/master/incubator/elasticsearch) available for that.
After that just deploy the following manifest:
```YAML
# setup an elasticsearch with `make es`
apiVersion: jaegertracing.io/v1
kind: Jaeger
metadata:
name: simple-prod
spec:
strategy: production
storage:
type: elasticsearch
options:
es:
server-urls: http://elasticsearch:9200
username: elastic
password: changeme
```
The YAML file can then be used with `kubectl`:
```console
$ kubectl apply -f simple-prod.yaml
```

34
helm/openebs/charts/mayastor/charts/jaeger-operator/crds/crd.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: jaegers.jaegertracing.io
annotations:
"helm.sh/hook": crd-install
"helm.sh/hook-delete-policy": "before-hook-creation"
labels:
app: jaeger-operator
spec:
group: jaegertracing.io
names:
kind: Jaeger
listKind: JaegerList
plural: jaegers
singular: jaeger
scope: Namespaced
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
additionalPrinterColumns:
- jsonPath: .status.phase
description: Jaeger instance's status
name: Status
type: string
- jsonPath: .status.version
description: Jaeger Version
name: Version
type: string

8
helm/openebs/charts/mayastor/charts/jaeger-operator/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,8 @@
jaeger-operator is installed.
Check the jaeger-operator logs
export POD=$(kubectl get pods -l app.kubernetes.io/instance={{ .Release.Name }} -lapp.kubernetes.io/name=jaeger-operator --namespace {{ .Release.Namespace }} --output name)
kubectl logs $POD --namespace={{ .Release.Namespace }}

49
helm/openebs/charts/mayastor/charts/jaeger-operator/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,49 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "jaeger-operator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "jaeger-operator.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "jaeger-operator.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "jaeger-operator.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "jaeger-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Generate basic labels */}}
{{- define "jaeger-operator.labels" }}
app.kubernetes.io/name: {{ include "jaeger-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

6
helm/openebs/charts/mayastor/charts/jaeger-operator/templates/crds.yaml Normal file
View File

@@ -0,0 +1,6 @@
{{- if .Values.crd.install }}
{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

84
helm/openebs/charts/mayastor/charts/jaeger-operator/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,84 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "jaeger-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "jaeger-operator.labels" . | indent 4 }}
{{- with .Values.extraLabels }}
{{ . | toYaml | indent 4 }}
{{- end }}
spec:
replicas: 1
selector:
matchLabels:
{{ include "jaeger-operator.labels" . | indent 6 }}
template:
metadata:
name: {{ include "jaeger-operator.fullname" . }}
labels:
{{ include "jaeger-operator.labels" . | indent 8 }}
{{- with .Values.extraLabels }}
{{ . | toYaml | indent 8 }}
{{- end }}
spec:
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ include "jaeger-operator.serviceAccountName" . }}
{{- end }}
{{- with .Values.securityContext }}
securityContext:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
{{- if and .Values.image.imagePullSecrets (not .Values.serviceAccount.create ) }}
imagePullSecrets:
{{- range .Values.image.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: {{ include "jaeger-operator.fullname" . }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- containerPort: 8383
name: metrics
args: ["start"]
env:
- name: WATCH_NAMESPACE
{{- if .Values.rbac.clusterRole }}
value: ""
{{- else }}
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- end }}
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: OPERATOR_NAME
value: {{ include "jaeger-operator.fullname" . | quote }}
{{- if .Values.extraEnv }}
{{- toYaml .Values.extraEnv | nindent 12 }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}

11
helm/openebs/charts/mayastor/charts/jaeger-operator/templates/jaeger.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if .Values.jaeger.create }}
apiVersion: jaegertracing.io/v1
kind: Jaeger
metadata:
name: {{ include "jaeger-operator.fullname" . }}-jaeger
namespace: {{ default .Release.Namespace .Values.jaeger.namespace }}
{{- with .Values.jaeger.spec }}
spec:
{{ toYaml . | indent 2}}
{{- end }}
{{- end }}

36
helm/openebs/charts/mayastor/charts/jaeger-operator/templates/psp.yaml Normal file
View File

@@ -0,0 +1,36 @@
{{- if and .Values.rbac.create .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "jaeger-operator.fullname" . }}-operator-psp
labels:
{{ include "jaeger-operator.labels" . | indent 4 }}
spec:
privileged: false
allowPrivilegeEscalation: false
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
readOnlyRootFilesystem: false
{{- end }}

17
helm/openebs/charts/mayastor/charts/jaeger-operator/templates/role-binding.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if .Values.rbac.create }}
kind: {{ if .Values.rbac.clusterRole }}Cluster{{ end }}RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "jaeger-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "jaeger-operator.labels" . | indent 4 }}
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ include "jaeger-operator.serviceAccountName" . }}
roleRef:
kind: {{ if .Values.rbac.clusterRole }}Cluster{{ end }}Role
name: {{ include "jaeger-operator.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}

231
helm/openebs/charts/mayastor/charts/jaeger-operator/templates/role.yaml Normal file
View File

@@ -0,0 +1,231 @@
{{- if .Values.rbac.create }}
kind: {{ if .Values.rbac.clusterRole }}Cluster{{ end }}Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "jaeger-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "jaeger-operator.labels" . | indent 4 }}
rules:
## our own custom resources
- apiGroups:
- jaegertracing.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
## for the operator's own deployment
- apiGroups:
- apps
resourceNames:
- jaeger-operator
resources:
- deployments/finalizers
verbs:
- update
## regular things the operator manages for an instance, as the result of processing CRs
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- pods
- secrets
- serviceaccounts
- services
- services/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
# Ingress for kubernetes 1.14 or higher
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
- jobs
- cronjobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
## needed if you want the operator to create service monitors for the Jaeger instances
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
## for the Elasticsearch auto-provisioning
- apiGroups:
- logging.openshift.io
resources:
- elasticsearches
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
## for the Kafka auto-provisioning
- apiGroups:
- kafka.strimzi.io
resources:
- kafkas
- kafkausers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
## Extra permissions
## This is an extra set of permissions that the Jaeger Operator might make use of if granted
## needed if support for injecting sidecars based on namespace annotation is required
- apiGroups:
- ""
resources:
- namespaces
verbs:
- 'get'
- 'list'
- 'watch'
## needed if support for injecting sidecars based on deployment annotation is required, across all namespaces
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- patch
- update
- watch
## needed only when .Spec.Ingress.Openshift.DelegateUrls is used
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
{{- if .Values.rbac.pspEnabled }}
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ include "jaeger-operator.fullname" . }}-operator-psp
{{- end }}
{{- end }}

19
helm/openebs/charts/mayastor/charts/jaeger-operator/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "jaeger-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "jaeger-operator.labels" . | indent 4 }}
{{- if .Values.serviceAccount.annotations }}
annotations:
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
{{- end }}
{{- if .Values.image.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.image.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end }}

24
helm/openebs/charts/mayastor/charts/jaeger-operator/templates/service.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "jaeger-operator.fullname" . }}-metrics
namespace: {{ .Release.Namespace }}
labels:
{{ include "jaeger-operator.labels" . | indent 4 }}
{{- if .Values.service.annotations }}
annotations:
{{ toYaml .Values.service.annotations | indent 4 }}
{{- end }}
spec:
ports:
- name: metrics
port: 8383
protocol: TCP
targetPort: 8383
{{- if and (eq .Values.service.type "NodePort") (.Values.service.nodePort) }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
selector:
app.kubernetes.io/name: {{ include "jaeger-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
type: {{ .Values.service.type }}

69
helm/openebs/charts/mayastor/charts/jaeger-operator/values.yaml Normal file
View File

@@ -0,0 +1,69 @@
# Default values for jaeger-operator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
repository: jaegertracing/jaeger-operator
tag: 1.24.0
pullPolicy: IfNotPresent
imagePullSecrets: []
crd:
install: true
jaeger:
# Specifies whether Jaeger instance should be created
create: false
# namespace where Jaeger resource should be created default to .Release.Namespace
namespace:
spec: {}
rbac:
# Specifies whether RBAC resources should be created
create: true
pspEnabled: false
clusterRole: false
service:
type: ClusterIP
# Specify a specific node port when type is NodePort
# nodePort: 32500
# Annotations for service
annotations: {}
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name:
# Annotations for serviceAccount
annotations: {}
# Specifies extra environment variables passed to the operator:
extraEnv: []
# Specifies log-level for the operator:
# - name: LOG-LEVEL
# value: debug
extraLabels: {}
# Specifies extra labels for the operator deployment:
# foo: bar
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
securityContext: {}
priorityClassName:

23
helm/openebs/charts/mayastor/charts/localpv-provisioner/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
helm/openebs/charts/mayastor/charts/localpv-provisioner/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: openebs-ndm
repository: https://openebs.github.io/node-disk-manager
version: 2.1.0
digest: sha256:47adcc8a92ea7ce83ca7f37f05f9e2f4c10154adc9551bd92e92c1ca5608f131
generated: "2023-08-16T16:46:46.773916076Z"

27
helm/openebs/charts/mayastor/charts/localpv-provisioner/Chart.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v2
appVersion: 3.4.0
dependencies:
- condition: openebsNDM.enabled
name: openebs-ndm
repository: https://openebs.github.io/node-disk-manager
version: 2.1.0
description: Helm chart for OpenEBS Dynamic Local PV. For instructions to install
OpenEBS Dynamic Local PV using helm chart, refer to https://openebs.github.io/dynamic-localpv-provisioner/.
home: http://www.openebs.io/
icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png
keywords:
- storage
- local
- dynamic-localpv
maintainers:
- email: akhil.mohan@mayadata.io
name: akhilerm
- email: kiran.mova@mayadata.io
name: kiranmova
- email: prateek.pandey@mayadata.io
name: prateekpandey14
name: localpv-provisioner
sources:
- https://github.com/openebs/dynamic-localpv-provisioner
type: application
version: 3.4.1

160
helm/openebs/charts/mayastor/charts/localpv-provisioner/README.md Normal file
View File

@@ -0,0 +1,160 @@
# OpenEBS LocalPV Provisioner
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
![Chart Lint and Test](https://github.com/openebs/dynamic-localpv-provisioner/workflows/Chart%20Lint%20and%20Test/badge.svg)
![Release Charts](https://github.com/openebs/dynamic-localpv-provisioner/workflows/Release%20Charts/badge.svg?branch=develop)
A Helm chart for openebs dynamic localpv provisioner. This chart bootstraps OpenEBS Dynamic LocalPV provisioner deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
**Homepage:** <http://www.openebs.io/>
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| akhilerm | akhil.mohan@mayadata.io | |
| kiranmova | kiran.mova@mayadata.io | |
| prateekpandey14 | prateek.pandey@mayadata.io | |
## Get Repo Info
```console
helm repo add openebs-localpv https://openebs.github.io/dynamic-localpv-provisioner
helm repo update
```
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
## Install Chart
Please visit the [link](https://openebs.github.io/dynamic-localpv-provisioner/) for install instructions via helm3.
```console
# Helm
helm install [RELEASE_NAME] openebs-localpv/localpv-provisioner --namespace [NAMESPACE] --create-namespace
```
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
## Dependencies
By default this chart installs additional, dependent charts:
| Repository | Name | Version |
|------------|------|---------|
| https://openebs.github.io/node-disk-manager | openebs-ndm | 2.1.0 |
**Note:** Find detailed Node Disk Manager Helm chart configuration options [here](https://github.com/openebs/node-disk-manager/blob/master/deploy/helm/charts/README.md).
To disable the dependency during installation, set `openebsNDM.enabled` to `false`.
_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._
## Uninstall Chart
```console
# Helm
helm uninstall [RELEASE_NAME] --namespace [NAMESPACE]
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
## Upgrading Chart
```console
# Helm
helm upgrade [RELEASE_NAME] [CHART] --install --namespace [NAMESPACE]
```
## Configuration
The following table lists the configurable parameters of the OpenEBS Dynamic LocalPV Provisioner chart and their default values.
You can modify different parameters by specifying the desired value in the `helm install` command by using the `--set` and/or the `--set-string` flag(s). You can modify the parameters of the [Node Disk Manager chart](https://openebs.github.io/node-disk-manager) by adding `openebs-ndm` before the desired parameter in the `helm install` command.
In the following sample command we modify `deviceClass.fsType` from the localpv-provisioner chart and `ndm.nodeSelector` from the openebs-ndm chart to only schedule openebs-ndm DaemonSet pods on nodes labelled with `openebs.io/data-plane=true`. We also enable the 'Use OS-disk' feature gate using the `featureGates.UseOSDisk.enabled` parameter from the openebs-ndm chart.
```console
helm install openebs-localpv openebs-localpv/localpv-provisioner --namespace openebs --create-namespace \
--set-string deviceClass.fsType="xfs" \
--set-string openebs-ndm.ndm.nodeSelector."openebs\.io/data-plane"=true \
--set openebs-ndm.featureGates.UseOSDisk.enabled=true
```
Sample command to install the provisioner with nodeAffinityLabels "openebs.io/node-affinity-key-1" and "openebs.io/node-affinity-key-2" on the hostpath StorageClass:
```console
helm install openebs-localpv openebs-localpv/localpv-provisioner --namespace openebs --create-namespace \
--set-string hostpathClass.nodeAffinityLabels="{openebs.io/node-affinity-key-1,openebs.io/node-affinity-key-2}"
```
Sample command to install the provisioner with blockDeviceSelectors "openebs.io/block-device-tag=mongo" and "ndm.io/fsType=ext4":
```console
helm install openebs-localpv openebs-localpv/localpv-provisioner --namespace openebs --create-namespace \
--set-string deviceClass.blockDeviceSelectors."openebs\.io/block-device-tag"="mongo" \
--set-string deviceClass.blockDeviceSelectors."ndm\.io/fsType"="ext4"
```
| Parameter | Description | Default |
| ------------------------------------------- | --------------------------------------------- | ----------------------------------------- |
| `release.version` | LocalPV Provisioner release version | `3.4.0` |
| `analytics.enabled` | Enable sending stats to Google Analytics | `true` |
| `analytics.pingInterval` | Duration(hours) between sending ping stat | `24h` |
| `deviceClass.blockDeviceSelectors` | Label key value pairs based on which BlockDevices on the node will be selected for provisioning | `{}` |
| `deviceClass.enabled` | Enables creation of default Device StorageClass | `true` |
| `deviceClass.fsType` | Filesystem type for openebs-device StorageClass | `"ext4"` |
| `deviceClass.isDefaultClass` | Make openebs-device the default StorageClass | `"false"` |
| `deviceClass.nodeAffinityLabels` | Custom node label(or labels) key to uniquely identify nodes. `kubernetes.io/hostname` is the default label key for node selection. | `[]` |
| `deviceClass.reclaimPolicy` | ReclaimPolicy for Device PVs | `"Delete"` |
| `helperPod.image.registry` | Registry for helper image | `""` |
| `helperPod.image.repository` | Image for helper pod | `"openebs/linux-utils"` |
| `helperPod.image.pullPolicy` | Pull policy for helper pod | `"IfNotPresent"` |
| `helperPod.image.tag` | Image tag for helper image | `3.4.0` |
| `hostpathClass.basePath` | BasePath for openebs-hostpath StorageClass | `"/var/openebs/local"` |
| `hostpathClass.enabled` | Enables creation of default Hostpath StorageClass | `true` |
| `hostpathClass.isDefaultClass` | Make openebs-hostpath the default StorageClass | `"false"` |
| `hostpathClass.nodeAffinityLabels` | Custom node label(or labels) key to uniquely identify nodes. `kubernetes.io/hostname` is the default label key for node selection. | `[]` |
| `hostpathClass.xfsQuota.enabled` | Enable XFS Quota (requires XFS filesystem) | `false` |
| `hostpathClass.ext4Quota.enabled` | Enable EXT4 Quota (requires EXT4 filesystem) | `false` |
| `hostpathClass.reclaimPolicy` | ReclaimPolicy for Hostpath PVs | `"Delete"` |
| `imagePullSecrets` | Provides image pull secrect | `""` |
| `localpv.enabled` | Enable LocalPV Provisioner | `true` |
| `localpv.image.registry` | Registry for LocalPV Provisioner image | `""` |
| `localpv.image.repository` | Image repository for LocalPV Provisioner | `openebs/localpv-provisioner` |
| `localpv.image.pullPolicy` | Image pull policy for LocalPV Provisioner | `IfNotPresent` |
| `localpv.image.tag` | Image tag for LocalPV Provisioner | `3.4.0` |
| `localpv.updateStrategy.type` | Update strategy for LocalPV Provisioner | `RollingUpdate` |
| `localpv.annotations` | Annotations for LocalPV Provisioner metadata | `""` |
| `localpv.podAnnotations` | Annotations for LocalPV Provisioner pods metadata | `""` |
| `localpv.privileged` | Run LocalPV Provisioner with extra privileges | `true` |
| `localpv.resources` | Resource and request and limit for containers | `""` |
| `localpv.podLabels` | Appends labels to the pods | `""` |
| `localpv.nodeSelector` | Nodeselector for LocalPV Provisioner pods | `""` |
| `localpv.tolerations` | LocalPV Provisioner pod toleration values | `""` |
| `localpv.securityContext` | Seurity context for container | `""` |
| `localpv.healthCheck.initialDelaySeconds` | Delay before liveness probe is initiated | `30` |
| `localpv.healthCheck.periodSeconds` | How often to perform the liveness probe | `60` |
| `localpv.replicas` | No. of LocalPV Provisioner replica | `1` |
| `localpv.enableLeaderElection` | Enable leader election | `true` |
| `localpv.affinity` | LocalPV Provisioner pod affinity | `{}` |
| `localpv.waitForBDBindTimeoutRetryCount` | This sets the number of times the provisioner should try with a polling interval of 5 seconds, to get the Blockdevice Name from a BlockDeviceClaim, before the BlockDeviceClaim is deleted. | "12" |
| `openebsNDM.enabled` | Install openebs NDM dependency | `true` |
| `rbac.create` | Enable RBAC Resources | `true` |
| `rbac.pspEnabled` | Create pod security policy resources | `false` |
A YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
helm install <release-name> -f values.yaml --namespace openebs openebs-localpv/localpv-provisioner
```
> **Tip**: You can use the default [values.yaml](values.yaml)

23
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/Chart.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v2
appVersion: 2.1.0
description: Helm chart for OpenEBS Node Disk Manager - a Kubernetes native storage
device management solution. For instructions on how to install, refer to https://openebs.github.io/node-disk-manager/.
home: http://www.openebs.io/
icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png
keywords:
- cloud-native-storage
- block-storage
- ndm
- disk-inventory
- storage
maintainers:
- email: akhil.mohan@mayadata.io
name: akhilerm
- email: michaelfornaro@gmail.com
name: xUnholy
- email: prateek.pandey@mayadata.io
name: prateekpandey14
name: openebs-ndm
sources:
- https://github.com/openebs/node-disk-manager
version: 2.1.0

93
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/README.md Normal file
View File

@@ -0,0 +1,93 @@
## Introduction
This chart bootstraps OpenEBS NDM deployment on a [Kubernetes](http://kubernetes.io) cluster using the
[Helm](https://helm.sh) package manager.
## Installation
You can run OpenEBS NDM on any Kubernetes 1.17+ cluster in a matter of seconds.
Please visit the [link](https://openebs.github.io/node-disk-manager/) for install instructions via helm3.
## Configuration
The following table lists the configurable parameters of the OpenEBS NDM chart and their default values.
| Parameter | Description | Default |
|-------------------------------------------------------------|-------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------|
| `imagePullSecrets` | Provides image pull secrect | `""` |
| `ndm.enabled` | Enable Node Disk Manager | `true` |
| `ndm.image.registry` | Registry for Node Disk Manager image | `""` |
| `ndm.image.repository` | Image repository for Node Disk Manager | `openebs/node-disk-manager` |
| `ndm.image.pullPolicy` | Image pull policy for Node Disk Manager | `IfNotPresent` |
| `ndm.image.tag` | Image tag for Node Disk Manager | `2.1.0` |
| `ndm.sparse.path` | Directory where Sparse files are created | `/var/openebs/sparse` |
| `ndm.sparse.size` | Size of the sparse file in bytes | `10737418240` |
| `ndm.sparse.count` | Number of sparse files to be created | `0` |
| `ndm.updateStrategy.type` | Update strategy for NDM daemonset | `RollingUpdate` |
| `ndm.annotations` | Annotations for NDM daemonset metadata | `""` |
| `ndm.podAnnotations` | Annotations for NDM daemonset's pods metadata | `""` |
| `ndm.resources` | Resource and request and limit for containers | `""` |
| `ndm.podLabels` | Appends labels to the pods | `""` |
| `ndm.nodeSelector` | Nodeselector for daemonset pods | `""` |
| `ndm.tolerations` | NDM daemonset's pod toleration values | `""` |
| `ndm.securityContext` | Seurity context for container | `""` |
| `ndm.filters.enableOsDiskExcludeFilter` | Enable filters of OS disk exclude | `true` |
| `ndm.filters.osDiskExcludePaths` | Paths/Mountpoints to be excluded by OS Disk Filter | `/,/etc/hosts,/boot` |
| `ndm.filters.enableVendorFilter` | Enable filters of vendors | `true` |
| `ndm.filters.excludeVendors` | Exclude devices with specified vendor | `CLOUDBYT,OpenEBS` |
| `ndm.filters.enablePathFilter` | Enable filters of paths | `true` |
| `ndm.filters.includePaths` | Include devices with specified path patterns | `""` |
| `ndm.filters.excludePaths` | Exclude devices with specified path patterns | `loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd` |
| `ndm.probes.enableSeachest` | Enable Seachest probe for NDM | `false` |
| `ndm.probes.enableUdevProbe` | Enable Udev probe for NDM | `true` |
| `ndm.probes.enableSmartProbe` | Enable Smart probe for NDM | `true` |
| `ndm.metaConfig.nodeLabelPattern` | Config for adding node labels as BD labels | `kubernetes.io*,beta.kubernetes.io*` |
| `ndm.metaConfig.deviceLabelTypes` | Config for adding device attributes as BD labels | `.spec.details.vendor,.spec.details.model,.spec.details.driveType,.spec.filesystem.fsType` |
| `ndmOperator.enabled` | Enable NDM Operator | `true` |
| `ndmOperator.replica` | Pod replica count for NDM operator | `1` |
| `ndmOperator.upgradeStrategy` | Update strategy NDM operator | `"Recreate"` |
| `ndmOperator.image.registry` | Registry for NDM operator image | `""` |
| `ndmOperator.image.repository` | Image repository for NDM operator | `openebs/node-disk-operator` |
| `ndmOperator.image.pullPolicy` | Image pull policy for NDM operator | `IfNotPresent` |
| `ndmOperator.image.tag` | Image tag for NDM operator | `2.1.0` |
| `ndmOperator.annotations` | Annotations for NDM operator metadata | `""` |
| `ndmOperator.podAnnotations` | Annotations for NDM operator's pods metadata | `""` |
| `ndmOperator.resources` | Resource and request and limit for containers | `""` |
| `ndmOperator.podLabels` | Appends labels to the pods | `""` |
| `ndmOperator.nodeSelector` | Nodeselector for operator pods | `""` |
| `ndmOperator.tolerations` | NDM operator's pod toleration values | `""` |
| `ndmOperator.securityContext` | Security context for container | `""` |
| `ndmExporter.enabled` | Enable NDM Exporters | `false` |
| `ndmExporter.image.registry` | Registry for NDM Exporters image | `""` |
| `ndmExporter.repository` | Image repository for NDM Exporters | `openebs/node-disk-exporter` |
| `ndmExporter.pullPolicy` | Image pull policy for NDM Exporters | `IfNotPresent` |
| `ndmExporter.tag` | Image tag for NDM Exporters | `2.1.0` |
| `ndmExporter.nodeExporter.metricsPort` | The TCP port number used for exposing NDM node exporter metrics | `9101` |
| `ndmExporter.nodeExporter.nodeExporter.nodeSelector` | Node selector for NDM node exporter pods | `9101` |
| `ndmExporter.nodeExporter.nodeExporter.tolerations` | NDM node exporter toleration values | `9101` |
| `ndmExporter.clusterExporter.metricsPort` | The TCP port number used for exposing NDM cluster exporter metrics | `9100` |
| `ndmExporter.clusterExporter.clusterExpoerter.nodeSelector` | Node selector for NDM cluster exporter pod | `9100` |
| `ndmExporter.clusterExporter.clusterExpoerter.tolerations` | NDM cluster exporter toleraion values | `9100` |
| `featureGates.APIService.enabled` | Enable the gRPC API service of NDM | `false` |
| `featureGates.UseOSDisk.enabled` | Enable feature-gate to use free space on OS disk | `false` |
| `featureGates.ChangeDetection.enabled` | Enable feature-gate to detect mountpoint/filesystem/size changes | `false` |
| `featureGates.PartitionTableUUID.enabled` | Enable feature-gate to use partition table UUID instead of creating partition | `true` |
| `helperPod.image.registry` | Registry for helper image | `""` |
| `helperPod.image.repository` | Image for helper pod | `openebs/linux-utils` |
| `helperPod.image.pullPolicy` | Pull policy for helper pod | `IfNotPresent` |
| `helperPod.image.tag` | Image tag for helper image | `3.4.0` |
| `varDirectoryPath.baseDir` | Directory to store debug info and so forth | `/var/openebs` |
| `serviceAccount.create` | Create a service account or not | `true` |
| `serviceAccount.name` | Name for the service account | `true` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
helm install <release-name> -f values.yaml ndm/openebs-ndm
```
> **Tip**: You can use the default [values.yaml](values.yaml)

241
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdevice.yaml Normal file
View File

@@ -0,0 +1,241 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.5.0
creationTimestamp: null
name: blockdevices.openebs.io
spec:
group: openebs.io
names:
kind: BlockDevice
listKind: BlockDeviceList
plural: blockdevices
shortNames:
- bd
singular: blockdevice
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.nodeAttributes.nodeName
name: NodeName
type: string
- jsonPath: .spec.path
name: Path
priority: 1
type: string
- jsonPath: .spec.filesystem.fsType
name: FSType
priority: 1
type: string
- jsonPath: .spec.capacity.storage
name: Size
type: string
- jsonPath: .status.claimState
name: ClaimState
type: string
- jsonPath: .status.state
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: BlockDevice is the Schema for the blockdevices API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: DeviceSpec defines the properties and runtime status of a BlockDevice
properties:
aggregateDevice:
description: AggregateDevice was intended to store the hierarchical information in cases of LVM. However this is currently not implemented and may need to be re-looked into for better design. To be deprecated
type: string
capacity:
description: Capacity
properties:
logicalSectorSize:
description: LogicalSectorSize is blockdevice logical-sector size in bytes
format: int32
type: integer
physicalSectorSize:
description: PhysicalSectorSize is blockdevice physical-Sector size in bytes
format: int32
type: integer
storage:
description: Storage is the blockdevice capacity in bytes
format: int64
type: integer
required:
- storage
type: object
claimRef:
description: ClaimRef is the reference to the BDC which has claimed this BD
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
details:
description: Details contain static attributes of BD like model,serial, and so forth
properties:
compliance:
description: Compliance is standards/specifications version implemented by device firmware such as SPC-1, SPC-2, etc
type: string
deviceType:
description: DeviceType represents the type of device like sparse, disk, partition, lvm, crypt
enum:
- disk
- partition
- sparse
- loop
- lvm
- crypt
- dm
- mpath
type: string
driveType:
description: DriveType is the type of backing drive, HDD/SSD
enum:
- HDD
- SSD
- Unknown
- ""
type: string
firmwareRevision:
description: FirmwareRevision is the disk firmware revision
type: string
hardwareSectorSize:
description: HardwareSectorSize is the hardware sector size in bytes
format: int32
type: integer
logicalBlockSize:
description: LogicalBlockSize is the logical block size in bytes reported by /sys/class/block/sda/queue/logical_block_size
format: int32
type: integer
model:
description: Model is model of disk
type: string
physicalBlockSize:
description: PhysicalBlockSize is the physical block size in bytes reported by /sys/class/block/sda/queue/physical_block_size
format: int32
type: integer
serial:
description: Serial is serial number of disk
type: string
vendor:
description: Vendor is vendor of disk
type: string
type: object
devlinks:
description: DevLinks contains soft links of a block device like /dev/by-id/... /dev/by-uuid/...
items:
description: DeviceDevLink holds the mapping between type and links like by-id type or by-path type link
properties:
kind:
description: Kind is the type of link like by-id or by-path.
enum:
- by-id
- by-path
type: string
links:
description: Links are the soft links
items:
type: string
type: array
type: object
type: array
filesystem:
description: FileSystem contains mountpoint and filesystem type
properties:
fsType:
description: Type represents the FileSystem type of the block device
type: string
mountPoint:
description: MountPoint represents the mountpoint of the block device.
type: string
type: object
nodeAttributes:
description: NodeAttributes has the details of the node on which BD is attached
properties:
nodeName:
description: NodeName is the name of the Kubernetes node resource on which the device is attached
type: string
type: object
parentDevice:
description: "ParentDevice was intended to store the UUID of the parent Block Device as is the case for partitioned block devices. \n For example: /dev/sda is the parent for /dev/sda1 To be deprecated"
type: string
partitioned:
description: Partitioned represents if BlockDevice has partitions or not (Yes/No) Currently always default to No. To be deprecated
enum:
- "Yes"
- "No"
type: string
path:
description: Path contain devpath (e.g. /dev/sdb)
type: string
required:
- capacity
- devlinks
- nodeAttributes
- path
type: object
status:
description: DeviceStatus defines the observed state of BlockDevice
properties:
claimState:
description: ClaimState represents the claim state of the block device
enum:
- Claimed
- Unclaimed
- Released
type: string
state:
description: State is the current state of the blockdevice (Active/Inactive/Unknown)
enum:
- Active
- Inactive
- Unknown
type: string
required:
- claimState
- state
type: object
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

144
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/crds/blockdeviceclaim.yaml Normal file
View File

@@ -0,0 +1,144 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.5.0
creationTimestamp: null
name: blockdeviceclaims.openebs.io
spec:
group: openebs.io
names:
kind: BlockDeviceClaim
listKind: BlockDeviceClaimList
plural: blockdeviceclaims
shortNames:
- bdc
singular: blockdeviceclaim
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.blockDeviceName
name: BlockDeviceName
type: string
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: BlockDeviceClaim is the Schema for the blockdeviceclaims API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: DeviceClaimSpec defines the request details for a BlockDevice
properties:
blockDeviceName:
description: BlockDeviceName is the reference to the block-device backing this claim
type: string
blockDeviceNodeAttributes:
description: BlockDeviceNodeAttributes is the attributes on the node from which a BD should be selected for this claim. It can include nodename, failure domain etc.
properties:
hostName:
description: HostName represents the hostname of the Kubernetes node resource where the BD should be present
type: string
nodeName:
description: NodeName represents the name of the Kubernetes node resource where the BD should be present
type: string
type: object
deviceClaimDetails:
description: Details of the device to be claimed
properties:
allowPartition:
description: AllowPartition represents whether to claim a full block device or a device that is a partition
type: boolean
blockVolumeMode:
description: 'BlockVolumeMode represents whether to claim a device in Block mode or Filesystem mode. These are use cases of BlockVolumeMode: 1) Not specified: VolumeMode check will not be effective 2) VolumeModeBlock: BD should not have any filesystem or mountpoint 3) VolumeModeFileSystem: BD should have a filesystem and mountpoint. If DeviceFormat is specified then the format should match with the FSType in BD'
type: string
formatType:
description: Format of the device required, eg:ext4, xfs
type: string
type: object
deviceType:
description: DeviceType represents the type of drive like SSD, HDD etc.,
nullable: true
type: string
hostName:
description: Node name from where blockdevice has to be claimed. To be deprecated. Use NodeAttributes.HostName instead
type: string
resources:
description: Resources will help with placing claims on Capacity, IOPS
properties:
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum resources required. eg: if storage resource of 10G is requested minimum capacity of 10G should be available TODO for validating'
type: object
required:
- requests
type: object
selector:
description: Selector is used to find block devices to be considered for claiming
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
type: object
status:
description: DeviceClaimStatus defines the observed state of BlockDeviceClaim
properties:
phase:
description: Phase represents the current phase of the claim
type: string
required:
- phase
type: object
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

8
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,8 @@
The OpenEBS Node Disk Manager has been installed. Check its status by running:
$ kubectl get pods -n {{ .Release.Namespace }}
Use `kubectl get bd -n {{ .Release.Namespace }} ` to see the list of
blockdevices attached to the Kubernetes cluster nodes.
For more information, visit our Slack at https://openebs.io/community or view
the documentation online at http://docs.openebs.io/.

242
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,242 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
This name is used for ndm daemonset
*/}}
{{- define "openebs-ndm.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "openebs-ndm.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified ndm daemonset app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "openebs-ndm.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains .Release.Name $name }}
{{- $name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{- define "openebs-ndm.operator.name" -}}
{{- $ndmName := default .Chart.Name .Values.ndmOperator.nameOverride | trunc 63 | trimSuffix "-" }}
{{- $componentName := .Values.ndmOperator.name | trunc 63 | trimSuffix "-" }}
{{- printf "%s-%s" $ndmName $componentName | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified ndm operator app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "openebs-ndm.operator.fullname" -}}
{{- if .Values.ndmOperator.fullnameOverride }}
{{- .Values.ndmOperator.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $ndmOperatorName := include "openebs-ndm.operator.name" .}}
{{- $name := default $ndmOperatorName .Values.ndmOperator.nameOverride }}
{{- if contains .Release.Name $name }}
{{- $name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{- define "openebs-ndm.cluster-exporter.name" -}}
{{- $ndmName := default .Chart.Name .Values.ndmExporter.clusterExporter.nameOverride | trunc 63 | trimSuffix "-" }}
{{- $componentName := .Values.ndmExporter.clusterExporter.name | trunc 63 | trimSuffix "-" }}
{{- printf "%s-%s" $ndmName $componentName | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified ndm cluster exporter name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "openebs-ndm.cluster-exporter.fullname" -}}
{{- if .Values.ndmExporter.clusterExporter.fullnameOverride }}
{{- .Values.ndmExporter.clusterExporter.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $ndmClusterExporterName := include "openebs-ndm.cluster-exporter.name" .}}
{{- $name := default $ndmClusterExporterName .Values.ndmExporter.clusterExporter.nameOverride }}
{{- if contains .Release.Name $name }}
{{- $name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{- define "openebs-ndm.exporter.name" -}}
{{- $ndmName := .Chart.Name | trunc 63 | trimSuffix "-" }}
{{- $componentName := "exporter" | trunc 63 | trimSuffix "-" }}
{{- printf "%s-%s" $ndmName $componentName | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "openebs-ndm.node-exporter.name" -}}
{{- $ndmName := default .Chart.Name .Values.ndmExporter.nodeExporter.nameOverride | trunc 63 | trimSuffix "-" }}
{{- $componentName := .Values.ndmExporter.nodeExporter.name | trunc 63 | trimSuffix "-" }}
{{- printf "%s-%s" $ndmName $componentName | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified ndm node exporter name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "openebs-ndm.node-exporter.fullname" -}}
{{- if .Values.ndmExporter.nodeExporter.fullnameOverride }}
{{- .Values.ndmExporter.nodeExporter.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $ndmNodeExporterName := include "openebs-ndm.node-exporter.name" .}}
{{- $name := default $ndmNodeExporterName .Values.ndmExporter.nodeExporter.nameOverride }}
{{- if contains .Release.Name $name }}
{{- $name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "openebs-ndm.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "openebs-ndm.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Define meta labels for ndm components
*/}}
{{- define "openebs-ndm.common.metaLabels" -}}
chart: {{ template "openebs-ndm.chart" . }}
heritage: {{ .Release.Service }}
openebs.io/version: {{ .Values.release.version | quote }}
{{- end -}}
{{/*
Create match labels for ndm daemonset component
*/}}
{{- define "openebs-ndm.matchLabels" -}}
app: {{ template "openebs-ndm.name" . }}
release: {{ .Release.Name }}
component: {{ .Values.ndm.componentName | quote }}
{{- end -}}
{{/*
Create component labels for ndm daemonset component
*/}}
{{- define "openebs-ndm.componentLabels" -}}
openebs.io/component-name: {{ .Values.ndm.componentName | quote }}
{{- end -}}
{{/*
Create labels for ndm daemonset component
*/}}
{{- define "openebs-ndm.labels" -}}
{{ include "openebs-ndm.common.metaLabels" . }}
{{ include "openebs-ndm.matchLabels" . }}
{{ include "openebs-ndm.componentLabels" . }}
{{- end -}}
{{/*
Create match labels for ndm operator deployment
*/}}
{{- define "openebs-ndm.operator.matchLabels" -}}
app: {{ template "openebs-ndm.operator.name" . }}
release: {{ .Release.Name }}
component: {{ default (include "openebs-ndm.operator.name" .) .Values.ndmOperator.componentName }}
{{- end -}}
{{/*
Create component labels for ndm operator component
*/}}
{{- define "openebs-ndm.operator.componentLabels" -}}
openebs.io/component-name: {{ default (include "openebs-ndm.operator.name" .) .Values.ndmOperator.componentName }}
{{- end -}}
{{/*
Create labels for ndm operator component
*/}}
{{- define "openebs-ndm.operator.labels" -}}
{{ include "openebs-ndm.common.metaLabels" . }}
{{ include "openebs-ndm.operator.matchLabels" . }}
{{ include "openebs-ndm.operator.componentLabels" . }}
{{- end -}}
{{/*
Create match labels for ndm cluster exporter deployment
*/}}
{{- define "openebs-ndm.cluster-exporter.matchLabels" -}}
app: {{ template "openebs-ndm.exporter.name" . }}
release: {{ .Release.Name }}
component: {{ default (include "openebs-ndm.cluster-exporter.name" .) .Values.ndmExporter.clusterExporter.componentName }}
{{- end -}}
{{/*
Create component labels for ndm cluster exporter component
*/}}
{{- define "openebs-ndm.cluster-exporter.componentLabels" -}}
openebs.io/component-name: {{ default (include "openebs-ndm.cluster-exporter.name" .) .Values.ndmExporter.clusterExporter.componentName }}
{{- end -}}
{{/*
Create labels for ndm cluster exporter component
*/}}
{{- define "openebs-ndm.cluster-exporter.labels" -}}
{{ include "openebs-ndm.common.metaLabels" . }}
{{ include "openebs-ndm.cluster-exporter.matchLabels" . }}
{{ include "openebs-ndm.cluster-exporter.componentLabels" . }}
{{- end -}}
{{/*
Create match labels for ndm node exporter deployment
*/}}
{{- define "openebs-ndm.node-exporter.matchLabels" -}}
app: {{ template "openebs-ndm.exporter.name" . }}
release: {{ .Release.Name }}
component: {{ default (include "openebs-ndm.node-exporter.name" .) .Values.ndmExporter.nodeExporter.componentName }}
{{- end -}}
{{/*
Create component labels for ndm node exporter component
*/}}
{{- define "openebs-ndm.node-exporter.componentLabels" -}}
openebs.io/component-name: {{ default (include "openebs-ndm.node-exporter.name" .) .Values.ndmExporter.nodeExporter.componentName }}
{{- end -}}
{{/*
Create labels for ndm cluster node component
*/}}
{{- define "openebs-ndm.node-exporter.labels" -}}
{{ include "openebs-ndm.common.metaLabels" . }}
{{ include "openebs-ndm.node-exporter.matchLabels" . }}
{{ include "openebs-ndm.node-exporter.componentLabels" . }}
{{- end -}}

18
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/templates/cluster-exporter-service.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if and .Values.ndmExporter.enabled .Values.ndmExporter.clusterExporter.metricsPort }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "openebs-ndm.cluster-exporter.fullname" . }}-service
labels:
{{- include "openebs-ndm.cluster-exporter.labels" . | nindent 4 }}
spec:
clusterIP: None
ports:
- name: metrics
port: {{ .Values.ndmExporter.clusterExporter.metricsPort }}
targetPort: {{ .Values.ndmExporter.clusterExporter.metricsPort }}
selector:
{{- with .Values.ndmExporter.clusterExporter.podLabels }}
{{ toYaml . }}
{{- end }}
{{- end }}

60
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/templates/cluster-exporter.yaml Normal file
View File

@@ -0,0 +1,60 @@
{{- if .Values.ndmExporter.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "openebs-ndm.cluster-exporter.fullname" . }}
labels:
{{- include "openebs-ndm.cluster-exporter.labels" . | nindent 4 }}
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
{{- include "openebs-ndm.cluster-exporter.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "openebs-ndm.cluster-exporter.labels" . | nindent 8 }}
{{- with .Values.ndmExporter.clusterExporter.podLabels }}
{{ toYaml . }}
{{- end }}
spec:
serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }}
containers:
- name: {{ template "openebs-ndm.cluster-exporter.fullname" . }}
image: "{{ .Values.ndmExporter.image.registry }}{{ .Values.ndmExporter.image.repository }}:{{ .Values.ndmExporter.image.tag }}"
command:
- /usr/local/bin/exporter
args:
- "start"
- "--mode=cluster"
- "--port=$(METRICS_LISTEN_PORT)"
- "--metrics=/metrics"
ports:
- containerPort: {{ .Values.ndmExporter.clusterExporter.metricsPort }}
protocol: TCP
name: metrics
imagePullPolicy: {{ .Values.ndmExporter.image.pullPolicy }}
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.ndmExporter.clusterExporter.metricsPort }}
- name: METRICS_LISTEN_PORT
value: :{{ .Values.ndmExporter.clusterExporter.metricsPort }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.ndmExporter.clusterExporter.nodeSelector }}
nodeSelector:
{{ toYaml .Values.ndmExporter.clusterExporter.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.ndmExporter.clusterExporter.tolerations }}
tolerations:
{{ toYaml .Values.ndmExporter.clusterExporter.tolerations | indent 8 }}
{{- end }}
{{- end }}

45
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,45 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "openebs-ndm.fullname" . }}-config
data:
# node-disk-manager-config contains config of available probes and filters.
# Probes and Filters will initialize with default values if config for that
# filter or probe are not present in configmap
# udev-probe is default or primary probe it should be enabled to run ndm
# filterconfigs contains configs of filters. To provide a group of include
# and exclude values add it as , separated string
node-disk-manager.config: |
probeconfigs:
- key: udev-probe
name: udev probe
state: {{ .Values.ndm.probes.enableUdevProbe }}
- key: seachest-probe
name: seachest probe
state: {{ .Values.ndm.probes.enableSeachest }}
- key: smart-probe
name: smart probe
state: {{ .Values.ndm.probes.enableSmartProbe }}
filterconfigs:
- key: os-disk-exclude-filter
name: os disk exclude filter
state: {{ .Values.ndm.filters.enableOsDiskExcludeFilter }}
exclude: "{{ .Values.ndm.filters.osDiskExcludePaths }}"
- key: vendor-filter
name: vendor filter
state: {{ .Values.ndm.filters.enableVendorFilter }}
include: ""
exclude: "{{ .Values.ndm.filters.excludeVendors }}"
- key: path-filter
name: path filter
state: {{ .Values.ndm.filters.enablePathFilter }}
include: "{{ .Values.ndm.filters.includePaths }}"
exclude: "{{ .Values.ndm.filters.excludePaths }}"
metaconfigs:
- key: node-labels
name: node labels
pattern: "{{ .Values.ndm.metaConfig.nodeLabelPattern }}"
- key: device-labels
name: device labels
type: "{{ .Values.ndm.metaConfig.deviceLabelTypes }}"

179
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/templates/daemonset.yaml Normal file
View File

@@ -0,0 +1,179 @@
{{- if .Values.ndm.enabled }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ template "openebs-ndm.fullname" . }}
{{- with .Values.ndm.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "openebs-ndm.labels" . | nindent 4 }}
spec:
updateStrategy:
{{ toYaml .Values.ndm.updateStrategy | indent 4 }}
selector:
matchLabels:
{{- include "openebs-ndm.matchLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.ndm.podAnnotations }}
annotations: {{ toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "openebs-ndm.labels" . | nindent 8 }}
{{- with .Values.ndm.podLabels}}
{{ toYaml . }}
{{- end}}
spec:
serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }}
{{- if .Values.featureGates.enabled }}
{{- if .Values.featureGates.APIService.enabled }}
hostPID: true
{{- end}}
{{- end}}
containers:
- name: {{ template "openebs-ndm.name" . }}
image: "{{ .Values.ndm.image.registry }}{{ .Values.ndm.image.repository }}:{{ .Values.ndm.image.tag }}"
args:
- -v=4
{{- if .Values.featureGates.enabled }}
{{- if .Values.featureGates.GPTBasedUUID.enabled }}
- --feature-gates={{ .Values.featureGates.GPTBasedUUID.featureGateFlag }}
{{- end}}
{{- if .Values.featureGates.APIService.enabled }}
- --feature-gates={{ .Values.featureGates.APIService.featureGateFlag }}
- --api-service-address={{ .Values.featureGates.APIService.address }}
{{- end}}
{{- if .Values.featureGates.UseOSDisk.enabled }}
- --feature-gates={{ .Values.featureGates.UseOSDisk.featureGateFlag }}
{{- end}}
{{- if .Values.featureGates.ChangeDetection.enabled }}
- --feature-gates={{ .Values.featureGates.ChangeDetection.featureGateFlag }}
{{- end}}
{{- if .Values.featureGates.PartitionTableUUID.enabled }}
- --feature-gates={{ .Values.featureGates.PartitionTableUUID.featureGateFlag }}
{{- end}}
{{- end}}
imagePullPolicy: {{ .Values.ndm.image.pullPolicy }}
resources:
{{ toYaml .Values.ndm.resources | indent 12 }}
securityContext:
privileged: true
env:
# namespace in which NDM is installed will be passed to NDM Daemonset
# as environment variable
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# pass hostname as env variable using downward API to the NDM container
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- if .Values.ndm.sparse }}
{{- if .Values.ndm.sparse.path }}
# specify the directory where the sparse files need to be created.
# if not specified, then sparse files will not be created.
- name: SPARSE_FILE_DIR
value: "{{ .Values.ndm.sparse.path }}"
{{- end }}
{{- if .Values.ndm.sparse.size }}
# Size(bytes) of the sparse file to be created.
- name: SPARSE_FILE_SIZE
value: "{{ .Values.ndm.sparse.size }}"
{{- end }}
{{- if .Values.ndm.sparse.count }}
# Specify the number of sparse files to be created
- name: SPARSE_FILE_COUNT
value: "{{ .Values.ndm.sparse.count }}"
{{- end }}
{{- end }}
# Process name used for matching is limited to the 15 characters
# present in the pgrep output.
# So fullname can be used here with pgrep (cmd is < 15 chars).
livenessProbe:
exec:
command:
- pgrep
- "ndm"
initialDelaySeconds: {{ .Values.ndm.healthCheck.initialDelaySeconds }}
periodSeconds: {{ .Values.ndm.healthCheck.periodSeconds }}
volumeMounts:
- name: config
mountPath: /host/node-disk-manager.config
subPath: node-disk-manager.config
readOnly: true
- name: udev
mountPath: /run/udev
- name: procmount
mountPath: /host/proc
readOnly: true
- name: devmount
mountPath: /dev
- name: basepath
mountPath: /var/openebs/ndm
{{- if .Values.ndm.sparse }}
{{- if .Values.ndm.sparse.path }}
- name: sparsepath
mountPath: {{ .Values.ndm.sparse.path }}
{{- end }}
{{- end }}
volumes:
- name: config
configMap:
name: {{ include "openebs-ndm.fullname" . }}-config
- name: udev
hostPath:
path: /run/udev
type: Directory
# mount /proc (to access mount file of process 1 of host) inside container
# to read mount-point of disks and partitions
- name: procmount
hostPath:
path: /proc
type: Directory
- name: devmount
# the /dev directory is mounted so that we have access to the devices that
# are connected at runtime of the pod.
hostPath:
path: /dev
type: Directory
- name: basepath
hostPath:
path: "{{ .Values.varDirectoryPath.baseDir }}/ndm"
type: DirectoryOrCreate
{{- if .Values.ndm.sparse }}
{{- if .Values.ndm.sparse.path }}
- name: sparsepath
hostPath:
path: {{ .Values.ndm.sparse.path }}
{{- end }}
{{- end }}
# By default the node-disk-manager will be run on all kubernetes nodes
# If you would like to limit this to only some nodes, say the nodes
# that have storage attached, you could label those node and use
# nodeSelector.
#
# e.g. label the storage nodes with - "openebs.io/nodegroup"="storage-node"
# kubectl label node <node-name> "openebs.io/nodegroup"="storage-node"
#nodeSelector:
# "openebs.io/nodegroup": "storage-node"
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.ndm.nodeSelector }}
nodeSelector:
{{ toYaml .Values.ndm.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.ndm.tolerations }}
tolerations:
{{ toYaml .Values.ndm.tolerations | indent 8 }}
{{- end }}
{{- if .Values.ndm.securityContext }}
securityContext:
{{ toYaml .Values.ndm.securityContext | indent 8 }}
{{- end }}
hostNetwork: true
{{- end }}

87
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,87 @@
{{- if .Values.ndmOperator.enabled }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "openebs-ndm.operator.fullname" . }}
{{- with .Values.ndmOperator.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "openebs-ndm.operator.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.ndmOperator.replicas }}
strategy:
type: "Recreate"
rollingUpdate: null
selector:
matchLabels:
{{- include "openebs-ndm.operator.matchLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.ndmOperator.podAnnotations }}
annotations: {{ toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "openebs-ndm.operator.labels" . | nindent 8 }}
{{- with .Values.ndmOperator.podLabels}}
{{ toYaml . }}
{{- end}}
spec:
serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }}
containers:
- name: {{ template "openebs-ndm.operator.fullname" . }}
image: "{{ .Values.ndmOperator.image.registry }}{{ .Values.ndmOperator.image.repository }}:{{ .Values.ndmOperator.image.tag }}"
imagePullPolicy: {{ .Values.ndmOperator.image.pullPolicy }}
resources:
{{ toYaml .Values.ndmOperator.resources | indent 12 }}
livenessProbe:
httpGet:
path: /healthz
port: 8585
initialDelaySeconds: {{ .Values.ndmOperator.healthCheck.initialDelaySeconds }}
periodSeconds: {{ .Values.ndmOperator.healthCheck.periodSeconds }}
readinessProbe:
httpGet:
path: /readyz
port: 8585
initialDelaySeconds: {{ .Values.ndmOperator.readinessCheck.initialDelaySeconds }}
periodSeconds: {{ .Values.ndmOperator.readinessCheck.periodSeconds }}
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: OPERATOR_NAME
value: "node-disk-operator"
- name: CLEANUP_JOB_IMAGE
value: "{{ .Values.helperPod.image.registry }}{{ .Values.helperPod.image.repository }}:{{ .Values.helperPod.image.tag }}"
{{- if .Values.imagePullSecrets }}
- name: OPENEBS_IO_IMAGE_PULL_SECRETS
value: "{{- range $index, $secret := .Values.imagePullSecrets}}{{if $index}},{{end}}{{ $secret.name }}{{- end}}"
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.ndmOperator.nodeSelector }}
nodeSelector:
{{ toYaml .Values.ndmOperator.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.ndmOperator.securityContext }}
securityContext:
{{ toYaml .Values.ndmOperator.securityContext | indent 8 }}
{{- end }}
{{- if .Values.ndmOperator.tolerations }}
tolerations:
{{ toYaml .Values.ndmOperator.tolerations | indent 8 }}
{{- end }}
{{- end }}

18
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/templates/node-exporter-service.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if and .Values.ndmExporter.enabled .Values.ndmExporter.nodeExporter.metricsPort }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "openebs-ndm.node-exporter.fullname" . }}-service
labels:
{{- include "openebs-ndm.node-exporter.labels" . | nindent 4 }}
spec:
clusterIP: None
ports:
- name: metrics
port: {{ .Values.ndmExporter.nodeExporter.metricsPort }}
targetPort: {{ .Values.ndmExporter.nodeExporter.metricsPort }}
selector:
{{- with .Values.ndmExporter.nodeExporter.podLabels }}
{{ toYaml . }}
{{- end }}
{{- end }}

62
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/templates/node-exporter.yaml Normal file
View File

@@ -0,0 +1,62 @@
{{- if .Values.ndmExporter.enabled }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ template "openebs-ndm.node-exporter.fullname" . }}
labels:
{{- include "openebs-ndm.node-exporter.labels" . | nindent 4 }}
spec:
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
{{- include "openebs-ndm.node-exporter.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "openebs-ndm.node-exporter.labels" . | nindent 8 }}
{{- with .Values.ndmExporter.nodeExporter.podLabels }}
{{ toYaml . }}
{{- end }}
spec:
serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }}
containers:
- name: {{ template "openebs-ndm.node-exporter.fullname" . }}
image: "{{ .Values.ndmExporter.image.registry }}{{ .Values.ndmExporter.image.repository }}:{{ .Values.ndmExporter.image.tag }}"
command:
- /usr/local/bin/exporter
args:
- "start"
- "--mode=node"
- "--port=$(METRICS_LISTEN_PORT)"
- "--metrics=/metrics"
ports:
- containerPort: {{ .Values.ndmExporter.nodeExporter.metricsPort }}
protocol: TCP
name: metrics
imagePullPolicy: {{ .Values.ndmExporter.image.pullPolicy }}
securityContext:
privileged: true
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.ndmExporter.nodeExporter.metricsPort }}
- name: METRICS_LISTEN_PORT
value: :{{ .Values.ndmExporter.nodeExporter.metricsPort }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.ndmExporter.nodeExporter.nodeSelector }}
nodeSelector:
{{ toYaml .Values.ndmExporter.nodeExporter.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.ndmExporter.nodeExporter.tolerations }}
tolerations:
{{ toYaml .Values.ndmExporter.nodeExporter.tolerations | indent 8 }}
{{- end }}
{{- end }}

44
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,44 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "openebs-ndm.serviceAccountName" . }}
{{- end }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "openebs-ndm.fullname" . }}
rules:
- apiGroups: ["*"]
resources: ["nodes", "pods", "events", "configmaps", "jobs"]
verbs:
- '*'
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs:
- '*'
- apiGroups:
- openebs.io
resources:
- blockdevices
- blockdeviceclaims
verbs:
- '*'
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "openebs-ndm.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "openebs-ndm.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
- kind: User
name: system:serviceaccount:default:default
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: {{ include "openebs-ndm.fullname" . }}
apiGroup: rbac.authorization.k8s.io
---

156
helm/openebs/charts/mayastor/charts/localpv-provisioner/charts/openebs-ndm/values.yaml Normal file
View File

@@ -0,0 +1,156 @@
# Default values for ndm.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
release:
version: "2.1.0"
imagePullSecrets:
# - name: "image-pull-secret"
ndm:
componentName: ndm
enabled: true
image:
# Make sure that registry name end with a '/'.
# For example : quay.io/ is a correct value here and quay.io is incorrect
registry:
repository: openebs/node-disk-manager
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: 2.1.0
sparse:
path: "/var/openebs/sparse"
size: "10737418240"
count: "0"
updateStrategy:
type: RollingUpdate
annotations: {}
podAnnotations: {}
resources: {}
# limits:
# cpu: 10m
# memory: 32Mi
# requests:
# cpu: 10m
# memory: 32Mi
## Labels to be added to ndm daemonset pods
podLabels:
name: openebs-ndm
nodeSelector: {}
tolerations: []
securityContext: {}
filters:
enableOsDiskExcludeFilter: true
osDiskExcludePaths: "/,/etc/hosts,/boot"
enableVendorFilter: true
excludeVendors: "CLOUDBYT,OpenEBS"
enablePathFilter: true
includePaths: ""
excludePaths: "loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd"
probes:
enableSeachest: false
enableUdevProbe: true
enableSmartProbe: true
metaConfig:
nodeLabelPattern: ""
deviceLabelTypes: ""
healthCheck:
initialDelaySeconds: 30
periodSeconds: 60
ndmOperator:
name: operator
enabled: true
image:
registry:
repository: openebs/node-disk-operator
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: 2.1.0
podLabels:
name: openebs-ndm-operator
annotations: {}
podAnnotations: {}
nodeSelector: {}
resources: {}
securityContext: {}
tolerations: []
healthCheck:
initialDelaySeconds: 15
periodSeconds: 20
readinessCheck:
initialDelaySeconds: 5
periodSeconds: 10
replicas: 1
upgradeStrategy: Recreate
ndmExporter:
enabled: false
image:
registry:
repository: openebs/node-disk-exporter
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: 2.1.0
nodeExporter:
name: node-exporter
podLabels:
name: openebs-ndm-node-exporter
# The TCP port number used for exposing ndm-node-exporter metrics.
# If not set, service will not be created to expose metrics endpoint to serviceMonitor
# and listen-port flag will not be set and container port will be empty.
metricsPort: 9101
nodeSelector: {}
tolerations: []
clusterExporter:
name: cluster-exporter
podLabels:
name: openebs-ndm-cluster-exporter
# The TCP port number used for exposing ndm-cluster-exporter metrics.
# If not set, service will not be created to expose metrics endpoint to serviceMonitor
# and listen-port flag will not be set and container port will be empty.
metricsPort: 9100
nodeSelector: {}
tolerations: []
helperPod:
image:
registry: ""
repository: openebs/linux-utils
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: 3.4.0
crd:
enableInstall: false
featureGates:
enabled: true
GPTBasedUUID:
enabled: true
featureGateFlag: "GPTBasedUUID"
APIService:
enabled: false
featureGateFlag: "APIService"
address: "0.0.0.0:9115"
UseOSDisk:
enabled: false
featureGateFlag: "UseOSDisk"
ChangeDetection:
enabled: false
featureGateFlag: "ChangeDetection"
PartitionTableUUID:
enabled: false
featureGateFlag: "PartitionTableUUID"
# Directory used by the OpenEBS to store debug information and so forth
# that are generated in the course of running OpenEBS containers.
varDirectoryPath:
baseDir: "/var/openebs"
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: openebs-ndm

12
helm/openebs/charts/mayastor/charts/localpv-provisioner/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,12 @@
The OpenEBS Dynamic LocalPV Provisioner has been installed.
Check its status by running:
$ kubectl get pods -n {{ .Release.Namespace }}
Use `kubectl get bd -n {{ .Release.Namespace }}` to list the
blockdevices attached to the Kubernetes cluster nodes.
Get started with the Dynamic LocalPV Provisioner Quickstart guide at:
https://github.com/openebs/dynamic-localpv-provisioner/blob/develop/docs/quickstart.md
For more information, visit our Slack at https://openebs.io/community or view
the OpenEBS documentation online at https://openebs.io/docs

79
helm/openebs/charts/mayastor/charts/localpv-provisioner/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,79 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "localpv.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified localpv provisioner name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "localpv.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "localpv.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Meta labels
*/}}
{{- define "localpv.common.metaLabels" -}}
chart: {{ template "localpv.chart" . }}
heritage: {{ .Release.Service }}
openebs.io/version: {{ .Values.release.version | quote }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "localpv.selectorLabels" -}}
app: {{ template "localpv.name" . }}
release: {{ .Release.Name }}
component: {{ .Values.localpv.name | quote }}
{{- end -}}
{{/*
Component labels
*/}}
{{- define "localpv.componentLabels" -}}
openebs.io/component-name: openebs-{{ .Values.localpv.name }}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "localpv.labels" -}}
{{ include "localpv.common.metaLabels" . }}
{{ include "localpv.selectorLabels" . }}
{{ include "localpv.componentLabels" . }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "localpv.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "localpv.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}

120
helm/openebs/charts/mayastor/charts/localpv-provisioner/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,120 @@
{{- if .Values.localpv.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "localpv.fullname" . }}
{{- with .Values.localpv.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "localpv.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.localpv.replicas }}
strategy:
type: "Recreate"
rollingUpdate: null
selector:
matchLabels:
{{- include "localpv.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.localpv.podAnnotations }}
annotations: {{ toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "localpv.labels" . | nindent 8 }}
{{- with .Values.localpv.podLabels }}
{{ toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "localpv.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ template "localpv.fullname" . }}
image: "{{ .Values.localpv.image.registry }}{{ .Values.localpv.image.repository }}:{{ .Values.localpv.image.tag }}"
imagePullPolicy: {{ .Values.localpv.image.pullPolicy }}
resources:
{{ toYaml .Values.localpv.resources | indent 10 }}
args:
- "--bd-time-out=$(BDC_BD_BIND_RETRIES)"
env:
# OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s
# based on this address. This is ignored if empty.
# This is supported for openebs provisioner version 0.5.2 onwards
#- name: OPENEBS_IO_K8S_MASTER
# value: "http://10.128.0.12:8080"
# OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s
# based on this config. This is ignored if empty.
# This is supported for openebs provisioner version 0.5.2 onwards
#- name: OPENEBS_IO_KUBE_CONFIG
# value: "/home/ubuntu/.kube/config"
# This sets the number of times the provisioner should try
# with a polling interval of 5 seconds, to get the Blockdevice
# Name from a BlockDeviceClaim, before the BlockDeviceClaim
# is deleted. E.g. 12 * 5 seconds = 60 seconds timeout
- name: BDC_BD_BIND_RETRIES
value: "{{ .Values.localpv.waitForBDBindTimeoutRetryCount }}"
- name: OPENEBS_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as
# environment variable
- name: OPENEBS_SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
# OPENEBS_IO_BASE_PATH is the environment variable that provides the
# default base path on the node where host-path PVs will be provisioned.
- name: OPENEBS_IO_ENABLE_ANALYTICS
value: "{{ .Values.analytics.enabled }}"
- name: OPENEBS_IO_BASE_PATH
value: "{{ .Values.localpv.basePath }}"
- name: OPENEBS_IO_HELPER_IMAGE
value: "{{ .Values.helperPod.image.registry }}{{ .Values.helperPod.image.repository }}:{{ .Values.helperPod.image.tag }}"
- name: OPENEBS_IO_INSTALLER_TYPE
value: "localpv-charts-helm"
# LEADER_ELECTION_ENABLED is used to enable/disable leader election. By default
# leader election is enabled.
- name: LEADER_ELECTION_ENABLED
value: "{{ .Values.localpv.enableLeaderElection }}"
{{- if .Values.imagePullSecrets }}
- name: OPENEBS_IO_IMAGE_PULL_SECRETS
value: "{{- range $index, $secret := .Values.imagePullSecrets}}{{if $index}},{{end}}{{ $secret.name }}{{- end}}"
{{- end }}
# Process name used for matching is limited to the 15 characters
# present in the pgrep output.
# So fullname can't be used here with pgrep (>15 chars).A regular expression
# that matches the entire command name has to specified.
# Anchor `^` : matches any string that starts with `provisioner-loc`
# `.*`: matches any string that has `provisioner-loc` followed by zero or more char
livenessProbe:
exec:
command:
- sh
- -c
- test `pgrep -c "^provisioner-loc.*"` = 1
initialDelaySeconds: {{ .Values.localpv.healthCheck.initialDelaySeconds }}
periodSeconds: {{ .Values.localpv.healthCheck.periodSeconds }}
{{- if .Values.localpv.nodeSelector }}
nodeSelector:
{{ toYaml .Values.localpv.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.localpv.tolerations }}
tolerations:
{{ toYaml .Values.localpv.tolerations | indent 8 }}
{{- end }}
{{- if .Values.localpv.affinity }}
affinity:
{{ toYaml .Values.localpv.affinity | indent 8 }}
{{- end }}
{{- end }}

31
helm/openebs/charts/mayastor/charts/localpv-provisioner/templates/device-class.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- if .Values.deviceClass.enabled }}
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: {{ .Values.deviceClass.name }}
annotations:
openebs.io/cas-type: local
cas.openebs.io/config: |
- name: StorageType
value: "device"
{{- if .Values.deviceClass.fsType }}
- name: FSType
value: {{ .Values.deviceClass.fsType | quote }}
{{- end }}
{{- if .Values.deviceClass.blockDeviceSelectors }}
- name: BlockDeviceSelectors
data:
{{ toYaml .Values.deviceClass.blockDeviceSelectors | indent 10 }}
{{- end }}
{{- if .Values.deviceClass.nodeAffinityLabels }}
- name: NodeAffinityLabels
list:
{{ toYaml .Values.deviceClass.nodeAffinityLabels | indent 10 }}
{{- end }}
{{- if .Values.deviceClass.isDefaultClass }}
storageclass.kubernetes.io/is-default-class: "true"
{{- end }}
provisioner: openebs.io/local
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: {{ .Values.deviceClass.reclaimPolicy }}
{{- end }}

40
helm/openebs/charts/mayastor/charts/localpv-provisioner/templates/hostpath-class.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.hostpathClass.enabled }}
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: {{ tpl (.Values.hostpathClass.name) .}}
annotations:
openebs.io/cas-type: local
cas.openebs.io/config: |
- name: StorageType
value: "hostpath"
{{- if or .Values.localpv.basePath .Values.hostpathClass.basePath }}
- name: BasePath
value: {{ tpl (.Values.hostpathClass.basePath | default .Values.localpv.basePath | quote) . }}
{{- end }}
{{- if .Values.hostpathClass.nodeAffinityLabels }}
- name: NodeAffinityLabels
list:
{{ toYaml .Values.hostpathClass.nodeAffinityLabels | indent 10 }}
{{- end }}
{{- if .Values.hostpathClass.xfsQuota.enabled }}
- name: XFSQuota
enabled: "{{ .Values.hostpathClass.xfsQuota.enabled }}"
data:
softLimitGrace: "{{ .Values.hostpathClass.xfsQuota.softLimitGrace }}"
hardLimitGrace: "{{ .Values.hostpathClass.xfsQuota.hardLimitGrace }}"
{{- end }}
{{- if .Values.hostpathClass.ext4Quota.enabled }}
- name: EXT4Quota
enabled: "{{ .Values.hostpathClass.ext4Quota.enabled }}"
data:
softLimitGrace: "{{ .Values.hostpathClass.ext4Quota.softLimitGrace }}"
hardLimitGrace: "{{ .Values.hostpathClass.ext4Quota.hardLimitGrace }}"
{{- end }}
{{- if .Values.hostpathClass.isDefaultClass }}
storageclass.kubernetes.io/is-default-class: "true"
{{- end }}
provisioner: openebs.io/local
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: {{ .Values.hostpathClass.reclaimPolicy }}
{{- end }}

30
helm/openebs/charts/mayastor/charts/localpv-provisioner/templates/psp.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "localpv.fullname" . }}-psp
{{- with .Values.localpv.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "localpv.labels" . | nindent 4 }}
spec:
privileged: {{ .Values.localpv.privileged }}
allowPrivilegeEscalation: true
allowedCapabilities: ['*']
volumes: ['*']
hostNetwork: true
hostPorts:
- min: 0
max: 65535
hostIPC: true
hostPID: true
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'RunAsAny'
fsGroup:
rule: 'RunAsAny'
{{- end }}

99
helm/openebs/charts/mayastor/charts/localpv-provisioner/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,99 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "localpv.serviceAccountName" . }}
labels:
{{- include "localpv.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "localpv.fullname" . }}
{{- with .Values.localpv.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "localpv.labels" . | nindent 4 }}
rules:
- apiGroups: ["*"]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["*"]
resources: ["namespaces", "pods", "events", "endpoints"]
verbs: ["*"]
- apiGroups: ["*"]
resources: ["resourcequotas", "limitranges"]
verbs: ["list", "watch"]
- apiGroups: ["*"]
resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"]
verbs: ["*"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: [ "get", "list", "create", "update", "delete", "patch"]
- apiGroups: ["openebs.io"]
resources: [ "*"]
verbs: ["*" ]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "localpv.fullname" . }}
{{- with .Values.localpv.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "localpv.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "localpv.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "localpv.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.rbac.pspEnabled }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "localpv.fullname" . }}-psp
{{- with .Values.localpv.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "localpv.labels" . | nindent 4 }}
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ template "localpv.fullname" . }}-psp
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "localpv.fullname" . }}-psp
{{- with .Values.localpv.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "localpv.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "localpv.fullname" . }}-psp
subjects:
- kind: ServiceAccount
name: {{ template "localpv.serviceAccountName" . }}
namespace: {{ $.Release.Namespace }}
{{- end }}
{{- end }}

171
helm/openebs/charts/mayastor/charts/localpv-provisioner/values.yaml Normal file
View File

@@ -0,0 +1,171 @@
# Default values for localpv.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
release:
version: "3.4.0"
rbac:
# rbac.create: `true` if rbac resources should be created
create: true
# rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created
pspEnabled: false
# If false, openebs NDM sub-chart will not be installed
openebsNDM:
enabled: true
localpv:
name: localpv-provisioner
enabled: true
image:
# Make sure that registry name end with a '/'.
# For example : quay.io/ is a correct value here and quay.io is incorrect
registry:
repository: openebs/provisioner-localpv
tag: 3.4.0
pullPolicy: IfNotPresent
updateStrategy:
type: RollingUpdate
# If set to false, containers created by the localpv provisioner will run without extra privileges.
privileged: true
annotations: {}
podAnnotations: {}
## Labels to be added to localpv provisioner deployment pods
podLabels:
name: openebs-localpv-provisioner
healthCheck:
initialDelaySeconds: 30
periodSeconds: 60
replicas: 1
enableLeaderElection: true
basePath: "/var/openebs/local"
# This sets the number of times the provisioner should try
# with a polling interval of 5 seconds, to get the Blockdevice
# Name from a BlockDeviceClaim, before the BlockDeviceClaim
# is deleted. E.g. 12 * 5 seconds = 60 seconds timeout
waitForBDBindTimeoutRetryCount: "12"
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
securityContext: {}
imagePullSecrets:
# - name: img-pull-secret
podSecurityContext: {}
# fsGroup: 2000
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
deviceClass:
# Name of default device StorageClass.
name: openebs-device
# If true, enables creation of the openebs-device StorageClass
enabled: true
# Available reclaim policies: Delete/Retain, defaults: Delete.
reclaimPolicy: Delete
# If true, sets the openebs-device StorageClass as the default StorageClass
isDefaultClass: false
# Custom node affinity label(s) for example "openebs.io/node-affinity-value"
# that will be used instead of hostnames
# This helps in cases where the hostname changes when the node is removed and
# added back with the disks still intact.
# Example:
# nodeAffinityLabels:
# - "openebs.io/node-affinity-key-1"
# - "openebs.io/node-affinity-key-2"
nodeAffinityLabels: []
# Sets the filesystem to be written to the blockdevice before
# mounting (filesystem volumes)
# This is only usable if the selected BlockDevice does not already
# have a filesystem
# Valid values: "ext4", "xfs"
fsType: "ext4"
# Label block devices in the cluster that you would like the openEBS localPV
# Provisioner to pick up those specific block devices available on the node.
# Set the label key and value as shown in the example below.
#
# To read more: https://github.com/openebs/dynamic-localpv-provisioner/blob/develop/docs/tutorials/device/blockdeviceselectors.md
#
# Example:
# blockDeviceSelectors:
# ndm.io/driveType: "SSD"
# ndm.io/fsType: "none"
blockDeviceSelectors: {}
hostpathClass:
# Name of the default hostpath StorageClass
name: openebs-hostpath
# If true, enables creation of the openebs-hostpath StorageClass
enabled: true
# Available reclaim policies: Delete/Retain, defaults: Delete.
reclaimPolicy: Delete
# If true, sets the openebs-hostpath StorageClass as the default StorageClass
isDefaultClass: false
# Path on the host where local volumes of this storage class are mounted under.
# NOTE: If not specified, this defaults to the value of localpv.basePath.
basePath: ""
# Custom node affinity label(s) for example "openebs.io/node-affinity-value"
# that will be used instead of hostnames
# This helps in cases where the hostname changes when the node is removed and
# added back with the disks still intact.
# Example:
# nodeAffinityLabels:
# - "openebs.io/node-affinity-key-1"
# - "openebs.io/node-affinity-key-2"
nodeAffinityLabels: []
# Prerequisite: XFS Quota requires an XFS filesystem mounted with
# the 'pquota' or 'prjquota' mount option.
xfsQuota:
# If true, enables XFS project quota
enabled: false
# Detailed configuration options for XFS project quota.
# If XFS Quota is enabled with the default values, the usage limit
# is set at the storage capacity specified in the PVC.
softLimitGrace: "0%"
hardLimitGrace: "0%"
# Prerequisite: EXT4 Quota requires an EXT4 filesystem mounted with
# the 'prjquota' mount option.
ext4Quota:
# If true, enables XFS project quota
enabled: false
# Detailed configuration options for EXT4 project quota.
# If EXT4 Quota is enabled with the default values, the usage limit
# is set at the storage capacity specified in the PVC.
softLimitGrace: "0%"
hardLimitGrace: "0%"
helperPod:
image:
registry: ""
repository: openebs/linux-utils
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: 3.4.0
analytics:
enabled: true
# Specify in hours the duration after which a ping event needs to be sent.
pingInterval: "24h"

22
helm/openebs/charts/mayastor/charts/loki-stack/.helmignore Normal file
View File

@@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

13
helm/openebs/charts/mayastor/charts/loki-stack/Chart.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
appVersion: v2.4.2
description: 'Loki: like Prometheus, but for logs.'
home: https://grafana.com/loki
icon: https://raw.githubusercontent.com/grafana/loki/master/docs/sources/logo.png
kubeVersion: ^1.10.0-0
maintainers:
- email: lokiproject@googlegroups.com
name: Loki Maintainers
name: loki-stack
sources:
- https://github.com/grafana/loki
version: 2.6.4

60
helm/openebs/charts/mayastor/charts/loki-stack/README.md Normal file
View File

@@ -0,0 +1,60 @@
# Loki-Stack Helm Chart
## Prerequisites
Make sure you have Helm [installed](https://helm.sh/docs/using_helm/#installing-helm) installed.
## Get Repo Info
```console
helm repo add grafana https://grafana.github.io/helm-charts
helm repo update
```
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
## Deploy Loki and Promtail to your cluster
### Deploy with default config
```bash
helm upgrade --install loki grafana/loki-stack
```
### Deploy in a custom namespace
```bash
helm upgrade --install loki --namespace=loki-stack grafana/loki-stack
```
### Deploy with custom config
```bash
helm upgrade --install loki grafana/loki-stack --set "key1=val1,key2=val2,..."
```
## Deploy Loki and Fluent Bit to your cluster
```bash
helm upgrade --install loki grafana/loki-stack \
--set fluent-bit.enabled=true,promtail.enabled=false
```
## Deploy Grafana to your cluster
The chart loki-stack contains a pre-configured Grafana, simply use `--set grafana.enabled=true`
To get the admin password for the Grafana pod, run the following command:
```bash
kubectl get secret --namespace <YOUR-NAMESPACE> loki-grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
```
To access the Grafana UI, run the following command:
```bash
kubectl port-forward --namespace <YOUR-NAMESPACE> service/loki-grafana 3000:80
```
Navigate to <http://localhost:3000> and login with `admin` and the password output above.
Then follow the [instructions for adding the loki datasource](/docs/getting-started/grafana.md), using the URL `http://loki:3100/`.

2
helm/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/.helmignore Normal file
View File

@@ -0,0 +1,2 @@
tests/
.pytest_cache/

12
helm/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/Chart.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
appVersion: 7.17.1
description: Official Elastic helm chart for Filebeat
home: https://github.com/elastic/helm-charts
icon: https://helm.elastic.co/icons/beats.png
maintainers:
- email: helm-charts@elastic.co
name: Elastic
name: filebeat
sources:
- https://github.com/elastic/beats
version: 7.17.1

1
helm/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/Makefile Normal file
View File

@@ -0,0 +1 @@
include ../helpers/common.mk

271
helm/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/README.md Normal file
View File

@@ -0,0 +1,271 @@
# Filebeat Helm Chart
[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+helm-charts+master.svg)](https://devops-ci.elastic.co/job/elastic+helm-charts+master/) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/elastic)](https://artifacthub.io/packages/search?repo=elastic)
This Helm chart is a lightweight way to configure and run our official
[Filebeat Docker image][].
<!-- development warning placeholder -->
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
- [Requirements](#requirements)
- [Installing](#installing)
- [Install released version using Helm repository](#install-released-version-using-helm-repository)
- [Install development version from a branch](#install-development-version-from-a-branch)
- [Upgrading](#upgrading)
- [Usage notes](#usage-notes)
- [Configuration](#configuration)
- [Deprecated](#deprecated)
- [FAQ](#faq)
- [How to use Filebeat with Elasticsearch with security (authentication and TLS) enabled?](#how-to-use-filebeat-with-elasticsearch-with-security-authentication-and-tls-enabled)
- [How to install OSS version of Filebeat?](#how-to-install-oss-version-of-filebeat)
- [Why is Filebeat host.name field set to Kubernetes pod name?](#why-is-filebeat-hostname-field-set-to-kubernetes-pod-name)
- [How do I get multiple beats agents working with hostNetworking enabled?](#how-do-i-get-multiple-beats-agents-working-with-hostnetworking-enabled)
- [How to change readinessProbe for outputs which don't support testing](#how-to-change-readinessprobe-for-outputs-which-dont-support-testing)
- [Contributing](#contributing)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
<!-- Use this to update TOC: -->
<!-- docker run --rm -it -v $(pwd):/usr/src jorgeandrada/doctoc --github -->
## Requirements
* Kubernetes >= 1.14
* [Helm][] >= 2.17.0
See [supported configurations][] for more details.
## Installing
This chart is tested with the latest 7.17.1 version.
### Install released version using Helm repository
* Add the Elastic Helm charts repo:
`helm repo add elastic https://helm.elastic.co`
* Install it:
- with Helm 3: `helm install filebeat --version <version> elastic/filebeat`
- with Helm 2 (deprecated): `helm install --name filebeat --version <version> elastic/filebeat`
### Install development version from a branch
* Clone the git repo: `git clone git@github.com:elastic/helm-charts.git`
* Checkout the branch : `git checkout 7.17`
* Install it:
- with Helm 3: `helm install filebeat ./helm-charts/filebeat --set imageTag=7.17.1`
- with Helm 2 (deprecated): `helm install --name filebeat ./helm-charts/filebeat --set imageTag=7.17.1`
## Upgrading
Please always check [CHANGELOG.md][] and [BREAKING_CHANGES.md][] before
upgrading to a new chart version.
## Usage notes
* The default Filebeat configuration file for this chart is configured to use an
Elasticsearch endpoint. Without any additional changes, Filebeat will send
documents to the service URL that the Elasticsearch Helm chart sets up by
default. You may either set the `ELASTICSEARCH_HOSTS` environment variable in
`extraEnvs` to override this endpoint or modify the default `filebeatConfig` to
change this behavior.
* The default Filebeat configuration file is also configured to capture
container logs and enrich them with Kubernetes metadata by default. This will
capture all container logs in the cluster.
* This chart disables the [HostNetwork][] setting by default for compatibility
reasons with the majority of kubernetes providers and scenarios. Some kubernetes
providers may not allow enabling `hostNetwork` and deploying multiple Filebeat
pods on the same node isn't possible with `hostNetwork` However Filebeat does
recommend activating it. If your kubernetes provider is compatible with
`hostNetwork` and you don't need to run multiple Filebeat DaemonSets, you can
activate it by setting `hostNetworking: true` in [values.yaml][].
* This repo includes a number of [examples][] configurations which can be used
as a reference. They are also used in the automated testing of this chart.
## Configuration
| Parameter | Description | Default |
|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------|
| `clusterRoleRules` | Configurable [cluster role rules][] that Filebeat uses to access Kubernetes resources | see [values.yaml][] |
| `daemonset.annotations` | Configurable [annotations][] for filebeat daemonset | `{}` |
| `daemonset.labels` | Configurable [labels][] applied to all filebeat DaemonSet pods | `{}` |
| `daemonset.affinity` | Configurable [affinity][] for filebeat daemonset | `{}` |
| `daemonset.enabled` | If true, enable daemonset | `true` |
| `daemonset.envFrom` | Templatable string of `envFrom` to be passed to the [environment from variables][] which will be appended to filebeat container for DaemonSet | `[]` |
| `daemonset.extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for DaemonSet | `[]` |
| `daemonset.extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for DaemonSet | `[]` |
| `daemonset.extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for DaemonSet | `[]` |
| `daemonset.hostAliases` | Configurable [hostAliases][] for filebeat DaemonSet | `[]` |
| `daemonset.hostNetworking` | Enable filebeat DaemonSet to use `hostNetwork` | `false` |
| `daemonset.filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for filebeat DaemonSet | see [values.yaml][] |
| `daemonset.maxUnavailable` | The [maxUnavailable][] value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` |
| `daemonset.nodeSelector` | Configurable [nodeSelector][] for filebeat DaemonSet | `{}` |
| `daemonset.secretMounts` | Allows you easily mount a secret as a file inside the DaemonSet. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` |
| `daemonset.podSecurityContext` | Configurable [podSecurityContext][] for filebeat DaemonSet pod execution environment | see [values.yaml][] |
| `daemonset.resources` | Allows you to set the [resources][] for filebeat DaemonSet | see [values.yaml][] |
| `daemonset.tolerations` | Configurable [tolerations][] for filebeat DaemonSet | `[]` |
| `deployment.annotations` | Configurable [annotations][] for filebeat Deployment | `{}` |
| `deployment.labels` | Configurable [labels][] applied to all filebeat Deployment pods | `{}` |
| `deployment.affinity` | Configurable [affinity][] for filebeat Deployment | `{}` |
| `deployment.enabled` | If true, enable deployment | `false` |
| `deployment.envFrom` | Templatable string of `envFrom` to be passed to the [environment from variables][] which will be appended to filebeat container for Deployment | `[]` |
| `deployment.extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for Deployment | `[]` |
| `deployment.extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for DaemonSet | `[]` |
| `deployment.extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for Deployment | `[]` |
| `daemonset.hostAliases` | Configurable [hostAliases][] for filebeat Deployment | `[]` |
| `deployment.filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for filebeat Deployment | see [values.yaml][] |
| `deployment.nodeSelector` | Configurable [nodeSelector][] for filebeat Deployment | `{}` |
| `deployment.secretMounts` | Allows you easily mount a secret as a file inside the Deployment Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` |
| `deployment.resources` | Allows you to set the [resources][] for filebeat Deployment | see [values.yaml][] |
| `deployment.securityContext` | Configurable [securityContext][] for filebeat Deployment pod execution environment | see [values.yaml][] |
| `deployment.tolerations` | Configurable [tolerations][] for filebeat Deployment | `[]` |
| `replicas` | The replica count for the Filebeat deployment | `1` |
| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` |
| `extraInitContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` |
| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to " `.Release.Name` - `.Values.nameOverride or .Chart.Name` " | `""` |
| `hostPathRoot` | Fully-qualified [hostPath][] that will be used to persist filebeat registry data | `/var/lib` |
| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` |
| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` |
| `imageTag` | The filebeat Docker image tag | `7.17.1` |
| `image` | The filebeat Docker image | `docker.elastic.co/beats/filebeat` |
| `livenessProbe` | Parameters to pass to liveness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] |
| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this helm chart. Set this to `false` in order to manage your own service account and related roles | `true` |
| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` |
| `podAnnotations` | Configurable [annotations][] applied to all filebeat pods | `{}` |
| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` |
| `readinessProbe` | Parameters to pass to readiness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] |
| `serviceAccount` | Custom [serviceAccount][] that filebeat will use during execution. By default will use the service account created by this chart | `""` |
| `serviceAccountAnnotations` | Annotations to be added to the ServiceAccount that is created by this chart. | `{}` |
| `terminationGracePeriod` | Termination period (in seconds) to wait before killing filebeat pod process on pod shutdown | `30` |
| `updateStrategy` | The [updateStrategy][] for the DaemonSet By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually | `RollingUpdate` |
### Deprecated
| Parameter | Description | Default |
|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|---------|
| `affinity` | Configurable [affinity][] for filebeat DaemonSet | `{}` |
| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to filebeat container for both DaemonSet and Deployment | `[]` |
| `extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for both DaemonSet and Deployment | `[]` |
| `extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for both DaemonSet and Deployment | `[]` |
| `extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for both DaemonSet and Deployment | `[]` |
| `filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for both filebeat DaemonSet and Deployment | `{}` |
| `hostAliases` | Configurable [hostAliases][] | `[]` |
| `nodeSelector` | Configurable [nodeSelector][] for filebeat DaemonSet | `{}` |
| `podSecurityContext` | Configurable [securityContext][] for filebeat DaemonSet and Deployment pod execution environment | `{}` |
| `resources` | Allows you to set the [resources][] for both filebeat DaemonSet and Deployment | `{}` |
| `secretMounts` | Allows you easily mount a secret as a file inside DaemonSet and Deployment Useful for mounting certificates and other secrets | `[]` |
| `tolerations` | Configurable [tolerations][] for both filebeat DaemonSet and Deployment | `[]` |
| `labels` | Configurable [labels][] applied to all filebeat pods | `{}` |
## FAQ
### How to use Filebeat with Elasticsearch with security (authentication and TLS) enabled?
This Helm chart can use existing [Kubernetes secrets][] to setup
credentials or certificates for examples. These secrets should be created
outside of this chart and accessed using [environment variables][] and volumes.
An example can be found in [examples/security][].
### How to install OSS version of Filebeat?
Deploying OSS version of Filebeat can be done by setting `image` value to
[Filebeat OSS Docker image][]
An example of Filebeat deployment using OSS version can be found in
[examples/oss][].
### Why is Filebeat host.name field set to Kubernetes pod name?
The default Filebeat configuration is using Filebeat pod name for
`agent.hostname` and `host.name` fields. The `hostname` of the Kubernetes nodes
can be find in `kubernetes.node.name` field. If you would like to have
`agent.hostname` and `host.name` fields set to the hostname of the nodes, you'll
need to set `hostNetworking` value to true.
Note that enabling [hostNetwork][] make Filebeat pod use the host network
namespace which gives it access to the host loopback device, services listening
on localhost, could be used to snoop on network activity of other pods on the
same node.
### How do I get multiple beats agents working with hostNetworking enabled?
The default http port for multiple beats agents may be on the same port, for
example, Filebeats and Metricbeats both default to 5066. When `hostNetworking`
is enabled this will cause collisions when standing up the http server. The work
around for this is to set `http.port` in the config file for one of the beats agent
to use a different port.
### How to change readinessProbe for outputs which don't support testing
Some [Filebeat outputs][] like [Kafka output][] don't support testing using
`filebeat test output` command which is used by Filebeat chart readiness probe.
This makes Filebeat pods crash before being ready with the following message:
`Readiness probe failed: kafka output doesn't support testing`.
The workaround when using this kind of output is to override the readiness probe
command to check Filebeat API instead (same as existing liveness probe).
```
readinessProbe:
exec:
command:
- sh
- -c
- |
#!/usr/bin/env bash -e
curl --fail 127.0.0.1:5066
```
## Contributing
Please check [CONTRIBUTING.md][] before any contribution or for any questions
about our development and testing process.
[7.17]: https://github.com/elastic/helm-charts/releases
[BREAKING_CHANGES.md]: https://github.com/elastic/helm-charts/blob/master/BREAKING_CHANGES.md
[CHANGELOG.md]: https://github.com/elastic/helm-charts/blob/master/CHANGELOG.md
[CONTRIBUTING.md]: https://github.com/elastic/helm-charts/blob/master/CONTRIBUTING.md
[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
[annotations]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
[cluster role rules]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
[dnsConfig]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
[environment variables]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config
[environment from variables]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables
[examples]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/examples
[examples/oss]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/examples/oss
[examples/security]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/examples/security
[filebeat docker image]: https://www.elastic.co/guide/en/beats/filebeat/7.17/running-on-docker.html
[filebeat oss docker image]: https://www.docker.elastic.co/r/beats/filebeat-oss
[filebeat outputs]: https://www.elastic.co/guide/en/beats/filebeat/7.17/configuring-output.html
[helm]: https://helm.sh
[hostAliases]: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
[hostNetwork]: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces
[hostPath]: https://kubernetes.io/docs/concepts/storage/volumes/#hostpath
[imagePullPolicy]: https://kubernetes.io/docs/concepts/containers/images/#updating-images
[imagePullSecrets]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret
[kafka output]: https://www.elastic.co/guide/en/beats/filebeat/7.17/kafka-output.html
[kubernetes secrets]: https://kubernetes.io/docs/concepts/configuration/secret/
[labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
[maxUnavailable]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
[nodeSelector]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
[podSecurityContext]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
[priorityClass]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
[probe]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
[resources]: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
[supported configurations]: https://github.com/elastic/helm-charts/tree/7.17/README.md#supported-configurations
[serviceAccount]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
[tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
[updateStrategy]: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy
[values.yaml]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/values.yaml

13
helm/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/default/Makefile Normal file
View File

@@ -0,0 +1,13 @@
default: test
include ../../../helpers/examples.mk
RELEASE := helm-filebeat-default
install:
helm upgrade --wait --timeout=$(TIMEOUT) --install $(RELEASE) ../../
test: install goss
purge:
helm del $(RELEASE)

27
helm/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/default/README.md Normal file
View File

@@ -0,0 +1,27 @@
# Default
This example deploy Filebeat 7.17.1 using [default values][].
## Usage
* Deploy [Elasticsearch Helm chart][].
* Deploy Filebeat chart with the default values: `make install`
* You can now setup a port forward to query Filebeat indices:
```
kubectl port-forward svc/elasticsearch-master 9200
curl localhost:9200/_cat/indices
```
## Testing
You can also run [goss integration tests][] using `make test`
[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.17/elasticsearch/examples/default/
[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/examples/default/test/goss.yaml
[default values]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/values.yaml

47
helm/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/default/test/goss.yaml Normal file
View File

@@ -0,0 +1,47 @@
port:
tcp:5066:
listening: true
ip:
- "127.0.0.1"
mount:
/usr/share/filebeat/data:
exists: true
/run/docker.sock:
exists: true
/var/lib/docker/containers:
exists: true
opts:
- ro
/usr/share/filebeat/filebeat.yml:
exists: true
opts:
- ro
user:
filebeat:
exists: true
uid: 1000
gid: 1000
http:
http://elasticsearch-master:9200/_cat/indices:
status: 200
timeout: 2000
body:
- "filebeat-7.17.1"
file:
/usr/share/filebeat/filebeat.yml:
exists: true
contains:
- "add_kubernetes_metadata"
- "output.elasticsearch"
- "elasticsearch-master:9200"
command:
cd /usr/share/filebeat && filebeat test output:
exit-status: 0
stdout:
- "elasticsearch: http://elasticsearch-master:9200"
- "version: 7.17.1"

Some files were not shown because too many files have changed in this diff Show More