memcached
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
15
## @param global.imageRegistry Global Docker image registry
16
## @param global.imagePullSecrets Global Docker registry secret names as an array
17
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
18
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
19
##
20
global:
21
imageRegistry: ""
22
## E.g.
23
## imagePullSecrets:
24
## - myRegistryKeySecretName
25
##
26
imagePullSecrets: []
27
defaultStorageClass: ""
28
storageClass: ""
29
## Security parameters
30
##
31
security:
32
## @param global.security.allowInsecureImages Allows skipping image verification
33
allowInsecureImages: false
34
## Compatibility adaptations for Kubernetes platforms
35
##
36
compatibility:
37
## Compatibility adaptations for Openshift
38
##
39
openshift:
40
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
41
##
42
adaptSecurityContext: auto
43
org: ""
44
## @section Common parameters
45
46
## @param kubeVersion Override Kubernetes version
47
##
48
kubeVersion: ""
49
## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
50
##
51
nameOverride: ""
52
## @param fullnameOverride String to fully override common.names.fullname template
53
##
54
fullnameOverride: ""
55
## @param clusterDomain Kubernetes Cluster Domain
56
##
57
clusterDomain: cluster.local
58
## @param extraDeploy Extra objects to deploy (evaluated as a template)
59
##
60
extraDeploy: []
61
## @param commonLabels Add labels to all the deployed resources
62
##
63
commonLabels: {}
64
## @param commonAnnotations Add annotations to all the deployed resources
65
##
66
commonAnnotations: {}
67
## Enable diagnostic mode in the deployment/statefulset
68
##
69
diagnosticMode:
70
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
71
##
72
enabled: false
73
## @param diagnosticMode.command Command to override all containers in the deployment/statefulset
74
##
75
command:
76
- sleep
77
## @param diagnosticMode.args Args to override all containers in the deployment/statefulset
78
##
79
args:
80
- infinity
81
## @section Memcached parameters
82
83
## Iamguarded Memcached image version
84
## @param image.registry [default: REGISTRY_NAME] Memcached image registry
85
## @param image.repository [default: REPOSITORY_NAME/memcached] Memcached image repository
86
## @skip image.tag Memcached image tag (immutable tags are recommended)
87
## @param image.digest Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
88
## @param image.pullPolicy Memcached image pull policy
89
## @param image.pullSecrets Specify docker-registry secret names as an array
90
## @param image.debug Specify if debug values should be set
91
##
92
image:
93
registry: cgr.dev
94
repository: chainguard-private/memcached-iamguarded
95
tag: 1.6.40
96
digest: ""
97
## Specify a imagePullPolicy
98
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
99
##
100
pullPolicy: IfNotPresent
101
## Optionally specify an array of imagePullSecrets.
102
## Secrets must be manually created in the namespace.
103
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
104
## e.g:
105
## pullSecrets:
106
## - myRegistryKeySecretName
107
##
108
pullSecrets: []
109
## Set to true if you would like to see extra information on logs
110
##
111
debug: false
112
## @param architecture Memcached architecture. Allowed values: standalone or high-availability
113
##
114
architecture: standalone
115
## Authentication parameters
116
##
117
auth:
118
## @param auth.enabled Enable Memcached authentication
119
##
120
enabled: false
121
## @param auth.username Memcached admin user
122
##
123
username: ""
124
## @param auth.password Memcached admin password
125
##
126
password: ""
127
## @param auth.existingPasswordSecret Existing secret with Memcached credentials (must contain a value for `memcached-password` key)
128
##
129
existingPasswordSecret: ""
130
## @param auth.usePasswordFiles Mount credentials as files instead of using environment variables
131
##
132
usePasswordFiles: true
133
## @param command Override default container command (useful when using custom images)
134
##
135
command: []
136
## @param args Override default container args (useful when using custom images)
137
## e.g:
138
## args:
139
## - /run.sh
140
## - -m <maxMemoryLimit>
141
## - -I <maxItemSize>
142
## - -vv
143
##
144
args: []
145
## @param extraEnvVars Array with extra environment variables to add to Memcached nodes
146
## e.g:
147
## extraEnvVars:
148
## - name: FOO
149
## value: "bar"
150
##
151
extraEnvVars: []
152
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Memcached nodes
153
##
154
extraEnvVarsCM: ""
155
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for Memcached nodes
156
##
157
extraEnvVarsSecret: ""
158
## @section Deployment/Statefulset parameters
159
160
## @param replicaCount Number of Memcached nodes
161
##
162
replicaCount: 1
163
## @param containerPorts.memcached Memcached container port
164
##
165
containerPorts:
166
memcached: 11211
167
## Configure extra options for Memcached containers' liveness, readiness and startup probes
168
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
169
## @param livenessProbe.enabled Enable livenessProbe on Memcached containers
170
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
171
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
172
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
173
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
174
## @param livenessProbe.successThreshold Success threshold for livenessProbe
175
##
176
livenessProbe:
177
enabled: true
178
initialDelaySeconds: 30
179
periodSeconds: 10
180
timeoutSeconds: 5
181
failureThreshold: 6
182
successThreshold: 1
183
## @param readinessProbe.enabled Enable readinessProbe on Memcached containers
184
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
185
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
186
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
187
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
188
## @param readinessProbe.successThreshold Success threshold for readinessProbe
189
##
190
readinessProbe:
191
enabled: true
192
initialDelaySeconds: 5
193
periodSeconds: 5
194
timeoutSeconds: 3
195
failureThreshold: 6
196
successThreshold: 1
197
## @param startupProbe.enabled Enable startupProbe on Memcached containers
198
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
199
## @param startupProbe.periodSeconds Period seconds for startupProbe
200
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
201
## @param startupProbe.failureThreshold Failure threshold for startupProbe
202
## @param startupProbe.successThreshold Success threshold for startupProbe
203
##
204
startupProbe:
205
enabled: false
206
initialDelaySeconds: 30
207
periodSeconds: 10
208
timeoutSeconds: 1
209
failureThreshold: 15
210
successThreshold: 1
211
## @param customLivenessProbe Custom livenessProbe that overrides the default one
212
##
213
customLivenessProbe: {}
214
## @param customReadinessProbe Custom readinessProbe that overrides the default one
215
##
216
customReadinessProbe: {}
217
## @param customStartupProbe Custom startupProbe that overrides the default one
218
##
219
customStartupProbe: {}
220
## @param lifecycleHooks for the Memcached container(s) to automate configuration before or after startup
221
##
222
lifecycleHooks: {}
223
## Memcached resource requests and limits
224
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
225
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
226
##
227
resourcesPreset: "nano"
228
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
229
## Example:
230
## resources:
231
## requests:
232
## cpu: 2
233
## memory: 512Mi
234
## limits:
235
## cpu: 3
236
## memory: 1024Mi
237
##
238
resources: {}
239
## Configure Pods Security Context
240
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
241
## @param podSecurityContext.enabled Enabled Memcached pods' Security Context
242
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
243
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
244
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
245
## @param podSecurityContext.fsGroup Set Memcached pod's Security Context fsGroup
246
##
247
podSecurityContext:
248
enabled: true
249
fsGroupChangePolicy: Always
250
sysctls: []
251
supplementalGroups: []
252
fsGroup: 1001
253
## Configure Container Security Context
254
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
255
## @param containerSecurityContext.enabled Enabled containers' Security Context
256
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
257
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
258
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
259
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
260
## @param containerSecurityContext.privileged Set container's Security Context privileged
261
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
262
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
263
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
264
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
265
##
266
containerSecurityContext:
267
enabled: true
268
seLinuxOptions: {}
269
runAsUser: 1001
270
runAsGroup: 1001
271
runAsNonRoot: true
272
privileged: false
273
readOnlyRootFilesystem: true
274
allowPrivilegeEscalation: false
275
capabilities:
276
drop: ["ALL"]
277
seccompProfile:
278
type: "RuntimeDefault"
279
## @param automountServiceAccountToken Mount Service Account token in pod
280
##
281
automountServiceAccountToken: false
282
## @param hostAliases Add deployment host aliases
283
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
284
##
285
hostAliases: []
286
## @param hostNetwork Use host's network namespace
287
## https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#hosts-namespaces
288
##
289
hostNetwork: false
290
## @param podLabels Extra labels for Memcached pods
291
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
292
##
293
podLabels: {}
294
## @param podAnnotations Annotations for Memcached pods
295
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
296
##
297
podAnnotations: {}
298
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
299
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
300
##
301
podAffinityPreset: ""
302
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
303
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
304
##
305
podAntiAffinityPreset: soft
306
## Node affinity preset
307
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
308
##
309
nodeAffinityPreset:
310
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
311
##
312
type: ""
313
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
314
## E.g.
315
## key: "kubernetes.io/e2e-az-name"
316
##
317
key: ""
318
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
319
## E.g.
320
## values:
321
## - e2e-az1
322
## - e2e-az2
323
##
324
values: []
325
## @param affinity Affinity for pod assignment
326
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
327
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
328
##
329
affinity: {}
330
## @param nodeSelector Node labels for pod assignment
331
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
332
##
333
nodeSelector: {}
334
## @param tolerations Tolerations for pod assignment
335
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
336
##
337
tolerations: []
338
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
339
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
340
##
341
topologySpreadConstraints: []
342
## @param podManagementPolicy StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: `OrderedReady` and `Parallel`
343
## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
344
##
345
podManagementPolicy: Parallel
346
## @param priorityClassName Name of the existing priority class to be used by Memcached pods, priority class needs to be created beforehand
347
## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
348
##
349
priorityClassName: ""
350
## @param schedulerName Kubernetes pod scheduler registry
351
## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
352
##
353
schedulerName: ""
354
## @param terminationGracePeriodSeconds In seconds, time the given to the memcached pod needs to terminate gracefully
355
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
356
##
357
terminationGracePeriodSeconds: ""
358
## @param updateStrategy.type Memcached statefulset strategy type
359
## @param updateStrategy.rollingUpdate Memcached statefulset rolling update configuration parameters
360
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
361
##
362
updateStrategy:
363
type: RollingUpdate
364
rollingUpdate: {}
365
## @param emptyDir.medium Override emptyDir Volume type, defaults to emptyDir: {}
366
## Possible values: "Memory", ""
367
emptyDir:
368
medium: ""
369
## @param extraVolumes Optionally specify extra list of additional volumes for the Memcached pod(s)
370
## Example Use Case: mount certificates to enable TLS
371
## e.g:
372
## extraVolumes:
373
## - name: zookeeper-keystore
374
## secret:
375
## defaultMode: 288
376
## secretName: zookeeper-keystore
377
## - name: zookeeper-truststore
378
## secret:
379
## defaultMode: 288
380
## secretName: zookeeper-truststore
381
##
382
extraVolumes: []
383
## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Memcached container(s)
384
## Example Use Case: mount certificates to enable TLS
385
## e.g:
386
## extraVolumeMounts:
387
## - name: zookeeper-keystore
388
## mountPath: /certs/keystore
389
## readOnly: true
390
## - name: zookeeper-truststore
391
## mountPath: /certs/truststore
392
## readOnly: true
393
##
394
extraVolumeMounts: []
395
## @param sidecars Add additional sidecar containers to the Memcached pod(s)
396
## e.g:
397
## sidecars:
398
## - name: your-image-name
399
## image: your-image
400
## imagePullPolicy: Always
401
## ports:
402
## - name: portname
403
## containerPort: 1234
404
##
405
sidecars: []
406
## @param initContainers Add additional init containers to the Memcached pod(s)
407
## Example:
408
## initContainers:
409
## - name: your-image-name
410
## image: your-image
411
## imagePullPolicy: Always
412
## ports:
413
## - name: portname
414
## containerPort: 1234
415
##
416
initContainers: []
417
## @param enableServiceLinks Whether information about services should be injected into pod's environment variable
418
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
419
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
420
##
421
enableServiceLinks: true
422
## Memcached Autoscaling
423
## @param autoscaling.enabled Enable memcached statefulset autoscaling (requires architecture: "high-availability")
424
## @param autoscaling.minReplicas memcached statefulset autoscaling minimum number of replicas
425
## @param autoscaling.maxReplicas memcached statefulset autoscaling maximum number of replicas
426
## @param autoscaling.targetCPU memcached statefulset autoscaling target CPU percentage
427
## @param autoscaling.targetMemory memcached statefulset autoscaling target CPU memory
428
##
429
autoscaling:
430
enabled: false
431
minReplicas: 3
432
maxReplicas: 6
433
targetCPU: 50
434
targetMemory: 50
435
## Memcached Pod Disruption Budget
436
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
437
## @param pdb.create Deploy a pdb object for the Memcached pod
438
## @param pdb.minAvailable Minimum available Memcached replicas
439
## @param pdb.maxUnavailable Maximum unavailable Memcached replicas
440
##
441
pdb:
442
create: true
443
minAvailable: ""
444
maxUnavailable: ""
445
## @section Traffic Exposure parameters
446
service:
447
## @param service.type Kubernetes Service type
448
##
449
type: ClusterIP
450
## @param service.ports.memcached Memcached service port
451
##
452
ports:
453
memcached: 11211
454
## Node ports to expose
455
## NOTE: choose port between <30000-32767>
456
## @param service.nodePorts.memcached Node port for Memcached
457
##
458
nodePorts:
459
memcached: ""
460
## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
461
## Values: ClientIP or None
462
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
463
##
464
sessionAffinity: ""
465
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
466
## sessionAffinityConfig:
467
## clientIP:
468
## timeoutSeconds: 300
469
##
470
sessionAffinityConfig: {}
471
## @param service.trafficDistribution Traffic distribution preference
472
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution
473
##
474
trafficDistribution: ""
475
## @param service.clusterIP Memcached service Cluster IP
476
## e.g.:
477
## clusterIP: None
478
##
479
clusterIP: ""
480
## @param service.loadBalancerIP Memcached service Load Balancer IP
481
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
482
##
483
loadBalancerIP: ""
484
## @param service.loadBalancerSourceRanges Memcached service Load Balancer sources
485
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
486
## e.g:
487
## loadBalancerSourceRanges:
488
## - 10.10.10.0/24
489
##
490
loadBalancerSourceRanges: []
491
## @param service.externalTrafficPolicy Memcached service external traffic policy
492
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
493
##
494
externalTrafficPolicy: Cluster
495
## @param service.annotations Additional custom annotations for Memcached service
496
##
497
annotations: {}
498
## @param service.extraPorts Extra ports to expose in the Memcached service (normally used with the `sidecar` value)
499
##
500
extraPorts: []
501
## Network Policy configuration
502
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
503
##
504
networkPolicy:
505
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
506
##
507
enabled: true
508
## @param networkPolicy.allowExternal The Policy model to apply
509
## When set to false, only pods with the correct client label will have network access to the ports Memcached is
510
## listening on. When true, Memcached will accept connections from any source (with the correct destination port).
511
##
512
allowExternal: true
513
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
514
##
515
allowExternalEgress: true
516
## @param networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `networkPolicy.allowExternal` is true.
517
##
518
addExternalClientAccess: true
519
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
520
## e.g:
521
## extraIngress:
522
## - ports:
523
## - port: 1234
524
## from:
525
## - podSelector:
526
## - matchLabels:
527
## - role: frontend
528
## - podSelector:
529
## - matchExpressions:
530
## - key: role
531
## operator: In
532
## values:
533
## - frontend
534
##
535
extraIngress: []
536
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
537
## e.g:
538
## extraEgress:
539
## - ports:
540
## - port: 1234
541
## to:
542
## - podSelector:
543
## - matchLabels:
544
## - role: frontend
545
## - podSelector:
546
## - matchExpressions:
547
## - key: role
548
## operator: In
549
## values:
550
## - frontend
551
##
552
extraEgress: []
553
## @param networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `networkPolicy.allowExternal` is true.
554
## e.g:
555
## ingressPodMatchLabels:
556
## my-client: "true"
557
#
558
ingressPodMatchLabels: {}
559
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true.
560
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true.
561
##
562
ingressNSMatchLabels: {}
563
ingressNSPodMatchLabels: {}
564
## @section Other Parameters
565
566
## Service account for Memcached to use.
567
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
568
##
569
serviceAccount:
570
## @param serviceAccount.create Enable creation of ServiceAccount for Memcached pod
571
##
572
create: true
573
## @param serviceAccount.name The name of the ServiceAccount to use.
574
## If not set and create is true, a name is generated using the common.names.fullname template
575
##
576
name: ""
577
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
578
## Can be set to false if pods using this serviceAccount do not need to use K8s API
579
##
580
automountServiceAccountToken: false
581
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
582
##
583
annotations: {}
584
## @section Persistence parameters
585
586
## Enable persistence using Persistent Volume Claims
587
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
588
##
589
persistence:
590
## @param persistence.enabled Enable Memcached data persistence using PVC. If false, use emptyDir
591
##
592
enabled: false
593
## @param persistence.storageClass PVC Storage Class for Memcached data volume
594
## If defined, storageClassName: <storageClass>
595
## If set to "-", storageClassName: "", which disables dynamic provisioning
596
## If undefined (the default) or set to null, no storageClassName spec is
597
## set, choosing the default provisioner. (gp2 on AWS, standard on
598
## GKE, AWS & OpenStack)
599
##
600
storageClass: ""
601
## @param persistence.accessModes PVC Access modes
602
##
603
accessModes:
604
- ReadWriteOnce
605
## @param persistence.size PVC Storage Request for Memcached data volume
606
##
607
size: 8Gi
608
## @param persistence.annotations Annotations for the PVC
609
##
610
annotations: {}
611
## @param persistence.labels Labels for the PVC
612
##
613
labels: {}
614
## @param persistence.selector Selector to match an existing Persistent Volume for Memcached's data PVC
615
## If set, the PVC can't have a PV dynamically provisioned for it
616
## E.g.
617
## selector:
618
## matchLabels:
619
## app: my-app
620
##
621
selector: {}
622
## @section Volume Permissions parameters
623
##
624
625
## Init containers parameters:
626
## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node
627
##
628
volumePermissions:
629
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
630
##
631
enabled: false
632
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
633
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
634
## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
635
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
636
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
637
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets
638
##
639
image:
640
registry: cgr.dev
641
repository: chainguard-private/os-shell-iamguarded
642
tag: 1.0.0
643
digest: ""
644
pullPolicy: IfNotPresent
645
## Optionally specify an array of imagePullSecrets.
646
## Secrets must be manually created in the namespace.
647
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
648
## Example:
649
## pullSecrets:
650
## - myRegistryKeySecretName
651
##
652
pullSecrets: []
653
## Init container resource requests and limits
654
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
655
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
656
##
657
resourcesPreset: "nano"
658
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
659
## Example:
660
## resources:
661
## requests:
662
## cpu: 2
663
## memory: 512Mi
664
## limits:
665
## cpu: 3
666
## memory: 1024Mi
667
##
668
resources: {}
669
## Init container' Security Context
670
## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
671
## and not the below volumePermissions.containerSecurityContext.runAsUser
672
## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
673
## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container
674
##
675
containerSecurityContext:
676
seLinuxOptions: {}
677
runAsUser: 0
678
## Prometheus Exporter / Metrics
679
##
680
metrics:
681
## @param metrics.enabled Start a side-car prometheus exporter
682
##
683
enabled: false
684
## Iamguarded Memcached Prometheus Exporter image
685
## @param metrics.image.registry [default: REGISTRY_NAME] Memcached exporter image registry
686
## @param metrics.image.repository [default: REPOSITORY_NAME/memcached-exporter] Memcached exporter image repository
687
## @skip metrics.image.tag Memcached exporter image tag (immutable tags are recommended)
688
## @param metrics.image.digest Memcached exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
689
## @param metrics.image.pullPolicy Image pull policy
690
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
691
##
692
image:
693
registry: cgr.dev
694
repository: chainguard-private/memcached-exporter-iamguarded
695
tag: 0.15.5
696
digest: ""
697
pullPolicy: IfNotPresent
698
## Optionally specify an array of imagePullSecrets.
699
## Secrets must be manually created in the namespace.
700
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
701
## e.g:
702
## pullSecrets:
703
## - myRegistryKeySecretName
704
##
705
pullSecrets: []
706
## @param metrics.containerPorts.metrics Memcached Prometheus Exporter container port
707
##
708
containerPorts:
709
metrics: 9150
710
## Memcached Prometheus exporter container resource requests and limits
711
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
712
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
713
##
714
resourcesPreset: "nano"
715
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
716
## Example:
717
## resources:
718
## requests:
719
## cpu: 2
720
## memory: 512Mi
721
## limits:
722
## cpu: 3
723
## memory: 1024Mi
724
##
725
resources: {}
726
## Configure Metrics Container Security Context
727
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
728
## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context
729
## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
730
## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
731
## @param metrics.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
732
## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
733
## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged
734
## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
735
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
736
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
737
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
738
##
739
containerSecurityContext:
740
enabled: true
741
seLinuxOptions: {}
742
runAsUser: 1001
743
runAsGroup: 1001
744
runAsNonRoot: true
745
privileged: false
746
readOnlyRootFilesystem: true
747
allowPrivilegeEscalation: false
748
capabilities:
749
drop: ["ALL"]
750
seccompProfile:
751
type: "RuntimeDefault"
752
## Configure extra options for Memcached Prometheus exporter containers' liveness, readiness and startup probes
753
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
754
## @param metrics.livenessProbe.enabled Enable livenessProbe on Memcached Prometheus exporter containers
755
## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
756
## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe
757
## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
758
## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe
759
## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe
760
##
761
livenessProbe:
762
enabled: true
763
initialDelaySeconds: 15
764
periodSeconds: 10
765
timeoutSeconds: 5
766
failureThreshold: 3
767
successThreshold: 1
768
## @param metrics.readinessProbe.enabled Enable readinessProbe on Memcached Prometheus exporter containers
769
## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
770
## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe
771
## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
772
## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe
773
## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe
774
##
775
readinessProbe:
776
enabled: true
777
initialDelaySeconds: 5
778
periodSeconds: 10
779
timeoutSeconds: 3
780
failureThreshold: 3
781
successThreshold: 1
782
## @param metrics.startupProbe.enabled Enable startupProbe on Memcached Prometheus exporter containers
783
## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
784
## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe
785
## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe
786
## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe
787
## @param metrics.startupProbe.successThreshold Success threshold for startupProbe
788
##
789
startupProbe:
790
enabled: false
791
initialDelaySeconds: 10
792
periodSeconds: 10
793
timeoutSeconds: 1
794
failureThreshold: 15
795
successThreshold: 1
796
## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one
797
##
798
customLivenessProbe: {}
799
## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one
800
##
801
customReadinessProbe: {}
802
## @param metrics.customStartupProbe Custom startupProbe that overrides the default one
803
##
804
customStartupProbe: {}
805
## @param metrics.podAnnotations [object] Memcached Prometheus exporter pod Annotation and Labels
806
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
807
##
808
podAnnotations:
809
prometheus.io/scrape: "true"
810
prometheus.io/port: "{{ .Values.metrics.containerPorts.metrics }}"
811
## Service configuration
812
##
813
service:
814
## @param metrics.service.ports.metrics Prometheus metrics service port
815
##
816
ports:
817
metrics: 9150
818
## @param metrics.service.clusterIP Static clusterIP or None for headless services
819
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
820
##
821
clusterIP: ""
822
## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin
823
## Values: ClientIP or None
824
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
825
##
826
sessionAffinity: None
827
## @param metrics.service.annotations [object] Annotations for the Prometheus metrics service
828
##
829
annotations:
830
prometheus.io/scrape: "true"
831
prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}"
832
## Prometheus Operator ServiceMonitor configuration
833
##
834
serviceMonitor:
835
## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator
836
##
837
enabled: false
838
## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace)
839
##
840
namespace: ""
841
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.
842
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
843
##
844
interval: ""
845
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
846
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
847
##
848
scrapeTimeout: ""
849
## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus
850
##
851
labels: {}
852
## @param metrics.serviceMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics
853
podTargetLabels: []
854
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
855
##
856
selector: {}
857
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
858
##
859
relabelings: []
860
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
861
##
862
metricRelabelings: []
863
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
864
##
865
honorLabels: false
866
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
867
##
868
jobLabel: ""
869