redis
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
##
15
16
## @param global.imageRegistry Global Docker image registry
17
## @param global.imagePullSecrets Global Docker registry secret names as an array
18
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
19
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
20
## @param global.redis.password Global Redis(R) password (overrides `auth.password`)
21
##
22
global:
23
imageRegistry: ""
24
## E.g.
25
## imagePullSecrets:
26
## - myRegistryKeySecretName
27
##
28
imagePullSecrets: []
29
defaultStorageClass: ""
30
storageClass: ""
31
## Security parameters
32
##
33
security:
34
## @param global.security.allowInsecureImages Allows skipping image verification
35
allowInsecureImages: false
36
redis:
37
password: ""
38
## Compatibility adaptations for Kubernetes platforms
39
##
40
compatibility:
41
## Compatibility adaptations for Openshift
42
##
43
openshift:
44
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
45
##
46
adaptSecurityContext: auto
47
org: ""
48
## @section Common parameters
49
##
50
51
## @param kubeVersion Override Kubernetes version
52
##
53
kubeVersion: ""
54
## @param nameOverride String to partially override common.names.fullname
55
##
56
nameOverride: ""
57
## @param fullnameOverride String to fully override common.names.fullname
58
##
59
fullnameOverride: ""
60
## @param namespaceOverride String to fully override common.names.namespace
61
##
62
namespaceOverride: ""
63
## @param commonLabels Labels to add to all deployed objects
64
##
65
commonLabels: {}
66
## @param commonAnnotations Annotations to add to all deployed objects
67
##
68
commonAnnotations: {}
69
## @param configmapChecksumAnnotations Enable checksum annotations used to trigger rolling updates when ConfigMap(s) change
70
##
71
configmapChecksumAnnotations: true
72
## @param secretChecksumAnnotations Enable checksum annotations used to trigger rolling updates when Secret(s) change
73
##
74
secretChecksumAnnotations: true
75
## @param secretAnnotations Annotations to add to secret
76
##
77
secretAnnotations: {}
78
## @param clusterDomain Kubernetes cluster domain name
79
##
80
clusterDomain: cluster.local
81
## @param extraDeploy Array of extra objects to deploy with the release
82
##
83
extraDeploy: []
84
## @param useHostnames Use hostnames internally when announcing replication. If false, the hostname will be resolved to an IP address
85
##
86
useHostnames: true
87
## @param nameResolutionThreshold Failure threshold for internal hostnames resolution
88
##
89
nameResolutionThreshold: 5
90
## @param nameResolutionTimeout Timeout seconds between probes for internal hostnames resolution
91
##
92
nameResolutionTimeout: 5
93
## Enable diagnostic mode in the deployment
94
##
95
diagnosticMode:
96
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
97
##
98
enabled: false
99
## @param diagnosticMode.command Command to override all containers in the deployment
100
##
101
command:
102
- sleep
103
## @param diagnosticMode.args Args to override all containers in the deployment
104
##
105
args:
106
- infinity
107
## @section Redis(R) Image parameters
108
##
109
110
## Iamguarded Redis(R) image
111
## @param image.registry [default: REGISTRY_NAME] Redis(R) image registry
112
## @param image.repository [default: REPOSITORY_NAME/redis] Redis(R) image repository
113
## @skip image.tag Redis(R) image tag (immutable tags are recommended)
114
## @param image.digest Redis(R) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
115
## @param image.pullPolicy Redis(R) image pull policy
116
## @param image.pullSecrets Redis(R) image pull secrets
117
## @param image.debug Enable image debug mode
118
##
119
image:
120
registry: cgr.dev
121
repository: chainguard-private/redis-server-iamguarded
122
tag: 8.6.1
123
digest: ""
124
## Specify a imagePullPolicy
125
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
126
##
127
pullPolicy: IfNotPresent
128
## Optionally specify an array of imagePullSecrets.
129
## Secrets must be manually created in the namespace.
130
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
131
## e.g:
132
## pullSecrets:
133
## - myRegistryKeySecretName
134
##
135
pullSecrets: []
136
## Enable debug mode
137
##
138
debug: false
139
## @section Redis(R) common configuration parameters
140
##
141
142
## @param architecture Redis(R) architecture. Allowed values: `standalone` or `replication`
143
##
144
architecture: replication
145
## Redis(R) Authentication parameters
146
##
147
auth:
148
## @param auth.enabled Enable password authentication
149
##
150
enabled: true
151
## @param auth.sentinel Enable authentication on sentinels too
152
##
153
sentinel: true
154
## @param auth.password Redis(R) password
155
## Defaults to a random 10-character alphanumeric string if not set
156
##
157
password: ""
158
## @param auth.existingSecret The name of an existing secret with Redis(R) credentials
159
## NOTE: When it's set, the previous `auth.password` parameter is ignored
160
##
161
existingSecret: ""
162
## @param auth.existingSecretPasswordKey Password key to be retrieved from existing secret
163
## NOTE: ignored unless `auth.existingSecret` parameter is set
164
##
165
existingSecretPasswordKey: ""
166
## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable
167
##
168
usePasswordFiles: true
169
## @param auth.usePasswordFileFromSecret Mount password file from secret
170
##
171
usePasswordFileFromSecret: true
172
## Redis ACL restricts connections by limiting commands and key access with auth management.
173
## ref: https://redis.io/docs/latest/operate/oss_and_stack/management/security/acl/
174
##
175
acl:
176
## @param auth.acl.enabled Enables the support of the Redis ACL system
177
##
178
enabled: false
179
## @param auth.acl.sentinel Enables the support of the Redis ACL system for Sentinel Nodes
180
##
181
sentinel: false
182
## @param auth.acl.users A list of the configured users in the Redis ACL system
183
##
184
## Example:
185
## users:
186
## - username: "my-user"
187
## password: "mypassword"
188
## enabled: "on"
189
## commands: "+@all"
190
## keys: "~*"
191
## channels: "&*"
192
users: []
193
## @param auth.acl.userSecret Name of the Secret, containing user credentials for ACL users. Keys must match usernames.
194
userSecret: ""
195
## @param commonConfiguration [string] Common configuration to be added into the ConfigMap
196
## ref: https://redis.io/topics/config
197
##
198
commonConfiguration: |-
199
# Enable AOF https://redis.io/topics/persistence#append-only-file
200
appendonly yes
201
# Disable RDB persistence, AOF persistence already enabled.
202
save ""
203
## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Redis(R) nodes
204
##
205
existingConfigmap: ""
206
## @section Redis(R) master configuration parameters
207
##
208
master:
209
## @param master.count Number of Redis(R) master instances to deploy (experimental, requires additional configuration)
210
##
211
count: 1
212
## @param master.revisionHistoryLimit The number of old history to retain to allow rollback
213
## NOTE: Explicitly setting this field to 0, will result in cleaning up all the history, breaking ability to rollback
214
revisionHistoryLimit: 10
215
## @param master.configuration Configuration for Redis(R) master nodes
216
## ref: https://redis.io/topics/config
217
##
218
configuration: ""
219
## @param master.disableCommands Array with Redis(R) commands to disable on master nodes
220
## Commands will be completely disabled by renaming each to an empty string.
221
## ref: https://redis.io/topics/security#disabling-of-specific-commands
222
##
223
disableCommands:
224
- FLUSHDB
225
- FLUSHALL
226
## @param master.command Override default container command (useful when using custom images)
227
##
228
command: []
229
## @param master.args Override default container args (useful when using custom images)
230
##
231
args: []
232
## @param master.enableServiceLinks Whether information about services should be injected into pod's environment variable
233
##
234
enableServiceLinks: true
235
## @param master.preExecCmds Additional commands to run prior to starting Redis(R) master
236
##
237
preExecCmds: []
238
## @param master.extraFlags Array with additional command line flags for Redis(R) master
239
## e.g:
240
## extraFlags:
241
## - "--maxmemory-policy volatile-ttl"
242
## - "--repl-backlog-size 1024mb"
243
##
244
extraFlags: []
245
## @param master.extraEnvVars Array with extra environment variables to add to Redis(R) master nodes
246
## e.g:
247
## extraEnvVars:
248
## - name: FOO
249
## value: "bar"
250
##
251
extraEnvVars: []
252
## @param master.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis(R) master nodes
253
##
254
extraEnvVarsCM: ""
255
## @param master.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis(R) master nodes
256
##
257
extraEnvVarsSecret: ""
258
## @param master.containerPorts.redis Container port to open on Redis(R) master nodes
259
##
260
containerPorts:
261
redis: 6379
262
## Configure extra options for Redis(R) containers' liveness and readiness probes
263
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
264
## @param master.startupProbe.enabled Enable startupProbe on Redis(R) master nodes
265
## @param master.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
266
## @param master.startupProbe.periodSeconds Period seconds for startupProbe
267
## @param master.startupProbe.timeoutSeconds Timeout seconds for startupProbe
268
## @param master.startupProbe.failureThreshold Failure threshold for startupProbe
269
## @param master.startupProbe.successThreshold Success threshold for startupProbe
270
##
271
startupProbe:
272
enabled: false
273
initialDelaySeconds: 20
274
periodSeconds: 5
275
timeoutSeconds: 5
276
successThreshold: 1
277
failureThreshold: 5
278
## @param master.livenessProbe.enabled Enable livenessProbe on Redis(R) master nodes
279
## @param master.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
280
## @param master.livenessProbe.periodSeconds Period seconds for livenessProbe
281
## @param master.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
282
## @param master.livenessProbe.failureThreshold Failure threshold for livenessProbe
283
## @param master.livenessProbe.successThreshold Success threshold for livenessProbe
284
##
285
livenessProbe:
286
enabled: true
287
initialDelaySeconds: 20
288
periodSeconds: 5
289
timeoutSeconds: 5
290
successThreshold: 1
291
failureThreshold: 5
292
## @param master.readinessProbe.enabled Enable readinessProbe on Redis(R) master nodes
293
## @param master.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
294
## @param master.readinessProbe.periodSeconds Period seconds for readinessProbe
295
## @param master.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
296
## @param master.readinessProbe.failureThreshold Failure threshold for readinessProbe
297
## @param master.readinessProbe.successThreshold Success threshold for readinessProbe
298
##
299
readinessProbe:
300
enabled: true
301
initialDelaySeconds: 20
302
periodSeconds: 5
303
timeoutSeconds: 1
304
successThreshold: 1
305
failureThreshold: 5
306
## @param master.customStartupProbe Custom startupProbe that overrides the default one
307
##
308
customStartupProbe: {}
309
## @param master.customLivenessProbe Custom livenessProbe that overrides the default one
310
##
311
customLivenessProbe: {}
312
## @param master.customReadinessProbe Custom readinessProbe that overrides the default one
313
##
314
customReadinessProbe: {}
315
## Redis(R) master resource requests and limits
316
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
317
## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
318
##
319
resourcesPreset: "nano"
320
## @param master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
321
## Example:
322
## resources:
323
## requests:
324
## cpu: 2
325
## memory: 512Mi
326
## limits:
327
## cpu: 3
328
## memory: 1024Mi
329
##
330
resources: {}
331
## Configure Pods Security Context
332
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
333
## @param master.podSecurityContext.enabled Enabled Redis(R) master pods' Security Context
334
## @param master.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
335
## @param master.podSecurityContext.sysctls Set kernel settings using the sysctl interface
336
## @param master.podSecurityContext.supplementalGroups Set filesystem extra groups
337
## @param master.podSecurityContext.fsGroup Set Redis(R) master pod's Security Context fsGroup
338
##
339
podSecurityContext:
340
enabled: true
341
fsGroupChangePolicy: Always
342
sysctls: []
343
supplementalGroups: []
344
fsGroup: 1001
345
## Configure Container Security Context
346
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
347
## @param master.containerSecurityContext.enabled Enabled Redis(R) master containers' Security Context
348
## @param master.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
349
## @param master.containerSecurityContext.runAsUser Set Redis(R) master containers' Security Context runAsUser
350
## @param master.containerSecurityContext.runAsGroup Set Redis(R) master containers' Security Context runAsGroup
351
## @param master.containerSecurityContext.runAsNonRoot Set Redis(R) master containers' Security Context runAsNonRoot
352
## @param master.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate Redis(R) pod(s) privileges
353
## @param master.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
354
## @param master.containerSecurityContext.seccompProfile.type Set Redis(R) master containers' Security Context seccompProfile
355
## @param master.containerSecurityContext.capabilities.drop Set Redis(R) master containers' Security Context capabilities to drop
356
##
357
containerSecurityContext:
358
enabled: true
359
seLinuxOptions: {}
360
runAsUser: 1001
361
runAsGroup: 1001
362
runAsNonRoot: true
363
allowPrivilegeEscalation: false
364
readOnlyRootFilesystem: true
365
seccompProfile:
366
type: RuntimeDefault
367
capabilities:
368
drop: ["ALL"]
369
## @param master.kind Use either Deployment, StatefulSet (default) or DaemonSet
370
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
371
##
372
kind: StatefulSet
373
## @param master.schedulerName Alternate scheduler for Redis(R) master pods
374
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
375
##
376
schedulerName: ""
377
## @param master.updateStrategy.type Redis(R) master statefulset strategy type
378
## @skip master.updateStrategy.rollingUpdate
379
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
380
##
381
updateStrategy:
382
## StrategyType
383
## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment)
384
##
385
type: RollingUpdate
386
## @param master.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update
387
##
388
minReadySeconds: 0
389
## @param master.priorityClassName Redis(R) master pods' priorityClassName
390
##
391
priorityClassName: ""
392
## @param master.automountServiceAccountToken Mount Service Account token in pod
393
##
394
automountServiceAccountToken: false
395
## @param master.hostAliases Redis(R) master pods host aliases
396
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
397
##
398
hostAliases: []
399
## @param master.podLabels Extra labels for Redis(R) master pods
400
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
401
##
402
podLabels: {}
403
## @param master.podAnnotations Annotations for Redis(R) master pods
404
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
405
##
406
podAnnotations: {}
407
## @param master.shareProcessNamespace Share a single process namespace between all of the containers in Redis(R) master pods
408
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
409
##
410
shareProcessNamespace: false
411
## @param master.podAffinityPreset Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
412
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
413
##
414
podAffinityPreset: ""
415
## @param master.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
416
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
417
##
418
podAntiAffinityPreset: soft
419
## Node master.affinity preset
420
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
421
##
422
nodeAffinityPreset:
423
## @param master.nodeAffinityPreset.type Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
424
##
425
type: ""
426
## @param master.nodeAffinityPreset.key Node label key to match. Ignored if `master.affinity` is set
427
##
428
key: ""
429
## @param master.nodeAffinityPreset.values Node label values to match. Ignored if `master.affinity` is set
430
## E.g.
431
## values:
432
## - e2e-az1
433
## - e2e-az2
434
##
435
values: []
436
## @param master.affinity Affinity for Redis(R) master pods assignment
437
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
438
## NOTE: `master.podAffinityPreset`, `master.podAntiAffinityPreset`, and `master.nodeAffinityPreset` will be ignored when it's set
439
##
440
affinity: {}
441
## @param master.nodeSelector Node labels for Redis(R) master pods assignment
442
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
443
##
444
nodeSelector: {}
445
## @param master.tolerations Tolerations for Redis(R) master pods assignment
446
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
447
##
448
tolerations: []
449
## @param master.topologySpreadConstraints Spread Constraints for Redis(R) master pod assignment
450
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
451
## E.g.
452
## topologySpreadConstraints:
453
## - maxSkew: 1
454
## topologyKey: node
455
## whenUnsatisfiable: DoNotSchedule
456
##
457
topologySpreadConstraints: []
458
## @param master.dnsPolicy DNS Policy for Redis(R) master pod
459
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
460
## E.g.
461
## dnsPolicy: ClusterFirst
462
##
463
dnsPolicy: ""
464
## @param master.dnsConfig DNS Configuration for Redis(R) master pod
465
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
466
## E.g.
467
## dnsConfig:
468
## options:
469
## - name: ndots
470
## value: "4"
471
## - name: single-request-reopen
472
##
473
dnsConfig: {}
474
## @param master.lifecycleHooks for the Redis(R) master container(s) to automate configuration before or after startup
475
##
476
lifecycleHooks: {}
477
## @param master.extraVolumes Optionally specify extra list of additional volumes for the Redis(R) master pod(s)
478
##
479
extraVolumes: []
480
## @param master.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis(R) master container(s)
481
##
482
extraVolumeMounts: []
483
## @param master.sidecars Add additional sidecar containers to the Redis(R) master pod(s)
484
## e.g:
485
## sidecars:
486
## - name: your-image-name
487
## image: your-image
488
## imagePullPolicy: Always
489
## ports:
490
## - name: portname
491
## containerPort: 1234
492
##
493
sidecars: []
494
## @param master.initContainers Add additional init containers to the Redis(R) master pod(s)
495
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
496
## e.g:
497
## initContainers:
498
## - name: your-image-name
499
## image: your-image
500
## imagePullPolicy: Always
501
## command: ['/bin/bash', '-ec', 'echo "hello world"']
502
##
503
initContainers: []
504
## Persistence parameters
505
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
506
##
507
persistence:
508
## @param master.persistence.enabled Enable persistence on Redis(R) master nodes using Persistent Volume Claims
509
##
510
enabled: true
511
## @param master.persistence.medium Provide a medium for `emptyDir` volumes.
512
##
513
medium: ""
514
## @param master.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes.
515
##
516
sizeLimit: ""
517
## @param master.persistence.path The path the volume will be mounted at on Redis(R) master containers
518
## NOTE: Useful when using different Redis(R) images
519
##
520
path: /data
521
## @param master.persistence.subPath The subdirectory of the volume to mount on Redis(R) master containers
522
## NOTE: Useful in dev environments
523
##
524
subPath: ""
525
## @param master.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Redis(R) master containers
526
##
527
subPathExpr: ""
528
## @param master.persistence.storageClass Persistent Volume storage class
529
## If defined, storageClassName: <storageClass>
530
## If set to "-", storageClassName: "", which disables dynamic provisioning
531
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
532
##
533
storageClass: ""
534
## @param master.persistence.accessModes Persistent Volume access modes
535
##
536
accessModes:
537
- ReadWriteOnce
538
## @param master.persistence.size Persistent Volume size
539
##
540
size: 8Gi
541
## @param master.persistence.annotations Additional custom annotations for the PVC
542
##
543
annotations: {}
544
## @param master.persistence.labels Additional custom labels for the PVC
545
##
546
labels: {}
547
## @param master.persistence.selector Additional labels to match for the PVC
548
## e.g:
549
## selector:
550
## matchLabels:
551
## app: my-app
552
##
553
selector: {}
554
## @param master.persistence.dataSource Custom PVC data source
555
##
556
dataSource: {}
557
## @param master.persistence.existingClaim Use a existing PVC which must be created manually before bound
558
## NOTE: requires master.persistence.enabled: true
559
##
560
existingClaim: ""
561
## persistentVolumeClaimRetentionPolicy
562
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
563
## @param master.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
564
## @param master.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
565
## @param master.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
566
##
567
persistentVolumeClaimRetentionPolicy:
568
enabled: false
569
whenScaled: Retain
570
whenDeleted: Retain
571
## Redis(R) master service parameters
572
##
573
service:
574
## @param master.service.type Redis(R) master service type
575
##
576
type: ClusterIP
577
## @param master.service.portNames.redis Redis(R) master service port name
578
##
579
portNames:
580
redis: "tcp-redis"
581
## @param master.service.ports.redis Redis(R) master service port
582
##
583
ports:
584
redis: 6379
585
## @param master.service.nodePorts.redis Node port for Redis(R) master
586
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
587
## NOTE: choose port between <30000-32767>
588
##
589
nodePorts:
590
redis: ""
591
## @param master.service.externalTrafficPolicy Redis(R) master service external traffic policy
592
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
593
##
594
externalTrafficPolicy: Cluster
595
## @param master.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
596
##
597
extraPorts: []
598
## @param master.service.internalTrafficPolicy Redis(R) master service internal traffic policy (requires Kubernetes v1.22 or greater to be usable)
599
## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/
600
##
601
internalTrafficPolicy: Cluster
602
## @param master.service.clusterIP Redis(R) master service Cluster IP
603
##
604
clusterIP: ""
605
## @param master.service.loadBalancerIP Redis(R) master service Load Balancer IP
606
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
607
##
608
loadBalancerIP: ""
609
## @param master.service.loadBalancerClass master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
610
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
611
##
612
loadBalancerClass: ""
613
## @param master.service.loadBalancerSourceRanges Redis(R) master service Load Balancer sources
614
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
615
## e.g.
616
## loadBalancerSourceRanges:
617
## - 10.10.10.0/24
618
##
619
loadBalancerSourceRanges: []
620
## @param master.service.externalIPs Redis(R) master service External IPs
621
## https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
622
## e.g.
623
## externalIPs:
624
## - 10.10.10.1
625
## - 201.22.30.1
626
##
627
externalIPs: []
628
## @param master.service.annotations Additional custom annotations for Redis(R) master service
629
##
630
annotations: {}
631
## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
632
## If "ClientIP", consecutive client requests will be directed to the same Pod
633
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
634
##
635
sessionAffinity: None
636
## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
637
## sessionAffinityConfig:
638
## clientIP:
639
## timeoutSeconds: 300
640
##
641
sessionAffinityConfig: {}
642
## @param master.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-master pods
643
##
644
terminationGracePeriodSeconds: 30
645
## ServiceAccount configuration
646
##
647
serviceAccount:
648
## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created
649
##
650
create: true
651
## @param master.serviceAccount.name The name of the ServiceAccount to use.
652
## If not set and create is true, a name is generated using the common.names.fullname template
653
##
654
name: ""
655
## @param master.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
656
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
657
##
658
automountServiceAccountToken: false
659
## @param master.serviceAccount.annotations Additional custom annotations for the ServiceAccount
660
##
661
annotations: {}
662
## Pod Disruption Budget configuration
663
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
664
## @param master.pdb.create Enable/disable a Pod Disruption Budget creation
665
## @param master.pdb.minAvailable [object] Minimum number/percentage of pods that should remain scheduled
666
## @param master.pdb.maxUnavailable [object] Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `master.pdb.minAvailable` and `master.pdb.maxUnavailable` are empty.
667
##
668
pdb:
669
create: true
670
minAvailable: ""
671
maxUnavailable: ""
672
## @param master.extraPodSpec Optionally specify extra PodSpec for the Redis(R) master pod(s)
673
##
674
extraPodSpec: {}
675
## @param master.annotations Additional custom annotations for Redis(R) Master resource
676
##
677
annotations: {}
678
## @section Redis(R) replicas configuration parameters
679
##
680
replica:
681
## @param replica.kind Use either DaemonSet or StatefulSet (default)
682
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
683
##
684
kind: StatefulSet
685
## @param replica.replicaCount Number of Redis(R) replicas to deploy
686
##
687
replicaCount: 3
688
## @param replica.revisionHistoryLimit The number of old history to retain to allow rollback
689
## NOTE: Explicitly setting this field to 0, will result in cleaning up all the history, breaking ability to rollback
690
revisionHistoryLimit: 10
691
## @param replica.configuration Configuration for Redis(R) replicas nodes
692
## ref: https://redis.io/topics/config
693
##
694
configuration: ""
695
## @param replica.disableCommands Array with Redis(R) commands to disable on replicas nodes
696
## Commands will be completely disabled by renaming each to an empty string.
697
## ref: https://redis.io/topics/security#disabling-of-specific-commands
698
##
699
disableCommands:
700
- FLUSHDB
701
- FLUSHALL
702
## @param replica.command Override default container command (useful when using custom images)
703
##
704
command: []
705
## @param replica.args Override default container args (useful when using custom images)
706
##
707
args: []
708
## @param replica.enableServiceLinks Whether information about services should be injected into pod's environment variable
709
##
710
enableServiceLinks: true
711
## @param replica.preExecCmds Additional commands to run prior to starting Redis(R) replicas
712
##
713
preExecCmds: []
714
## @param replica.extraFlags Array with additional command line flags for Redis(R) replicas
715
## e.g:
716
## extraFlags:
717
## - "--maxmemory-policy volatile-ttl"
718
## - "--repl-backlog-size 1024mb"
719
##
720
extraFlags: []
721
## @param replica.extraEnvVars Array with extra environment variables to add to Redis(R) replicas nodes
722
## e.g:
723
## extraEnvVars:
724
## - name: FOO
725
## value: "bar"
726
##
727
extraEnvVars: []
728
## @param replica.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis(R) replicas nodes
729
##
730
extraEnvVarsCM: ""
731
## @param replica.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis(R) replicas nodes
732
##
733
extraEnvVarsSecret: ""
734
## @param replica.externalMaster.enabled Use external master for bootstrapping
735
## @param replica.externalMaster.host External master host to bootstrap from
736
## @param replica.externalMaster.port Port for Redis service external master host
737
##
738
externalMaster:
739
enabled: false
740
host: ""
741
port: 6379
742
## @param replica.containerPorts.redis Container port to open on Redis(R) replicas nodes
743
##
744
containerPorts:
745
redis: 6379
746
## Configure extra options for Redis(R) containers' liveness and readiness probes
747
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
748
## @param replica.startupProbe.enabled Enable startupProbe on Redis(R) replicas nodes
749
## @param replica.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
750
## @param replica.startupProbe.periodSeconds Period seconds for startupProbe
751
## @param replica.startupProbe.timeoutSeconds Timeout seconds for startupProbe
752
## @param replica.startupProbe.failureThreshold Failure threshold for startupProbe
753
## @param replica.startupProbe.successThreshold Success threshold for startupProbe
754
##
755
startupProbe:
756
enabled: true
757
initialDelaySeconds: 10
758
periodSeconds: 10
759
timeoutSeconds: 5
760
successThreshold: 1
761
failureThreshold: 22
762
## @param replica.livenessProbe.enabled Enable livenessProbe on Redis(R) replicas nodes
763
## @param replica.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
764
## @param replica.livenessProbe.periodSeconds Period seconds for livenessProbe
765
## @param replica.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
766
## @param replica.livenessProbe.failureThreshold Failure threshold for livenessProbe
767
## @param replica.livenessProbe.successThreshold Success threshold for livenessProbe
768
##
769
livenessProbe:
770
enabled: true
771
initialDelaySeconds: 20
772
periodSeconds: 5
773
timeoutSeconds: 5
774
successThreshold: 1
775
failureThreshold: 5
776
## @param replica.readinessProbe.enabled Enable readinessProbe on Redis(R) replicas nodes
777
## @param replica.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
778
## @param replica.readinessProbe.periodSeconds Period seconds for readinessProbe
779
## @param replica.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
780
## @param replica.readinessProbe.failureThreshold Failure threshold for readinessProbe
781
## @param replica.readinessProbe.successThreshold Success threshold for readinessProbe
782
##
783
readinessProbe:
784
enabled: true
785
initialDelaySeconds: 20
786
periodSeconds: 5
787
timeoutSeconds: 1
788
successThreshold: 1
789
failureThreshold: 5
790
## @param replica.customStartupProbe Custom startupProbe that overrides the default one
791
##
792
customStartupProbe: {}
793
## @param replica.customLivenessProbe Custom livenessProbe that overrides the default one
794
##
795
customLivenessProbe: {}
796
## @param replica.customReadinessProbe Custom readinessProbe that overrides the default one
797
##
798
customReadinessProbe: {}
799
## Redis(R) replicas resource requests and limits
800
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
801
## @param replica.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production).
802
##
803
resourcesPreset: "nano"
804
## @param replica.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
805
## Example:
806
## resources:
807
## requests:
808
## cpu: 2
809
## memory: 512Mi
810
## limits:
811
## cpu: 3
812
## memory: 1024Mi
813
##
814
resources: {}
815
## Configure Pods Security Context
816
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
817
## @param replica.podSecurityContext.enabled Enabled Redis(R) replicas pods' Security Context
818
## @param replica.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
819
## @param replica.podSecurityContext.sysctls Set kernel settings using the sysctl interface
820
## @param replica.podSecurityContext.supplementalGroups Set filesystem extra groups
821
## @param replica.podSecurityContext.fsGroup Set Redis(R) replicas pod's Security Context fsGroup
822
##
823
podSecurityContext:
824
enabled: true
825
fsGroupChangePolicy: Always
826
sysctls: []
827
supplementalGroups: []
828
fsGroup: 1001
829
## Configure Container Security Context
830
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
831
## @param replica.containerSecurityContext.enabled Enabled Redis(R) replicas containers' Security Context
832
## @param replica.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
833
## @param replica.containerSecurityContext.runAsUser Set Redis(R) replicas containers' Security Context runAsUser
834
## @param replica.containerSecurityContext.runAsGroup Set Redis(R) replicas containers' Security Context runAsGroup
835
## @param replica.containerSecurityContext.runAsNonRoot Set Redis(R) replicas containers' Security Context runAsNonRoot
836
## @param replica.containerSecurityContext.allowPrivilegeEscalation Set Redis(R) replicas pod's Security Context allowPrivilegeEscalation
837
## @param replica.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
838
## @param replica.containerSecurityContext.seccompProfile.type Set Redis(R) replicas containers' Security Context seccompProfile
839
## @param replica.containerSecurityContext.capabilities.drop Set Redis(R) replicas containers' Security Context capabilities to drop
840
##
841
containerSecurityContext:
842
enabled: true
843
seLinuxOptions: {}
844
runAsUser: 1001
845
runAsGroup: 1001
846
runAsNonRoot: true
847
allowPrivilegeEscalation: false
848
readOnlyRootFilesystem: true
849
seccompProfile:
850
type: RuntimeDefault
851
capabilities:
852
drop: ["ALL"]
853
## @param replica.schedulerName Alternate scheduler for Redis(R) replicas pods
854
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
855
##
856
schedulerName: ""
857
## @param replica.updateStrategy.type Redis(R) replicas statefulset strategy type
858
## @skip replica.updateStrategy.rollingUpdate
859
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
860
##
861
updateStrategy:
862
## StrategyType
863
## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment)
864
##
865
type: RollingUpdate
866
## @param replica.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update
867
##
868
minReadySeconds: 0
869
## @param replica.priorityClassName Redis(R) replicas pods' priorityClassName
870
##
871
priorityClassName: ""
872
## @param replica.podManagementPolicy podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods
873
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
874
##
875
podManagementPolicy: ""
876
## @param replica.automountServiceAccountToken Mount Service Account token in pod
877
##
878
automountServiceAccountToken: false
879
## @param replica.hostAliases Redis(R) replicas pods host aliases
880
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
881
##
882
hostAliases: []
883
## @param replica.podLabels Extra labels for Redis(R) replicas pods
884
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
885
##
886
podLabels: {}
887
## @param replica.podAnnotations Annotations for Redis(R) replicas pods
888
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
889
##
890
podAnnotations: {}
891
## @param replica.shareProcessNamespace Share a single process namespace between all of the containers in Redis(R) replicas pods
892
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
893
##
894
shareProcessNamespace: false
895
## @param replica.podAffinityPreset Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`
896
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
897
##
898
podAffinityPreset: ""
899
## @param replica.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`
900
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
901
##
902
podAntiAffinityPreset: soft
903
## Node affinity preset
904
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
905
##
906
nodeAffinityPreset:
907
## @param replica.nodeAffinityPreset.type Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard`
908
##
909
type: ""
910
## @param replica.nodeAffinityPreset.key Node label key to match. Ignored if `replica.affinity` is set
911
##
912
key: ""
913
## @param replica.nodeAffinityPreset.values Node label values to match. Ignored if `replica.affinity` is set
914
## E.g.
915
## values:
916
## - e2e-az1
917
## - e2e-az2
918
##
919
values: []
920
## @param replica.affinity Affinity for Redis(R) replicas pods assignment
921
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
922
## NOTE: `replica.podAffinityPreset`, `replica.podAntiAffinityPreset`, and `replica.nodeAffinityPreset` will be ignored when it's set
923
##
924
affinity: {}
925
## @param replica.nodeSelector Node labels for Redis(R) replicas pods assignment
926
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
927
##
928
nodeSelector: {}
929
## @param replica.tolerations Tolerations for Redis(R) replicas pods assignment
930
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
931
##
932
tolerations: []
933
## @param replica.topologySpreadConstraints Spread Constraints for Redis(R) replicas pod assignment
934
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
935
## E.g.
936
## topologySpreadConstraints:
937
## - maxSkew: 1
938
## topologyKey: node
939
## whenUnsatisfiable: DoNotSchedule
940
##
941
topologySpreadConstraints: []
942
## @param replica.dnsPolicy DNS Policy for Redis(R) replica pods
943
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
944
## E.g.
945
## dnsPolicy: ClusterFirst
946
##
947
dnsPolicy: ""
948
## @param replica.dnsConfig DNS Configuration for Redis(R) replica pods
949
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
950
## E.g.
951
## dnsConfig:
952
## options:
953
## - name: ndots
954
## value: "4"
955
## - name: single-request-reopen
956
##
957
dnsConfig: {}
958
## @param replica.lifecycleHooks for the Redis(R) replica container(s) to automate configuration before or after startup
959
##
960
lifecycleHooks: {}
961
## @param replica.extraVolumes Optionally specify extra list of additional volumes for the Redis(R) replicas pod(s)
962
##
963
extraVolumes: []
964
## @param replica.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis(R) replicas container(s)
965
##
966
extraVolumeMounts: []
967
## @param replica.sidecars Add additional sidecar containers to the Redis(R) replicas pod(s)
968
## e.g:
969
## sidecars:
970
## - name: your-image-name
971
## image: your-image
972
## imagePullPolicy: Always
973
## ports:
974
## - name: portname
975
## containerPort: 1234
976
##
977
sidecars: []
978
## @param replica.initContainers Add additional init containers to the Redis(R) replicas pod(s)
979
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
980
## e.g:
981
## initContainers:
982
## - name: your-image-name
983
## image: your-image
984
## imagePullPolicy: Always
985
## command: ['/bin/bash', '-c', 'echo "hello world"']
986
##
987
initContainers: []
988
## Persistence Parameters
989
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
990
##
991
persistence:
992
## @param replica.persistence.enabled Enable persistence on Redis(R) replicas nodes using Persistent Volume Claims
993
##
994
enabled: true
995
## @param replica.persistence.medium Provide a medium for `emptyDir` volumes.
996
##
997
medium: ""
998
## @param replica.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes.
999
##
1000
sizeLimit: ""
1001
## @param replica.persistence.path The path the volume will be mounted at on Redis(R) replicas containers
1002
## NOTE: Useful when using different Redis(R) images
1003
##
1004
path: /data
1005
## @param replica.persistence.subPath The subdirectory of the volume to mount on Redis(R) replicas containers
1006
## NOTE: Useful in dev environments
1007
##
1008
subPath: ""
1009
## @param replica.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Redis(R) replicas containers
1010
##
1011
subPathExpr: ""
1012
## @param replica.persistence.storageClass Persistent Volume storage class
1013
## If defined, storageClassName: <storageClass>
1014
## If set to "-", storageClassName: "", which disables dynamic provisioning
1015
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
1016
##
1017
storageClass: ""
1018
## @param replica.persistence.accessModes Persistent Volume access modes
1019
##
1020
accessModes:
1021
- ReadWriteOnce
1022
## @param replica.persistence.size Persistent Volume size
1023
##
1024
size: 8Gi
1025
## @param replica.persistence.annotations Additional custom annotations for the PVC
1026
##
1027
annotations: {}
1028
## @param replica.persistence.labels Additional custom labels for the PVC
1029
##
1030
labels: {}
1031
## @param replica.persistence.selector Additional labels to match for the PVC
1032
## e.g:
1033
## selector:
1034
## matchLabels:
1035
## app: my-app
1036
##
1037
selector: {}
1038
## @param replica.persistence.dataSource Custom PVC data source
1039
##
1040
dataSource: {}
1041
## @param replica.persistence.existingClaim Use a existing PVC which must be created manually before bound
1042
## NOTE: requires replica.persistence.enabled: true
1043
##
1044
existingClaim: ""
1045
## persistentVolumeClaimRetentionPolicy
1046
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
1047
## @param replica.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
1048
## @param replica.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
1049
## @param replica.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
1050
##
1051
persistentVolumeClaimRetentionPolicy:
1052
enabled: false
1053
whenScaled: Retain
1054
whenDeleted: Retain
1055
## Redis(R) replicas service parameters
1056
##
1057
service:
1058
## @param replica.service.type Redis(R) replicas service type
1059
##
1060
type: ClusterIP
1061
## @param replica.service.ports.redis Redis(R) replicas service port
1062
##
1063
ports:
1064
redis: 6379
1065
## @param replica.service.nodePorts.redis Node port for Redis(R) replicas
1066
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
1067
## NOTE: choose port between <30000-32767>
1068
##
1069
nodePorts:
1070
redis: ""
1071
## @param replica.service.externalTrafficPolicy Redis(R) replicas service external traffic policy
1072
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1073
##
1074
externalTrafficPolicy: Cluster
1075
## @param replica.service.internalTrafficPolicy Redis(R) replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable)
1076
## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/
1077
##
1078
internalTrafficPolicy: Cluster
1079
## @param replica.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1080
##
1081
extraPorts: []
1082
## @param replica.service.clusterIP Redis(R) replicas service Cluster IP
1083
##
1084
clusterIP: ""
1085
## @param replica.service.loadBalancerIP Redis(R) replicas service Load Balancer IP
1086
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1087
##
1088
loadBalancerIP: ""
1089
## @param replica.service.loadBalancerClass replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1090
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1091
##
1092
loadBalancerClass: ""
1093
## @param replica.service.loadBalancerSourceRanges Redis(R) replicas service Load Balancer sources
1094
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1095
## e.g.
1096
## loadBalancerSourceRanges:
1097
## - 10.10.10.0/24
1098
##
1099
loadBalancerSourceRanges: []
1100
## @param replica.service.annotations Additional custom annotations for Redis(R) replicas service
1101
##
1102
annotations: {}
1103
## @param replica.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1104
## If "ClientIP", consecutive client requests will be directed to the same Pod
1105
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1106
##
1107
sessionAffinity: None
1108
## @param replica.service.sessionAffinityConfig Additional settings for the sessionAffinity
1109
## sessionAffinityConfig:
1110
## clientIP:
1111
## timeoutSeconds: 300
1112
##
1113
sessionAffinityConfig: {}
1114
## @param replica.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-replicas pods
1115
##
1116
terminationGracePeriodSeconds: 30
1117
## Autoscaling configuration
1118
##
1119
autoscaling:
1120
## @param replica.autoscaling.enabled Enable replica autoscaling settings
1121
##
1122
enabled: false
1123
## @param replica.autoscaling.minReplicas Minimum replicas for the pod autoscaling
1124
##
1125
minReplicas: 1
1126
## @param replica.autoscaling.maxReplicas Maximum replicas for the pod autoscaling
1127
##
1128
maxReplicas: 11
1129
## @param replica.autoscaling.targetCPU Percentage of CPU to consider when autoscaling
1130
##
1131
targetCPU: ""
1132
## @param replica.autoscaling.targetMemory Percentage of Memory to consider when autoscaling
1133
##
1134
targetMemory: ""
1135
## ServiceAccount configuration
1136
##
1137
serviceAccount:
1138
## @param replica.serviceAccount.create Specifies whether a ServiceAccount should be created
1139
##
1140
create: true
1141
## @param replica.serviceAccount.name The name of the ServiceAccount to use.
1142
## If not set and create is true, a name is generated using the common.names.fullname template
1143
##
1144
name: ""
1145
## @param replica.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
1146
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
1147
##
1148
automountServiceAccountToken: false
1149
## @param replica.serviceAccount.annotations Additional custom annotations for the ServiceAccount
1150
##
1151
annotations: {}
1152
## Pod Disruption Budget configuration
1153
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
1154
## @param replica.pdb.create Enable/disable a Pod Disruption Budget creation
1155
## @param replica.pdb.minAvailable [object] Minimum number/percentage of pods that should remain scheduled
1156
## @param replica.pdb.maxUnavailable [object] Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `replica.pdb.minAvailable` and `replica.pdb.maxUnavailable` are empty.
1157
##
1158
pdb:
1159
create: true
1160
minAvailable: ""
1161
maxUnavailable: ""
1162
## @param replica.extraPodSpec Optionally specify extra PodSpec for the Redis(R) replicas pod(s)
1163
##
1164
extraPodSpec: {}
1165
## @param replica.annotations Additional custom annotations for Redis(R) replicas resource
1166
##
1167
annotations: {}
1168
## @section Redis(R) Sentinel configuration parameters
1169
##
1170
1171
sentinel:
1172
## @param sentinel.enabled Use Redis(R) Sentinel on Redis(R) pods.
1173
## IMPORTANT: this will disable the master and replicas services and
1174
## create a single Redis(R) service exposing both the Redis and Sentinel ports
1175
##
1176
enabled: false
1177
## Iamguarded Redis(R) Sentinel image version
1178
## @param sentinel.image.registry [default: REGISTRY_NAME] Redis(R) Sentinel image registry
1179
## @param sentinel.image.repository [default: REPOSITORY_NAME/redis-sentinel] Redis(R) Sentinel image repository
1180
## @skip sentinel.image.tag Redis(R) Sentinel image tag (immutable tags are recommended)
1181
## @param sentinel.image.digest Redis(R) Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1182
## @param sentinel.image.pullPolicy Redis(R) Sentinel image pull policy
1183
## @param sentinel.image.pullSecrets Redis(R) Sentinel image pull secrets
1184
## @param sentinel.image.debug Enable image debug mode
1185
##
1186
image:
1187
registry: cgr.dev
1188
repository: chainguard-private/redis-sentinel-iamguarded
1189
tag: 8.6.1
1190
digest: ""
1191
## Specify a imagePullPolicy
1192
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
1193
##
1194
pullPolicy: IfNotPresent
1195
## Optionally specify an array of imagePullSecrets.
1196
## Secrets must be manually created in the namespace.
1197
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1198
## e.g:
1199
## pullSecrets:
1200
## - myRegistryKeySecretName
1201
##
1202
pullSecrets: []
1203
## Enable debug mode
1204
##
1205
debug: false
1206
## @param sentinel.annotations Additional custom annotations for Redis(R) Sentinel resource
1207
##
1208
annotations: {}
1209
## @param sentinel.masterSet Master set name
1210
##
1211
masterSet: mymaster
1212
## @param sentinel.quorum Sentinel Quorum
1213
##
1214
quorum: 2
1215
## @param sentinel.getMasterTimeout Amount of time to allow before get_sentinel_master_info() times out.
1216
##
1217
getMasterTimeout: 90
1218
## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it.
1219
## This also prevents any new replica from starting until the last remaining replica is elected as master to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data.
1220
## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000.
1221
##
1222
automateClusterRecovery: false
1223
## @param sentinel.redisShutdownWaitFailover Whether the Redis(R) master container waits for the failover at shutdown (in addition to the Redis(R) Sentinel container).
1224
##
1225
redisShutdownWaitFailover: true
1226
## Sentinel timing restrictions
1227
## @param sentinel.downAfterMilliseconds Timeout for detecting a Redis(R) node is down
1228
## @param sentinel.failoverTimeout Timeout for performing a election failover
1229
##
1230
downAfterMilliseconds: 60000
1231
failoverTimeout: 180000
1232
## @param sentinel.parallelSyncs Number of replicas that can be reconfigured in parallel to use the new master after a failover
1233
##
1234
parallelSyncs: 1
1235
## @param sentinel.replicaSyncCheck Wait for data full sync on replicas before marking them as ready (experimental)
1236
##
1237
replicaSyncCheck: false
1238
## @param sentinel.configuration Configuration for Redis(R) Sentinel nodes
1239
## ref: https://redis.io/topics/sentinel
1240
##
1241
configuration: ""
1242
## @param sentinel.command Override default container command (useful when using custom images)
1243
##
1244
command: []
1245
## @param sentinel.args Override default container args (useful when using custom images)
1246
##
1247
args: []
1248
## @param sentinel.enableServiceLinks Whether information about services should be injected into pod's environment variable
1249
##
1250
enableServiceLinks: true
1251
## @param sentinel.preExecCmds Additional commands to run prior to starting Redis(R) Sentinel
1252
##
1253
preExecCmds: []
1254
## @param sentinel.extraEnvVars Array with extra environment variables to add to Redis(R) Sentinel nodes
1255
## e.g:
1256
## extraEnvVars:
1257
## - name: FOO
1258
## value: "bar"
1259
##
1260
extraEnvVars: []
1261
## @param sentinel.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis(R) Sentinel nodes
1262
##
1263
extraEnvVarsCM: ""
1264
## @param sentinel.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis(R) Sentinel nodes
1265
##
1266
extraEnvVarsSecret: ""
1267
## @param sentinel.externalMaster.enabled Use external master for bootstrapping
1268
## @param sentinel.externalMaster.host External master host to bootstrap from
1269
## @param sentinel.externalMaster.port Port for Redis service external master host
1270
##
1271
externalMaster:
1272
enabled: false
1273
host: ""
1274
port: 6379
1275
## @param sentinel.containerPorts.sentinel Container port to open on Redis(R) Sentinel nodes
1276
##
1277
containerPorts:
1278
sentinel: 26379
1279
## Configure extra options for Redis(R) containers' liveness and readiness probes
1280
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1281
## @param sentinel.startupProbe.enabled Enable startupProbe on Redis(R) Sentinel nodes
1282
## @param sentinel.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1283
## @param sentinel.startupProbe.periodSeconds Period seconds for startupProbe
1284
## @param sentinel.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1285
## @param sentinel.startupProbe.failureThreshold Failure threshold for startupProbe
1286
## @param sentinel.startupProbe.successThreshold Success threshold for startupProbe
1287
##
1288
startupProbe:
1289
enabled: true
1290
initialDelaySeconds: 10
1291
periodSeconds: 10
1292
timeoutSeconds: 5
1293
successThreshold: 1
1294
failureThreshold: 22
1295
## @param sentinel.livenessProbe.enabled Enable livenessProbe on Redis(R) Sentinel nodes
1296
## @param sentinel.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1297
## @param sentinel.livenessProbe.periodSeconds Period seconds for livenessProbe
1298
## @param sentinel.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1299
## @param sentinel.livenessProbe.failureThreshold Failure threshold for livenessProbe
1300
## @param sentinel.livenessProbe.successThreshold Success threshold for livenessProbe
1301
##
1302
livenessProbe:
1303
enabled: true
1304
initialDelaySeconds: 20
1305
periodSeconds: 10
1306
timeoutSeconds: 5
1307
successThreshold: 1
1308
failureThreshold: 6
1309
## @param sentinel.readinessProbe.enabled Enable readinessProbe on Redis(R) Sentinel nodes
1310
## @param sentinel.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1311
## @param sentinel.readinessProbe.periodSeconds Period seconds for readinessProbe
1312
## @param sentinel.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1313
## @param sentinel.readinessProbe.failureThreshold Failure threshold for readinessProbe
1314
## @param sentinel.readinessProbe.successThreshold Success threshold for readinessProbe
1315
##
1316
readinessProbe:
1317
enabled: true
1318
initialDelaySeconds: 20
1319
periodSeconds: 5
1320
timeoutSeconds: 1
1321
successThreshold: 1
1322
failureThreshold: 6
1323
## @param sentinel.customStartupProbe Custom startupProbe that overrides the default one
1324
##
1325
customStartupProbe: {}
1326
## @param sentinel.customLivenessProbe Custom livenessProbe that overrides the default one
1327
##
1328
customLivenessProbe: {}
1329
## @param sentinel.customReadinessProbe Custom readinessProbe that overrides the default one
1330
##
1331
customReadinessProbe: {}
1332
## Persistence parameters
1333
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
1334
##
1335
persistence:
1336
## @param sentinel.persistence.enabled Enable persistence on Redis(R) sentinel nodes using Persistent Volume Claims (Experimental)
1337
##
1338
enabled: false
1339
## @param sentinel.persistence.storageClass Persistent Volume storage class
1340
## If defined, storageClassName: <storageClass>
1341
## If set to "-", storageClassName: "", which disables dynamic provisioning
1342
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
1343
##
1344
storageClass: ""
1345
## @param sentinel.persistence.accessModes Persistent Volume access modes
1346
##
1347
accessModes:
1348
- ReadWriteOnce
1349
## @param sentinel.persistence.size Persistent Volume size
1350
##
1351
size: 100Mi
1352
## @param sentinel.persistence.annotations Additional custom annotations for the PVC
1353
##
1354
annotations: {}
1355
## @param sentinel.persistence.labels Additional custom labels for the PVC
1356
##
1357
labels: {}
1358
## @param sentinel.persistence.selector Additional labels to match for the PVC
1359
## e.g:
1360
## selector:
1361
## matchLabels:
1362
## app: my-app
1363
##
1364
selector: {}
1365
## @param sentinel.persistence.dataSource Custom PVC data source
1366
##
1367
dataSource: {}
1368
## @param sentinel.persistence.medium Provide a medium for `emptyDir` volumes.
1369
##
1370
medium: ""
1371
## @param sentinel.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes.
1372
##
1373
sizeLimit: ""
1374
## persistentVolumeClaimRetentionPolicy
1375
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
1376
## @param sentinel.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
1377
## @param sentinel.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
1378
## @param sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
1379
##
1380
persistentVolumeClaimRetentionPolicy:
1381
enabled: false
1382
whenScaled: Retain
1383
whenDeleted: Retain
1384
## Redis(R) Sentinel resource requests and limits
1385
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1386
## @param sentinel.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production).
1387
##
1388
resourcesPreset: "nano"
1389
## @param sentinel.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1390
## Example:
1391
## resources:
1392
## requests:
1393
## cpu: 2
1394
## memory: 512Mi
1395
## limits:
1396
## cpu: 3
1397
## memory: 1024Mi
1398
##
1399
resources: {}
1400
## Configure Container Security Context
1401
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1402
## @param sentinel.containerSecurityContext.enabled Enabled Redis(R) Sentinel containers' Security Context
1403
## @param sentinel.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1404
## @param sentinel.containerSecurityContext.runAsUser Set Redis(R) Sentinel containers' Security Context runAsUser
1405
## @param sentinel.containerSecurityContext.runAsGroup Set Redis(R) Sentinel containers' Security Context runAsGroup
1406
## @param sentinel.containerSecurityContext.runAsNonRoot Set Redis(R) Sentinel containers' Security Context runAsNonRoot
1407
## @param sentinel.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
1408
## @param sentinel.containerSecurityContext.allowPrivilegeEscalation Set Redis(R) Sentinel containers' Security Context allowPrivilegeEscalation
1409
## @param sentinel.containerSecurityContext.seccompProfile.type Set Redis(R) Sentinel containers' Security Context seccompProfile
1410
## @param sentinel.containerSecurityContext.capabilities.drop Set Redis(R) Sentinel containers' Security Context capabilities to drop
1411
##
1412
containerSecurityContext:
1413
enabled: true
1414
seLinuxOptions: {}
1415
runAsUser: 1001
1416
runAsGroup: 1001
1417
runAsNonRoot: true
1418
allowPrivilegeEscalation: false
1419
readOnlyRootFilesystem: true
1420
seccompProfile:
1421
type: RuntimeDefault
1422
capabilities:
1423
drop: ["ALL"]
1424
## @param sentinel.lifecycleHooks for the Redis(R) sentinel container(s) to automate configuration before or after startup
1425
##
1426
lifecycleHooks: {}
1427
## @param sentinel.extraVolumes Optionally specify extra list of additional volumes for the Redis(R) Sentinel
1428
##
1429
extraVolumes: []
1430
## @param sentinel.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis(R) Sentinel container(s)
1431
##
1432
extraVolumeMounts: []
1433
## Redis(R) Sentinel service parameters
1434
## Note: values passed in this section also configure the master service, unless the sentinel.masterService is explicitly overridden.
1435
service:
1436
## @param sentinel.service.type Redis(R) Sentinel service type
1437
##
1438
type: ClusterIP
1439
## @param sentinel.service.ports.redis Redis(R) service port for Redis(R)
1440
## @param sentinel.service.ports.sentinel Redis(R) service port for Redis(R) Sentinel
1441
##
1442
ports:
1443
redis: 6379
1444
sentinel: 26379
1445
## @param sentinel.service.nodePorts.redis Node port for Redis(R)
1446
## @param sentinel.service.nodePorts.sentinel Node port for Sentinel
1447
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
1448
## NOTE: choose port between <30000-32767>
1449
## NOTE: By leaving these values blank, they will be generated by ports-configmap
1450
## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.redis and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port
1451
##
1452
nodePorts:
1453
redis: ""
1454
sentinel: ""
1455
## @param sentinel.service.externalTrafficPolicy Redis(R) Sentinel service external traffic policy
1456
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1457
##
1458
externalTrafficPolicy: Cluster
1459
## @param sentinel.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1460
##
1461
extraPorts: []
1462
## @param sentinel.service.clusterIP Redis(R) Sentinel service Cluster IP
1463
##
1464
clusterIP: ""
1465
## @param sentinel.service.createMaster Enable master service pointing to the current master (experimental)
1466
## NOTE: rbac.create need to be set to true
1467
##
1468
createMaster: false
1469
## @param sentinel.service.loadBalancerIP Redis(R) Sentinel service Load Balancer IP
1470
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1471
##
1472
loadBalancerIP: ""
1473
## @param sentinel.service.loadBalancerClass sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1474
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1475
##
1476
loadBalancerClass: ""
1477
## @param sentinel.service.loadBalancerSourceRanges Redis(R) Sentinel service Load Balancer sources
1478
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1479
## e.g.
1480
## loadBalancerSourceRanges:
1481
## - 10.10.10.0/24
1482
##
1483
loadBalancerSourceRanges: []
1484
## @param sentinel.service.annotations Additional custom annotations for Redis(R) Sentinel service
1485
##
1486
annotations: {}
1487
## @param sentinel.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1488
## If "ClientIP", consecutive client requests will be directed to the same Pod
1489
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1490
##
1491
sessionAffinity: None
1492
## @param sentinel.service.sessionAffinityConfig Additional settings for the sessionAffinity
1493
## sessionAffinityConfig:
1494
## clientIP:
1495
## timeoutSeconds: 300
1496
##
1497
sessionAffinityConfig: {}
1498
## Headless service properties
1499
##
1500
headless:
1501
## @param sentinel.service.headless.annotations Annotations for the headless service.
1502
##
1503
annotations: {}
1504
## @param sentinel.service.headless.extraPorts Optionally specify extra ports to expose for the headless service.
1505
## Example:
1506
## extraPorts:
1507
## - name: my-custom-port
1508
## port: 12345
1509
## protocol: TCP
1510
## targetPort: 12345
1511
##
1512
extraPorts: []
1513
## Redis(R) master service parameters
1514
##
1515
masterService:
1516
## @param sentinel.masterService.enabled Enable master service pointing to the current master (experimental)
1517
## NOTE: rbac.create need to be set to true
1518
##
1519
enabled: false
1520
## @param sentinel.masterService.type Redis(R) Sentinel master service type
1521
##
1522
type: ClusterIP
1523
## @param sentinel.masterService.ports.redis Redis(R) service port for Redis(R)
1524
##
1525
ports:
1526
redis: 6379
1527
## @param sentinel.masterService.nodePorts.redis Node port for Redis(R)
1528
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
1529
## NOTE: choose port between <30000-32767>
1530
## NOTE: By leaving these values blank, they will be generated by ports-configmap
1531
## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.redis and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port
1532
##
1533
nodePorts:
1534
redis: ""
1535
## @param sentinel.masterService.externalTrafficPolicy Redis(R) master service external traffic policy
1536
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1537
##
1538
externalTrafficPolicy: ""
1539
## @param sentinel.masterService.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1540
##
1541
extraPorts: []
1542
## @param sentinel.masterService.clusterIP Redis(R) master service Cluster IP
1543
##
1544
clusterIP: ""
1545
## @param sentinel.masterService.loadBalancerIP Redis(R) master service Load Balancer IP
1546
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1547
##
1548
loadBalancerIP: ""
1549
## @param sentinel.masterService.loadBalancerClass master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1550
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1551
##
1552
loadBalancerClass: ""
1553
## @param sentinel.masterService.loadBalancerSourceRanges Redis(R) master service Load Balancer sources
1554
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1555
## e.g.
1556
## loadBalancerSourceRanges:
1557
## - 10.10.10.0/24
1558
##
1559
loadBalancerSourceRanges: []
1560
## @param sentinel.masterService.annotations Additional custom annotations for Redis(R) master service
1561
##
1562
annotations: {}
1563
## @param sentinel.masterService.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1564
## If "ClientIP", consecutive client requests will be directed to the same Pod
1565
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1566
##
1567
sessionAffinity: None
1568
## @param sentinel.masterService.sessionAffinityConfig Additional settings for the sessionAffinity
1569
## sessionAffinityConfig:
1570
## clientIP:
1571
## timeoutSeconds: 300
1572
##
1573
sessionAffinityConfig: {}
1574
## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-node pods
1575
##
1576
terminationGracePeriodSeconds: 30
1577
## @param sentinel.extraPodSpec Optionally specify extra PodSpec for the Redis(R) Sentinel pod(s)
1578
##
1579
extraPodSpec: {}
1580
externalAccess:
1581
## @param sentinel.externalAccess.enabled Enable external access to the Redis
1582
##
1583
enabled: false
1584
service:
1585
## @param sentinel.externalAccess.service.loadBalancerIPAnnotaion Name of annotation to specify fixed IP for service in.
1586
##
1587
loadBalancerIPAnnotaion: ""
1588
## @param sentinel.externalAccess.service.type Type for the services used to expose every Pod
1589
## At this moment only LoadBalancer is supported
1590
##
1591
type: LoadBalancer
1592
## @param sentinel.externalAccess.service.redisPort Port for the services used to expose redis-server
1593
##
1594
redisPort: 6379
1595
## @param sentinel.externalAccess.service.sentinelPort Port for the services used to expose redis-sentinel
1596
##
1597
sentinelPort: 26379
1598
## @param sentinel.externalAccess.service.loadBalancerIP Array of load balancer IPs for each Redis(R) node. Length must be the same as sentinel.replicaCount
1599
##
1600
loadBalancerIP: []
1601
## @param sentinel.externalAccess.service.loadBalancerClass Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1602
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1603
##
1604
loadBalancerClass: ""
1605
## @param sentinel.externalAccess.service.loadBalancerSourceRanges Service Load Balancer sources
1606
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1607
## e.g:
1608
## loadBalancerSourceRanges:
1609
## - 10.10.10.0/24
1610
##
1611
loadBalancerSourceRanges: []
1612
## @param sentinel.externalAccess.service.annotations Annotations to add to the services used to expose every Pod of the Redis(R) Cluster
1613
##
1614
annotations: {}
1615
## @section Other Parameters
1616
##
1617
1618
## @param serviceBindings.enabled Create secret for service binding (Experimental)
1619
## Ref: https://servicebinding.io/service-provider/
1620
##
1621
serviceBindings:
1622
enabled: false
1623
## Network Policy configuration
1624
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1625
##
1626
networkPolicy:
1627
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
1628
##
1629
enabled: true
1630
## @param networkPolicy.allowExternal Don't require client label for connections
1631
## When set to false, only pods with the correct client label will have network access to the ports
1632
## Redis(R) is listening on. When true, Redis(R) will accept connections from any source
1633
## (with the correct destination port).
1634
##
1635
allowExternal: true
1636
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1637
##
1638
allowExternalEgress: true
1639
## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy
1640
## e.g:
1641
## extraIngress:
1642
## - ports:
1643
## - port: 1234
1644
## from:
1645
## - podSelector:
1646
## - matchLabels:
1647
## - role: frontend
1648
## - podSelector:
1649
## - matchExpressions:
1650
## - key: role
1651
## operator: In
1652
## values:
1653
## - frontend
1654
##
1655
extraIngress: []
1656
## @param networkPolicy.extraEgress Add extra egress rules to the NetworkPolicy
1657
## e.g:
1658
## extraEgress:
1659
## - ports:
1660
## - port: 1234
1661
## to:
1662
## - podSelector:
1663
## - matchLabels:
1664
## - role: frontend
1665
## - podSelector:
1666
## - matchExpressions:
1667
## - key: role
1668
## operator: In
1669
## values:
1670
## - frontend
1671
##
1672
extraEgress: []
1673
## @param networkPolicy.ingressNSMatchLabels Labels to match to allow traffic from other namespaces
1674
## @param networkPolicy.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces
1675
##
1676
ingressNSMatchLabels: {}
1677
ingressNSPodMatchLabels: {}
1678
metrics:
1679
## @param networkPolicy.metrics.allowExternal Don't require client label for connections for metrics endpoint
1680
## When set to false, only pods with the correct client label will have network access to the metrics port
1681
##
1682
allowExternal: true
1683
## @param networkPolicy.metrics.ingressNSMatchLabels Labels to match to allow traffic from other namespaces to metrics endpoint
1684
## @param networkPolicy.metrics.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces to metrics endpoint
1685
##
1686
ingressNSMatchLabels: {}
1687
ingressNSPodMatchLabels: {}
1688
## PodSecurityPolicy configuration
1689
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
1690
##
1691
podSecurityPolicy:
1692
## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
1693
##
1694
create: false
1695
## @param podSecurityPolicy.enabled Enable PodSecurityPolicy's RBAC rules
1696
##
1697
enabled: false
1698
## RBAC configuration
1699
##
1700
rbac:
1701
## @param rbac.create Specifies whether RBAC resources should be created
1702
##
1703
create: false
1704
## @param rbac.rules Custom RBAC rules to set
1705
## e.g:
1706
## rules:
1707
## - apiGroups:
1708
## - ""
1709
## resources:
1710
## - pods
1711
## verbs:
1712
## - get
1713
## - list
1714
##
1715
rules: []
1716
## ServiceAccount configuration
1717
##
1718
serviceAccount:
1719
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
1720
##
1721
create: true
1722
## @param serviceAccount.name The name of the ServiceAccount to use.
1723
## If not set and create is true, a name is generated using the common.names.fullname template
1724
##
1725
name: ""
1726
## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
1727
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
1728
##
1729
automountServiceAccountToken: false
1730
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
1731
##
1732
annotations: {}
1733
## Redis(R) Pod Disruption Budget configuration
1734
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1735
## @param pdb DEPRECATED Please use `master.pdb` and `replica.pdb` values instead
1736
##
1737
pdb: {}
1738
## TLS configuration
1739
##
1740
tls:
1741
## @param tls.enabled Enable TLS traffic
1742
##
1743
enabled: false
1744
## @param tls.authClients Require clients to authenticate
1745
##
1746
authClients: true
1747
## @param tls.autoGenerated Enable autogenerated certificates
1748
##
1749
autoGenerated: false
1750
## @param tls.existingSecret The name of the existing secret that contains the TLS certificates
1751
##
1752
existingSecret: ""
1753
## @param tls.certificatesSecret DEPRECATED. Use existingSecret instead.
1754
##
1755
certificatesSecret: ""
1756
## @param tls.certFilename Certificate filename
1757
##
1758
certFilename: ""
1759
## @param tls.certKeyFilename Certificate Key filename
1760
##
1761
certKeyFilename: ""
1762
## @param tls.certCAFilename CA Certificate filename
1763
##
1764
certCAFilename: ""
1765
## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers)
1766
##
1767
dhParamsFilename: ""
1768
## @section Metrics Parameters
1769
##
1770
metrics:
1771
## @param metrics.enabled Start a sidecar prometheus exporter to expose Redis(R) metrics
1772
##
1773
enabled: false
1774
## Iamguarded Redis(R) Exporter image
1775
## @param metrics.image.registry [default: REGISTRY_NAME] Redis(R) Exporter image registry
1776
## @param metrics.image.repository [default: REPOSITORY_NAME/redis-exporter] Redis(R) Exporter image repository
1777
## @skip metrics.image.tag Redis(R) Exporter image tag (immutable tags are recommended)
1778
## @param metrics.image.digest Redis(R) Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1779
## @param metrics.image.pullPolicy Redis(R) Exporter image pull policy
1780
## @param metrics.image.pullSecrets Redis(R) Exporter image pull secrets
1781
##
1782
image:
1783
registry: cgr.dev
1784
repository: chainguard-private/prometheus-redis-exporter-iamguarded
1785
tag: 1.81.0
1786
digest: ""
1787
pullPolicy: IfNotPresent
1788
## Optionally specify an array of imagePullSecrets.
1789
## Secrets must be manually created in the namespace.
1790
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1791
## e.g:
1792
## pullSecrets:
1793
## - myRegistryKeySecretName
1794
##
1795
pullSecrets: []
1796
## @param metrics.containerPorts.http Metrics HTTP container port
1797
##
1798
containerPorts:
1799
http: 9121
1800
## Configure extra options for Redis(R) containers' liveness, readiness & startup probes
1801
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
1802
## @param metrics.startupProbe.enabled Enable startupProbe on Redis(R) replicas nodes
1803
## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1804
## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe
1805
## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1806
## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe
1807
## @param metrics.startupProbe.successThreshold Success threshold for startupProbe
1808
##
1809
startupProbe:
1810
enabled: false
1811
initialDelaySeconds: 10
1812
periodSeconds: 10
1813
timeoutSeconds: 5
1814
successThreshold: 1
1815
failureThreshold: 5
1816
## @param metrics.livenessProbe.enabled Enable livenessProbe on Redis(R) replicas nodes
1817
## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1818
## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe
1819
## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1820
## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe
1821
## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe
1822
##
1823
livenessProbe:
1824
enabled: true
1825
initialDelaySeconds: 10
1826
periodSeconds: 10
1827
timeoutSeconds: 5
1828
successThreshold: 1
1829
failureThreshold: 5
1830
## @param metrics.readinessProbe.enabled Enable readinessProbe on Redis(R) replicas nodes
1831
## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1832
## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe
1833
## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1834
## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe
1835
## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe
1836
##
1837
readinessProbe:
1838
enabled: true
1839
initialDelaySeconds: 5
1840
periodSeconds: 10
1841
timeoutSeconds: 1
1842
successThreshold: 1
1843
failureThreshold: 3
1844
## @param metrics.customStartupProbe Custom startupProbe that overrides the default one
1845
##
1846
customStartupProbe: {}
1847
## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one
1848
##
1849
customLivenessProbe: {}
1850
## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one
1851
##
1852
customReadinessProbe: {}
1853
## @param metrics.command Override default metrics container init command (useful when using custom images)
1854
##
1855
command: []
1856
## @param metrics.redisTargetHost A way to specify an alternative Redis(R) hostname
1857
## Useful for certificate CN/SAN matching
1858
##
1859
redisTargetHost: "localhost"
1860
## @param metrics.extraArgs Extra arguments for Redis(R) exporter, for example:
1861
## e.g.:
1862
## extraArgs:
1863
## check-keys: myKey,myOtherKey
1864
##
1865
extraArgs: {}
1866
## @param metrics.extraEnvVars Array with extra environment variables to add to Redis(R) exporter
1867
## e.g:
1868
## extraEnvVars:
1869
## - name: FOO
1870
## value: "bar"
1871
##
1872
extraEnvVars: []
1873
## Configure Container Security Context
1874
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1875
## @param metrics.containerSecurityContext.enabled Enabled Redis(R) exporter containers' Security Context
1876
## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1877
## @param metrics.containerSecurityContext.runAsUser Set Redis(R) exporter containers' Security Context runAsUser
1878
## @param metrics.containerSecurityContext.runAsGroup Set Redis(R) exporter containers' Security Context runAsGroup
1879
## @param metrics.containerSecurityContext.runAsNonRoot Set Redis(R) exporter containers' Security Context runAsNonRoot
1880
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set Redis(R) exporter containers' Security Context allowPrivilegeEscalation
1881
## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
1882
## @param metrics.containerSecurityContext.seccompProfile.type Set Redis(R) exporter containers' Security Context seccompProfile
1883
## @param metrics.containerSecurityContext.capabilities.drop Set Redis(R) exporter containers' Security Context capabilities to drop
1884
##
1885
containerSecurityContext:
1886
enabled: true
1887
seLinuxOptions: {}
1888
runAsUser: 1001
1889
runAsGroup: 1001
1890
runAsNonRoot: true
1891
allowPrivilegeEscalation: false
1892
readOnlyRootFilesystem: true
1893
seccompProfile:
1894
type: RuntimeDefault
1895
capabilities:
1896
drop: ["ALL"]
1897
## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Redis(R) metrics sidecar
1898
##
1899
extraVolumes: []
1900
## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis(R) metrics sidecar
1901
##
1902
extraVolumeMounts: []
1903
## Redis(R) exporter resource requests and limits
1904
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1905
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
1906
##
1907
resourcesPreset: "nano"
1908
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1909
## Example:
1910
## resources:
1911
## requests:
1912
## cpu: 2
1913
## memory: 512Mi
1914
## limits:
1915
## cpu: 3
1916
## memory: 1024Mi
1917
##
1918
resources: {}
1919
## @param metrics.podLabels Extra labels for Redis(R) exporter pods
1920
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1921
##
1922
podLabels: {}
1923
## @param metrics.podAnnotations [object] Annotations for Redis(R) exporter pods
1924
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1925
##
1926
podAnnotations:
1927
prometheus.io/scrape: "true"
1928
prometheus.io/port: "9121"
1929
## Redis(R) exporter service parameters
1930
##
1931
service:
1932
## @param metrics.service.enabled Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor
1933
##
1934
enabled: true
1935
## @param metrics.service.type Redis(R) exporter service type
1936
##
1937
type: ClusterIP
1938
## @param metrics.service.ports.http Redis(R) exporter service port
1939
##
1940
ports:
1941
http: 9121
1942
## @param metrics.service.externalTrafficPolicy Redis(R) exporter service external traffic policy
1943
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1944
##
1945
externalTrafficPolicy: Cluster
1946
## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1947
##
1948
extraPorts: []
1949
## @param metrics.service.loadBalancerIP Redis(R) exporter service Load Balancer IP
1950
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1951
##
1952
loadBalancerIP: ""
1953
## @param metrics.service.loadBalancerClass exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1954
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1955
##
1956
loadBalancerClass: ""
1957
## @param metrics.service.loadBalancerSourceRanges Redis(R) exporter service Load Balancer sources
1958
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1959
## e.g.
1960
## loadBalancerSourceRanges:
1961
## - 10.10.10.0/24
1962
##
1963
loadBalancerSourceRanges: []
1964
## @param metrics.service.annotations Additional custom annotations for Redis(R) exporter service
1965
##
1966
annotations: {}
1967
## @param metrics.service.clusterIP Redis(R) exporter service Cluster IP
1968
##
1969
clusterIP: ""
1970
## Prometheus Service Monitor
1971
## ref: https://github.com/coreos/prometheus-operator
1972
## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1973
##
1974
serviceMonitor:
1975
## @param metrics.serviceMonitor.port the service port to scrape metrics from
1976
##
1977
port: http-metrics
1978
## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator
1979
##
1980
enabled: false
1981
## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created
1982
##
1983
namespace: ""
1984
## @param metrics.serviceMonitor.tlsConfig [object] TLS configuration used for scrape endpoints used by Prometheus
1985
##
1986
tlsConfig: {}
1987
## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped
1988
##
1989
interval: 30s
1990
## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended
1991
##
1992
scrapeTimeout: ""
1993
## @param metrics.serviceMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping.
1994
##
1995
relabelings: []
1996
## @skip metrics.serviceMonitor.relabellings DEPRECATED: Use `metrics.serviceMonitor.relabelings` instead.
1997
##
1998
relabellings: []
1999
## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
2000
##
2001
metricRelabelings: []
2002
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
2003
##
2004
honorLabels: false
2005
## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus
2006
##
2007
additionalLabels: {}
2008
## @param metrics.serviceMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics
2009
##
2010
podTargetLabels: []
2011
## @param metrics.serviceMonitor.sampleLimit Limit of how many samples should be scraped from every Pod
2012
##
2013
sampleLimit: false
2014
## @param metrics.serviceMonitor.targetLimit Limit of how many targets should be scraped
2015
##
2016
targetLimit: false
2017
## @param metrics.serviceMonitor.additionalEndpoints Additional endpoints to scrape (e.g sentinel)
2018
##
2019
additionalEndpoints: []
2020
# uncomment in order to scrape sentinel metrics, also to in order distinguish between Sentinel and Redis container metrics
2021
# add metricRelabelings with label like app=redis to main redis pod-monitor port
2022
# - interval: "30s"
2023
# path: "/scrape"
2024
# port: "http-metrics"
2025
# params:
2026
# target: ["localhost:26379"]
2027
# metricRelabelings:
2028
# - targetLabel: "app"
2029
# replacement: "sentinel"
2030
## Prometheus Pod Monitor
2031
## ref: https://github.com/coreos/prometheus-operator
2032
## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#podmonitor
2033
##
2034
podMonitor:
2035
## @param metrics.podMonitor.port the pod port to scrape metrics from
2036
##
2037
port: metrics
2038
## @param metrics.podMonitor.enabled Create PodMonitor resource(s) for scraping metrics using PrometheusOperator
2039
##
2040
enabled: false
2041
## @param metrics.podMonitor.namespace The namespace in which the PodMonitor will be created
2042
##
2043
namespace: ""
2044
## @param metrics.podMonitor.tlsConfig [object] TLS configuration used for scrape endpoints used by Prometheus
2045
##
2046
tlsConfig: {}
2047
## @param metrics.podMonitor.interval The interval at which metrics should be scraped
2048
##
2049
interval: 30s
2050
## @param metrics.podMonitor.scrapeTimeout The timeout after which the scrape is ended
2051
##
2052
scrapeTimeout: ""
2053
## @param metrics.podMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping.
2054
##
2055
relabelings: []
2056
## @skip metrics.podMonitor.relabellings DEPRECATED: Use `metrics.podMonitor.relabelings` instead.
2057
##
2058
relabellings: []
2059
## @param metrics.podMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
2060
##
2061
metricRelabelings: []
2062
# - targetLabel: "app"
2063
# replacement: "redis"
2064
## @param metrics.podMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
2065
##
2066
honorLabels: false
2067
## @param metrics.podMonitor.additionalLabels Additional labels that can be used so PodMonitor resource(s) can be discovered by Prometheus
2068
##
2069
additionalLabels: {}
2070
## @param metrics.podMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics
2071
##
2072
podTargetLabels: []
2073
## @param metrics.podMonitor.sampleLimit Limit of how many samples should be scraped from every Pod
2074
##
2075
sampleLimit: false
2076
## @param metrics.podMonitor.targetLimit Limit of how many targets should be scraped
2077
##
2078
targetLimit: false
2079
## @param metrics.podMonitor.additionalEndpoints Additional endpoints to scrape (e.g sentinel)
2080
##
2081
additionalEndpoints: []
2082
# - interval: "30s"
2083
# path: "/scrape"
2084
# port: "metrics"
2085
# params:
2086
# target: ["localhost:26379"]
2087
# metricRelabelings:
2088
# - targetLabel: "app"
2089
# replacement: "sentinel"
2090
## Custom PrometheusRule to be defined
2091
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
2092
##
2093
prometheusRule:
2094
## @param metrics.prometheusRule.enabled Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator
2095
##
2096
enabled: false
2097
## @param metrics.prometheusRule.namespace The namespace in which the prometheusRule will be created
2098
##
2099
namespace: ""
2100
## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule
2101
##
2102
additionalLabels: {}
2103
## @param metrics.prometheusRule.rules Custom Prometheus rules
2104
## e.g:
2105
## rules:
2106
## - alert: RedisDown
2107
## expr: redis_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0
2108
## for: 2m
2109
## labels:
2110
## severity: error
2111
## annotations:
2112
## summary: Redis(R) instance {{ "{{ $labels.instance }}" }} down
2113
## description: Redis(R) instance {{ "{{ $labels.instance }}" }} is down
2114
## - alert: RedisMemoryHigh
2115
## expr: >
2116
## redis_memory_used_bytes{service="{{ template "common.names.fullname" . }}-metrics"} * 100
2117
## /
2118
## redis_memory_max_bytes{service="{{ template "common.names.fullname" . }}-metrics"}
2119
## > 90
2120
## for: 2m
2121
## labels:
2122
## severity: error
2123
## annotations:
2124
## summary: Redis(R) instance {{ "{{ $labels.instance }}" }} is using too much memory
2125
## description: |
2126
## Redis(R) instance {{ "{{ $labels.instance }}" }} is using {{ "{{ $value }}" }}% of its available memory.
2127
## - alert: RedisKeyEviction
2128
## expr: |
2129
## increase(redis_evicted_keys_total{service="{{ template "common.names.fullname" . }}-metrics"}[5m]) > 0
2130
## for: 1s
2131
## labels:
2132
## severity: error
2133
## annotations:
2134
## summary: Redis(R) instance {{ "{{ $labels.instance }}" }} has evicted keys
2135
## description: |
2136
## Redis(R) instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes.
2137
##
2138
rules: []
2139
## @section Init Container Parameters
2140
##
2141
2142
## 'volumePermissions' init container parameters
2143
## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
2144
## based on the *podSecurityContext/*containerSecurityContext parameters
2145
##
2146
volumePermissions:
2147
## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`
2148
##
2149
enabled: false
2150
## OS Shell + Utility image
2151
## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry
2152
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository
2153
## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended)
2154
## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2155
## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy
2156
## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets
2157
##
2158
image:
2159
registry: cgr.dev
2160
repository: chainguard-private/os-shell-iamguarded
2161
tag: 1.0.0
2162
digest: ""
2163
pullPolicy: IfNotPresent
2164
## Optionally specify an array of imagePullSecrets.
2165
## Secrets must be manually created in the namespace.
2166
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2167
## e.g:
2168
## pullSecrets:
2169
## - myRegistryKeySecretName
2170
##
2171
pullSecrets: []
2172
## Init container's resource requests and limits
2173
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2174
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
2175
##
2176
resourcesPreset: "nano"
2177
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2178
## Example:
2179
## resources:
2180
## requests:
2181
## cpu: 2
2182
## memory: 512Mi
2183
## limits:
2184
## cpu: 3
2185
## memory: 1024Mi
2186
##
2187
resources: {}
2188
## Init container Container Security Context
2189
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
2190
## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2191
## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
2192
## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
2193
## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
2194
## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
2195
##
2196
containerSecurityContext:
2197
seLinuxOptions: {}
2198
runAsUser: 0
2199
## @param volumePermissions.extraEnvVars Array with extra environment variables to add to volume permissions init container.
2200
## e.g:
2201
## extraEnvVars:
2202
## - name: FOO
2203
## value: "bar"
2204
##
2205
extraEnvVars: []
2206
## Kubectl InitContainer
2207
## used by Sentinel to update the isMaster label on the Redis(TM) pods
2208
##
2209
kubectl:
2210
## Iamguarded Kubectl image version
2211
## @param kubectl.image.registry [default: REGISTRY_NAME] Kubectl image registry
2212
## @param kubectl.image.repository [default: REPOSITORY_NAME/kubectl] Kubectl image repository
2213
## @skip kubectl.image.tag Kubectl image tag (immutable tags are recommended), by default, using the current version
2214
## @param kubectl.image.digest Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2215
## @param kubectl.image.pullPolicy Kubectl image pull policy
2216
## @param kubectl.image.pullSecrets Kubectl pull secrets
2217
##
2218
image:
2219
registry: cgr.dev
2220
repository: chainguard-private/kubectl-iamguarded
2221
tag: 1.35.2
2222
digest: ""
2223
## Specify a imagePullPolicy
2224
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
2225
##
2226
pullPolicy: IfNotPresent
2227
## Optionally specify an array of imagePullSecrets.
2228
## Secrets must be manually created in the namespace.
2229
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2230
## e.g:
2231
## pullSecrets:
2232
## - myRegistryKeySecretName
2233
##
2234
pullSecrets: []
2235
## @param kubectl.command kubectl command to execute
2236
##
2237
command: ["/opt/iamguarded/scripts/kubectl-scripts/update-master-label.sh"]
2238
## Configure Container Security Context
2239
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2240
## @param kubectl.containerSecurityContext.enabled Enabled kubectl containers' Security Context
2241
## @param kubectl.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2242
## @param kubectl.containerSecurityContext.runAsUser Set kubectl containers' Security Context runAsUser
2243
## @param kubectl.containerSecurityContext.runAsGroup Set kubectl containers' Security Context runAsGroup
2244
## @param kubectl.containerSecurityContext.runAsNonRoot Set kubectl containers' Security Context runAsNonRoot
2245
## @param kubectl.containerSecurityContext.allowPrivilegeEscalation Set kubectl containers' Security Context allowPrivilegeEscalation
2246
## @param kubectl.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
2247
## @param kubectl.containerSecurityContext.seccompProfile.type Set kubectl containers' Security Context seccompProfile
2248
## @param kubectl.containerSecurityContext.capabilities.drop Set kubectl containers' Security Context capabilities to drop
2249
##
2250
containerSecurityContext:
2251
enabled: true
2252
seLinuxOptions: {}
2253
runAsUser: 1001
2254
runAsGroup: 1001
2255
runAsNonRoot: true
2256
allowPrivilegeEscalation: false
2257
readOnlyRootFilesystem: true
2258
seccompProfile:
2259
type: RuntimeDefault
2260
capabilities:
2261
drop: ["ALL"]
2262
## Iamguarded Kubectl resource requests and limits
2263
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2264
## @param kubectl.resources.limits The resources limits for the kubectl containers
2265
## @param kubectl.resources.requests The requested resources for the kubectl containers
2266
##
2267
resources:
2268
limits: {}
2269
requests: {}
2270
## init-sysctl container parameters
2271
## used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings)
2272
##
2273
sysctl:
2274
## @param sysctl.enabled Enable init container to modify Kernel settings
2275
##
2276
enabled: false
2277
## OS Shell + Utility image
2278
## @param sysctl.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry
2279
## @param sysctl.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository
2280
## @skip sysctl.image.tag OS Shell + Utility image tag (immutable tags are recommended)
2281
## @param sysctl.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2282
## @param sysctl.image.pullPolicy OS Shell + Utility image pull policy
2283
## @param sysctl.image.pullSecrets OS Shell + Utility image pull secrets
2284
##
2285
image:
2286
registry: cgr.dev
2287
repository: chainguard-private/os-shell-iamguarded
2288
tag: 1.0.0
2289
digest: ""
2290
pullPolicy: IfNotPresent
2291
## Optionally specify an array of imagePullSecrets.
2292
## Secrets must be manually created in the namespace.
2293
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2294
## e.g:
2295
## pullSecrets:
2296
## - myRegistryKeySecretName
2297
##
2298
pullSecrets: []
2299
## @param sysctl.command Override default init-sysctl container command (useful when using custom images)
2300
##
2301
command: []
2302
## @param sysctl.mountHostSys Mount the host `/sys` folder to `/host-sys`
2303
##
2304
mountHostSys: false
2305
## Init container's resource requests and limits
2306
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2307
## @param sysctl.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production).
2308
##
2309
resourcesPreset: "nano"
2310
## @param sysctl.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2311
## Example:
2312
## resources:
2313
## requests:
2314
## cpu: 2
2315
## memory: 512Mi
2316
## limits:
2317
## cpu: 3
2318
## memory: 1024Mi
2319
##
2320
resources: {}
2321
## @section useExternalDNS Parameters
2322
##
2323
## @param useExternalDNS.enabled Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable.
2324
## @param useExternalDNS.additionalAnnotations Extra annotations to be utilized when `external-dns` is enabled.
2325
## @param useExternalDNS.annotationKey The annotation key utilized when `external-dns` is enabled. Setting this to `false` will disable annotations.
2326
## @param useExternalDNS.suffix The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release.
2327
##
2328
useExternalDNS:
2329
enabled: false
2330
suffix: ""
2331
annotationKey: external-dns.alpha.kubernetes.io/
2332
additionalAnnotations: {}
2333