diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 0e24df5..9ec1a9c 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -67,7 +67,7 @@ jobs: - name: Generate TF Docs uses: terraform-docs/gh-actions@v1.0.0 with: - working-dir: addons/aws-ebs-csi-driver,addons/aws-efs-csi-driver,addons/aws-load-balancer-controller,addons/aws-node-termination-handler,addons/calico-tigera,addons/cluster-autoscaler,addons/external-secrets,addons/fluent-bit,addons/helm,addons/ingress-nginx,addons/istio-ingress,addons/karpenter,addons/kiali-server,addons/kubeclarity,addons/metrics-server,addons/nri-bundle,addons/velero,addons/kube-state-metrics,addons/keda,addons/reloader,addons/external-dns + working-dir: addons/aws-ebs-csi-driver,addons/aws-efs-csi-driver,addons/aws-load-balancer-controller,addons/aws-node-termination-handler,addons/calico-tigera,addons/cluster-autoscaler,addons/external-secrets,addons/fluent-bit,addons/helm,addons/ingress-nginx,addons/istio-ingress,addons/karpenter,addons/kiali-server,addons/kubeclarity,addons/metrics-server,addons/nri-bundle,addons/velero,addons/kube-state-metrics,addons/keda,addons/cert-manager,addons/filebeat,addons/reloader,addons/external-dns,addons/redis git-push: true template: |- diff --git a/_examples/basic/config/istio/virtual-service.yaml b/_examples/basic/config/istio/virtual-service.yaml index 78c38f3..ef6d182 100644 --- a/_examples/basic/config/istio/virtual-service.yaml +++ b/_examples/basic/config/istio/virtual-service.yaml @@ -1,6 +1,6 @@ # If application will be deployed using HelmChart(ChartName=myapp) then: # replace `appname` by `{{ include "myapp.fullname" . }}` and -# replace `istio-system` by `{{ include "myapp.namespace" . }}` +# replace `default` by `{{ include "myapp.namespace" . }}` apiVersion: networking.istio.io/v1beta1 kind: VirtualService diff --git a/_examples/basic/main.tf b/_examples/basic/main.tf index a0a1155..a5ea34a 100644 --- a/_examples/basic/main.tf +++ b/_examples/basic/main.tf @@ -177,6 +177,7 @@ module "addons" { certification_manager = true reloader = true external_dns = true + redis = true # -- Addons with mandatory variable istio_ingress = true diff --git a/_examples/complete/config/istio/virtual-service.yaml b/_examples/complete/config/istio/virtual-service.yaml index 78c38f3..ef6d182 100644 --- a/_examples/complete/config/istio/virtual-service.yaml +++ b/_examples/complete/config/istio/virtual-service.yaml @@ -1,6 +1,6 @@ # If application will be deployed using HelmChart(ChartName=myapp) then: # replace `appname` by `{{ include "myapp.fullname" . }}` and -# replace `istio-system` by `{{ include "myapp.namespace" . }}` +# replace `default` by `{{ include "myapp.namespace" . }}` apiVersion: networking.istio.io/v1beta1 kind: VirtualService diff --git a/_examples/complete/config/override-redis.yaml b/_examples/complete/config/override-redis.yaml new file mode 100644 index 0000000..258dc7e --- /dev/null +++ b/_examples/complete/config/override-redis.yaml @@ -0,0 +1,34 @@ +global: + storageClass: "" + redis: + password: "redisPassword" + +# -- master configuration parameters +master: + count: 1 + persistence: + size: 4Gi + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + +# -- replicas configuration parameters +replica: + replicaCount: 3 + persistence: + size: 4Gi + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" \ No newline at end of file diff --git a/_examples/complete/main.tf b/_examples/complete/main.tf index e29d9cf..419e2a3 100644 --- a/_examples/complete/main.tf +++ b/_examples/complete/main.tf @@ -171,6 +171,8 @@ module "addons" { filebeat = true reloader = true external_dns = true + redis = true + # -- Addons with mandatory variable @@ -203,6 +205,8 @@ module "addons" { filebeat_helm_config = { values = [file("./config/override-filebeat.yaml")] } reloader_helm_config = { values = [file("./config/reloader/override-reloader.yaml")] } external_dns_helm_config = { values = [file("./config/override-external-dns.yaml")] } + redis_helm_config = { values = [file("./config/override-redis.yaml")] } + # -- Override Helm Release attributes metrics_server_extra_configs = var.metrics_server_extra_configs @@ -227,6 +231,7 @@ module "addons" { filebeat_extra_configs = var.filebeat_extra_configs reloader_extra_configs = var.reloader_extra_configs external_dns_extra_configs = var.external_dns_extra_configs + redis_extra_configs = var.redis_extra_configs # -- Custom IAM Policy Json for Addon's ServiceAccount cluster_autoscaler_iampolicy_json_content = file("./custom-iam-policies/cluster-autoscaler.json") diff --git a/_examples/complete/variables.tf b/_examples/complete/variables.tf index 04e01fa..86d4303 100644 --- a/_examples/complete/variables.tf +++ b/_examples/complete/variables.tf @@ -192,4 +192,13 @@ variable "reloader_extra_configs" { variable "external_dns_extra_configs" { type = any default = {} +} + +# ------------------ REDIS -------------------------------------------------- +variable "redis_extra_configs" { + type = any + default = { + atomic = true + timeout = 300 + } } \ No newline at end of file diff --git a/_examples/external-eks/README.md b/_examples/external-eks/README.md new file mode 100644 index 0000000..2e565d2 --- /dev/null +++ b/_examples/external-eks/README.md @@ -0,0 +1,3 @@ +## examples/external-eks + +This example shows that, how to use terraform-aws-eks-addons module if your cluster is already created. diff --git a/_examples/external-eks/config/calico-tigera-values.yaml b/_examples/external-eks/config/calico-tigera-values.yaml new file mode 100644 index 0000000..ca6601b --- /dev/null +++ b/_examples/external-eks/config/calico-tigera-values.yaml @@ -0,0 +1,11 @@ +installation: + kubernetesProvider: "EKS" + +## Using limits and requests +resources: + limits: + cpu: 300m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi \ No newline at end of file diff --git a/_examples/external-eks/config/external-secret/external-secret.yaml b/_examples/external-eks/config/external-secret/external-secret.yaml new file mode 100644 index 0000000..edc6218 --- /dev/null +++ b/_examples/external-eks/config/external-secret/external-secret.yaml @@ -0,0 +1,18 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: external-secret # -- Provide external secret name + namespace: kube-system # -- Do not change this namespace field +spec: + refreshInterval: 1h + secretStoreRef: + name: external-secrets-store # -- Provide previously created secret store name + kind: SecretStore + target: + name: externalsecret-data # -- Name of Kubernetes secret which will contain data specified below + creationPolicy: Owner + data: + - secretKey: external_secret_key # -- Kubernetes Secret `externalsecret-data` KEY name + remoteRef: + key: external_secrets_addon # -- AWS Secret Name, same as `var.external_secrets_extra_configs.secret_manager_name` + property: external_secret # -- AWS Secret-Manager secret key \ No newline at end of file diff --git a/_examples/external-eks/config/external-secret/override-values.yaml b/_examples/external-eks/config/external-secret/override-values.yaml new file mode 100644 index 0000000..bba530b --- /dev/null +++ b/_examples/external-eks/config/external-secret/override-values.yaml @@ -0,0 +1,24 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + +## Using limits and requests + +resources: + limits: + cpu: 200m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi + +podAnnotations: + co.elastic.logs/enabled: "true" diff --git a/_examples/external-eks/config/external-secret/secret-store.yaml b/_examples/external-eks/config/external-secret/secret-store.yaml new file mode 100644 index 0000000..95b2ccc --- /dev/null +++ b/_examples/external-eks/config/external-secret/secret-store.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: external-secrets-store # -- Provide secret store name + namespace: kube-system # -- Do not change this namespace name +spec: + provider: + aws: + service: SecretsManager + region: us-east-1 # -- Provoide your cluster region + auth: + jwt: + serviceAccountRef: + name: external-secrets-sa # -- Do not change this name field \ No newline at end of file diff --git a/_examples/external-eks/config/external-secret/usage.yaml b/_examples/external-eks/config/external-secret/usage.yaml new file mode 100644 index 0000000..e6f2676 --- /dev/null +++ b/_examples/external-eks/config/external-secret/usage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Pod +metadata: + name: ubuntu-pod + namespace: kube-system # -- keep this namespace same as ExternalSecret namespace + labels: + app: ubuntu-pod +spec: + containers: + - image: ubuntu + command: + - "sleep" + - "604800" + imagePullPolicy: IfNotPresent + name: ubuntu-pod + env: + - name: USER_1 # -- Environment variable of pod + valueFrom: + secretKeyRef: + name: externalsecret-data # -- kubernetes secret name + key: do_not_delete_this_key # -- Same as spec.data.secretKey field of ExternalSecret + optional: false + restartPolicy: Always \ No newline at end of file diff --git a/_examples/external-eks/config/istio/gateway-internal.yaml b/_examples/external-eks/config/istio/gateway-internal.yaml new file mode 100644 index 0000000..5025026 --- /dev/null +++ b/_examples/external-eks/config/istio/gateway-internal.yaml @@ -0,0 +1,17 @@ +# -- Make sure to use same Namespace for Gateway, Ingress & var.istio_ingress_extra_configs["namespace"], default namespace is set to `istio-system`. +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: istio-gateway-internal + namespace: istio-system +spec: + selector: + istio: ingress-internal + servers: + - hosts: + - "*.test.clouddrove.com" + - "test.clouddrove.com" + port: + number: 80 + name: http + protocol: HTTP diff --git a/_examples/external-eks/config/istio/gateway.yaml b/_examples/external-eks/config/istio/gateway.yaml new file mode 100644 index 0000000..7835154 --- /dev/null +++ b/_examples/external-eks/config/istio/gateway.yaml @@ -0,0 +1,17 @@ +# -- Make sure to use same Namespace for Gateway, Ingress & var.istio_ingress_extra_configs["namespace"], default namespace is set to `istio-system`. +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: istio-gateway + namespace: istio-system +spec: + selector: + istio: ingress + servers: + - hosts: + - "*.test.clouddrove.com" + - "test.clouddrove.com" + port: + number: 80 + name: http + protocol: HTTP diff --git a/_examples/external-eks/config/istio/ingress-internal.yaml b/_examples/external-eks/config/istio/ingress-internal.yaml new file mode 100644 index 0000000..3f249e9 --- /dev/null +++ b/_examples/external-eks/config/istio/ingress-internal.yaml @@ -0,0 +1,21 @@ +# -- Make sure to use same Namespace for Ingress, Gateway & var.istio_ingress_extra_configs["namespace"], default namespace is set to `istio-system`. +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: istio-ingress-internal + namespace: istio-system + annotations: + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' +spec: + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: istio-ingress-internal + port: + number: 80 \ No newline at end of file diff --git a/_examples/external-eks/config/istio/ingress.yaml b/_examples/external-eks/config/istio/ingress.yaml new file mode 100644 index 0000000..34a6f0a --- /dev/null +++ b/_examples/external-eks/config/istio/ingress.yaml @@ -0,0 +1,21 @@ +# -- Make sure to use same Namespace for Ingress, Gateway & var.istio_ingress_extra_configs["namespace"], default namespace is set to `istio-system`. +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: istio-ingress + namespace: istio-system + annotations: + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' +spec: + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: istio-ingress + port: + number: 80 \ No newline at end of file diff --git a/_examples/external-eks/config/istio/override-values.yaml b/_examples/external-eks/config/istio/override-values.yaml new file mode 100644 index 0000000..07396c6 --- /dev/null +++ b/_examples/external-eks/config/istio/override-values.yaml @@ -0,0 +1,6 @@ +global: + defaultNodeSelector: + "eks.amazonaws.com/nodegroup" : "critical" + +service: + type: NodePort \ No newline at end of file diff --git a/_examples/external-eks/config/istio/virtual-service.yaml b/_examples/external-eks/config/istio/virtual-service.yaml new file mode 100644 index 0000000..ef6d182 --- /dev/null +++ b/_examples/external-eks/config/istio/virtual-service.yaml @@ -0,0 +1,27 @@ +# If application will be deployed using HelmChart(ChartName=myapp) then: +# replace `appname` by `{{ include "myapp.fullname" . }}` and +# replace `default` by `{{ include "myapp.namespace" . }}` + +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + annotations: + meta.helm.sh/release-name: appname + meta.helm.sh/release-namespace: default + generation: 1 + labels: + app.kubernetes.io/instance: appname + app.kubernetes.io/name: appname + name: appname + namespace: default +spec: + gateways: + - istio-system/istio-gateway + hosts: + - test.clouddrove.com + http: + - route: + - destination: + host: appname + port: + number: 80 diff --git a/_examples/external-eks/config/keda/override-keda.yaml b/_examples/external-eks/config/keda/override-keda.yaml new file mode 100644 index 0000000..d169381 --- /dev/null +++ b/_examples/external-eks/config/keda/override-keda.yaml @@ -0,0 +1,9 @@ +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" \ No newline at end of file diff --git a/_examples/external-eks/config/keda/strategy_example.yaml b/_examples/external-eks/config/keda/strategy_example.yaml new file mode 100644 index 0000000..7e1a12b --- /dev/null +++ b/_examples/external-eks/config/keda/strategy_example.yaml @@ -0,0 +1,36 @@ +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + name: nginx-deployment + namespace: nginx +spec: + scaleTargetRef: + apiVersion: apps/v1 # Optional. Default: apps/v1 + kind: Deployment # Optional. Default: Deployment + name: nginx # Mandatory. Must be in the same namespace as the ScaledObject + pollingInterval: 5 # Optional. Default: 5 seconds + cooldownPeriod: 20 # Optional. Default: 300 seconds + minReplicaCount: 1 # Optional. Default: 0 + maxReplicaCount: 10 # Optional. Default: 100 + fallback: # Optional. Section to specify fallback options + failureThreshold: 3 # Mandatory if fallback section is included + replicas: 1 # Mandatory if fallback section is included + advanced: # Optional. Section to specify advanced options + restoreToOriginalReplicaCount: true # Optional. Default: false + horizontalPodAutoscalerConfig: # Optional. Section to specify HPA related options + name: keda-hpa-nginx # Optional. Default: keda-hpa-{scaled-object-name} + behavior: # Optional. Use to modify HPA's scaling behavior + scaleDown: + stabilizationWindowSeconds: 60 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + triggers: + - type: cron + metadata: + # Required + timezone: Asia/Kolkata # The acceptable values would be a value from the IANA Time Zone Database. + start: "12 00 * * *" + end: "15 00 * * *" + desiredReplicas: "5" \ No newline at end of file diff --git a/_examples/external-eks/config/kiali/kiali_vs.yaml b/_examples/external-eks/config/kiali/kiali_vs.yaml new file mode 100644 index 0000000..3b8fae3 --- /dev/null +++ b/_examples/external-eks/config/kiali/kiali_vs.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: kiali + namespace: istio-system +spec: + hosts: + - dash.test.clouddrove.com + gateways: + - istio-system/istio-gateway + http: + - route: + - destination: + host: kiali + port: + number: 20001 \ No newline at end of file diff --git a/_examples/external-eks/config/kiali/override-values.yaml b/_examples/external-eks/config/kiali/override-values.yaml new file mode 100644 index 0000000..86eeb7e --- /dev/null +++ b/_examples/external-eks/config/kiali/override-values.yaml @@ -0,0 +1,21 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" +deployment: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + +## Using limits and requests + + resources: + limits: + cpu: 200m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi diff --git a/_examples/external-eks/config/override-aws-ebs-csi-driver.yaml b/_examples/external-eks/config/override-aws-ebs-csi-driver.yaml new file mode 100644 index 0000000..b278543 --- /dev/null +++ b/_examples/external-eks/config/override-aws-ebs-csi-driver.yaml @@ -0,0 +1,42 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" +controller: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + ## Using limits and requests + resources: + limits: + cpu: 300m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi + +node: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + + ## Using limits and requests + resources: + limits: + cpu: 300m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi + +podAnnotations: + co.elastic.logs/enabled: "true" diff --git a/_examples/external-eks/config/override-aws-efs-csi-driver.yaml b/_examples/external-eks/config/override-aws-efs-csi-driver.yaml new file mode 100644 index 0000000..0a124c6 --- /dev/null +++ b/_examples/external-eks/config/override-aws-efs-csi-driver.yaml @@ -0,0 +1,23 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + +## Using limits and requests +resources: + limits: + cpu: 300m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi + +podAnnotations: + co.elastic.logs/enabled: "true" diff --git a/_examples/external-eks/config/override-aws-load-balancer-controller.yaml b/_examples/external-eks/config/override-aws-load-balancer-controller.yaml new file mode 100644 index 0000000..0a124c6 --- /dev/null +++ b/_examples/external-eks/config/override-aws-load-balancer-controller.yaml @@ -0,0 +1,23 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + +## Using limits and requests +resources: + limits: + cpu: 300m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi + +podAnnotations: + co.elastic.logs/enabled: "true" diff --git a/_examples/external-eks/config/override-aws-node-termination-handler.yaml b/_examples/external-eks/config/override-aws-node-termination-handler.yaml new file mode 100644 index 0000000..bba530b --- /dev/null +++ b/_examples/external-eks/config/override-aws-node-termination-handler.yaml @@ -0,0 +1,24 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + +## Using limits and requests + +resources: + limits: + cpu: 200m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi + +podAnnotations: + co.elastic.logs/enabled: "true" diff --git a/_examples/external-eks/config/override-certification-manager.yaml b/_examples/external-eks/config/override-certification-manager.yaml new file mode 100644 index 0000000..3874dd0 --- /dev/null +++ b/_examples/external-eks/config/override-certification-manager.yaml @@ -0,0 +1,21 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + +resources: + limits: + cpu: 200m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi + +installCRDs: true diff --git a/_examples/external-eks/config/override-cluster-autoscaler.yaml b/_examples/external-eks/config/override-cluster-autoscaler.yaml new file mode 100644 index 0000000..38a7302 --- /dev/null +++ b/_examples/external-eks/config/override-cluster-autoscaler.yaml @@ -0,0 +1,24 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + + +## Using limits and requests +resources: + limits: + cpu: 300m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi + +podAnnotations: + co.elastic.logs/enabled: "true" diff --git a/_examples/external-eks/config/override-filebeat.yaml b/_examples/external-eks/config/override-filebeat.yaml new file mode 100644 index 0000000..3b8b764 --- /dev/null +++ b/_examples/external-eks/config/override-filebeat.yaml @@ -0,0 +1,113 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" +daemonset: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + ## Using limits and requests + resources: + limits: + cpu: "300m" + memory: "200Mi" + requests: + cpu: 100m + memory: 100Mi + # Include the daemonset + enabled: true + extraEnvs: + - name: "ELASTICSEARCH_USERNAME" + valueFrom: + secretKeyRef: + name: elasticsearch-master-credentials + key: username + - name: "ELASTICSEARCH_PASSWORD" + valueFrom: + secretKeyRef: + name: elasticsearch-master-credentials + key: password + # Allows you to add any config files in /usr/share/filebeat + # such as filebeat.yml for daemonset + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" + + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '["https://${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}"]' + username: '${ELASTICSEARCH_USERNAME}' + password: '${ELASTICSEARCH_PASSWORD}' + protocol: https + ssl.certificate_authorities: ["/usr/share/filebeat/certs/ca.crt"] + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: + - name: elasticsearch-master-certs + secretName: elasticsearch-master-certs + path: /usr/share/filebeat/certs/ + +deployment: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + + ## Using limits and requests + resources: + limits: + cpu: "300m" + memory: "200Mi" + requests: + cpu: 100m + memory: 100Mi + + extraEnvs: + - name: "ELASTICSEARCH_USERNAME" + valueFrom: + secretKeyRef: + name: elasticsearch-master-credentials + key: username + - name: "ELASTICSEARCH_PASSWORD" + valueFrom: + secretKeyRef: + name: elasticsearch-master-credentials + key: password + # such as filebeat.yml for deployment + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: log + paths: + - /usr/share/filebeat/logs/filebeat + + output.elasticsearch: + host: "${NODE_NAME}" + hosts: '["https://${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}"]' + username: "${ELASTICSEARCH_USERNAME}" + password: "${ELASTICSEARCH_PASSWORD}" + protocol: https + ssl.certificate_authorities: ["/usr/share/filebeat/certs/ca.crt"] + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: + - name: elasticsearch-master-certs + secretName: elasticsearch-master-certs + path: /usr/share/filebeat/certs/ \ No newline at end of file diff --git a/_examples/external-eks/config/override-fluent-bit.yaml b/_examples/external-eks/config/override-fluent-bit.yaml new file mode 100644 index 0000000..bf2207e --- /dev/null +++ b/_examples/external-eks/config/override-fluent-bit.yaml @@ -0,0 +1,85 @@ +## -- Node affinity for particular node in which labels key is "Infra-Services" and value is "true" +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + + +## -- Using limits and requests +resources: + limits: + cpu: 150m + memory: 150Mi + requests: + cpu: 100m + memory: 90Mi + +podAnnotations: + co.elastic.logs/enabled: "true" + + +# -- Configuration to use Amazon CloudWatch LogGroup for logs having word `application` in it. +config: + service: | + [SERVICE] + Flush 5 + Grace 30 + Log_Level info + Daemon off + Parsers_File parsers.conf + HTTP_Server On + HTTP_Listen 0.0.0.0 + HTTP_Port {{ .Values.metricsPort }} + storage.path /var/fluent-bit/state/flb-storage/ + storage.sync normal + storage.checksum off + storage.backlog.mem_limit 5M + + inputs: | + [INPUT] + Name tail + Tag application.* + Path /var/log/containers/*.log + multiline.parser docker, cri + Mem_Buf_Limit 50MB + Skip_Long_Lines On + + [INPUT] + Name tail + Tag application.* + Path /var/log/containers/fluent-bit* + multiline.parser docker, cri + Mem_Buf_Limit 5MB + Skip_Long_Lines On + + [INPUT] + Name tail + Tag application.* + Path /var/log/containers/cloudwatch-agent* + multiline.parser docker, cri + Mem_Buf_Limit 5MB + Skip_Long_Lines On + + filters: | + [FILTER] + Name kubernetes + Match application.* + Merge_Log On + K8S-Logging.Parser On + K8S-Logging.Exclude On + + outputs: | + [OUTPUT] + Name cloudwatch_logs + Match application.* + region {{ .Values.eks_configs.region }} + log_group_name /aws/containerinsights/{{ .Values.eks_configs.cluster_name }}/application + auto_create_group true + extra_user_agent container-insights + log_stream_prefix eks- + log_retention_days 7 \ No newline at end of file diff --git a/_examples/external-eks/config/override-ingress-nginx.yaml b/_examples/external-eks/config/override-ingress-nginx.yaml new file mode 100644 index 0000000..168610a --- /dev/null +++ b/_examples/external-eks/config/override-ingress-nginx.yaml @@ -0,0 +1,46 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + + +## Using limits and requests + +resources: + limits: + cpu: 150m + memory: 150Mi + requests: + cpu: 100m + memory: 90Mi + +podAnnotations: + co.elastic.logs/enabled: "true" + +## Override values for ingress nginx + +controller: + service: + annotations: + kubernetes.io/ingress.class: nginx + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' + service.beta.kubernetes.io/aws-load-balancer-type: nlb + service.beta.kubernetes.io/aws-load-balancer-external: "true" + external: + enabled: true + internal: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' + service.beta.kubernetes.io/aws-load-balancer-type: nlb + service.beta.kubernetes.io/aws-load-balancer-internal: "true" \ No newline at end of file diff --git a/_examples/external-eks/config/override-karpenter.yaml b/_examples/external-eks/config/override-karpenter.yaml new file mode 100644 index 0000000..4eda255 --- /dev/null +++ b/_examples/external-eks/config/override-karpenter.yaml @@ -0,0 +1,22 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + +## Using limits and requests +resources: + limits: + cpu: 300m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi + +podAnnotations: + co.elastic.logs/enabled: "true" diff --git a/_examples/external-eks/config/override-kube-state-matrics.yaml b/_examples/external-eks/config/override-kube-state-matrics.yaml new file mode 100644 index 0000000..38a7302 --- /dev/null +++ b/_examples/external-eks/config/override-kube-state-matrics.yaml @@ -0,0 +1,24 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + + +## Using limits and requests +resources: + limits: + cpu: 300m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi + +podAnnotations: + co.elastic.logs/enabled: "true" diff --git a/_examples/external-eks/config/override-kubeclarity.yaml b/_examples/external-eks/config/override-kubeclarity.yaml new file mode 100644 index 0000000..591a9ae --- /dev/null +++ b/_examples/external-eks/config/override-kubeclarity.yaml @@ -0,0 +1,27 @@ +## Using limits and requests +kubeclarity: + resources: + limits: + memory: "500Mi" + cpu: "200m" + requests: + memory: "200Mi" + cpu: "100m" + + podAnnotations: + co.elastic.logs/enabled: "true" + + # -- Application Load Balancer + ingress: + enabled: true + labels: {} + annotations: + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/group.name: ingress + alb.ingress.kubernetes.io/load-balancer-name: kubeclarity-eks-alb + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' + + hosts: + - host: test.addons.com \ No newline at end of file diff --git a/_examples/external-eks/config/override-metrics-server.yaml b/_examples/external-eks/config/override-metrics-server.yaml new file mode 100644 index 0000000..7d0199f --- /dev/null +++ b/_examples/external-eks/config/override-metrics-server.yaml @@ -0,0 +1,33 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + +## Particular args to be passed in deployment + +extraArgs: + - --kubelet-preferred-address-types=InternalIP + - --v=2 + +apiService: + create: true + +## Using limits and requests + +resources: + limits: + cpu: 200m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi + +podAnnotations: + co.elastic.logs/enabled: "true" diff --git a/_examples/external-eks/config/override-new-relic.yaml b/_examples/external-eks/config/override-new-relic.yaml new file mode 100644 index 0000000..1978e10 --- /dev/null +++ b/_examples/external-eks/config/override-new-relic.yaml @@ -0,0 +1,10 @@ +# Configuration settings for the newrelic-infrastructure chart +newrelic-infrastructure: + # Any key defined in the values.yml file for the newrelic-infrastructure chart can be configured here: + # https://github.com/newrelic/nri-kubernetes/blob/main/charts/newrelic-infrastructure/values.yaml + + verboseLog: false + +global: + # Get your free licence key from here by signing in into the new-relic account - https://newrelic.com/signup + licenseKey: YOUR_LICENSE_KEY # The license key for your New Relic Account. This will be preferred configuration option if both licenseKey and customSecret are specified \ No newline at end of file diff --git a/_examples/external-eks/config/override-redis.yaml b/_examples/external-eks/config/override-redis.yaml new file mode 100644 index 0000000..258dc7e --- /dev/null +++ b/_examples/external-eks/config/override-redis.yaml @@ -0,0 +1,34 @@ +global: + storageClass: "" + redis: + password: "redisPassword" + +# -- master configuration parameters +master: + count: 1 + persistence: + size: 4Gi + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + +# -- replicas configuration parameters +replica: + replicaCount: 3 + persistence: + size: 4Gi + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" \ No newline at end of file diff --git a/_examples/external-eks/config/override-velero.yaml b/_examples/external-eks/config/override-velero.yaml new file mode 100644 index 0000000..cb8d398 --- /dev/null +++ b/_examples/external-eks/config/override-velero.yaml @@ -0,0 +1,36 @@ +initContainers: + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws:v1.7.0 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /target + name: plugins + +## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation, +## and additional server settings. +configuration: + backupStorageLocation: + - name: aws + default: "true" + provider: aws + + volumeSnapshotLocation: + - name: aws + provider: aws + config: + region: "us-east-1" + + +# Info about the secret to be used by the Velero deployment, which +# should contain credentials for the cloud provider IAM account you've +# set up for Velero. +credentials: + useSecret: false + secretContents: {} + + +# Whether to deploy the node-agent daemonset. +deployNodeAgent: true +nodeAgent: + podVolumePath: /var/lib/kubelet/pods + privileged: true \ No newline at end of file diff --git a/_examples/external-eks/config/reloader/override-reloader.yaml b/_examples/external-eks/config/reloader/override-reloader.yaml new file mode 100644 index 0000000..579d80e --- /dev/null +++ b/_examples/external-eks/config/reloader/override-reloader.yaml @@ -0,0 +1,20 @@ +reloader: + deployment: + # If you wish to run multiple replicas set reloader.enableHA = true + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + + resources: + limits: + cpu: "100m" + memory: "512Mi" + requests: + cpu: "10m" + memory: "128Mi" \ No newline at end of file diff --git a/_examples/external-eks/config/reloader/reloader_example.yaml b/_examples/external-eks/config/reloader/reloader_example.yaml new file mode 100644 index 0000000..fa6e179 --- /dev/null +++ b/_examples/external-eks/config/reloader/reloader_example.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deployment + labels: + app: nginx + annotations: + # configmap.reloader.stakater.com/reload: "test-configmap" + # secret.reloader.stakater.com/reload: "test-secret" + reloader.stakater.com/auto: "true" +spec: + replicas: 2 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 + env: + - name: TEST_ENV + valueFrom: + configMapKeyRef: + name: test-configmap + key: test_env + - name: TEST_PASS + valueFrom: + secretKeyRef: + name: test-secret + key: pass \ No newline at end of file diff --git a/_examples/external-eks/custom-iam-policies/cluster-autoscaler.json b/_examples/external-eks/custom-iam-policies/cluster-autoscaler.json new file mode 100644 index 0000000..d29a27d --- /dev/null +++ b/_examples/external-eks/custom-iam-policies/cluster-autoscaler.json @@ -0,0 +1,29 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeScalingActivities", + "autoscaling:DescribeTags", + "ec2:DescribeInstanceTypes", + "ec2:DescribeLaunchTemplateVersions" + ], + "Resource": ["*"] + }, + { + "Effect": "Allow", + "Action": [ + "autoscaling:SetDesiredCapacity", + "autoscaling:TerminateInstanceInAutoScalingGroup", + "ec2:DescribeImages", + "ec2:GetInstanceTypesFromInstanceRequirements", + "eks:DescribeNodegroup" + ], + "Resource": ["*"] + } + ] + } \ No newline at end of file diff --git a/_examples/external-eks/custom-iam-policies/external-secrets.json b/_examples/external-eks/custom-iam-policies/external-secrets.json new file mode 100644 index 0000000..6cd1657 --- /dev/null +++ b/_examples/external-eks/custom-iam-policies/external-secrets.json @@ -0,0 +1,14 @@ +{ + "Statement": [ + { + "Action": [ + "secretsmanager:GetSecretValue", + "secretsmanager:DescribeSecret" + ], + "Effect": "Allow", + "Resource": "arn:aws:secretsmanager:us-east-1:12345678912:secret:external_secrets_addon", + "Sid": "ExternalSecretsDefault" + } + ], + "Version": "2012-10-17" +} \ No newline at end of file diff --git a/_examples/external-eks/main.tf b/_examples/external-eks/main.tf new file mode 100644 index 0000000..dbdfc6a --- /dev/null +++ b/_examples/external-eks/main.tf @@ -0,0 +1,95 @@ +# ------------------------------------------------------------------------------ +# Resources +# ------------------------------------------------------------------------------ + +locals { + name = "test-eks-cluster" + region = "us-east-1" +} + +module "addons" { + source = "../../" + + eks_cluster_name = local.name + + # -- Enable Addons + metrics_server = true + cluster_autoscaler = true + aws_load_balancer_controller = true + aws_node_termination_handler = true + aws_efs_csi_driver = true + aws_ebs_csi_driver = true + kube_state_metrics = true + karpenter = false # -- Set to `false` or comment line to Uninstall Karpenter if installed using terraform. + calico_tigera = true + new_relic = true + kubeclarity = true + ingress_nginx = true + fluent_bit = true + velero = true + keda = true + certification_manager = true + filebeat = true + reloader = true + redis = true + + + # -- Addons with mandatory variable + istio_ingress = true + istio_manifests = var.istio_manifests + kiali_server = true + kiali_manifests = var.kiali_manifests + external_secrets = true + + # -- Path of override-values.yaml file + metrics_server_helm_config = { values = [file("./config/override-metrics-server.yaml")] } + cluster_autoscaler_helm_config = { values = [file("./config/override-cluster-autoscaler.yaml")] } + karpenter_helm_config = { values = [file("./config/override-karpenter.yaml")] } + aws_load_balancer_controller_helm_config = { values = [file("./config/override-aws-load-balancer-controller.yaml")] } + aws_node_termination_handler_helm_config = { values = [file("./config/override-aws-node-termination-handler.yaml")] } + aws_efs_csi_driver_helm_config = { values = [file("./config/override-aws-efs-csi-driver.yaml")] } + aws_ebs_csi_driver_helm_config = { values = [file("./config/override-aws-ebs-csi-driver.yaml")] } + calico_tigera_helm_config = { values = [file("./config/calico-tigera-values.yaml")] } + istio_ingress_helm_config = { values = [file("./config/istio/override-values.yaml")] } + kiali_server_helm_config = { values = [file("./config/kiali/override-values.yaml")] } + external_secrets_helm_config = { values = [file("./config/external-secret/override-values.yaml")] } + ingress_nginx_helm_config = { values = [file("./config/override-ingress-nginx.yaml")] } + kubeclarity_helm_config = { values = [file("./config/override-kubeclarity.yaml")] } + fluent_bit_helm_config = { values = [file("./config/override-fluent-bit.yaml")] } + velero_helm_config = { values = [file("./config/override-velero.yaml")] } + new_relic_helm_config = { values = [file("./config/override-new-relic.yaml")] } + kube_state_metrics_helm_config = { values = [file("./config/override-kube-state-matrics.yaml")] } + keda_helm_config = { values = [file("./config/keda/override-keda.yaml")] } + certification_manager_helm_config = { values = [file("./config/override-certification-manager.yaml")] } + filebeat_helm_config = { values = [file("./config/override-filebeat.yaml")] } + reloader_helm_config = { values = [file("./config/reloader/override-reloader.yaml")] } + redis_helm_config = { values = [file("./config/override-redis.yaml")] } + + # -- Override Helm Release attributes + metrics_server_extra_configs = var.metrics_server_extra_configs + cluster_autoscaler_extra_configs = var.cluster_autoscaler_extra_configs + karpenter_extra_configs = var.karpenter_extra_configs + aws_load_balancer_controller_extra_configs = var.aws_load_balancer_controller_extra_configs + aws_node_termination_handler_extra_configs = var.aws_node_termination_handler_extra_configs + aws_efs_csi_driver_extra_configs = var.aws_efs_csi_driver_extra_configs + aws_ebs_csi_driver_extra_configs = var.aws_ebs_csi_driver_extra_configs + calico_tigera_extra_configs = var.calico_tigera_extra_configs + istio_ingress_extra_configs = var.istio_ingress_extra_configs + kiali_server_extra_configs = var.kiali_server_extra_configs + ingress_nginx_extra_configs = var.ingress_nginx_extra_configs + kubeclarity_extra_configs = var.kubeclarity_extra_configs + fluent_bit_extra_configs = var.fluent_bit_extra_configs + velero_extra_configs = var.velero_extra_configs + new_relic_extra_configs = var.new_relic_extra_configs + kube_state_metrics_extra_configs = var.kube_state_metrics_extra_configs + keda_extra_configs = var.keda_extra_configs + certification_manager_extra_configs = var.certification_manager_extra_configs + external_secrets_extra_configs = var.external_secrets_extra_configs + filebeat_extra_configs = var.filebeat_extra_configs + reloader_extra_configs = var.reloader_extra_configs + redis_extra_configs = var.redis_extra_configs + + + # -- Custom IAM Policy Json for Addon's ServiceAccount + external_secrets_iampolicy_json_content = file("./custom-iam-policies/external-secrets.json") +} diff --git a/_examples/external-eks/outputs.tf b/_examples/external-eks/outputs.tf new file mode 100644 index 0000000..32352ae --- /dev/null +++ b/_examples/external-eks/outputs.tf @@ -0,0 +1,15 @@ +# ------------------------------------------------------------------------------ +# Outputs +# ------------------------------------------------------------------------------ + +output "update_kubeconfig" { + value = "aws eks update-kubeconfig --name ${local.name} --region ${local.region}" +} + +output "velero_post_installation" { + value = indent(2, "Once velero server is up and running you need the client before you can use it - \n 1. wget https://github.com/vmware-tanzu/velero/releases/download/v1.11.1/velero-v1.11.1-darwin-amd64.tar.gz \n 2. tar -xvf velero-v1.11.1-darwin-amd64.tar.gz -C velero-client") +} + +output "istio-ingress" { + value = indent(2, "Istio does not support the installation of istio-helmchart in a namespace other than istio-system. We have provided a namespace feature in case Istio-helmchart maintainers fix this issue.") +} \ No newline at end of file diff --git a/_examples/external-eks/providers.tf b/_examples/external-eks/providers.tf new file mode 100644 index 0000000..690a348 --- /dev/null +++ b/_examples/external-eks/providers.tf @@ -0,0 +1,34 @@ +# ------------------------------------------------------------------------------ +# Providers +# ------------------------------------------------------------------------------ +provider "aws" { + region = local.region +} + +provider "kubernetes" { + host = data.aws_eks_cluster.eks_cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks_cluster.certificate_authority[0].data) + token = join("", data.aws_eks_cluster_auth.eks_cluster[*].token) +} + +provider "helm" { + kubernetes { + host = data.aws_eks_cluster.eks_cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks_cluster.certificate_authority[0].data) + token = join("", data.aws_eks_cluster_auth.eks_cluster[*].token) + } +} + +provider "kubectl" { + host = data.aws_eks_cluster.eks_cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks_cluster.certificate_authority[0].data) + token = join("", data.aws_eks_cluster_auth.eks_cluster[*].token) +} + +data "aws_eks_cluster_auth" "eks_cluster" { + name = data.aws_eks_cluster.eks_cluster.id +} + +data "aws_eks_cluster" "eks_cluster" { + name = local.name +} \ No newline at end of file diff --git a/_examples/external-eks/variables.tf b/_examples/external-eks/variables.tf new file mode 100644 index 0000000..dcc64dd --- /dev/null +++ b/_examples/external-eks/variables.tf @@ -0,0 +1,174 @@ +# ------------------------------------------------------------------------------ +# Variables +# ------------------------------------------------------------------------------ + +# ------------------ METRICS SERVER -------------------------------------------- +variable "metrics_server_extra_configs" { + type = any + default = {} +} + +# ------------------ CLUSTER AUTOSCALER ---------------------------------------- +variable "cluster_autoscaler_extra_configs" { + type = any + default = {} +} + +# ------------------ KARPENTER ------------------------------------------------- +variable "karpenter_extra_configs" { + type = any + default = {} +} + +# ------------------ LOAD BALANCER CONTROLLER ---------------------------------- +variable "aws_load_balancer_controller_extra_configs" { + type = any + default = {} +} + +# ------------------ NODE TERMINATION HANDLER ---------------------------------- +variable "aws_node_termination_handler_extra_configs" { + type = any + default = {} +} + +# ------------------ EFS CSI DRIVER -------------------------------------------- +variable "aws_efs_csi_driver_extra_configs" { + type = any + default = {} +} + +# ------------------ EBS CSI DRIVER -------------------------------------------- +variable "aws_ebs_csi_driver_extra_configs" { + type = any + default = {} +} + +# ------------------ CALICO ---------------------------------------------------- +variable "calico_tigera_extra_configs" { + type = any + default = {} +} + +# ------------------ NGINX INGRESS --------------------------------------------- +variable "ingress_nginx_extra_configs" { + type = any + default = {} +} + +# ------------------ KUBECLARITY ----------------------------------------------- +variable "kubeclarity_extra_configs" { + type = any + default = {} +} + +# ------------------ FLUENT-BIT ------------------------------------------------ +variable "fluent_bit_extra_configs" { + type = any + default = { + atomic = true + timeout = 300 + } +} + +# ------------------ VELERO ---------------------------------------------------- +variable "velero_extra_configs" { + type = any + default = { + timeout = 300 + atomic = true + bucket_name = "velero-addons" + } +} + +# ------------------ NEW-RELIC ------------------------------------------------- +variable "new_relic_extra_configs" { + type = any + default = {} +} + +# ------------------ KUBE STATE METRICS ---------------------------------------- +variable "kube_state_metrics_extra_configs" { + type = any + default = {} +} + +# ------------------ KEDA ----------------------------------------------------- +variable "keda_extra_configs" { + type = any + default = {} +} + +# ------------------ CERTIFICATION-MANAGER ----------------------------------------------------- +variable "certification_manager_extra_configs" { + type = any + default = {} +} + + +# ------------------ ISTIO INGRESS --------------------------------------------- +# -- INTERNET FACING -------------- +variable "istio_manifests" { + type = object({ + istio_ingress_manifest_file_path = list(any) + istio_gateway_manifest_file_path = list(any) + }) + default = { + istio_ingress_manifest_file_path = ["./config/istio/ingress.yaml"] + istio_gateway_manifest_file_path = ["./config/istio/gateway.yaml"] + } + description = "Path to yaml manifests to create Ingress and Gateway with specified host" +} + +variable "istio_ingress_extra_configs" { + type = any + default = { + name = "istio-ingress" + namespace = "istio-system" + create_namespace = true + } +} + +#-----------KAILI DASHBOARD----------------------------------------------------- +variable "kiali_manifests" { + type = object({ + kiali_virtualservice_file_path = string + }) + default = { + kiali_virtualservice_file_path = "./config/kiali/kiali_vs.yaml" + } +} + +variable "kiali_server_extra_configs" { + type = any + default = {} +} + +# ------------------ EXTERNAL SECRETS ------------------------------------------ +variable "external_secrets_extra_configs" { + type = any + default = { + secret_manager_name = "external_secrets_addon" + } +} + +# ------------------ FILEBEAT ------------------------------------------------- +variable "filebeat_extra_configs" { + type = any + default = {} +} + +# ------------------ RELOADER -------------------------------------------------- +variable "reloader_extra_configs" { + type = any + default = {} +} + +# ------------------ REDIS -------------------------------------------------- +variable "redis_extra_configs" { + type = any + default = { + atomic = true + timeout = 300 + } +} \ No newline at end of file diff --git a/_examples/external-eks/versions.tf b/_examples/external-eks/versions.tf new file mode 100644 index 0000000..4ab6e25 --- /dev/null +++ b/_examples/external-eks/versions.tf @@ -0,0 +1,21 @@ +terraform { + required_version = ">= 1.0.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.23" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.13" + } + helm = { + source = "hashicorp/helm" + version = ">= 2.6" + } + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.7.0" + } + } +} diff --git a/addons/redis/README.md b/addons/redis/README.md new file mode 100644 index 0000000..25ccf05 --- /dev/null +++ b/addons/redis/README.md @@ -0,0 +1,59 @@ +# Redis Cluster Helm Chart + +Redis is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs. + + +## Installation +#### Prerequisites +- **AWS EBS CSI Driver** has to be installed on EKS cluster to provision PVC. +Below terraform script shows how to use Redis Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). +```hcl +module "addons" { + source = "clouddrove/eks-addons/aws" + version = "0.1.2" + + depends_on = [module.eks] + eks_cluster_name = module.eks.cluster_name + + redis = true +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0.0 | +| [kubernetes](#requirement\_kubernetes) | >= 2.10 | + +## Providers + +| Name | Version | +|------|---------| +| [kubernetes](#provider\_kubernetes) | >= 2.10 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [helm\_addon](#module\_helm\_addon) | ../helm | n/a | + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [addon\_context](#input\_addon\_context) | Input configuration for the addon | 
object({
    aws_caller_identity_account_id = string
    aws_caller_identity_arn        = string
    aws_eks_cluster_endpoint       = string
    aws_partition_id               = string
    aws_region_name                = string
    eks_cluster_id                 = string
    eks_oidc_issuer_url            = string
    eks_oidc_provider_arn          = string
    tags                           = map(string)
  })
| n/a | yes | +| [helm\_config](#input\_helm\_config) | Helm provider config for Redis Cluster | `any` | `{}` | no | +| [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no | +| [redis\_extra\_configs](#input\_redis\_extra\_configs) | Override attributes of helm\_release terraform resource | `any` | `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [chart\_version](#output\_chart\_version) | n/a | +| [namespace](#output\_namespace) | n/a | +| [repository](#output\_repository) | n/a | + diff --git a/addons/redis/config/redis.yaml b/addons/redis/config/redis.yaml new file mode 100644 index 0000000..ca76203 --- /dev/null +++ b/addons/redis/config/redis.yaml @@ -0,0 +1,1855 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## @param global.redis.password Global Redis® password (overrides `auth.password`) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + redis: + password: "" + +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.fullname +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param secretAnnotations Annotations to add to secret +## +secretAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## @param useHostnames Use hostnames internally when announcing replication. If false, the hostname will be resolved to an IP address +## +useHostnames: true +## @param nameResolutionThreshold Failure threshold for internal hostnames resolution +## +nameResolutionThreshold: 5 +## @param nameResolutionTimeout Timeout seconds between probes for internal hostnames resolution +## +nameResolutionTimeout: 5 + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section Redis® Image parameters +## + +## Bitnami Redis® image +## ref: https://hub.docker.com/r/bitnami/redis/tags/ +## @param image.registry Redis® image registry +## @param image.repository Redis® image repository +## @param image.tag Redis® image tag (immutable tags are recommended) +## @param image.digest Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy Redis® image pull policy +## @param image.pullSecrets Redis® image pull secrets +## @param image.debug Enable image debug mode +## +image: + registry: docker.io + repository: bitnami/redis + tag: 7.2.1-debian-11-r0 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false + +## @section Redis® common configuration parameters +## https://github.com/bitnami/containers/tree/main/bitnami/redis#configuration +## + +## @param architecture Redis® architecture. Allowed values: `standalone` or `replication` +## +architecture: replication +## Redis® Authentication parameters +## ref: https://github.com/bitnami/containers/tree/main/bitnami/redis#setting-the-server-password-on-first-run +## +auth: + ## @param auth.enabled Enable password authentication + ## + enabled: true + ## @param auth.sentinel Enable password authentication on sentinels too + ## + sentinel: true + ## @param auth.password Redis® password + ## Defaults to a random 10-character alphanumeric string if not set + ## + password: "" + ## @param auth.existingSecret The name of an existing secret with Redis® credentials + ## NOTE: When it's set, the previous `auth.password` parameter is ignored + ## + existingSecret: "" + ## @param auth.existingSecretPasswordKey Password key to be retrieved from existing secret + ## NOTE: ignored unless `auth.existingSecret` parameter is set + ## + existingSecretPasswordKey: "" + ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable + ## + usePasswordFiles: false + +## @param commonConfiguration [string] Common configuration to be added into the ConfigMap +## ref: https://redis.io/topics/config +## +commonConfiguration: |- + # Enable AOF https://redis.io/topics/persistence#append-only-file + appendonly yes + # Disable RDB persistence, AOF persistence already enabled. + save "" +## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Redis® nodes +## +existingConfigmap: "" + +## @section Redis® master configuration parameters +## + +master: + ## @param master.count Number of Redis® master instances to deploy (experimental, requires additional configuration) + ## + count: 1 + ## @param master.configuration Configuration for Redis® master nodes + ## ref: https://redis.io/topics/config + ## + configuration: "" + ## @param master.disableCommands Array with Redis® commands to disable on master nodes + ## Commands will be completely disabled by renaming each to an empty string. + ## ref: https://redis.io/topics/security#disabling-of-specific-commands + ## + disableCommands: + - FLUSHDB + - FLUSHALL + ## @param master.command Override default container command (useful when using custom images) + ## + command: [] + ## @param master.args Override default container args (useful when using custom images) + ## + args: [] + ## @param master.enableServiceLinks Whether information about services should be injected into pod's environment variable + ## + enableServiceLinks: true + ## @param master.preExecCmds Additional commands to run prior to starting Redis® master + ## + preExecCmds: [] + ## @param master.extraFlags Array with additional command line flags for Redis® master + ## e.g: + ## extraFlags: + ## - "--maxmemory-policy volatile-ttl" + ## - "--repl-backlog-size 1024mb" + ## + extraFlags: [] + ## @param master.extraEnvVars Array with extra environment variables to add to Redis® master nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param master.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® master nodes + ## + extraEnvVarsCM: "" + ## @param master.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® master nodes + ## + extraEnvVarsSecret: "" + ## @param master.containerPorts.redis Container port to open on Redis® master nodes + ## + containerPorts: + redis: 6379 + ## Configure extra options for Redis® containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param master.startupProbe.enabled Enable startupProbe on Redis® master nodes + ## @param master.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param master.startupProbe.periodSeconds Period seconds for startupProbe + ## @param master.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param master.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param master.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param master.livenessProbe.enabled Enable livenessProbe on Redis® master nodes + ## @param master.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param master.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param master.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param master.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param master.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param master.readinessProbe.enabled Enable readinessProbe on Redis® master nodes + ## @param master.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param master.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param master.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param master.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param master.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + ## @param master.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param master.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param master.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## Redis® master resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param master.resources.limits The resources limits for the Redis® master containers + ## @param master.resources.requests The requested resources for the Redis® master containers + ## + resources: + limits: {} + requests: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param master.podSecurityContext.enabled Enabled Redis® master pods' Security Context + ## @param master.podSecurityContext.fsGroup Set Redis® master pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param master.containerSecurityContext.enabled Enabled Redis® master containers' Security Context + ## @param master.containerSecurityContext.runAsUser Set Redis® master containers' Security Context runAsUser + ## @param master.containerSecurityContext.runAsGroup Set Redis® master containers' Security Context runAsGroup + ## @param master.containerSecurityContext.runAsNonRoot Set Redis® master containers' Security Context runAsNonRoot + ## @param master.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate Redis® pod(s) privileges + ## @param master.containerSecurityContext.seccompProfile.type Set Redis® master containers' Security Context seccompProfile + ## @param master.containerSecurityContext.capabilities.drop Set Redis® master containers' Security Context capabilities to drop + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsGroup: 0 + runAsNonRoot: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + ## @param master.kind Use either Deployment or StatefulSet (default) + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ + ## + kind: StatefulSet + ## @param master.schedulerName Alternate scheduler for Redis® master pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param master.updateStrategy.type Redis® master statefulset strategy type + ## @skip master.updateStrategy.rollingUpdate + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment) + ## + type: RollingUpdate + ## @param master.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update + ## + minReadySeconds: 0 + ## @param master.priorityClassName Redis® master pods' priorityClassName + ## + priorityClassName: "" + ## @param master.hostAliases Redis® master pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param master.podLabels Extra labels for Redis® master pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param master.podAnnotations Annotations for Redis® master pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param master.shareProcessNamespace Share a single process namespace between all of the containers in Redis® master pods + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + ## + shareProcessNamespace: false + ## @param master.podAffinityPreset Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param master.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node master.affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param master.nodeAffinityPreset.type Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param master.nodeAffinityPreset.key Node label key to match. Ignored if `master.affinity` is set + ## + key: "" + ## @param master.nodeAffinityPreset.values Node label values to match. Ignored if `master.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param master.affinity Affinity for Redis® master pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `master.podAffinityPreset`, `master.podAntiAffinityPreset`, and `master.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param master.nodeSelector Node labels for Redis® master pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param master.tolerations Tolerations for Redis® master pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param master.topologySpreadConstraints Spread Constraints for Redis® master pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## E.g. + ## topologySpreadConstraints: + ## - maxSkew: 1 + ## topologyKey: node + ## whenUnsatisfiable: DoNotSchedule + ## + topologySpreadConstraints: [] + ## @param master.dnsPolicy DNS Policy for Redis® master pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsPolicy: ClusterFirst + ## + dnsPolicy: "" + ## @param master.dnsConfig DNS Configuration for Redis® master pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsConfig: + ## options: + ## - name: ndots + ## value: "4" + ## - name: single-request-reopen + ## + dnsConfig: {} + ## @param master.lifecycleHooks for the Redis® master container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param master.extraVolumes Optionally specify extra list of additional volumes for the Redis® master pod(s) + ## + extraVolumes: [] + ## @param master.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® master container(s) + ## + extraVolumeMounts: [] + ## @param master.sidecars Add additional sidecar containers to the Redis® master pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param master.initContainers Add additional init containers to the Redis® master pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Persistence parameters + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param master.persistence.enabled Enable persistence on Redis® master nodes using Persistent Volume Claims + ## + enabled: true + ## @param master.persistence.medium Provide a medium for `emptyDir` volumes. + ## + medium: "" + ## @param master.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. + ## + sizeLimit: "" + ## @param master.persistence.path The path the volume will be mounted at on Redis® master containers + ## NOTE: Useful when using different Redis® images + ## + path: /data + ## @param master.persistence.subPath The subdirectory of the volume to mount on Redis® master containers + ## NOTE: Useful in dev environments + ## + subPath: "" + ## @param master.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Redis® master containers + ## + subPathExpr: "" + ## @param master.persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner + ## + storageClass: "" + ## @param master.persistence.accessModes Persistent Volume access modes + ## + accessModes: + - ReadWriteOnce + ## @param master.persistence.size Persistent Volume size + ## + size: 8Gi + ## @param master.persistence.annotations Additional custom annotations for the PVC + ## + annotations: {} + ## @param master.persistence.labels Additional custom labels for the PVC + ## + labels: {} + ## @param master.persistence.selector Additional labels to match for the PVC + ## e.g: + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param master.persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## @param master.persistence.existingClaim Use a existing PVC which must be created manually before bound + ## NOTE: requires master.persistence.enabled: true + ## + existingClaim: "" + ## Redis® master service parameters + ## + service: + ## @param master.service.type Redis® master service type + ## + type: ClusterIP + ## @param master.service.ports.redis Redis® master service port + ## + ports: + redis: 6379 + ## @param master.service.nodePorts.redis Node port for Redis® master + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + redis: "" + ## @param master.service.externalTrafficPolicy Redis® master service external traffic policy + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param master.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param master.service.internalTrafficPolicy Redis® master service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ + ## + internalTrafficPolicy: Cluster + ## @param master.service.clusterIP Redis® master service Cluster IP + ## + clusterIP: "" + ## @param master.service.loadBalancerIP Redis® master service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param master.service.loadBalancerSourceRanges Redis® master service Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param master.service.externalIPs Redis® master service External IPs + ## https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## e.g. + ## externalIPs: + ## - 10.10.10.1 + ## - 201.22.30.1 + ## + externalIPs: [] + ## @param master.service.annotations Additional custom annotations for Redis® master service + ## + annotations: {} + ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## @param master.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-master pods + ## + terminationGracePeriodSeconds: 30 + ## ServiceAccount configuration + ## + serviceAccount: + ## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: false + ## @param master.serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param master.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## + automountServiceAccountToken: true + ## @param master.serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} + +## @section Redis® replicas configuration parameters +## + +replica: + ## @param replica.replicaCount Number of Redis® replicas to deploy + ## + replicaCount: 3 + ## @param replica.configuration Configuration for Redis® replicas nodes + ## ref: https://redis.io/topics/config + ## + configuration: "" + ## @param replica.disableCommands Array with Redis® commands to disable on replicas nodes + ## Commands will be completely disabled by renaming each to an empty string. + ## ref: https://redis.io/topics/security#disabling-of-specific-commands + ## + disableCommands: + - FLUSHDB + - FLUSHALL + ## @param replica.command Override default container command (useful when using custom images) + ## + command: [] + ## @param replica.args Override default container args (useful when using custom images) + ## + args: [] + ## @param replica.enableServiceLinks Whether information about services should be injected into pod's environment variable + ## + enableServiceLinks: true + ## @param replica.preExecCmds Additional commands to run prior to starting Redis® replicas + ## + preExecCmds: [] + ## @param replica.extraFlags Array with additional command line flags for Redis® replicas + ## e.g: + ## extraFlags: + ## - "--maxmemory-policy volatile-ttl" + ## - "--repl-backlog-size 1024mb" + ## + extraFlags: [] + ## @param replica.extraEnvVars Array with extra environment variables to add to Redis® replicas nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param replica.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® replicas nodes + ## + extraEnvVarsCM: "" + ## @param replica.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® replicas nodes + ## + extraEnvVarsSecret: "" + ## @param replica.externalMaster.enabled Use external master for bootstrapping + ## @param replica.externalMaster.host External master host to bootstrap from + ## @param replica.externalMaster.port Port for Redis service external master host + ## + externalMaster: + enabled: false + host: "" + port: 6379 + ## @param replica.containerPorts.redis Container port to open on Redis® replicas nodes + ## + containerPorts: + redis: 6379 + ## Configure extra options for Redis® containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param replica.startupProbe.enabled Enable startupProbe on Redis® replicas nodes + ## @param replica.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param replica.startupProbe.periodSeconds Period seconds for startupProbe + ## @param replica.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param replica.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param replica.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 22 + ## @param replica.livenessProbe.enabled Enable livenessProbe on Redis® replicas nodes + ## @param replica.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param replica.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param replica.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param replica.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param replica.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param replica.readinessProbe.enabled Enable readinessProbe on Redis® replicas nodes + ## @param replica.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param replica.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param replica.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param replica.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param replica.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + ## @param replica.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param replica.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param replica.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## Redis® replicas resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param replica.resources.limits The resources limits for the Redis® replicas containers + ## @param replica.resources.requests The requested resources for the Redis® replicas containers + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 250m + # memory: 256Mi + requests: {} + # cpu: 250m + # memory: 256Mi + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param replica.podSecurityContext.enabled Enabled Redis® replicas pods' Security Context + ## @param replica.podSecurityContext.fsGroup Set Redis® replicas pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param replica.containerSecurityContext.enabled Enabled Redis® replicas containers' Security Context + ## @param replica.containerSecurityContext.runAsUser Set Redis® replicas containers' Security Context runAsUser + ## @param replica.containerSecurityContext.runAsGroup Set Redis® replicas containers' Security Context runAsGroup + ## @param replica.containerSecurityContext.runAsNonRoot Set Redis® replicas containers' Security Context runAsNonRoot + ## @param replica.containerSecurityContext.allowPrivilegeEscalation Set Redis® replicas pod's Security Context allowPrivilegeEscalation + ## @param replica.containerSecurityContext.seccompProfile.type Set Redis® replicas containers' Security Context seccompProfile + ## @param replica.containerSecurityContext.capabilities.drop Set Redis® replicas containers' Security Context capabilities to drop + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsGroup: 0 + runAsNonRoot: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + ## @param replica.schedulerName Alternate scheduler for Redis® replicas pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param replica.updateStrategy.type Redis® replicas statefulset strategy type + ## @skip replica.updateStrategy.rollingUpdate + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment) + ## + type: RollingUpdate + ## @param replica.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update + ## + minReadySeconds: 0 + ## @param replica.priorityClassName Redis® replicas pods' priorityClassName + ## + priorityClassName: "" + ## @param replica.podManagementPolicy podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: "" + ## @param replica.hostAliases Redis® replicas pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param replica.podLabels Extra labels for Redis® replicas pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param replica.podAnnotations Annotations for Redis® replicas pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param replica.shareProcessNamespace Share a single process namespace between all of the containers in Redis® replicas pods + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + ## + shareProcessNamespace: false + ## @param replica.podAffinityPreset Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param replica.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param replica.nodeAffinityPreset.type Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param replica.nodeAffinityPreset.key Node label key to match. Ignored if `replica.affinity` is set + ## + key: "" + ## @param replica.nodeAffinityPreset.values Node label values to match. Ignored if `replica.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param replica.affinity Affinity for Redis® replicas pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `replica.podAffinityPreset`, `replica.podAntiAffinityPreset`, and `replica.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param replica.nodeSelector Node labels for Redis® replicas pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param replica.tolerations Tolerations for Redis® replicas pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param replica.topologySpreadConstraints Spread Constraints for Redis® replicas pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## E.g. + ## topologySpreadConstraints: + ## - maxSkew: 1 + ## topologyKey: node + ## whenUnsatisfiable: DoNotSchedule + ## + topologySpreadConstraints: [] + ## @param replica.dnsPolicy DNS Policy for Redis® replica pods + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsPolicy: ClusterFirst + ## + dnsPolicy: "" + ## @param replica.dnsConfig DNS Configuration for Redis® replica pods + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsConfig: + ## options: + ## - name: ndots + ## value: "4" + ## - name: single-request-reopen + ## + dnsConfig: {} + ## @param replica.lifecycleHooks for the Redis® replica container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param replica.extraVolumes Optionally specify extra list of additional volumes for the Redis® replicas pod(s) + ## + extraVolumes: [] + ## @param replica.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® replicas container(s) + ## + extraVolumeMounts: [] + ## @param replica.sidecars Add additional sidecar containers to the Redis® replicas pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param replica.initContainers Add additional init containers to the Redis® replicas pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Persistence Parameters + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param replica.persistence.enabled Enable persistence on Redis® replicas nodes using Persistent Volume Claims + ## + enabled: true + ## @param replica.persistence.medium Provide a medium for `emptyDir` volumes. + ## + medium: "" + ## @param replica.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. + ## + sizeLimit: "" + ## @param replica.persistence.path The path the volume will be mounted at on Redis® replicas containers + ## NOTE: Useful when using different Redis® images + ## + path: /data + ## @param replica.persistence.subPath The subdirectory of the volume to mount on Redis® replicas containers + ## NOTE: Useful in dev environments + ## + subPath: "" + ## @param replica.persistence.subPathExpr Used to construct the subPath subdirectory of the volume to mount on Redis® replicas containers + ## + subPathExpr: "" + ## @param replica.persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner + ## + storageClass: "" + ## @param replica.persistence.accessModes Persistent Volume access modes + ## + accessModes: + - ReadWriteOnce + ## @param replica.persistence.size Persistent Volume size + ## + size: 8Gi + ## @param replica.persistence.annotations Additional custom annotations for the PVC + ## + annotations: {} + ## @param replica.persistence.labels Additional custom labels for the PVC + ## + labels: {} + ## @param replica.persistence.selector Additional labels to match for the PVC + ## e.g: + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param replica.persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## @param replica.persistence.existingClaim Use a existing PVC which must be created manually before bound + ## NOTE: requires replica.persistence.enabled: true + ## + existingClaim: "" + ## Redis® replicas service parameters + ## + service: + ## @param replica.service.type Redis® replicas service type + ## + type: ClusterIP + ## @param replica.service.ports.redis Redis® replicas service port + ## + ports: + redis: 6379 + ## @param replica.service.nodePorts.redis Node port for Redis® replicas + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + redis: "" + ## @param replica.service.externalTrafficPolicy Redis® replicas service external traffic policy + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param replica.service.internalTrafficPolicy Redis® replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ + ## + internalTrafficPolicy: Cluster + ## @param replica.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param replica.service.clusterIP Redis® replicas service Cluster IP + ## + clusterIP: "" + ## @param replica.service.loadBalancerIP Redis® replicas service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param replica.service.loadBalancerSourceRanges Redis® replicas service Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param replica.service.annotations Additional custom annotations for Redis® replicas service + ## + annotations: {} + ## @param replica.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param replica.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## @param replica.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-replicas pods + ## + terminationGracePeriodSeconds: 30 + ## Autoscaling configuration + ## + autoscaling: + ## @param replica.autoscaling.enabled Enable replica autoscaling settings + ## + enabled: false + ## @param replica.autoscaling.minReplicas Minimum replicas for the pod autoscaling + ## + minReplicas: 1 + ## @param replica.autoscaling.maxReplicas Maximum replicas for the pod autoscaling + ## + maxReplicas: 11 + ## @param replica.autoscaling.targetCPU Percentage of CPU to consider when autoscaling + ## + targetCPU: "" + ## @param replica.autoscaling.targetMemory Percentage of Memory to consider when autoscaling + ## + targetMemory: "" + ## ServiceAccount configuration + ## + serviceAccount: + ## @param replica.serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: false + ## @param replica.serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param replica.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## + automountServiceAccountToken: true + ## @param replica.serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} +## @section Redis® Sentinel configuration parameters +## + +sentinel: + ## @param sentinel.enabled Use Redis® Sentinel on Redis® pods. + ## IMPORTANT: this will disable the master and replicas services and + ## create a single Redis® service exposing both the Redis and Sentinel ports + ## + enabled: false + ## Bitnami Redis® Sentinel image version + ## ref: https://hub.docker.com/r/bitnami/redis-sentinel/tags/ + ## @param sentinel.image.registry Redis® Sentinel image registry + ## @param sentinel.image.repository Redis® Sentinel image repository + ## @param sentinel.image.tag Redis® Sentinel image tag (immutable tags are recommended) + ## @param sentinel.image.digest Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param sentinel.image.pullPolicy Redis® Sentinel image pull policy + ## @param sentinel.image.pullSecrets Redis® Sentinel image pull secrets + ## @param sentinel.image.debug Enable image debug mode + ## + image: + registry: docker.io + repository: bitnami/redis-sentinel + tag: 7.2.1-debian-11-r0 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false + ## @param sentinel.annotations Additional custom annotations for Redis® Sentinel resource + ## + annotations: {} + ## @param sentinel.masterSet Master set name + ## + masterSet: mymaster + ## @param sentinel.quorum Sentinel Quorum + ## + quorum: 2 + ## @param sentinel.getMasterTimeout Amount of time to allow before get_sentinel_master_info() times out. + ## + getMasterTimeout: 99 + ## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. + ## This also prevents any new replica from starting until the last remaining replica is elected as master to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data. + ## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000. + ## + automateClusterRecovery: false + ## @param sentinel.redisShutdownWaitFailover Whether the Redis® master container waits for the failover at shutdown (in addition to the Redis® Sentinel container). + ## + redisShutdownWaitFailover: true + ## Sentinel timing restrictions + ## @param sentinel.downAfterMilliseconds Timeout for detecting a Redis® node is down + ## @param sentinel.failoverTimeout Timeout for performing a election failover + ## + downAfterMilliseconds: 60000 + failoverTimeout: 180000 + ## @param sentinel.parallelSyncs Number of replicas that can be reconfigured in parallel to use the new master after a failover + ## + parallelSyncs: 1 + ## @param sentinel.configuration Configuration for Redis® Sentinel nodes + ## ref: https://redis.io/topics/sentinel + ## + configuration: "" + ## @param sentinel.command Override default container command (useful when using custom images) + ## + command: [] + ## @param sentinel.args Override default container args (useful when using custom images) + ## + args: [] + ## @param sentinel.enableServiceLinks Whether information about services should be injected into pod's environment variable + ## + enableServiceLinks: true + ## @param sentinel.preExecCmds Additional commands to run prior to starting Redis® Sentinel + ## + preExecCmds: [] + ## @param sentinel.extraEnvVars Array with extra environment variables to add to Redis® Sentinel nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param sentinel.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® Sentinel nodes + ## + extraEnvVarsCM: "" + ## @param sentinel.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® Sentinel nodes + ## + extraEnvVarsSecret: "" + ## @param sentinel.externalMaster.enabled Use external master for bootstrapping + ## @param sentinel.externalMaster.host External master host to bootstrap from + ## @param sentinel.externalMaster.port Port for Redis service external master host + ## + externalMaster: + enabled: false + host: "" + port: 6379 + ## @param sentinel.containerPorts.sentinel Container port to open on Redis® Sentinel nodes + ## + containerPorts: + sentinel: 26379 + ## Configure extra options for Redis® containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param sentinel.startupProbe.enabled Enable startupProbe on Redis® Sentinel nodes + ## @param sentinel.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param sentinel.startupProbe.periodSeconds Period seconds for startupProbe + ## @param sentinel.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param sentinel.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param sentinel.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 22 + ## @param sentinel.livenessProbe.enabled Enable livenessProbe on Redis® Sentinel nodes + ## @param sentinel.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param sentinel.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param sentinel.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param sentinel.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param sentinel.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + ## @param sentinel.readinessProbe.enabled Enable readinessProbe on Redis® Sentinel nodes + ## @param sentinel.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param sentinel.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param sentinel.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param sentinel.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param sentinel.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 6 + ## @param sentinel.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param sentinel.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param sentinel.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## Persistence parameters + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param sentinel.persistence.enabled Enable persistence on Redis® sentinel nodes using Persistent Volume Claims (Experimental) + ## + enabled: false + ## @param sentinel.persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner + ## + storageClass: "" + ## @param sentinel.persistence.accessModes Persistent Volume access modes + ## + accessModes: + - ReadWriteOnce + ## @param sentinel.persistence.size Persistent Volume size + ## + size: 100Mi + ## @param sentinel.persistence.annotations Additional custom annotations for the PVC + ## + annotations: {} + ## @param sentinel.persistence.labels Additional custom labels for the PVC + ## + labels: {} + ## @param sentinel.persistence.selector Additional labels to match for the PVC + ## e.g: + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param sentinel.persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## @param sentinel.persistence.medium Provide a medium for `emptyDir` volumes. + ## + medium: "" + ## @param sentinel.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. + ## + sizeLimit: "" + ## Redis® Sentinel resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param sentinel.resources.limits The resources limits for the Redis® Sentinel containers + ## @param sentinel.resources.requests The requested resources for the Redis® Sentinel containers + ## + resources: + limits: {} + requests: {} + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param sentinel.containerSecurityContext.enabled Enabled Redis® Sentinel containers' Security Context + ## @param sentinel.containerSecurityContext.runAsUser Set Redis® Sentinel containers' Security Context runAsUser + ## @param sentinel.containerSecurityContext.runAsGroup Set Redis® Sentinel containers' Security Context runAsGroup + ## @param sentinel.containerSecurityContext.runAsNonRoot Set Redis® Sentinel containers' Security Context runAsNonRoot + ## @param sentinel.containerSecurityContext.allowPrivilegeEscalation Set Redis® Sentinel containers' Security Context allowPrivilegeEscalation + ## @param sentinel.containerSecurityContext.seccompProfile.type Set Redis® Sentinel containers' Security Context seccompProfile + ## @param sentinel.containerSecurityContext.capabilities.drop Set Redis® Sentinel containers' Security Context capabilities to drop + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsGroup: 0 + runAsNonRoot: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + ## @param sentinel.lifecycleHooks for the Redis® sentinel container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param sentinel.extraVolumes Optionally specify extra list of additional volumes for the Redis® Sentinel + ## + extraVolumes: [] + ## @param sentinel.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® Sentinel container(s) + ## + extraVolumeMounts: [] + ## Redis® Sentinel service parameters + ## + service: + ## @param sentinel.service.type Redis® Sentinel service type + ## + type: ClusterIP + ## @param sentinel.service.ports.redis Redis® service port for Redis® + ## @param sentinel.service.ports.sentinel Redis® service port for Redis® Sentinel + ## + ports: + redis: 6379 + sentinel: 26379 + ## @param sentinel.service.nodePorts.redis Node port for Redis® + ## @param sentinel.service.nodePorts.sentinel Node port for Sentinel + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## NOTE: choose port between <30000-32767> + ## NOTE: By leaving these values blank, they will be generated by ports-configmap + ## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.redis and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port + ## + nodePorts: + redis: "" + sentinel: "" + ## @param sentinel.service.externalTrafficPolicy Redis® Sentinel service external traffic policy + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param sentinel.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param sentinel.service.clusterIP Redis® Sentinel service Cluster IP + ## + clusterIP: "" + ## @param sentinel.service.loadBalancerIP Redis® Sentinel service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param sentinel.service.loadBalancerSourceRanges Redis® Sentinel service Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param sentinel.service.annotations Additional custom annotations for Redis® Sentinel service + ## + annotations: {} + ## @param sentinel.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param sentinel.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## Headless service properties + ## + headless: + ## @param sentinel.service.headless.annotations Annotations for the headless service. + ## + annotations: {} + ## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-node pods + ## + terminationGracePeriodSeconds: 30 + +## @section Other Parameters +## + +## @param serviceBindings.enabled Create secret for service binding (Experimental) +## Ref: https://servicebinding.io/service-provider/ +## +serviceBindings: + enabled: false + +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: false + ## @param networkPolicy.allowExternal Don't require client label for connections + ## When set to false, only pods with the correct client label will have network access to the ports + ## Redis® is listening on. When true, Redis® will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraIngress: [] + ## @param networkPolicy.extraEgress Add extra egress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} +## PodSecurityPolicy configuration +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later + ## + create: false + ## @param podSecurityPolicy.enabled Enable PodSecurityPolicy's RBAC rules + ## + enabled: false +## RBAC configuration +## +rbac: + ## @param rbac.create Specifies whether RBAC resources should be created + ## + create: false + ## @param rbac.rules Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] +## ServiceAccount configuration +## +serviceAccount: + ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## + automountServiceAccountToken: true + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} +## Redis® Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Specifies whether a PodDisruptionBudget should be created + ## + create: false + ## @param pdb.minAvailable Min number of pods that must still be available after the eviction + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction + ## + maxUnavailable: "" +## TLS configuration +## +tls: + ## @param tls.enabled Enable TLS traffic + ## + enabled: false + ## @param tls.authClients Require clients to authenticate + ## + authClients: true + ## @param tls.autoGenerated Enable autogenerated certificates + ## + autoGenerated: false + ## @param tls.existingSecret The name of the existing secret that contains the TLS certificates + ## + existingSecret: "" + ## @param tls.certificatesSecret DEPRECATED. Use existingSecret instead. + ## + certificatesSecret: "" + ## @param tls.certFilename Certificate filename + ## + certFilename: "" + ## @param tls.certKeyFilename Certificate Key filename + ## + certKeyFilename: "" + ## @param tls.certCAFilename CA Certificate filename + ## + certCAFilename: "" + ## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers) + ## + dhParamsFilename: "" + +## @section Metrics Parameters +## + +metrics: + ## @param metrics.enabled Start a sidecar prometheus exporter to expose Redis® metrics + ## + enabled: false + ## Bitnami Redis® Exporter image + ## ref: https://hub.docker.com/r/bitnami/redis-exporter/tags/ + ## @param metrics.image.registry Redis® Exporter image registry + ## @param metrics.image.repository Redis® Exporter image repository + ## @param metrics.image.tag Redis® Exporter image tag (immutable tags are recommended) + ## @param metrics.image.digest Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param metrics.image.pullPolicy Redis® Exporter image pull policy + ## @param metrics.image.pullSecrets Redis® Exporter image pull secrets + ## + image: + registry: docker.io + repository: bitnami/redis-exporter + tag: 1.54.0-debian-11-r0 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Configure extra options for Redis® containers' liveness, readiness & startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + ## @param metrics.startupProbe.enabled Enable startupProbe on Redis® replicas nodes + ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe + ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param metrics.livenessProbe.enabled Enable livenessProbe on Redis® replicas nodes + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param metrics.readinessProbe.enabled Enable readinessProbe on Redis® replicas nodes + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + ## @param metrics.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param metrics.command Override default metrics container init command (useful when using custom images) + ## + command: [] + ## @param metrics.redisTargetHost A way to specify an alternative Redis® hostname + ## Useful for certificate CN/SAN matching + ## + redisTargetHost: "localhost" + ## @param metrics.extraArgs Extra arguments for Redis® exporter, for example: + ## e.g.: + ## extraArgs: + ## check-keys: myKey,myOtherKey + ## + extraArgs: {} + ## @param metrics.extraEnvVars Array with extra environment variables to add to Redis® exporter + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param metrics.containerSecurityContext.enabled Enabled Redis® exporter containers' Security Context + ## @param metrics.containerSecurityContext.runAsUser Set Redis® exporter containers' Security Context runAsUser + ## @param metrics.containerSecurityContext.runAsGroup Set Redis® exporter containers' Security Context runAsGroup + ## @param metrics.containerSecurityContext.runAsNonRoot Set Redis® exporter containers' Security Context runAsNonRoot + ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set Redis® exporter containers' Security Context allowPrivilegeEscalation + ## @param metrics.containerSecurityContext.seccompProfile.type Set Redis® exporter containers' Security Context seccompProfile + ## @param metrics.containerSecurityContext.capabilities.drop Set Redis® exporter containers' Security Context capabilities to drop + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsGroup: 0 + runAsNonRoot: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + ## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Redis® metrics sidecar + ## + extraVolumes: [] + ## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar + ## + extraVolumeMounts: [] + ## Redis® exporter resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param metrics.resources.limits The resources limits for the Redis® exporter container + ## @param metrics.resources.requests The requested resources for the Redis® exporter container + ## + resources: + limits: {} + requests: {} + ## @param metrics.podLabels Extra labels for Redis® exporter pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param metrics.podAnnotations [object] Annotations for Redis® exporter pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9121" + ## Redis® exporter service parameters + ## + service: + ## @param metrics.service.type Redis® exporter service type + ## + type: ClusterIP + ## @param metrics.service.port Redis® exporter service port + ## + port: 9121 + ## @param metrics.service.externalTrafficPolicy Redis® exporter service external traffic policy + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param metrics.service.loadBalancerIP Redis® exporter service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param metrics.service.loadBalancerSourceRanges Redis® exporter service Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param metrics.service.annotations Additional custom annotations for Redis® exporter service + ## + annotations: {} + ## @param metrics.service.clusterIP Redis® exporter service Cluster IP + ## + clusterIP: "" + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created + ## + namespace: "" + ## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping. + ## + relabellings: [] + ## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion. + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.serviceMonitor.podTargetLabels Labels from the Kubernetes pod to be transferred to the created metrics + ## + podTargetLabels: [] + ## @param metrics.serviceMonitor.sampleLimit Limit of how many samples should be scraped from every Pod + ## + sampleLimit: false + ## @param metrics.serviceMonitor.targetLimit Limit of how many targets should be scraped + ## + targetLimit: false + + ## Custom PrometheusRule to be defined + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.prometheusRule.namespace The namespace in which the prometheusRule will be created + ## + namespace: "" + ## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule + ## + additionalLabels: {} + ## @param metrics.prometheusRule.rules Custom Prometheus rules + ## e.g: + ## rules: + ## - alert: RedisDown + ## expr: redis_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0 + ## for: 2m + ## labels: + ## severity: error + ## annotations: + ## summary: Redis® instance {{ "{{ $labels.instance }}" }} down + ## description: Redis® instance {{ "{{ $labels.instance }}" }} is down + ## - alert: RedisMemoryHigh + ## expr: > + ## redis_memory_used_bytes{service="{{ template "common.names.fullname" . }}-metrics"} * 100 + ## / + ## redis_memory_max_bytes{service="{{ template "common.names.fullname" . }}-metrics"} + ## > 90 + ## for: 2m + ## labels: + ## severity: error + ## annotations: + ## summary: Redis® instance {{ "{{ $labels.instance }}" }} is using too much memory + ## description: | + ## Redis® instance {{ "{{ $labels.instance }}" }} is using {{ "{{ $value }}" }}% of its available memory. + ## - alert: RedisKeyEviction + ## expr: | + ## increase(redis_evicted_keys_total{service="{{ template "common.names.fullname" . }}-metrics"}[5m]) > 0 + ## for: 1s + ## labels: + ## severity: error + ## annotations: + ## summary: Redis® instance {{ "{{ $labels.instance }}" }} has evicted keys + ## description: | + ## Redis® instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes. + ## + rules: [] + +## @section Init Container Parameters +## + +## 'volumePermissions' init container parameters +## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values +## based on the *podSecurityContext/*containerSecurityContext parameters +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` + ## + enabled: false + ## OS Shell + Utility image + ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ + ## @param volumePermissions.image.registry OS Shell + Utility image registry + ## @param volumePermissions.image.repository OS Shell + Utility image repository + ## @param volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy + ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 11-debian-11-r60 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container's resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param volumePermissions.resources.limits The resources limits for the init container + ## @param volumePermissions.resources.requests The requested resources for the init container + ## + resources: + limits: {} + requests: {} + ## Init container Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser + ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the + ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) + ## + containerSecurityContext: + runAsUser: 0 + +## init-sysctl container parameters +## used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings) +## +sysctl: + ## @param sysctl.enabled Enable init container to modify Kernel settings + ## + enabled: false + ## OS Shell + Utility image + ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ + ## @param sysctl.image.registry OS Shell + Utility image registry + ## @param sysctl.image.repository OS Shell + Utility image repository + ## @param sysctl.image.tag OS Shell + Utility image tag (immutable tags are recommended) + ## @param sysctl.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param sysctl.image.pullPolicy OS Shell + Utility image pull policy + ## @param sysctl.image.pullSecrets OS Shell + Utility image pull secrets + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 11-debian-11-r60 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param sysctl.command Override default init-sysctl container command (useful when using custom images) + ## + command: [] + ## @param sysctl.mountHostSys Mount the host `/sys` folder to `/host-sys` + ## + mountHostSys: false + ## Init container's resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param sysctl.resources.limits The resources limits for the init container + ## @param sysctl.resources.requests The requested resources for the init container + ## + resources: + limits: {} + requests: {} + +## @section useExternalDNS Parameters +## +## @param useExternalDNS.enabled Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable. +## @param useExternalDNS.additionalAnnotations Extra annotations to be utilized when `external-dns` is enabled. +## @param useExternalDNS.annotationKey The annotation key utilized when `external-dns` is enabled. Setting this to `false` will disable annotations. +## @param useExternalDNS.suffix The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. +## +useExternalDNS: + enabled: false + suffix: "" + annotationKey: external-dns.alpha.kubernetes.io/ + additionalAnnotations: {} \ No newline at end of file diff --git a/addons/redis/locals.tf b/addons/redis/locals.tf new file mode 100644 index 0000000..acf72e8 --- /dev/null +++ b/addons/redis/locals.tf @@ -0,0 +1,41 @@ +locals { + name = "redis" + + default_helm_config = { + name = try(var.redis_extra_configs.name, local.name) + chart = try(var.redis_extra_configs.chart, local.name) + repository = try(var.redis_extra_configs.repository, "https://charts.bitnami.com/bitnami") + version = try(var.redis_extra_configs.version, "18.0.4") + namespace = try(var.redis_extra_configs.namespace, "redis") + create_namespace = try(var.redis_extra_configs.create_namespace, true) + description = "Redis Cluster helm Chart deployment configuration" + timeout = try(var.redis_extra_configs.timeout, "300") + lint = try(var.redis_extra_configs.lint, "false") + repository_key_file = try(var.redis_extra_configs.repository_key_file, "") + repository_cert_file = try(var.redis_extra_configs.repository_cert_file, "") + repository_username = try(var.redis_extra_configs.repository_username, "") + repository_password = try(var.redis_extra_configs.repository_password, "") + verify = try(var.redis_extra_configs.verify, "false") + keyring = try(var.redis_extra_configs.keyring, "") + disable_webhooks = try(var.redis_extra_configs.disable_webhooks, "false") + reuse_values = try(var.redis_extra_configs.reuse_values, "false") + reset_values = try(var.redis_extra_configs.reset_values, "false") + force_update = try(var.redis_extra_configs.force_update, "false") + recreate_pods = try(var.redis_extra_configs.recreate_pods, "false") + cleanup_on_fail = try(var.redis_extra_configs.cleanup_on_fail, "false") + max_history = try(var.redis_extra_configs.max_history, "0") + atomic = try(var.redis_extra_configs.atomic, "false") + skip_crds = try(var.redis_extra_configs.skip_crds, "false") + render_subchart_notes = try(var.redis_extra_configs.render_subchart_notes, "true") + disable_openapi_validation = try(var.redis_extra_configs.disable_openapi_validation, "false") + wait = try(var.redis_extra_configs.wait, "true") + wait_for_jobs = try(var.redis_extra_configs.wait_for_jobs, "false") + dependency_update = try(var.redis_extra_configs.dependency_update, "false") + replace = try(var.redis_extra_configs.replace, "false") + } + + helm_config = merge( + local.default_helm_config, + var.helm_config, + ) +} diff --git a/addons/redis/main.tf b/addons/redis/main.tf new file mode 100644 index 0000000..7c7af3d --- /dev/null +++ b/addons/redis/main.tf @@ -0,0 +1,7 @@ +module "helm_addon" { + source = "../helm" + + manage_via_gitops = var.manage_via_gitops + helm_config = local.helm_config + addon_context = var.addon_context +} diff --git a/addons/redis/outputs.tf b/addons/redis/outputs.tf new file mode 100644 index 0000000..a3832b1 --- /dev/null +++ b/addons/redis/outputs.tf @@ -0,0 +1,11 @@ +output "namespace" { + value = local.default_helm_config.namespace +} + +output "chart_version" { + value = local.default_helm_config.version +} + +output "repository" { + value = local.default_helm_config.repository +} \ No newline at end of file diff --git a/addons/redis/variables.tf b/addons/redis/variables.tf new file mode 100644 index 0000000..535127d --- /dev/null +++ b/addons/redis/variables.tf @@ -0,0 +1,32 @@ +variable "helm_config" { + description = "Helm provider config for Redis Cluster" + type = any + default = {} +} + +variable "manage_via_gitops" { + description = "Determines if the add-on should be managed via GitOps" + type = bool + default = false +} + +variable "addon_context" { + description = "Input configuration for the addon" + type = object({ + aws_caller_identity_account_id = string + aws_caller_identity_arn = string + aws_eks_cluster_endpoint = string + aws_partition_id = string + aws_region_name = string + eks_cluster_id = string + eks_oidc_issuer_url = string + eks_oidc_provider_arn = string + tags = map(string) + }) +} + +variable "redis_extra_configs" { + description = "Override attributes of helm_release terraform resource" + type = any + default = {} +} \ No newline at end of file diff --git a/addons/redis/versions.tf b/addons/redis/versions.tf new file mode 100644 index 0000000..55fba73 --- /dev/null +++ b/addons/redis/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0.0" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.10" + } + } +} diff --git a/main.tf b/main.tf index 0002ad6..83fdd4c 100644 --- a/main.tf +++ b/main.tf @@ -227,4 +227,13 @@ module "external_dns" { account_id = data.aws_caller_identity.current.account_id external_dns_extra_configs = var.external_dns_extra_configs iampolicy_json_content = var.external_dns_iampolicy_json_content +} + +module "redis" { + count = var.redis ? 1 : 0 + source = "./addons/redis" + helm_config = var.redis_helm_config != null ? var.redis_helm_config : { values = [local_file.redis_helm_config[count.index].content] } + manage_via_gitops = var.manage_via_gitops + addon_context = local.addon_context + redis_extra_configs = var.redis_extra_configs } \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index b9f0b44..3c56995 100644 --- a/outputs.tf +++ b/outputs.tf @@ -354,4 +354,18 @@ output "external_dns_chart_version" { output "external_dns_repository" { value = module.reloader[*].repository description = "Helm chart repository of the external dns." +} + +#----------- REDIS ---------------------------------- +output "redis_namespace" { + value = module.redis[*].namespace + description = "The namespace where Redis is deployed." +} +output "redis_chart_version" { + value = module.redis[*].chart_version + description = "Chart version of the Redis Helm Chart." +} +output "redis_repository" { + value = module.redis[*].repository + description = "Helm chart repository of the Redis." } \ No newline at end of file diff --git a/override_values.tf b/override_values.tf index 333410c..147c7ed 100644 --- a/override_values.tf +++ b/override_values.tf @@ -766,3 +766,46 @@ affinity: EOT filename = "${path.module}/override_vales/external_dns.yaml" } + +#----------- REDIS -------------------------------------------------- +resource "local_file" "redis_helm_config" { + count = var.redis && (var.redis_helm_config == null) ? 1 : 0 + content = <