diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 45501d9b5..50212b65e 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -38,3 +38,7 @@ dependencies: version: 0.1.22 alias: tunnel-client condition: tunnel-client.enabled +- name: redis-ha + version: 4.33.4 + repository: https://dandydeveloper.github.io/charts/ + condition: redis-ha.enabled diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 6d33281b0..726d0b499 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -360,13 +360,29 @@ gitops-operator: tag: vX.Y.Z ``` +### To 0.24.x + +#### Affected values + +- `.Values.redis`/`.Values.redis-ha`/`.Values.redis-secret-init` were added + +```yaml +# Enabled standalone Redis (single Deployment with 1 replica) +redis: + enabled: true + +# Enabled Redis High Availability (StatefulSet with Proxy) +redis-ha: + enabled: false +``` + ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| | app-proxy.affinity | object | `{}` | | | app-proxy.config.argoCdUrl | string | `nil` | ArgoCD Url. determined by chart logic. Do not change unless you are certain you need to | -| app-proxy.config.argoCdUsername | string | `"admin"` | ArgoCD user to be used by app-proxy | +| app-proxy.config.argoCdUsername | string | `""` | deprecated. use `global.external-argo-cd.auth.username` instead | | app-proxy.config.argoWorkflowsInsecure | string | `"true"` | | | app-proxy.config.argoWorkflowsUrl | string | `nil` | Workflows server url. Determined by chart logic. Do not change unless you are certain you need to | | app-proxy.config.clusterChunkSize | int | `50` | define cluster list size per request to report the cluster state to platform, e.g. if you have 90 clusters and set clusterChunkSize: 40, it means cron job will report cluster state to platform in 3 iterations (40,40,10) - reduce this value if you have a lot of clusters and the cron job is failing with payload too large error - use 0 to sync all clusters at once | @@ -395,14 +411,14 @@ gitops-operator: | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use | | app-proxy.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` | | -| app-proxy.image.tag | string | `"1.3791.0"` | | +| app-proxy.image.tag | string | `"1.3806.0"` | | | app-proxy.imagePullSecrets | list | `[]` | | | app-proxy.initContainer.command[0] | string | `"./init.sh"` | | | app-proxy.initContainer.env | object | `{}` | | | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container | | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` | | -| app-proxy.initContainer.image.tag | string | `"1.3791.0"` | | +| app-proxy.initContainer.image.tag | string | `"1.3806.0"` | | | app-proxy.initContainer.resources.limits | object | `{}` | | | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` | | | app-proxy.initContainer.resources.requests.memory | string | `"256Mi"` | | @@ -479,7 +495,39 @@ gitops-operator: | argo-events.configs.nats.versions[0].natsStreamingImage | string | `"nats-streaming:0.25.6"` | | | argo-events.configs.nats.versions[0].version | string | `"0.22.1"` | | | argo-events.crds.install | bool | `false` | | +| argo-events.enabled | bool | `false` | | | argo-events.fullnameOverride | string | `"argo-events"` | | +| argo-gateway.affinity | object | `{}` | | +| argo-gateway.hpa.enabled | bool | `true` | | +| argo-gateway.hpa.maxReplicas | int | `10` | | +| argo-gateway.hpa.minReplicas | int | `1` | | +| argo-gateway.hpa.targetCPUUtilizationPercentage | int | `70` | | +| argo-gateway.image.registry | string | `"quay.io"` | | +| argo-gateway.image.repository | string | `"codefresh/cf-argocd-extras"` | | +| argo-gateway.image.tag | string | `"695977c"` | | +| argo-gateway.livenessProbe.failureThreshold | int | `3` | | +| argo-gateway.livenessProbe.initialDelaySeconds | int | `10` | | +| argo-gateway.livenessProbe.periodSeconds | int | `10` | | +| argo-gateway.livenessProbe.successThreshold | int | `1` | | +| argo-gateway.livenessProbe.timeoutSeconds | int | `10` | | +| argo-gateway.nodeSelector | object | `{}` | | +| argo-gateway.pdb.enabled | bool | `true` | | +| argo-gateway.pdb.maxUnavailable | string | `""` | | +| argo-gateway.pdb.minAvailable | string | `"50%"` | | +| argo-gateway.readinessProbe.failureThreshold | int | `3` | | +| argo-gateway.readinessProbe.initialDelaySeconds | int | `10` | | +| argo-gateway.readinessProbe.periodSeconds | int | `10` | | +| argo-gateway.readinessProbe.successThreshold | int | `1` | | +| argo-gateway.readinessProbe.timeoutSeconds | int | `10` | | +| argo-gateway.resources.requests.cpu | string | `"100m"` | | +| argo-gateway.resources.requests.memory | string | `"128Mi"` | | +| argo-gateway.service.type | string | `"ClusterIP"` | | +| argo-gateway.serviceAccount.create | bool | `true` | | +| argo-gateway.serviceMonitor.enabled | bool | `false` | | +| argo-gateway.serviceMonitor.interval | string | `"30s"` | | +| argo-gateway.serviceMonitor.labels | object | `{}` | | +| argo-gateway.serviceMonitor.scrapeTimeout | string | `"10s"` | | +| argo-gateway.tolerations | list | `[]` | | | argo-rollouts.controller.replicas | int | `1` | | | argo-rollouts.enabled | bool | `true` | | | argo-rollouts.fullnameOverride | string | `"argo-rollouts"` | | @@ -491,63 +539,9 @@ gitops-operator: | argo-workflows.mainContainer.resources.requests.ephemeral-storage | string | `"10Mi"` | | | argo-workflows.server.authModes | list | `["client"]` | auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI | | argo-workflows.server.baseHref | string | `"/workflows/"` | Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh. | -| cf-argocd-extras | object | `{"eventReporter":{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"1556733"}},"enabled":true,"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"serviceMonitor":{"main":{"enabled":false}},"tolerations":[]},"sourcesServer":{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"1556733"}},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}}` | Codefresh extra services for ArgoCD | -| cf-argocd-extras.eventReporter.pdb.enabled | bool | `false` | Enable PDB for event-reporter | -| cf-argocd-extras.eventReporter.serviceMonitor.main.enabled | bool | `false` | Enable ServiceMonitor for event reporter | -| cf-argocd-extras.sourcesServer | object | `{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"1556733"}},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | Sources server configuration | -| cf-argocd-extras.sourcesServer.hpa.enabled | bool | `false` | Enable HPA for sources server | -| cf-argocd-extras.sourcesServer.pdb.enabled | bool | `false` | Enable PDB for sources server | | codefreshWorkflowLogStoreCM | object | `{"enabled":true,"endpoint":"gitops-workflow-logs.codefresh.io","insecure":false}` | Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. | -| event-reporters.rollout.eventSource.affinity | object | `{}` | | -| event-reporters.rollout.eventSource.nodeSelector | object | `{}` | | -| event-reporters.rollout.eventSource.replicas | int | `1` | | -| event-reporters.rollout.eventSource.resources | object | `{}` | | -| event-reporters.rollout.eventSource.tolerations | list | `[]` | | -| event-reporters.rollout.sensor.affinity | object | `{}` | | -| event-reporters.rollout.sensor.atLeastOnce | bool | `true` | At Least Once | -| event-reporters.rollout.sensor.env | object | `{}` | Environment variables for sensor pods - add DEBUG_LOG: "true" to add debug level logs | -| event-reporters.rollout.sensor.logging | object | `{"enabled":false,"intervalSeconds":0}` | Set to true to enable logging. Set intervalSeconds to add logging interval to moderate log flow. | -| event-reporters.rollout.sensor.nodeSelector | object | `{}` | | -| event-reporters.rollout.sensor.policy.status.allow[0] | int | `200` | | -| event-reporters.rollout.sensor.policy.status.allow[1] | int | `201` | | -| event-reporters.rollout.sensor.policy.status.allow[2] | int | `204` | | -| event-reporters.rollout.sensor.policy.status.allow[3] | int | `400` | | -| event-reporters.rollout.sensor.policy.status.allow[4] | int | `401` | | -| event-reporters.rollout.sensor.policy.status.allow[5] | int | `404` | | -| event-reporters.rollout.sensor.replicas | int | `1` | | -| event-reporters.rollout.sensor.resources | object | `{}` | | -| event-reporters.rollout.sensor.retryStrategy | object | `{"duration":0,"factor":1,"jitter":1,"steps":3}` | Retry strategy for events sent to Codefresh | -| event-reporters.rollout.sensor.retryStrategy.duration | int | `0` | The initial duration, use strings like "2s", "1m" | -| event-reporters.rollout.sensor.retryStrategy.factor | float | `1` | Duration is multiplied by factor each retry, if factor is not zero and steps limit has not been reached. Should not be negative | -| event-reporters.rollout.sensor.retryStrategy.jitter | int | `1` | The sleep between each retry is the duration plus an additional amount chosen uniformly at random from the interval between zero and `jitter * duration`. | -| event-reporters.rollout.sensor.retryStrategy.steps | int | `3` | Number of retries | -| event-reporters.rollout.sensor.tolerations | list | `[]` | | -| event-reporters.rollout.serviceAccount.create | bool | `true` | | -| event-reporters.workflow.eventSource.affinity | object | `{}` | | -| event-reporters.workflow.eventSource.nodeSelector | object | `{}` | | -| event-reporters.workflow.eventSource.replicas | int | `1` | | -| event-reporters.workflow.eventSource.resources | object | `{}` | | -| event-reporters.workflow.eventSource.tolerations | list | `[]` | | -| event-reporters.workflow.sensor.affinity | object | `{}` | | -| event-reporters.workflow.sensor.atLeastOnce | bool | `true` | At Least Once | -| event-reporters.workflow.sensor.env | object | `{}` | Environment variables for sensor pods - add DEBUG_LOG: "true" to add debug level logs | -| event-reporters.workflow.sensor.logging | object | `{"enabled":false,"intervalSeconds":0}` | Set to true to enable logging. Set intervalSeconds to add logging interval to moderate log flow. | -| event-reporters.workflow.sensor.nodeSelector | object | `{}` | | -| event-reporters.workflow.sensor.policy.status.allow[0] | int | `200` | | -| event-reporters.workflow.sensor.policy.status.allow[1] | int | `201` | | -| event-reporters.workflow.sensor.policy.status.allow[2] | int | `204` | | -| event-reporters.workflow.sensor.policy.status.allow[3] | int | `400` | | -| event-reporters.workflow.sensor.policy.status.allow[4] | int | `401` | | -| event-reporters.workflow.sensor.policy.status.allow[5] | int | `404` | | -| event-reporters.workflow.sensor.replicas | int | `1` | | -| event-reporters.workflow.sensor.resources | object | `{}` | | -| event-reporters.workflow.sensor.retryStrategy | object | `{"duration":0,"factor":1,"jitter":1,"steps":3}` | Retry strategy for events sent to Codefresh | -| event-reporters.workflow.sensor.retryStrategy.duration | int | `0` | The initial duration, use strings like "2s", "1m" | -| event-reporters.workflow.sensor.retryStrategy.factor | float | `1` | Duration is multiplied by factor each retry, if factor is not zero and steps limit has not been reached. Should not be negative | -| event-reporters.workflow.sensor.retryStrategy.jitter | int | `1` | The sleep between each retry is the duration plus an additional amount chosen uniformly at random from the interval between zero and `jitter * duration`. | -| event-reporters.workflow.sensor.retryStrategy.steps | int | `3` | Number of retries | -| event-reporters.workflow.sensor.tolerations | list | `[]` | | -| event-reporters.workflow.serviceAccount.create | bool | `true` | | +| event-reporters.cluster-event-reporter | object | `{}` | | +| event-reporters.runtime-event-reporter | object | `{}` | | | gitops-operator.affinity | object | `{}` | | | gitops-operator.config.commitStatusPollingInterval | string | `"10s"` | Commit status polling interval | | gitops-operator.config.maxConcurrentReleases | int | `100` | Maximum number of concurrent releases being processed by the operator (this will not affect the number of releases being processed by the gitops runtime) | @@ -564,7 +558,7 @@ gitops-operator: | gitops-operator.fullnameOverride | string | `""` | | | gitops-operator.image.registry | string | `"quay.io"` | defaults | | gitops-operator.image.repository | string | `"codefresh/codefresh-gitops-operator"` | | -| gitops-operator.image.tag | string | `"3ac2676"` | | +| gitops-operator.image.tag | string | `"a1316ff"` | | | gitops-operator.imagePullSecrets | list | `[]` | | | gitops-operator.nameOverride | string | `""` | | | gitops-operator.nodeSelector | object | `{}` | | @@ -594,16 +588,40 @@ gitops-operator: | global.codefresh.userToken | object | `{"secretKeyRef":{},"token":""}` | User token. Used for runtime registration against the patform. One of token (for plain text value) or secretKeyRef must be provided. | | global.codefresh.userToken.secretKeyRef | object | `{}` | User token that references an existing secret containing the token. | | global.codefresh.userToken.token | string | `""` | User token in plain text. The chart creates and manages the secret for this token. | -| global.external-argo-cd | object | `{"auth":{"password":"","passwordSecretKeyRef":{"key":"password","name":"argocd-initial-admin-secret"},"token":"","tokenSecretKeyRef":{},"type":"password","username":"admin"},"redis":{"port":6379,"svc":"argocd-redis"},"repoServer":{"port":8081,"svc":"argocd-repo-server"},"server":{"port":80,"rootpath":"","svc":"argocd-server"}}` | Configuration for external ArgoCD Should be used when `argo-cd.enabled` is set to false | -| global.external-argo-cd.auth | object | `{"password":"","passwordSecretKeyRef":{"key":"password","name":"argocd-initial-admin-secret"},"token":"","tokenSecretKeyRef":{},"type":"password","username":"admin"}` | How GitOps Runtime should authenticate with ArgoCD | -| global.external-argo-cd.auth.password | string | `""` | ArgoCD password in plain text | -| global.external-argo-cd.auth.passwordSecretKeyRef | object | `{"key":"password","name":"argocd-initial-admin-secret"}` | ArgoCD password referenced by an existing secret | -| global.external-argo-cd.auth.token | string | `""` | ArgoCD token in plain text | -| global.external-argo-cd.auth.tokenSecretKeyRef | object | `{}` | ArgoCD token referenced by an existing secret | -| global.external-argo-cd.auth.type | string | `"password"` | Authentication type. Can be password or token | -| global.external-argo-cd.auth.username | string | `"admin"` | ArgoCD username in plain text | -| global.external-argo-cd.redis.port | int | `6379` | Port of the ArgoCD Redis | -| global.external-argo-cd.redis.svc | string | `"argocd-redis"` | Service name of the ArgoCD Redis | +| global.event-reporters.affinity | object | `{}` | | +| global.event-reporters.config | object | `{}` | | +| global.event-reporters.image.registry | string | `"quay.io"` | | +| global.event-reporters.image.repository | string | `"codefresh/cf-argocd-extras"` | | +| global.event-reporters.image.tag | string | `"695977c"` | | +| global.event-reporters.livenessProbe.failureThreshold | int | `3` | | +| global.event-reporters.livenessProbe.initialDelaySeconds | int | `10` | | +| global.event-reporters.livenessProbe.periodSeconds | int | `10` | | +| global.event-reporters.livenessProbe.successThreshold | int | `1` | | +| global.event-reporters.livenessProbe.timeoutSeconds | int | `10` | | +| global.event-reporters.nodeSelector | object | `{}` | | +| global.event-reporters.pdb.enabled | bool | `true` | | +| global.event-reporters.pdb.maxUnavailable | string | `""` | | +| global.event-reporters.pdb.minAvailable | string | `"50%"` | | +| global.event-reporters.readinessProbe.failureThreshold | int | `3` | | +| global.event-reporters.readinessProbe.initialDelaySeconds | int | `10` | | +| global.event-reporters.readinessProbe.periodSeconds | int | `10` | | +| global.event-reporters.readinessProbe.successThreshold | int | `1` | | +| global.event-reporters.readinessProbe.timeoutSeconds | int | `10` | | +| global.event-reporters.replicaCount | int | `2` | | +| global.event-reporters.resources.requests.cpu | string | `"100m"` | | +| global.event-reporters.resources.requests.memory | string | `"128Mi"` | | +| global.event-reporters.service.ports.http.port | int | `8088` | | +| global.event-reporters.service.ports.http.targetPort | int | `8088` | | +| global.event-reporters.service.ports.metrics.port | int | `8087` | | +| global.event-reporters.service.ports.metrics.targetPort | int | `8087` | | +| global.event-reporters.service.type | string | `"ClusterIP"` | | +| global.event-reporters.serviceAccount.create | bool | `true` | | +| global.event-reporters.serviceMonitor.enabled | bool | `false` | | +| global.event-reporters.serviceMonitor.interval | string | `"30s"` | | +| global.event-reporters.serviceMonitor.labels | object | `{}` | | +| global.event-reporters.serviceMonitor.scrapeTimeout | string | `"10s"` | | +| global.event-reporters.tolerations | list | `[]` | | +| global.external-argo-cd | object | `{"repoServer":{"port":8081,"svc":"argocd-repo-server"},"server":{"port":80,"rootpath":"","svc":"argocd-server"}}` | Configuration for external ArgoCD Should be used when `argo-cd.enabled` is set to false | | global.external-argo-cd.repoServer.port | int | `8081` | Port of the ArgoCD repo server | | global.external-argo-cd.repoServer.svc | string | `"argocd-repo-server"` | Service name of the ArgoCD repo server | | global.external-argo-cd.server | object | `{"port":80,"rootpath":"","svc":"argocd-server"}` | ArgoCD server settings | @@ -615,16 +633,19 @@ gitops-operator: | global.external-argo-rollouts.rollout-reporter.enabled | bool | `false` | Enable or disable rollout reporter Configuration is defined at .Values.event-reporters.rollout | | global.httpProxy | string | `""` | global HTTP_PROXY for all components | | global.httpsProxy | string | `""` | global HTTPS_PROXY for all components | +| global.imageRegistry | string | `""` | | +| global.integrations.argo-cd.server.auth | object | `{"password":"","passwordSecretKeyRef":{"key":"password","name":"argocd-initial-admin-secret"},"token":"","tokenSecretKeyRef":{},"type":"password","username":"admin"}` | How GitOps Runtime should authenticate with ArgoCD server | +| global.integrations.argo-cd.server.auth.password | string | `""` | ArgoCD password in plain text | +| global.integrations.argo-cd.server.auth.passwordSecretKeyRef | object | `{"key":"password","name":"argocd-initial-admin-secret"}` | ArgoCD password referenced by an existing secret | +| global.integrations.argo-cd.server.auth.token | string | `""` | ArgoCD token in plain text | +| global.integrations.argo-cd.server.auth.tokenSecretKeyRef | object | `{}` | ArgoCD token referenced by an existing secret | +| global.integrations.argo-cd.server.auth.type | string | `"password"` | Authentication type. Can be password or token | +| global.integrations.argo-cd.server.auth.username | string | `"admin"` | ArgoCD username in plain text | | global.noProxy | string | `""` | global NO_PROXY for all components | | global.nodeSelector | object | `{}` | Global nodeSelector for all components | -| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"jetstream":{"affinity":{},"containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","metadata":{"labels":{"app.kubernetes.io/name":"codefresh-eventbus"}},"nodeSelector":{},"replicas":3,"tolerations":[],"version":"latest"},"name":"","nats":{"native":{"affinity":{},"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","metadata":{"labels":{"app.kubernetes.io/name":"codefresh-eventbus"}},"nodeSelector":{},"replicas":3,"tolerations":[]}},"pdb":{"enabled":true,"minAvailable":2},"type":"nats"},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings | +| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings | | global.runtime.cluster | string | `"https://kubernetes.default.svc"` | Runtime cluster. Should not be changed. | | global.runtime.codefreshHosted | bool | `false` | Defines whether this is a Codefresh hosted runtime. Should not be changed. | -| global.runtime.eventBus | object | `{"annotations":{},"jetstream":{"affinity":{},"containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","metadata":{"labels":{"app.kubernetes.io/name":"codefresh-eventbus"}},"nodeSelector":{},"replicas":3,"tolerations":[],"version":"latest"},"name":"","nats":{"native":{"affinity":{},"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","metadata":{"labels":{"app.kubernetes.io/name":"codefresh-eventbus"}},"nodeSelector":{},"replicas":3,"tolerations":[]}},"pdb":{"enabled":true,"minAvailable":2},"type":"nats"}` | Runtime eventbus | -| global.runtime.eventBus.annotations | object | `{}` | Annotations on EventBus resource | -| global.runtime.eventBus.name | string | `""` | Eventbus name | -| global.runtime.eventBus.pdb | object | `{"enabled":true,"minAvailable":2}` | Pod disruption budget for the eventbus | -| global.runtime.eventBus.pdb.minAvailable | int | `2` | Minimum number of available eventbus pods. For eventbus to stay functional the majority of its replicas should always be available. | | global.runtime.gitCredentials | object | `{"password":{"secretKeyRef":{},"value":null},"username":"username"}` | Git credentials runtime. Runtime is not fully functional without those credentials. If not provided through the installation, they must be provided through the Codefresh UI. | | global.runtime.gitCredentials.password | object | `{"secretKeyRef":{},"value":null}` | Password. If using GitHub token, please provide it here. | | global.runtime.gitCredentials.password.secretKeyRef | object | `{}` | secretKeyReference for Git credentials password. Provide name and key fields. | @@ -674,6 +695,45 @@ gitops-operator: | internal-router.serviceAccount.create | bool | `true` | | | internal-router.serviceAccount.name | string | `""` | | | internal-router.tolerations | list | `[]` | | +| redis | object | `{"affinity":{},"enabled":true,"env":{},"envFrom":[],"extraArgs":[],"fullnameOverride":"runtime-redis","image":{"registry":"public.ecr.aws","repository":"docker/library/redis","tag":"8.2.1-alpine"},"imagePullSecrets":[],"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"metrics":{"enabled":true,"env":{},"envFrom":[],"image":{"registry":"ghcr.io","repository":"oliver006/redis_exporter","tag":"v1.72.1"},"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"serviceMonitor":{"enabled":false}},"nodeSelector":{},"pdb":{"annotations":{},"enabled":false,"labels":{},"maxUnavailable":"","minAvailable":1},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"securityContext":{},"service":{"annotations":{},"labels":{},"ports":{"metrics":{"port":9121,"targetPort":9121},"redis":{"port":6379,"targetPort":6379}},"type":"ClusterIP"},"serviceAccount":{"annotations":{},"create":true,"name":""},"tolerations":[],"topologySpreadConstraints":[]}` | Enable standalone redis deployment Will be replaced by redis-ha subchart when `redis-ha.enabled=true` | +| redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | +| redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | +| redis-ha.auth | bool | `true` | Configures redis-ha with AUTH | +| redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context | +| redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | +| redis-ha.existingSecret | string | `"gitops-runtime-redis"` | Existing Secret to use for redis-ha authentication. By default the redis-secret-init Job is generating this Secret. | +| redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | +| redis-ha.exporter.image | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"v1.69.0"` | Tag to use for the redis-exporter | +| redis-ha.fullnameOverride | string | `"runtime-redis-ha"` | Full name of the Redis HA Resources | +| redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | +| redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | +| redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | +| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | +| redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | +| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | +| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | +| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | +| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | +| redis-ha.image.tag | string | `"8.2.1-alpine"` | Redis tag | +| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | +| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | +| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | +| redis-ha.redis.masterGroupName | string | `"gitops-runtime"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | +| redis-ha.tolerations | list | `[]` | [Tolerations] for use with node taints for Redis pods. | +| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. | +| redis-ha.topologySpreadConstraints.enabled | bool | `false` | Enable Redis HA topology spread constraints | +| redis-ha.topologySpreadConstraints.maxSkew | string | `""` (defaults to `1`) | Max skew of pods tolerated | +| redis-ha.topologySpreadConstraints.topologyKey | string | `""` (defaults to `topology.kubernetes.io/zone`) | Topology key for spread | +| redis-ha.topologySpreadConstraints.whenUnsatisfiable | string | `""` (defaults to `ScheduleAnyway`) | Enforcement policy, hard or soft | +| redis-secret-init | object | `{"affinity":{},"image":{"registry":"docker.io","repository":"alpine/kubectl","tag":"1.34.1"},"nodeSelector":{},"tolerations":[]}` | Enable hook job to create redis secret | +| redis.image | object | `{"registry":"public.ecr.aws","repository":"docker/library/redis","tag":"8.2.1-alpine"}` | Redis image | +| redis.metrics | object | `{"enabled":true,"env":{},"envFrom":[],"image":{"registry":"ghcr.io","repository":"oliver006/redis_exporter","tag":"v1.72.1"},"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"serviceMonitor":{"enabled":false}}` | Enable metrics sidecar | +| redis.metrics.serviceMonitor | object | `{"enabled":false}` | Enable a prometheus ServiceMonitor | +| redis.pdb | object | `{"annotations":{},"enabled":false,"labels":{},"maxUnavailable":"","minAvailable":1}` | Enabled Pod Disruption Budget for redis | +| redis.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15}` | Probes configuration | +| redis.service | object | `{"annotations":{},"labels":{},"ports":{"metrics":{"port":9121,"targetPort":9121},"redis":{"port":6379,"targetPort":6379}},"type":"ClusterIP"}` | Service configuration | +| redis.serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Create ServiceAccount for redis | | sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.32.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- | | tunnel-client | object | `{"affinity":{},"enabled":true,"libraryMode":true,"nodeSelector":{},"tolerations":[],"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. | | tunnel-client.enabled | bool | `true` | Will only be used if global.runtime.ingress.enabled = false | diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index 837a55c89..43e1919cc 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -364,4 +364,20 @@ gitops-operator: tag: vX.Y.Z ``` +### To 0.24.x + +#### Affected values + +- `.Values.redis`/`.Values.redis-ha`/`.Values.redis-secret-init` were added + +```yaml +# Enabled standalone Redis (single Deployment with 1 replica) +redis: + enabled: true + +# Enabled Redis High Availability (StatefulSet with Proxy) +redis-ha: + enabled: false +``` + {{ template "chart.valuesSection" . }} diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml index a19430d56..4314779f6 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml @@ -214,6 +214,13 @@ LEADER_ID: fieldRef: fieldPath: metadata.name {{- end }} +CACHE_HOST: {{ (splitList ":" (include "codefresh-gitops-runtime.argocd.redis.url" .) | first) }} +CACHE_PORT: {{ (splitList ":" (include "codefresh-gitops-runtime.argocd.redis.url" .) | last) }} +CACHE_PASSWORD: + valueFrom: + secretKeyRef: + name: gitops-runtime-redis + key: auth {{ include "codefresh-gitops-runtime.get-proxy-env-vars" . }} {{- end -}} diff --git a/charts/gitops-runtime/templates/_helpers.tpl b/charts/gitops-runtime/templates/_helpers.tpl index 6af15fbbb..ce356168f 100644 --- a/charts/gitops-runtime/templates/_helpers.tpl +++ b/charts/gitops-runtime/templates/_helpers.tpl @@ -306,18 +306,18 @@ Determine argocd server username ConfigMap. Determine argocd redis url */}} {{- define "codefresh-gitops-runtime.argocd.redis.url" -}} -{{- $argoCDValues := (get .Values "argo-cd") }} -{{- if (index .Values "argo-cd" "enabled") }} - {{- $serviceName := include "codefresh-gitops-runtime.argocd.redis.servicename" . }} - {{- $port := include "codefresh-gitops-runtime.argocd.redis.serviceport" . }} - {{- printf "%s:%s" $serviceName $port }} -{{- else if (index .Values "global" "external-argo-cd" "redis") }} - {{- $redis := (index .Values "global" "external-argo-cd" "redis") }} - {{- $svc := required "ArgoCD is not enabled and .Values.global.external-argo-cd.redis.svc is not set" $redis.svc }} - {{- $port := required "ArgoCD is not enabled and .Values.global.external-argo-cd.redis.port is not set" $redis.port }} - {{- printf "%s:%v" $svc $port }} +{{- if and (index .Values "redis-ha" "enabled") (index .Values "redis-ha" "haproxy" "enabled") }} + {{- $redisHa := (index .Values "redis-ha") -}} + {{- $redisHaContext := dict "Chart" (dict "Name" "redis-ha") "Release" .Release "Values" $redisHa -}} + {{- $serverName := printf "%s-haproxy" (include "redis-ha.fullname" $redisHaContext) | trunc 63 | trimSuffix "-" -}} + {{- $port := $redisHa.haproxy.servicePort -}} + {{- printf "%s:%v" $serverName $port }} +{{- else if .Values.redis.enabled }} + {{- $serviceName := include "redis.fullname" . }} + {{- $port := .Values.redis.service.ports.redis.port }} + {{- printf "%s:%v" $serviceName $port }} {{- else }} - {{- fail "ArgoCD is not enabled and .Values.global.external-argo-cd.redis is not set" }} + {{- fail "ERROR: .Values.redis or .Values.redis-ha must be enabled!" }} {{- end }} {{- end}} @@ -516,7 +516,6 @@ NO_PROXY: {{ .Values.global.noProxy | quote }} {{- printf "%s" $eventBusName }} {{- end }} - {{- define "codefresh-gitops-runtime.image.name" -}} {{/* Restoring root $ context */}} {{- $ := .context -}} diff --git a/charts/gitops-runtime/templates/app-proxy/deployment.yaml b/charts/gitops-runtime/templates/app-proxy/deployment.yaml index 0dab28dcc..d9d2e9ab2 100644 --- a/charts/gitops-runtime/templates/app-proxy/deployment.yaml +++ b/charts/gitops-runtime/templates/app-proxy/deployment.yaml @@ -3,6 +3,8 @@ {{- $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }} {{- $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }} {{- $_ := set $appProxyContext.Values "argo-cd" (get .Values "argo-cd") }} +{{- $_ := set $appProxyContext.Values "redis" (get .Values "redis") }} +{{- $_ := set $appProxyContext.Values "redis-ha" (get .Values "redis-ha") }} {{/* Merge environment variables with the ones in _app-proxy-env.yaml */}} {{- $mainContainerMergedValues := mergeOverwrite $appProxyContext.Values.env (include "codefresh-gitops-runtime.app-proxy.calculated-env-vars" . | fromYaml) }} diff --git a/charts/gitops-runtime/templates/argo-gateway/_env.yaml b/charts/gitops-runtime/templates/argo-gateway/_env.yaml index 89fb754ec..d38f6d2f7 100644 --- a/charts/gitops-runtime/templates/argo-gateway/_env.yaml +++ b/charts/gitops-runtime/templates/argo-gateway/_env.yaml @@ -63,29 +63,29 @@ LISTEN_ADDRESS: REDISDB: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: argo-gateway-cmd-params-cm key: redis.db optional: true REDIS_COMPRESSION: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: argo-gateway-cmd-params-cm key: redis.compression optional: true REDIS_PASSWORD: valueFrom: secretKeyRef: - name: argocd-redis + name: gitops-runtime-redis key: auth REDIS_SERVER: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: argo-gateway-cmd-params-cm key: redis.server REDIS_USERNAME: valueFrom: secretKeyRef: - name: argocd-redis + name: argo-gateway-cmd-params-cm key: redis-username optional: true REPO_SERVER: diff --git a/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/_env.yaml b/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/_env.yaml index 007edfb83..982f3624c 100644 --- a/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/_env.yaml +++ b/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/_env.yaml @@ -111,29 +111,29 @@ OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: REDISDB: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: cluster-event-reporter-cmd-params-cm key: redis.db optional: true REDIS_COMPRESSION: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: cluster-event-reporter-cmd-params-cm key: redis.compression optional: true REDIS_PASSWORD: valueFrom: secretKeyRef: - name: argocd-redis + name: gitops-runtime-redis key: auth REDIS_SERVER: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: cluster-event-reporter-cmd-params-cm key: redis.server REDIS_USERNAME: valueFrom: secretKeyRef: - name: argocd-redis + name: cluster-event-reporter-cmd-params-cm key: redis-username optional: true REPO_SERVER: diff --git a/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/_env.yaml b/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/_env.yaml index 5ceb04f0d..64cb9d970 100644 --- a/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/_env.yaml +++ b/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/_env.yaml @@ -111,29 +111,29 @@ OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: REDISDB: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: runtime-event-reporter-cmd-params-cm key: redis.db optional: true REDIS_COMPRESSION: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: runtime-event-reporter-cmd-params-cm key: redis.compression optional: true REDIS_PASSWORD: valueFrom: secretKeyRef: - name: argocd-redis + name: gitops-runtime-redis key: auth REDIS_SERVER: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: runtime-event-reporter-cmd-params-cm key: redis.server REDIS_USERNAME: valueFrom: secretKeyRef: - name: argocd-redis + name: runtime-event-reporter-cmd-params-cm key: redis-username optional: true REPO_SERVER: diff --git a/charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/job.yaml b/charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/job.yaml new file mode 100644 index 000000000..b35bb953e --- /dev/null +++ b/charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/job.yaml @@ -0,0 +1,37 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: redis-secret-init + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-weight: "10" +spec: + backoffLimit: 0 + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: redis-secret-init + restartPolicy: Never + containers: + - name: redis-secret-init + image: {{ include "codefresh-gitops-runtime.image.name" (dict "image" (index .Values "redis-secret-init" "image") "context" .) }} + imagePullPolicy: {{ index .Values "redis-secret-init" "image" "pullPolicy" | default "IfNotPresent" }} + command: ["sh", "-c"] + args: + - | + PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c16) + if kubectl get secret gitops-runtime-redis -o jsonpath="{.data.auth}" &> /dev/null; then + echo "Secret gitops-runtime-redis already exists, skipping creation" + exit 0 + fi + kubectl create secret generic gitops-runtime-redis --from-literal=auth=$PASSWORD --dry-run=client -o yaml | kubectl apply -f - + {{- with (index .Values "redis-secret-init" "nodeSelector") | default .Values.global.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with (index .Values "redis-secret-init" "tolerations") | default .Values.global.tolerations }} + tolerations: {{ toYaml . | nindent 6 }} + {{- end }} + {{- with (index .Values "redis-secret-init" "affinity") }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/rbac.yaml b/charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/rbac.yaml new file mode 100644 index 000000000..9b331b4c2 --- /dev/null +++ b/charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/rbac.yaml @@ -0,0 +1,51 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: redis-secret-init + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "-10" +rules: + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - gitops-runtime-redis + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: redis-secret-init + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "-10" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: redis-secret-init +subjects: +- kind: ServiceAccount + name: redis-secret-init + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: redis-secret-init + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "-10" diff --git a/charts/gitops-runtime/templates/redis/_helpers.tpl b/charts/gitops-runtime/templates/redis/_helpers.tpl new file mode 100644 index 000000000..f88953254 --- /dev/null +++ b/charts/gitops-runtime/templates/redis/_helpers.tpl @@ -0,0 +1,48 @@ +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "redis.fullname" -}} +{{- .Values.redis.fullnameOverride | default (print "redis") }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "redis.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "redis.labels" -}} +helm.sh/chart: {{ include "redis.chart" . }} +{{ include "redis.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: redis +codefresh.io/internal: "true" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "redis.selectorLabels" -}} +app.kubernetes.io/name: redis +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "redis.serviceAccountName" -}} +{{- if .Values.redis.serviceAccount.create }} +{{- default (include "redis.fullname" .) .Values.redis.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.redis.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/gitops-runtime/templates/redis/deployment.yaml b/charts/gitops-runtime/templates/redis/deployment.yaml new file mode 100644 index 000000000..174e44609 --- /dev/null +++ b/charts/gitops-runtime/templates/redis/deployment.yaml @@ -0,0 +1,156 @@ +{{- $redisHa := index .Values "redis-ha" }} +{{- if and .Values.redis.enabled (not $redisHa.enabled) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "redis.fullname" . }} + labels: + {{- include "redis.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "redis.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.redis.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "redis.selectorLabels" . | nindent 8 }} + {{- with .Values.redis.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.redis.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "redis.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.redis.podSecurityContext | nindent 8 }} + containers: + - name: {{ include "redis.fullname" . }} + securityContext: + {{- toYaml .Values.redis.securityContext | nindent 12 }} + image: {{ include "codefresh-gitops-runtime.image.name" (dict "image" .Values.redis.image "context" .) }} + imagePullPolicy: {{ .Values.redis.image.pullPolicy | default "IfNotPresent" }} + args: + {{- with .Values.redis.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + - --save + - "" + - --appendonly + - "no" + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: gitops-runtime-redis + key: auth + {{- include "codefresh-gitops-runtime.env-vars" (dict "Values" .Values.redis.env "context" .) | nindent 8 }} + {{- with .Values.redis.envFrom }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.redis.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_liveness.sh + {{- end }} + {{- if .Values.redis.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_readiness.sh + {{- end }} + ports: + - name: redis + containerPort: {{ .Values.redis.service.ports.redis.targetPort }} + protocol: TCP + resources: + {{- toYaml .Values.redis.resources | nindent 10 }} + volumeMounts: + - mountPath: /health + name: health + {{- if .Values.redis.metrics.enabled }} + - name: metrics + image: {{ include "codefresh-gitops-runtime.image.name" (dict "image" .Values.redis.metrics.image "context" .) }} + imagePullPolicy: {{ .Values.redis.metrics.image.pullPolicy | default "IfNotPresent" }} + env: + - name: REDIS_ADDR + value: {{ printf "redis://localhost:%v" .Values.redis.service.ports.redis.targetPort }} + - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS + value: {{ printf "0.0.0.0:%v" .Values.redis.service.ports.metrics.targetPort }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: gitops-runtime-redis + key: auth + {{- include "codefresh-gitops-runtime.env-vars" (dict "Values" .Values.redis.metrics.env "context" .) | nindent 8 }} + {{- with .Values.redis.metrics.envFrom }} + {{- toYaml . | nindent 8 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.redis.service.ports.metrics.targetPort }} + {{- if .Values.redis.metrics.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.service.ports.metrics.targetPort }} + initialDelaySeconds: {{ .Values.redis.metrics.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.metrics.livenessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.metrics.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.metrics.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.redis.metrics.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.service.ports.metrics.targetPort }} + initialDelaySeconds: {{ .Values.redis.metrics.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.metrics.readinessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.metrics.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.metrics.readinessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.redis.metrics.resources | nindent 10 }} + {{- end }} + {{- with .Values.redis.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.tolerations | default .Values.global.tolerations }} + tolerations: {{ toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.redis.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "codefresh-gitops-runtime.tplrender" (dict "Values" . "context" .) | nindent 8 }} + {{- end }} + volumes: + - name: health + configMap: + name: {{ include "redis.fullname" . }}-health + defaultMode: 493 +{{- end }} diff --git a/charts/gitops-runtime/templates/redis/health-configmap.yaml b/charts/gitops-runtime/templates/redis/health-configmap.yaml new file mode 100644 index 000000000..8d5fb71af --- /dev/null +++ b/charts/gitops-runtime/templates/redis/health-configmap.yaml @@ -0,0 +1,37 @@ +{{- $redisHa := index .Values "redis-ha" }} +{{- if and .Values.redis.enabled (not $redisHa.enabled) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "redis.fullname" . }}-health + namespace: {{ .Release.Namespace }} + labels: + {{- include "redis.labels" . | nindent 4 }} +data: + redis_liveness.sh: | + response=$( + redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ + -h localhost \ + -p {{ .Values.redis.service.ports.redis.targetPort }} \ + ping + ) + if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" + redis_readiness.sh: | + response=$( + redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ + -h localhost \ + -p {{ .Values.redis.service.ports.redis.targetPort }} \ + ping + ) + if [ "$response" != "PONG" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" +{{- end }} diff --git a/charts/gitops-runtime/templates/redis/pdb.yaml b/charts/gitops-runtime/templates/redis/pdb.yaml new file mode 100644 index 000000000..67a5d0fcb --- /dev/null +++ b/charts/gitops-runtime/templates/redis/pdb.yaml @@ -0,0 +1,28 @@ +{{- $redisHa := index .Values "redis-ha" }} +{{- if and .Values.redis.enabled (not $redisHa.enabled) }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "redis.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "redis.labels" . | nindent 4 }} + {{- with .Values.redis.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.redis.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.redis.pdb.minAvailable | default 1 }} + {{- end }} + selector: + matchLabels: + {{- include "redis.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/gitops-runtime/templates/redis/service.yaml b/charts/gitops-runtime/templates/redis/service.yaml new file mode 100644 index 000000000..30b73631a --- /dev/null +++ b/charts/gitops-runtime/templates/redis/service.yaml @@ -0,0 +1,29 @@ +{{- $redisHa := index .Values "redis-ha" }} +{{- if and .Values.redis.enabled (not $redisHa.enabled) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "redis.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "redis.labels" . | nindent 4 }} + {{- with .Values.redis.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + ports: + - name: redis + port: {{ .Values.redis.service.ports.redis.port }} + targetPort: redis + - name: metrics + port: {{ .Values.redis.service.ports.metrics.port }} + targetPort: metrics + selector: + {{- include "redis.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/gitops-runtime/templates/redis/serviceaccount.yaml b/charts/gitops-runtime/templates/redis/serviceaccount.yaml new file mode 100644 index 000000000..4bb1af29f --- /dev/null +++ b/charts/gitops-runtime/templates/redis/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- $redisHa := index .Values "redis-ha" }} +{{- if and .Values.redis.enabled .Values.redis.serviceAccount.create (not $redisHa.enabled) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "redis.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + {{- with .Values.redis.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "redis.labels" . | nindent 4 }} +{{- end }} diff --git a/charts/gitops-runtime/templates/redis/servicemonitor.yaml b/charts/gitops-runtime/templates/redis/servicemonitor.yaml new file mode 100644 index 000000000..b51c93e79 --- /dev/null +++ b/charts/gitops-runtime/templates/redis/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- $redisHa := index .Values "redis-ha" }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.redis.enabled (not $redisHa.enabled) .Values.redis.metrics.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "redis.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "redis.labels" . | nindent 4 }} + {{- with .Values.redis.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.redis.service.ports.metrics.port }} + {{- with .Values.redis.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.redis.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "redis.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/gitops-runtime/tests/argo-api-gateway_test.yaml b/charts/gitops-runtime/tests/argo-api-gateway_test.yaml index a6cd2d88f..1f02ef8be 100644 --- a/charts/gitops-runtime/tests/argo-api-gateway_test.yaml +++ b/charts/gitops-runtime/tests/argo-api-gateway_test.yaml @@ -13,7 +13,7 @@ tests: value: argo-cd-server:80 - equal: path: data["redis.server"] - value: argo-cd-redis:6379 + value: runtime-redis:6379 - equal: path: data["repo.server"] value: argo-cd-repo-server:8081 @@ -77,13 +77,12 @@ tests: values: - ./values/mandatory-values-ingress.yaml set: - argo-cd: - redis-ha: - enabled: true + redis-ha: + enabled: true asserts: - equal: path: data["redis.server"] - value: RELEASE-NAME-redis-ha-haproxy:6379 + value: runtime-redis-ha-haproxy:6379 - it: Argo Api Gateway should have CODEFRESH_SSL_CERT_PATH env var when .Values.global.codefresh.tls.caCerts.secret.create is true template: argo-gateway/deployment.yaml diff --git a/charts/gitops-runtime/tests/event-reporters_test.yaml b/charts/gitops-runtime/tests/event-reporters_test.yaml index c1ea127e0..c86c55265 100644 --- a/charts/gitops-runtime/tests/event-reporters_test.yaml +++ b/charts/gitops-runtime/tests/event-reporters_test.yaml @@ -30,18 +30,32 @@ tests: path: metadata.name value: runtime-event-reporter + - it: Runtime Reporter ConfigMap should have valid data + template: event-reporters/runtime-event-reporter/configmap.yaml + values: + - ./values/mandatory-values-ingress.yaml + asserts: + - equal: + path: data["argocd.server"] + value: argo-cd-server:80 + - equal: + path: data["redis.server"] + value: runtime-redis:6379 + - equal: + path: data["repo.server"] + value: argo-cd-repo-server:8081 + - it: Runtime Reporter ConfigMap should have valid redis-ha url template: event-reporters/runtime-event-reporter/configmap.yaml values: - ./values/mandatory-values-ingress.yaml set: - argo-cd: - redis-ha: - enabled: true + redis-ha: + enabled: true asserts: - equal: path: data["redis.server"] - value: RELEASE-NAME-redis-ha-haproxy:6379 + value: runtime-redis-ha-haproxy:6379 - it: Runtime Reporter should have CODEFRESH_SSL_CERT_PATH env var when .Values.global.codefresh.tls.caCerts.secret.create is true template: event-reporters/runtime-event-reporter/deployment.yaml @@ -153,3 +167,25 @@ tests: value: cpu: 200m memory: 256Mi + + - it: Runtime Reporter should have correct REDIS_ environment variables + template: event-reporters/runtime-event-reporter/deployment.yaml + values: + - ./values/mandatory-values-ingress.yaml + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: runtime-event-reporter-cmd-params-cm + key: redis.server + - contains: + path: spec.template.spec.containers[0].env + content: + name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: gitops-runtime-redis + key: auth diff --git a/charts/gitops-runtime/tests/external_argocd_test.yaml b/charts/gitops-runtime/tests/external_argocd_test.yaml index 40fe71dc3..a0b26c2a6 100644 --- a/charts/gitops-runtime/tests/external_argocd_test.yaml +++ b/charts/gitops-runtime/tests/external_argocd_test.yaml @@ -407,7 +407,7 @@ tests: asserts: - equal: path: data["redis.server"] - value: my-argocd-redis:6379 + value: runtime-redis:6379 - it: runtime-event-reporter ConfigMap should have valid Sources Server address template: event-reporters/runtime-event-reporter/configmap.yaml @@ -555,7 +555,7 @@ tests: asserts: - equal: path: data["redis.server"] - value: my-argocd-redis:6379 + value: runtime-redis:6379 - it: argo-gateway ConfigMap should have valid Repo Server URL template: argo-gateway/configmap.yaml @@ -675,18 +675,6 @@ tests: name: ARGO_CD_TOKEN_SECRET_KEY value: token - - it: should require ArgoCd redis address if it's not provided - values: - - ./values/mandatory-values-ingress.yaml - - ./values/external-argocd-values.yaml - set: - global: - external-argo-cd: - redis: null - asserts: - - failedTemplate: - errorMessage: "ArgoCD is not enabled and .Values.global.external-argo-cd.redis is not set" - - it: should require ArgoCd repoServer address if it's not provided values: - ./values/mandatory-values-ingress.yaml diff --git a/charts/gitops-runtime/tests/redis_test.yaml b/charts/gitops-runtime/tests/redis_test.yaml new file mode 100644 index 000000000..3993e30dd --- /dev/null +++ b/charts/gitops-runtime/tests/redis_test.yaml @@ -0,0 +1,72 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: redis tests +templates: + - cf-argocd-extras/**/*.yaml + - app-proxy/deployment.yaml + - redis/** + - charts/redis-ha/** +tests: + - it: Standalone Redis Deployment should be created by default + template: redis/deployment.yaml + values: + - ./values/mandatory-values-ingress.yaml + asserts: + - containsDocument: + kind: Deployment + apiVersion: apps/v1 + name: runtime-redis + + - it: Redis HA StatefulSet should be created when redis-ha.enabled is true + template: charts/redis-ha/templates/redis-ha-statefulset.yaml + values: + - ./values/mandatory-values-ingress.yaml + set: + redis-ha.enabled: true + asserts: + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: runtime-redis-ha-server + - containsDocument: + kind: Deployment + apiVersion: apps/v1 + name: runtime-redis + not: true + + - it: App-Proxy should have CACHE_ environment variables (standalone Redis) + template: app-proxy/deployment.yaml + values: + - ./values/mandatory-values-ingress.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].env[?(@.name=="CACHE_HOST")].value + value: runtime-redis + - equal: + path: spec.template.spec.containers[0].env[?(@.name=="CACHE_PORT")].value + value: "6379" + - equal: + path: spec.template.spec.containers[0].env[?(@.name=="CACHE_PASSWORD")].valueFrom + value: + secretKeyRef: + name: gitops-runtime-redis + key: auth + + - it: App-Proxy should have CACHE_ environment variables (Redis HA) + template: app-proxy/deployment.yaml + values: + - ./values/mandatory-values-ingress.yaml + set: + redis-ha.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].env[?(@.name=="CACHE_HOST")].value + value: runtime-redis-ha-haproxy + - equal: + path: spec.template.spec.containers[0].env[?(@.name=="CACHE_PORT")].value + value: "6379" + - equal: + path: spec.template.spec.containers[0].env[?(@.name=="CACHE_PASSWORD")].valueFrom + value: + secretKeyRef: + name: gitops-runtime-redis + key: auth diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 4b24c8e6b..030922a28 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -116,11 +116,6 @@ global: # e.g. # rootpath: '/argocd' rootpath: '' - redis: - # -- Service name of the ArgoCD Redis - svc: argocd-redis - # -- Port of the ArgoCD Redis - port: 6379 repoServer: # -- Service name of the ArgoCD repo server svc: argocd-repo-server @@ -705,6 +700,198 @@ argo-gateway: scrapeTimeout: 10s labels: {} +# -- Enable hook job to create redis secret +redis-secret-init: + image: + registry: docker.io + repository: alpine/kubectl + tag: 1.34.1 + nodeSelector: {} + tolerations: [] + affinity: {} + +# -- Enable standalone redis deployment +# Will be replaced by redis-ha subchart when `redis-ha.enabled=true` +redis: + enabled: true + fullnameOverride: "runtime-redis" + # -- Redis image + image: + registry: public.ecr.aws + repository: docker/library/redis + tag: 8.2.1-alpine + podAnnotations: {} + podLabels: {} + imagePullSecrets: [] + podSecurityContext: {} + securityContext: {} + env: {} + envFrom: [] + extraArgs: [] + # -- Probes configuration + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 5 + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 5 + # -- Service configuration + service: + type: ClusterIP + labels: {} + annotations: {} + ports: + redis: + port: 6379 + targetPort: 6379 + metrics: + port: 9121 + targetPort: 9121 + resources: {} + # -- Enable metrics sidecar + metrics: + enabled: true + image: + registry: ghcr.io + repository: oliver006/redis_exporter + tag: v1.72.1 + env: {} + envFrom: [] + resources: {} + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 5 + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 5 + # -- Enable a prometheus ServiceMonitor + serviceMonitor: + enabled: false + nodeSelector: {} + tolerations: [] + affinity: {} + topologySpreadConstraints: [] + # -- Enabled Pod Disruption Budget for redis + pdb: + enabled: false + labels: {} + annotations: {} + minAvailable: 1 + maxUnavailable: "" + # -- Create ServiceAccount for redis + serviceAccount: + create: true + name: "" + annotations: {} + event-reporters: cluster-event-reporter: {} runtime-event-reporter: {} + +## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true` +# Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml +redis-ha: + # -- Enables the Redis HA subchart and disables the custom Redis single node deployment + enabled: false + # -- Full name of the Redis HA Resources + fullnameOverride: "runtime-redis-ha" + ## Redis image + image: + # -- Redis repository + repository: public.ecr.aws/docker/library/redis + # -- Redis tag + tag: 8.2.1-alpine + ## Prometheus redis-exporter sidecar + exporter: + # -- Enable Prometheus redis-exporter sidecar + enabled: false + # -- Repository to use for the redis-exporter + image: ghcr.io/oliver006/redis_exporter + # -- Tag to use for the redis-exporter + tag: v1.69.0 + persistentVolume: + # -- Configures persistence on Redis nodes + enabled: false + ## Redis specific configuration options + redis: + # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated + masterGroupName: gitops-runtime + # -- Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) + # @default -- See [values.yaml] + config: + # -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled + # @default -- `'""'` + save: '""' + ## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master. + haproxy: + # -- Enabled HAProxy LoadBalancing/Proxy + enabled: true + metrics: + # -- HAProxy enable prometheus metric scraping + enabled: true + # -- Whether the haproxy pods should be forced to run on separate nodes. + hardAntiAffinity: true + # -- Additional affinities to add to the haproxy pods. + additionalAffinities: {} + # -- Assign custom [affinity] rules to the haproxy pods. + affinity: | + + # -- [Tolerations] for use with node taints for haproxy pods. + tolerations: [] + # -- HAProxy container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true + + # -- Configures redis-ha with AUTH + auth: true + # -- Existing Secret to use for redis-ha authentication. + # By default the redis-secret-init Job is generating this Secret. + existingSecret: gitops-runtime-redis + + # -- Whether the Redis server pods should be forced to run on separate nodes. + hardAntiAffinity: true + + # -- Additional affinities to add to the Redis server pods. + additionalAffinities: {} + + # -- Assign custom [affinity] rules to the Redis pods. + affinity: | + + # -- [Tolerations] for use with node taints for Redis pods. + tolerations: [] + + # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods. + ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + topologySpreadConstraints: + # -- Enable Redis HA topology spread constraints + enabled: false + # -- Max skew of pods tolerated + # @default -- `""` (defaults to `1`) + maxSkew: "" + # -- Topology key for spread + # @default -- `""` (defaults to `topology.kubernetes.io/zone`) + topologyKey: "" + # -- Enforcement policy, hard or soft + # @default -- `""` (defaults to `ScheduleAnyway`) + whenUnsatisfiable: "" + # -- Redis HA statefulset container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true